2019-11-13 18:00:37,757 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2019-11-13 18:00:37,757 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-11-13 18:00:37,758 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-11-13 18:00:37,758 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://staging.biorender.com/login/institution/5c49531a34c72f15009afc18/saml/callback"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_e2dd848af29adfecbf7e" IssueInstant="2019-11-13T18:00:36.463Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://staging.biorender.com</saml:Issuer>
</samlp:AuthnRequest>

2019-11-13 18:00:37,765 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://staging.biorender.com' from origin source
2019-11-13 18:00:37,765 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:00:37,765 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:00:37,765 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:00:37,765 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:00:37,765 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:00:37,765 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:00:37,765 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:00:37,765 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://staging.biorender.com
2019-11-13 18:00:37,768 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:37,768 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:00:37,768 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-11-13 18:00:37,768 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-11-13 18:00:37,768 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:00:37,768 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_e2dd848af29adfecbf7e', issue instant '2019-11-13T18:00:36.463Z', entityID 'https://staging.biorender.com'
2019-11-13 18:00:37,768 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://staging.biorender.com' does not require AuthnRequests to be signed
2019-11-13 18:00:37,768 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=fVFBbsIwEPxK5DtxnAQIFgmi5VAkqiKS9tBL5dgbsJrYqe2gPr8GSkUvHHd3dnZmdr747trgCMZKrXJEwggtirllXdvT5eAOagdfA1gXeJiy9DzI0WAU1cxKSxXrwFLHabl83tA4jGhvtNNctyhYr3L0AbEQWZqxJp4x0QCvmymg4O160G94oLUDrJV1TDnfishsRMiIJBXJaBTRZBKmk%2BQdBdtf6gephFT7%2BzrqC8jSp6rajrYvZYWCpbVgnD%2F8qJUdOjAlmKPk8Lrb5OjgXG8pxl7G3i%2BGtdQGlAATct3hVvsmll6kdMOJAo95OhsnhCUpn8YNGUfRjDWcZPgUEuasbWvGP1Gw8vFJxdzZ798Rj3F%2BEEqBpeixT62RLeCT%2FBjvQEgD3OGyfEGXd9BzSObmD%2Ffts6tVVNw1Nsc37MWl%2Bv%2F64gc%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=gZ4gEk18EztR3zlpw%2FXaws8Y768OL77VrjKUvQ9wqmrF2GxyWAOys5Lg1At3hpUgnazEns4ZSLGBtqK3yNyn6uGHvhX5lWSLA7HI1P632lyBr7%2BVnJIOh8t6hC4wpy1neRESg3jauyvRplobDmlyOAyzmTcXivxbmI4vrbN17WvaREtwhfQqNkqBpB%2FAjDKecodha8bBtGkyl7ZUaCafIN0P39p6FuLtgvKD3MqCzXcAnQJYQTmOhRtPhpNlpSce9H4ogfezczWm72jyOADNlemQzT7XXllpH0kZpO89COo%2BqxZOsr7zz411Tkf%2F5J1NhdaU%2F5VzllS0OhO72ZEkbg%3D%3D
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=fVFBbsIwEPxK5DtxnAQIFgmi5VAkqiKS9tBL5dgbsJrYqe2gPr8GSkUvHHd3dnZmdr747trgCMZKrXJEwggtirllXdvT5eAOagdfA1gXeJiy9DzI0WAU1cxKSxXrwFLHabl83tA4jGhvtNNctyhYr3L0AbEQWZqxJp4x0QCvmymg4O160G94oLUDrJV1TDnfishsRMiIJBXJaBTRZBKmk%2BQdBdtf6gephFT7%2BzrqC8jSp6rajrYvZYWCpbVgnD%2F8qJUdOjAlmKPk8Lrb5OjgXG8pxl7G3i%2BGtdQGlAATct3hVvsmll6kdMOJAo95OhsnhCUpn8YNGUfRjDWcZPgUEuasbWvGP1Gw8vFJxdzZ798Rj3F%2BEEqBpeixT62RLeCT%2FBjvQEgD3OGyfEGXd9BzSObmD%2Ffts6tVVNw1Nsc37MWl%2Bv%2F64gc%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: https://staging.biorender.com
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://staging.biorender.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://staging.biorender.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID https://staging.biorender.com
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:00:37,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:00:37,769 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:37,770 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:00:37,770 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:00:37,770 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:00:37,770 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:00:37,770 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://staging.biorender.com/login/institution/5c49531a34c72f15009afc18/saml/callback using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:00:37,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:00:37,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:00:37,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:00:37,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:00:37,770 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:00:37,771 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-11-13 18:00:37,771 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:00:37,771 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:00:37,771 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:00:37,771 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:00:37,771 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://staging.biorender.com
2019-11-13 18:00:37,771 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-11-13 18:00:37,771 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes256-cbc
2019-11-13 18:00:37,771 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:00:37,771 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:00:37,778 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:00:37,779 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:00:37.779Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:00:37,779 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:00:37,779 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:00:37,779 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 222b9432a7b2a7ed42ef648280049cf4f517a635e651d23c945983feba005422
2019-11-13 18:00:37,779 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 222b9432a7b2a7ed42ef648280049cf4f517a635e651d23c945983feba005422 to 2019-11-13T19:00:37.779Z
2019-11-13 18:00:37,779 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: No active authentication results, SSO will not be possible
2019-11-13 18:00:37,780 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:00:37,780 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:00:37,780 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:37,780 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:00:37,780 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:00:37,780 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:00:37,780 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:00:37,918 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'staging.biorender.com'
2019-11-13 18:00:37,918 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:00:37,918 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:00:38,781 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18606-eono3dyYINx-ATqd3W90cLqWSOK9Jltu
2019-11-13 18:00:38,781 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:00:38,781 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:00:38,781 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc"
    IsPassive="false" IssueInstant="2019-11-13T18:00:37.898Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>BCujqdTbGGe5Lb0gIpNXpUZDqzabZI1wpK17e8HTpzk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
eESnnVkVjgIkkCsLBzhR8U5Yz3xUuBqK+6HtIt6polLo3Bd/MEkw0l4XqC+83S7q5hCRrEeDprL4
fqOV/++9bkvRZU6JZmeM53vsrS+KShXmHMeRINtU3CJ5l++qTPgbvTc7eV0eEf6jgemrJYUO04Ej
oNxex2eHLpsNiFAUr8iFZRH4ClxdmwgIgkAAZfJlsd73eci3DJjW68WdMGneTlLTz6UtwoPdANy2
ylOJO91VGBbU2wWJt4IgIAiptoO2H09Ded1wRvOEczHiwlRaYIeNk7vOoJKHJ1l0rLs1qF6F3Io+
TljaA0F3sZBw0tGVQh+nYws9Y7ddtwYnM0vVGw==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-11-13 18:00:38,782 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-11-13 18:00:38,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:00:38,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:00:38,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:00:38,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:00:38,783 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:00:38,783 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:00:38,783 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:00:38,783 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:00:38,783 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:38,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:00:38,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:00:38,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:00:38,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc', issue instant '2019-11-13T18:00:37.898Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:00:38,784 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-11-13 18:00:38,784 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-11-13 18:00:38,784 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-11-13 18:00:38,784 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-11-13 18:00:38,784 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-11-13 18:00:38,784 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-11-13 18:00:38,784 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc"
2019-11-13 18:00:38,784 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:00:38,784 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc"
2019-11-13 18:00:38,784 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:00:38,784 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc"
2019-11-13 18:00:38,784 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:00:38,784 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:00:38,785 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:00:38,785 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:00:38,785 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:38,785 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:00:38,785 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:00:38,785 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:00:38,785 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:00:38,785 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:00:38,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:00:38,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:00:38,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:00:38,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:00:38,785 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:00:38,785 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:00:38,786 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:00:38,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:00:38,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:00:38,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:00:38,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:00:38,786 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:00:38,786 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:00:38,786 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:00:38,786 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:00:38,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:00:38,787 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:00:38,787 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:00:38.787Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:00:38,787 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:00:38,787 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:00:38,788 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:00:38,788 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:00:38,788 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:00:38,788 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:38,788 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:00:38,788 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:00:38,788 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:00:38,788 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:00:38,956 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:00:38,956 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:00:38,956 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:00:41,132 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:00:41,132 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:00:41,132 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@742373123::identifier=rick, context=org.apache.velocity.VelocityContext@1625d3e]
2019-11-13 18:00:41,139 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@742373123::identifier=rick, context=org.apache.velocity.VelocityContext@1625d3e]
2019-11-13 18:00:41,140 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:00:41,140 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:00:41,140 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:00:41,140 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:00:41,141 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:00:41,141 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:00:41,141 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:00:41,141 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 4bfed7f34ab0e72328ad6bddc311569ceb34b328430825480c2bf3066e638060 for principal rick
2019-11-13 18:00:41,141 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 4bfed7f34ab0e72328ad6bddc311569ceb34b328430825480c2bf3066e638060
2019-11-13 18:00:41,141 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:00:41,142 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:00:41,142 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:00:41,142 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:00:41,142 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:00:41,142 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:00:41,142 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:00:41,142 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:00:41,142 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:00:41,142 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:00:41,142 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:41,143 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:00:41,143 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4611e5c'
2019-11-13 18:00:41,143 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:00:41,143 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:00:41,143 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:00:41,143 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:00:41,143 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:00:41,143 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:00:41,143 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:00:41,143 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:00:41,143 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:00:41,311 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:00:41,311 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:00:41,311 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:00:41,311 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:00:41,311 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:00:41,311 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:00:41,811 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:00:41,811 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:00:41,811 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180041Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:00:41,811 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:00:41,811 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:00:41,811 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:00:41,811 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:00:41,811 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204041811}'
2019-11-13 18:00:41,811 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:00:41,811 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:00:41,812 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:00:41,812 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:00:41,812 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-11-13 18:00:41,812 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4611e5c'
2019-11-13 18:00:41,812 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:41,812 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:00:41,812 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:00:41,813 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:00:41,813 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _a9249bde7a3148fcfcae046590ac4fa7
2019-11-13 18:00:41,813 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _a9249bde7a3148fcfcae046590ac4fa7 to Response _924a88332c5472a73ef8a9c8d05954b7
2019-11-13 18:00:41,813 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _a9249bde7a3148fcfcae046590ac4fa7
2019-11-13 18:00:41,814 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:00:41,814 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:00:41,814 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:00:41,814 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:00:41,814 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:00:41,814 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:00:41,814 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:00:41,814 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:00:41,814 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:00:41,815 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-11-13 18:00:41,815 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:00:41,815 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx71AtBQOV9p/9nvXqYzWdzKe+XIcUK2lCEs+nTtR66tkj7wrG8pcUVrYCa3dOP3tqKG5JVLW+/o3qfMg2gVfD4XULhHFqzobHQGpYupVaaaktMYpOpg4RbY1c49rF/z0FOQTSezCuRhrxhTp7AlJJGpGuz8KhxeE= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _a9249bde7a3148fcfcae046590ac4fa7
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _a9249bde7a3148fcfcae046590ac4fa7 did not already contain Conditions, one was added
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:05:41.812Z, to Assertion _a9249bde7a3148fcfcae046590ac4fa7
2019-11-13 18:00:41,815 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _a9249bde7a3148fcfcae046590ac4fa7 already contained Conditions, nothing was done
2019-11-13 18:00:41,816 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:00:41,816 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _a9249bde7a3148fcfcae046590ac4fa7 already contained Conditions, nothing was done
2019-11-13 18:00:41,816 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:00:41,816 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-11-13 18:00:41,816 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _a9249bde7a3148fcfcae046590ac4fa7
2019-11-13 18:00:41,816 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 4bfed7f34ab0e72328ad6bddc311569ceb34b328430825480c2bf3066e638060
2019-11-13 18:00:41,816 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 4bfed7f34ab0e72328ad6bddc311569ceb34b328430825480c2bf3066e638060
2019-11-13 18:00:41,816 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:00:41,817 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQx71AtBQOV9p/9nvXqYzWdzKe+XIcUK2lCEs+nTtR66tkj7wrG8pcUVrYCa3dOP3tqKG5JVLW+/o3qfMg2gVfD4XULhHFqzobHQGpYupVaaaktMYpOpg4RbY1c49rF/z0FOQTSezCuRhrxhTp7AlJJGpGuz8KhxeE=
2019-11-13 18:00:41,817 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:00:41,817 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:00:41,817 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a9249bde7a3148fcfcae046590ac4fa7"
2019-11-13 18:00:41,817 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a9249bde7a3148fcfcae046590ac4fa7 and Element was [saml2:Assertion: null]
2019-11-13 18:00:41,817 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a9249bde7a3148fcfcae046590ac4fa7"
2019-11-13 18:00:41,817 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a9249bde7a3148fcfcae046590ac4fa7 and Element was [saml2:Assertion: null]
2019-11-13 18:00:41,819 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_924a88332c5472a73ef8a9c8d05954b7"
    InResponseTo="_qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc"
    IssueInstant="2019-11-13T18:00:41.812Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_a9249bde7a3148fcfcae046590ac4fa7"
        IssueInstant="2019-11-13T18:00:41.812Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_a9249bde7a3148fcfcae046590ac4fa7">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>x5lOIo27DW8er4LAPLMAtiEWKwSrSR8iW8OA1iWleY9Vw3pc+0oYjAmNJizqaXe8+VWl/YtpAYe2tamkZf35qQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>gVEh9Q/khP7YRwHU0kM0xINaqkbX2qngAhZt2iiwhsLwDAyCUAfE8sa53o0S9dNya/C4zupWN3LdUorffTjyV4zfskP9w5rnAc7/BQbHMzLtjsI8ohNGtqRu/a8JbQFRlWJiMdeib9ZNQ4LVskMIJ5ckqAjF69IoNu5RrBDSqhDQ8FO7ogtXxjcPPy1Y43WhjmNUkxDU9BHR5qhRIC9EAHYIULgTqrYpHaErAHRrCv8QkVqYZPVWx9eDWL5Fa6kNx0u/v6HNQ22fk2eytuMjygfUdVItqPfeEDQvxJbU4ln/ieGnKQ0RRTBJQHvxx4E7VN4/TfijaT+txtWSqyLv2w==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx71AtBQOV9p/9nvXqYzWdzKe+XIcUK2lCEs+nTtR66tkj7wrG8pcUVrYCa3dOP3tqKG5JVLW+/o3qfMg2gVfD4XULhHFqzobHQGpYupVaaaktMYpOpg4RbY1c49rF/z0FOQTSezCuRhrxhTp7AlJJGpGuz8KhxeE=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    InResponseTo="_qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc"
                    NotOnOrAfter="2019-11-13T18:05:41.815Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:00:41.812Z" NotOnOrAfter="2019-11-13T18:05:41.812Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:00:41.140Z" SessionIndex="_f6722b34651f72a0ece3ab2ace1c04f2">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:00:41,821 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:00:41,821 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:00:41,821 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_924a88332c5472a73ef8a9c8d05954b7"
2019-11-13 18:00:41,821 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _924a88332c5472a73ef8a9c8d05954b7 and Element was [saml2p:Response: null]
2019-11-13 18:00:41,821 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_924a88332c5472a73ef8a9c8d05954b7"
2019-11-13 18:00:41,821 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _924a88332c5472a73ef8a9c8d05954b7 and Element was [saml2p:Response: null]
2019-11-13 18:00:41,823 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:00:41,823 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-11-13 18:00:41,823 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:00:41,823 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-18606-eono3dyYINx-ATqd3W90cLqWSOK9Jltu', encoded as 'TST-18606-eono3dyYINx-ATqd3W90cLqWSOK9Jltu'
2019-11-13 18:00:41,825 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_924a88332c5472a73ef8a9c8d05954b7"
    InResponseTo="_qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc"
    IssueInstant="2019-11-13T18:00:41.812Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_924a88332c5472a73ef8a9c8d05954b7">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>g1cOwSq8TfZBbM1wFH+gzcg7SrQEwhdHD8yahvfqfVfIT9YQXVUrxJaXwb+kPWa+284IsYsJCcO5mTVRbFyC6A==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>jbEee6inXirtgYc64d6L0qNlV0MGiBhzmm5a5q0aBp9r8+c93XvqGnfypShbrTKt/LEdrqbBsZu7f4xzE7IpgkkZqm314SyTy9s7GLPPUMmnZMv5eLL8PJ+h8kWwf7swR2/Wl3EjSzKMtDsj5DJPU+hGoev3WGC99fYknZeJfIeodENJtHMnnV+EEAtLKEA0sCwrijXwPc5NP80hV86yg+h6kaI+0l6Cg0q5XPJBwj3u+Av8oEF3qc3R06FbBACEX9FahKoRAIPYw4pPTH/tQY3EwgdEYYYEdzULKdU3cmr9/W3mqPBlUOkIBQdzqgrVrCAKVNSYHO5JSIj1m6iW7w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_177cc85170406885b50e770c63c70eba"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_1d6f01d204c81b517bc50e81e522acea"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>oaxrpL8vsLX0ncarfoC/qBkiFpBpHA+U2PkPXIlzYFMYMVLYJ6De54lMu2vpJBFmZGbnfM9WrCQluZh7KJdTAFsjoHnx4+7mudwOdEUMjp+PF8uy2IOM51c2Fmi/vfpRe04sfG+L3MZHgVHrrNM+EPN6/LKOsR22yDklsBoplwwUZwsxVPQNINJ6tykeiZ0tJvv6jJ3z9D8YplhP5bO5PMxEuTlttnQO+YtAoiySt1PvcyLabQ4DRi5aWgFtN+PB3LQdxvj0xUuhIB1PgO7E6KuM1A/4pa7uw9NA/puyitIAJ7wrw89SkNfmbscl69RniHJTwEIgNYSBwQZvggkivQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>023rEEONdxUvURWLQItboZ69qzlRJGxDp5zuLJT8IMXZYWKtDDgFR4m+B8LTJ8c4eHWyC4jiTM6qsmuYcjHhq9YjtJpaoHIYLE3GMSy0JNxr8O/QoM0nOTW7j4etCoPycZYIXqSDbLeHhTwlnob1fzNuMg/zk0qyEAPms0pLpffmbqDRL90YKsedkKHeVX6U8ExIhEMM1PMaHh4lqv/Vsoa7ta91uiNrL9vfXYIjJmDHa2dCadJwxT0sh1nrnDXfEduOOjYMflB5If5hBGtH+kZZMzMGKHFbooqyOLvgHDx9uYTANsj/i5zDikU/AE/I/WXyrorD/pPdeWaAE+vsi76Z/H3GF9wYZIPJFwXwdvjpzQ4ZfY2y8qut2xQ0YoB5TqCGKyimI/K+orcppqv3PShav6BtKfFeN7elIKDKqi9tIAwMO6l2/M4U+fMte9JPzEMmYvmZ3WC+X0H2SpBXpGe/j5DVv/r8AR1Atjm+ODktZt+7pOBu/O34sbIIz8vtZ0vWChwDw/twk2hNh+RmUjsAn7n8oWIhg9TMmi7NvHtR1WeOU1IizxVrsndNU15XubjNzHoXt239YQZfOnNDMLtw1GX2Cxj+KfatJ72fun7kKgZKLuny14AZqf/BGdc+z1MhtzsZWJ6icnkEY49KPCXYz0VPKOZZ4Asg6Cz8ERcC61UDrcbaf64MDQLDIlHPdzxtXXm4hvbr0a1i/6OIkrSjvINddVGYClgg9ntTWpSPJSiR371IfQ9Tp15fq9y7b8xhlaWniYmISc6becu+YvHxTboBnPjUThCtbCtETzelhh/rX3uF+InrpXfyRTy84cQ7IZkFYgE28ra2MzJlQ6yWvmt9sAgxztqFc7P3fxvsM7G6/a1VH65oLXac4HiLRzybXQOesF10L972ShaZLoHMbcApGAiKgbYp4jdQkZJv6fjsxXrcuUdxt0zkogpeFznBKrBJ/tZ2InuuPKzA+MXUWWr9xS8WOm+HO3PLnxdxwxBe90kb9GRibbSCACg6F/xPilIvSuq7OCq8x55eDWgngrQGJ6v0A3d5ltS2vaW8GhmzT9V0x1u8QMElTaZY3BvK6MOBvAa+Amv4FvqSw/rzffD9JD7PZtoU3Wv4YuG5IgDAjVPca/nuvkn/PI54B65FRsEOIPZHT0DIEQO4LprsXWIuNayfSfsmIGt1Hrf9fgfL32vj9pNwCV1SJ5oAZ0yVYR6OwDux1avyGPmaKbRCK6aNfHvdEx9wd3omtOH9d79wRlgG7y0dMQlkAND8ZosX1BeOnJWJLjQNo5l7ClXdEpQtghsOwsB3kEWd7uEL4DZbxMTLrVEYuhAjtNXtaVM8/cYGBJzAco3UsG2W4Wy1fFFYqud55+T6NuGL2f/oB/GRl55ewyYiuiscrx6/KsErGDATRQgh92DQeOVOi8RolkrtPQyCaYh1BwJNCsHBCy37KMyS6vGDzP64NbxmTfcYazwrilaOXSuubbM2Mgfetoyp3e2qmgQdwP4OrnYYS4ZqATqlPp0AQjV6kkoYxFbAHKL5Qc/y7E4rh8cRBzZkaSQz59V49qVFZOAr+zvHoxtMZH4zS3ytGI/oJ/9855uoEWOO585VKCnmfzi0uZ/dXCg/RHevEMwpKt2a5pKVMrH7FSNDZLQimKM0gKzn1xjPwFV0mBQDXxxlbWsenpevwetSdBkip+Wq5tqzvs/FtjmCRhJLjKyp1l+QY5Wn9+GkWnEAsGNzagKQgT0EP3t+na5th+EXng3AWVS1Xzo5HB8nm4Up8X8Eb1IOCRL6G4ER4dJ7OnpPl1yCh9c2MkDHBpqqbKFXK8vJH00NpAk6ySGZUHeN2V6htrR/BTsj9rODz+tFQ6q6QlWc0xZaUmk/LpSsiJqcHnEoWxkICS+qNJg/BvYmms/RL4Lruq5AcTUeB1E1RFf5QueGgA/vuGD9DZnSKInWGkya2PbOtbcyAK/fhN0xBP0X4l1txwk4uYnx86Hh5UJOYN5bugmbU0v5xKK+YbirMppPSIYbrdhaIeJCGuqXfr8B8hwMzLXg/5Sf8m+XcXlFr92e4/sXm/WYxYCWbYOO514IJj/eWoeNs3ZW/fsjIy4J+8s1JLZmIfwdnNAOPf475DPtRe2JgIKB7ROB+sqpiow9YTinYBfeSWISH0fuMYEc7ZaW7yMlOnHyr+uHZjcCk94eQy3m/3DMuA9bv0T8A+B1fQWW66wkIzmE25ghcGSUnfDsrh5NRvVgEQK99H05ndRi24G2qdJm4JRXX7oNqVVRMR2iGlz3gU3DMfoxnTRCnJJxw7mArBTkjTMYkTUDdeavVfCzFHXpK9+tGBeYcNypW9cuG1KuWOngyutV6xPAmyeZ3un3h4qTjaUqHjWk5/SFWQt7KIyfvdl9+LAnF8sqW7VV9ztPszkigV8iEFJAGthYhylAwAMWim2DXdEEJIK/YNSVTxWeMYhBVrqdvx4zK/LC0NHwqGw8lVIgZbV9kPHYNoFVWjH3P0szV5DWqeTEeh+2c+jbUoV5qFPOKx7e/NdLcq+NvdSFaSW9DcWwN7jMM7JfXxZ4LhJzteNo8QWGC7j/MUHQzeKElFdIzY9+w+6gnlLHXMOQGTsFQh1bCGvmCsI9cQTPfnv5fU9xqs66F8MmxPKLzWl3sKvrPi0E0YdKqeFFqudTSAdJmDZihKM5LDzfqqONYGYPKogpQLxsL0wZevAX6T27YetFu6YEs7CBrd/X254Ckb8Kx46D1pWfQUpbCJCf/z1mN0/eMISxKJjAPvNJnxhMbBUiettfGZ+UWyl7obS9vCnqlc30w6kCVjtLhVnNYgnvABBIIgoAkmg2jbxkS6rRJXFCGhyKHxISDkCFV3RB30WsaARG81LXr75DmlCeRTqpKWfdl1ybsby/v3t95JGy9CWuDMiJghXhSkw/gq0iaDuEeVffZqk3RihTE1IflwpqaFUx/YmfBku3sn+0k3p9RQPgc9lAUivkKy3CIStam1ipG1wMCkf62oqFToiuGbeaZ8amRNlH539LcIwKI0WpsKVHPIoxwfsy4TKWpDJKBMSsLQp0i0GVKfU94cWpG+KyjlgqQ8t1UrPoDBd5sp9eGDWhLwLJkiJsXOTMC8TBOiE52mWKorW5KR3d68H3ngm6WhFUwaJVDSDsxXxG/RGI5gGlRs3GyqIvD2BFkMH70CHn/k6oP3ZHwzNyZ3w2zc+sbHCrMaHj7+VSv/0HbSQIlrVwlHZgifPHyR/vo9g4+3p3rsmg8BcATUMDeZOgMVDnX5czTtMBxtEicWQ4epF6rHeY5BrZjHpmCrSQhSakFUxdbGS9GC+FqXBPEq0YodyYl0SpNnxiW2tFiu+TMA9oqhtqmMsIAmzUYYZDwEFTXAIBCPKDwyyrigjGT3qVmcaWNlKhkMbAvMX3S1q1qfZ2/+yuVjANFTwUWK0dTMi1zzVERkaLChfmzQNgm1VWC8uPLm++DleRuXJYiPBJM7aAWsOajDt5leVmHUO4BAyjMVnusCc7+8HIGQ+cvAyGoNkMuc+mLum7HB/7xJrGgDQjco7KW2uDEa4v0s1CXqS5CcdoibDpK+GOZ4lMGAcZJ/9mMP6vrQa5KqTNYOO0spOv28b05LnWzdY+thSpsnBrKOfqF1gR6Z0M6BTEAT8bhT+5a6gaJybcYnxt0Iavgc62e5DGLSqK4zn+VuFJsN27hk6RHWcGT4+EGztjipgpe+CTmQisdGcSPKIuAZfEbkiew6p7K6cpSbGx/CEQ9PnbEXhPUzIrXtF+B9y4sZwAr7YNd04auix/48aeSAVBwkkJhXCnL0bsfQtSN9COAzP/Zm6zo8TezuS7F9DbzqFR8eBElIAQMzx0GDcAzNgfvuPN6MZpdXG+wIJGs2pTHwuNCzh1addMvwQR6vDPQXAJXvAKVw9YTUebvmjfUE/PM81h4oHq3yKKjf9B/JJBo0FqLVqPnrjiQgCkivuPGPWrhXoO7OP/vWAxj8NYBO3JCkprZBbaeDuTb4RWAjApG1kH43btOPwp7qiw3voqwBGn/wQsipov4WNXFt7zrf6TrZIuHLbY9bLNRguo1cdfZeuIu1AkPPpo66y7m4UQpXKbSswYjMrWGuAwj6GCdKm1d4s1I4izISJJDiBnT/IS7gL7SPY2djuoar0rM7fTVqQBSV1NFSkTrwqdy0XjxPpK2bcjswLUCiedn3bsvgp0opSO8LrdxaSeSMx5K4oRjjgTmvCdhSVtNrOEtxi5iKZk/gU84M7ZmTbaW9jTpGp/KgtMOWaLCwhq1KniSnKVorkSNjwOXKrkzNj2c4av6KIFBZWAxxgefb3Yo0y10Ucr7O4wLWGT8lw1oMJvCSG+yBspg1juAts9qdjPzoMS8iPaDwSuQMPwxfcE16aogGvBIwJA1kRLdDHQgbDDH4Zt5EhI5vM75pls/mgKlk14Hqev6I+a5tU90gxGktT9bm6Hi79MIIPITqXo/EZwl5lLebD02WfNSMYQK/mE2Jj9lA3blCoYC7l9L+t3+itin6X0B2XbwnadNAOKmxTYhUZbEHXAukB3Q8L3kwIhX6bDkuJZmLx+8hIFrPUgNfrCzaofQtMqV2JzqjLV7E9h4X7rvzWmUKgKFAr+ywaMefDlI7rNGHDGkJyEiD32pxetGvguK5PxFsFgNfkefNBKV/BmUX9qNDhEi6Sdv3GFIS3V0o4Rczy7O9y4PXXFlI2maUiPru/A9NKi0vn33KMs2h09t/zuaGEsSx+acGsjVJwC6wnjjIwQ9nt609Ki0H1lolAYCy3rvvVMDwhJZ0XTnH5x3U/lRPyfTXxDkIem5uigcX83iEYDWPMHMi4FqAaN+bbt3JfnlQjZR2lcfuwX/qt9F9jIBGuBe9unKn4/KNs8jAC8wixw9yC1PLiSM/BeT2fDhVxTtjId+bCLs2bKmLnyblqJOoPs4RmeBJMX+CxhZMOYf2eaT9h7MuPgaZrDmM9jgJO2f8fhyoJXNGC96hPuysnhg00IhBdHl/lNNi+AY+uSBzSOew1PreHlG8M54SQiY3sXT+GZ5vg4gcpd+TvwVGNMaO4gItqrGCaOUW82eoWHo+6YIDyGsu5aOTVlz/TCT9giE8yZVzH1jwSg5m6/y8D2kQwFS/DexPXKgkNoZjk5qczzrASKvpTFLb8L4embZGRO+sbfwT7hdjd6RIc2G8X/CG0FIVyl3D4tGoTmSIo7PoCcSj/JOm6U9CI8e+FBoPib8dKlKFFUxHVRZIvDl/u4v21Ox94sxmKfnFQqm2GalKrTIFYKRvX6moH2O49uCglTt/LvVicEBVuZAliCyd/JvXQbA3zZysRln7UQ4uU7wncJG8988FlHuzqooxyEe4AqKlz3bmPq/bfoxQLlTBtBUJ4eyE8qYh68U/eteo5sZcYBGPt/PP3Aygx7F8p/8emwMVeqwC1zgglHC8zDOMr0I8kvUriZm+IK4bC0Y3uP2P2h9XzmP66Zzvniw0pQS+bZ++jVvo2fV42SPT79vsKvPWUHWZcRw2kALGqGJL0pPF2v7wapjl30J3Z21S4dwqXXMdxFXtfX0ZvP0iBj2GyScDhdyJ8+VTU0XtylvQEZFWL/Gf8C0f7ulvxofVR5osCz6P+Mh91oXbEEbV4115JxjASv/aUTl6JxaIK/f8cCAt7Hm0h4CeVcEFoBEtdGavcnzbTL5FcRadYCwTy1bNK/bZLMNCkjS5Bck/63SU0EAo8jGAjifZJtJjGaWTWBxhdXc1TozaoDyfLTniooCCzLBn6+KzbOQqK9TrVK5E39EOEoFyFJuryxeFX0S0R0hnMFNvOquEBwUxxgcrexGnRtYyDPBZoyw4CcJDNp4ivh+GzBHmTUSxkacWR7lKSbCouzaZS1Sym9V9RMsoqr28RRn7j+y2EyxBG6gQhGMV9rTNtF3ca1RXZ7psD4jckPCsHyc9ZzppxOiLfQcvcmnCsrwqjx3Mj+HTpIRBaw7Ik+NvqRnrGrVWYtwGFNslyT9ehgcKFFk8prqxFVTcUOUwnSOzDbIqKUebmpwwGK4ri6+NQHgYUnL96+2OEbRrZjf+/oUQ5PuYGOprMNezvPjHQSy6Pjl/0+vQzOmHvUwCjneed55aaBsiOOwjpoIkIlZBLfn2ZX3mU6rpFWg8EN1YtqbyfPXZ4+4ASyDbTrRtrPeLoLdRbuL/XQ0lNkjI8hyr90kq8P28cNcjTg9YKBhK4Q0hagMQ7ZA4OR2sztS2o0s50DwjXQHY1QFL8OaY+PSqsV6a3MhjUup99Ebdh85x4qXwtx3iyrDZjyfiYc2HIiYp07YZsxCYfLjzOCF4/JaU6+Od1mUWLsmQOCjW46jD8+da0qN4bzd+TBIUvv8qIKkng82ulZHxxO+8wpuaNW3z4Ueq+QvXuffH0x3M0yhhM7pOYEpFZmEWlawQD0ogFIMWW8s1eM9HC3kTpZIqInci2bDwrCfGF01AxmaPmoMIObsv4A9AAMgiFWF2khVntuZ0qrdTWQu5cFmlCMtevs9oh4fp8U4aglwKOfqzyMCHFqD09KCwD3eymFPl6+YJxDe2Z3ShFQ7rbPk8SK+f5tRQ08PMlJWe5GcGlHn7tYbD5qWjP72swBUaqgcwri6Za4CbYwXfdmNSdtb/PTp/ZoiEX/KGHbewZLM+qS7tUo4wMJHMa1NsbkObSCWoqF0PfcQJObds/W4wrbsiNQj9BW+vafl6ejG4I7sdP6yepUwdB8XLj/Sj0kEAbiSggaRMNmDCcCDmAsJ5igpcH9ImPGFcIEE5DbrU4jC1eyb9fJSuJYkX5/EPshr/juzjr97Nlm0hJjZY8+CX9a9HwYlIvnFdbs4UaNBOmJh8O7Znsgk3NisBmliRCnUklqpUTNTa5O12gB1D3mW3I0aMmjXsO+tsGf473mT75Mwycz/j/J23SmvnVUte2dqWff8neQMkw5yZ5sX2bZSV0PctQKjzlXIkhiln1U7YTweD7fLJLwERhUNCMfq8WlOijopyGby4TdSEhbviMNEyYo8Wrw+UBLJHDT69vK7yK3F0htib/f2pt95ClV0L3bn37Z/ucUbrgem6amRjMGQUFPoRbbrgujIXdiCwmBnCGadkEhetSlXRl3ES+6tEIBLy80hydSAbxavRmN4Ja9oaWAFhExpOVMfXJxJtzoA9MFY+fHUo+psdAkOgJzOEZZVGRfYmwt68SIaECShNnyxqVHahj8kXc/20GRz1fe9IKNKbEm/Fmqwvx9Z+0/AiNQnefWDCZ+gsO3MP6euLhVhlt9wrHNdZCsksI+IgWtUw2ehyHTTZQDerb0KX2AnCyYCkBSWSAuHFxpfgCBkudgGvsjV4z/kc7EBa0Sbl2E2jDwMDEK8mwU3+a5nAol4neZzmSa3JeLOIEZGCB+2l4VoSYBWGOdINCutAu4dk8lK39zZb/LgsUQYKkBZdGAQUEOu6qnaycj7T9Vd1vFwckGQDfhR9/7h1vD82/DPnFY/NfILSC0IqPITQU4LwDByhH/qkXKysRHi9dYqE08ZaaSM0u+deV9KOqJlA3Gu9lPjpU3N2aX6qcNifcotQfzWyUzty2JrGF2Rtm5bp64lFMDrMmtSbkM/P+c4DDmzyCb4CYX+AHiA5+Ee4+jLG36/pRwou3WxPZZ3MfHcmJy1+YlMqgb7F/njU+s3owJRSm0iNoAj7GsBOOk7Ecqbo1R9s+dTqBtvjUH27H6y5FDGkcfBfSiPvPwFxybfR0FTCecIPT0Jf7drL9CqJAg+3v3pDtJOj1Vcymq7dWukBCctP6xfUOr03kgqm/AeJVInOAXGY6KQoUTy226nGyCOW80pA0C3d476KSavqQZsOFihofALvuLubYlcOQMrRUIjY7tF+vN0v/tfZCHc8dIx1S+5jyQNnS0CeFbS0loVHqij8gE6XT2YU2BfBYM86xZxSQ5RW/7FYKEIhYsnzjH6vtoen7jIVH9BOXg9juMaUj3O5YvlSSPUDL3zYYOqbS8qS1lcfu9gUyFif4YBSGpfVZVvYrOfQPH+9jozRNlJrEYbwnPVn/rQvaPYP02F+0dcEgqIEt+2utZpQnFph4OxDOXMytBuQZ9M5CJ932PAOztQqFeOgmvRLPtVezcYLsnesmDoAQGbdPYzNLr</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:00:41,825 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:00:41,825 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180041Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_qa9qrh787icx3ry6vhm3nitbk8rswe5yl0qz9yc|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_924a88332c5472a73ef8a9c8d05954b7|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx71AtBQOV9p/9nvXqYzWdzKe+XIcUK2lCEs+nTtR66tkj7wrG8pcUVrYCa3dOP3tqKG5JVLW+/o3qfMg2gVfD4XULhHFqzobHQGpYupVaaaktMYpOpg4RbY1c49rF/z0FOQTSezCuRhrxhTp7AlJJGpGuz8KhxeE=|_a9249bde7a3148fcfcae046590ac4fa7|
2019-11-13 18:00:44,221 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2019-11-13 18:00:44,221 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2019-11-13 18:00:44,221 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-11-13 18:00:44,221 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1855761248::identifier=morty, context=org.apache.velocity.VelocityContext@6334c3a4]
2019-11-13 18:00:44,222 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1855761248::identifier=morty, context=org.apache.velocity.VelocityContext@6334c3a4]
2019-11-13 18:00:44,223 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-11-13 18:00:44,223 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:00:44,224 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:00:44,224 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-11-13 18:00:44,224 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-11-13 18:00:44,224 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:00:44,224 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-11-13 18:00:44,225 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-11-13 18:00:44,225 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:00:44,225 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:00:44,225 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:00:44,225 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:00:44,225 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:00:44,225 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:00:44,225 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:00:44,225 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:00:44,226 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:44,226 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:00:44,226 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6d757e9d'
2019-11-13 18:00:44,226 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:00:44,226 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://staging.biorender.com'
2019-11-13 18:00:44,226 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://staging.biorender.com'
2019-11-13 18:00:44,226 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://staging.biorender.com'
2019-11-13 18:00:44,226 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:00:44,226 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2019-11-13 18:00:44,226 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2019-11-13 18:00:44,226 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:00:44,226 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:00:44,411 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'staging.biorender.com'
2019-11-13 18:00:44,411 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:00:44,411 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:00:44,411 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:00:44,411 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:00:44,411 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:00:51,396 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:00:51,396 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:00:51,397 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180051Z|https://staging.biorender.com|AttributeReleaseConsent|morty|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:00:51,397 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6d757e9d'
2019-11-13 18:00:51,397 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:51,397 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:00:51,403 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:00:51,404 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:00:51,404 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _a41ab7e985018b186ef023f6618c72bd
2019-11-13 18:00:51,404 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _a41ab7e985018b186ef023f6618c72bd to Response _24040bf0f5f33deeadf8fe3608d6458b
2019-11-13 18:00:51,404 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _a41ab7e985018b186ef023f6618c72bd
2019-11-13 18:00:51,405 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:00:51,405 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2019-11-13 18:00:51,405 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2019-11-13 18:00:51,405 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2019-11-13 18:00:51,405 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2019-11-13 18:00:51,405 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2019-11-13 18:00:51,405 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2019-11-13 18:00:51,405 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2019-11-13 18:00:51,405 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2019-11-13 18:00:51,405 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:00:51,405 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:00:51,405 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-11-13 18:00:51,405 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:00:51,405 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:00:51,405 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:00:51,405 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:00:51,405 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxEGt/gt5twn+1U4IoRSqlT5/sJEN887iCTNzm9KwfbndI1g5RUGqjCMjEqUzqUAh2LDdokjWR0Ng5P/WmoruZw3my6t/JQD0yyOBJ3FLAiYfpKOXo6vzWT5N977355hau5g== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _e2dd848af29adfecbf7e
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://staging.biorender.com/login/institution/5c49531a34c72f15009afc18/saml/callback
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _a41ab7e985018b186ef023f6618c72bd
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _a41ab7e985018b186ef023f6618c72bd did not already contain Conditions, one was added
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:05:51.397Z, to Assertion _a41ab7e985018b186ef023f6618c72bd
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _a41ab7e985018b186ef023f6618c72bd already contained Conditions, nothing was done
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _a41ab7e985018b186ef023f6618c72bd already contained Conditions, nothing was done
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://staging.biorender.com as an Audience of the AudienceRestriction
2019-11-13 18:00:51,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _a41ab7e985018b186ef023f6618c72bd
2019-11-13 18:00:51,407 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://staging.biorender.com to existing session 222b9432a7b2a7ed42ef648280049cf4f517a635e651d23c945983feba005422
2019-11-13 18:00:51,407 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://staging.biorender.com in session 222b9432a7b2a7ed42ef648280049cf4f517a635e651d23c945983feba005422
2019-11-13 18:00:51,407 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:00:51,407 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://staging.biorender.com in session 222b9432a7b2a7ed42ef648280049cf4f517a635e651d23c945983feba005422
2019-11-13 18:00:51,407 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:00:51,407 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 222b9432a7b2a7ed42ef648280049cf4f517a635e651d23c945983feba005422: replaced old SPSession for service https://staging.biorender.com
2019-11-13 18:00:51,407 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://staging.biorender.com and key AAdzZWNyZXQxP1KLAu9aaU8T11uSmgjHh6nTvcka3Bg9FlCKiIQOfKbxITCwsmSL0QFtILcWsXGBHFW6wRKlQM5lUyQX++4ZAn1BAZbAydTDFbzBM8ZZbje6fcleItgIUPhggYFAqmVhtA==
2019-11-13 18:00:51,407 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://staging.biorender.com and key AAdzZWNyZXQxEGt/gt5twn+1U4IoRSqlT5/sJEN887iCTNzm9KwfbndI1g5RUGqjCMjEqUzqUAh2LDdokjWR0Ng5P/WmoruZw3my6t/JQD0yyOBJ3FLAiYfpKOXo6vzWT5N977355hau5g==
2019-11-13 18:00:51,407 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://staging.biorender.com was replaced
2019-11-13 18:00:51,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:00:51,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:00:51,408 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-11-13 18:00:51,408 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_24040bf0f5f33deeadf8fe3608d6458b"
    InResponseTo="_e2dd848af29adfecbf7e"
    IssueInstant="2019-11-13T18:00:51.397Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_a41ab7e985018b186ef023f6618c72bd"
        IssueInstant="2019-11-13T18:00:51.397Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://staging.biorender.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxEGt/gt5twn+1U4IoRSqlT5/sJEN887iCTNzm9KwfbndI1g5RUGqjCMjEqUzqUAh2LDdokjWR0Ng5P/WmoruZw3my6t/JQD0yyOBJ3FLAiYfpKOXo6vzWT5N977355hau5g==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    InResponseTo="_e2dd848af29adfecbf7e"
                    NotOnOrAfter="2019-11-13T18:05:51.406Z" Recipient="https://staging.biorender.com/login/institution/5c49531a34c72f15009afc18/saml/callback"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:00:51.397Z" NotOnOrAfter="2019-11-13T18:05:51.397Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://staging.biorender.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:00:44.223Z" SessionIndex="_d25ce674e952cab0e276b00dcf6bb870">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:00:51,410 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://staging.biorender.com/login/institution/5c49531a34c72f15009afc18/saml/callback
2019-11-13 18:00:51,410 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://staging.biorender.com/login/institution/5c49531a34c72f15009afc18/saml/callback
2019-11-13 18:00:51,410 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_24040bf0f5f33deeadf8fe3608d6458b"
2019-11-13 18:00:51,410 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _24040bf0f5f33deeadf8fe3608d6458b and Element was [saml2p:Response: null]
2019-11-13 18:00:51,410 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_24040bf0f5f33deeadf8fe3608d6458b"
2019-11-13 18:00:51,410 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _24040bf0f5f33deeadf8fe3608d6458b and Element was [saml2p:Response: null]
2019-11-13 18:00:51,411 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:00:51,411 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://staging.biorender.com/login/institution/5c49531a34c72f15009afc18/saml/callback' with encoded value 'https&#x3a;&#x2f;&#x2f;staging.biorender.com&#x2f;login&#x2f;institution&#x2f;5c49531a34c72f15009afc18&#x2f;saml&#x2f;callback'
2019-11-13 18:00:51,411 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:00:51,413 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://staging.biorender.com/login/institution/5c49531a34c72f15009afc18/saml/callback"
    ID="_24040bf0f5f33deeadf8fe3608d6458b"
    InResponseTo="_e2dd848af29adfecbf7e"
    IssueInstant="2019-11-13T18:00:51.397Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_24040bf0f5f33deeadf8fe3608d6458b">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>fatXtMdqazzPnldFWZ/xRjC486OKOOM2JqxWBIJv3vI=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>AW2wc2hqGiPypj/k5oZJJDITMhY2fxrr5BQOD9s9HwxtS8AdsfHlNtfQyC7avBSXG1Di979+G582v9CF/JtkqLFKSwDgLuP4xB4lyyUVIA+HmIDa+xOaEO8KvzBQm9htslLOtbHSrCA57m+jpNRP6KPy5vTp4s/qlR9E5H2anGMUzi7stL04v1RxQv53Wmkc1EzJJzGkVAqzWCH3XNRZsJNDiBAjua5rkCBDD5TUEN7Dte7uOAVzFDGIMOJ43MUWdJV81jlS67j5ymLZjRj9LEYdDpn2NvWR8rhbL3qa5K/+j6RBcXFvygvjbNihLYYRxdkfIgNA70ev15CqSXkqVg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_59ae269648b4c8c185d4415e1b5482ed"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_3547d57a65c36d0350b6e297a51d114e"
                    Recipient="https://staging.biorender.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDqDCCApACCQDP/J75V9akDDANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMCQ0ExEDAOBgNV
BAgMB09udGFyaW8xEDAOBgNVBAcMB1Rvcm9udG8xEjAQBgNVBAoMCUJpb3JlbmRlcjEUMBIGA1UE
CwwLRGV2ZWxvcG1lbnQxFTATBgNVBAMMDGJpb3JlbmRlci5pbzEhMB8GCSqGSIb3DQEJARYSa2F0
eWFAYmlvcmVuZGVyLmlvMB4XDTE5MDEyODIyMTU0NFoXDTI5MDEyNTIyMTU0NFowgZUxCzAJBgNV
BAYTAkNBMRAwDgYDVQQIDAdPbnRhcmlvMRAwDgYDVQQHDAdUb3JvbnRvMRIwEAYDVQQKDAlCaW9y
ZW5kZXIxFDASBgNVBAsMC0RldmVsb3BtZW50MRUwEwYDVQQDDAxiaW9yZW5kZXIuaW8xITAfBgkq
hkiG9w0BCQEWEmthdHlhQGJpb3JlbmRlci5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALboYi2xUWdBKXW/F/D5ogOEP54kaAHhaAb7sab7H+ctKP22iMJQ9dAoVK7kVPJAmOob9hnu
r4WuOKXnIkp7uFW84GfVcDeTQ1ZY885fInksrmUGIgFSkApvUGlDpxXJnSgQZU1Hn2ieVppppGw/
RVGjaZBXNXjYOf6vDXe6XqTg2diJPU/VtJLdv+NoaqauPNko/WOmWiGc8I8bSZqGbONVeiLuvP00
ZcRMAzIYtb6A3o7BFsviobYUeSFYaq05CVNGpj1cHSgSjD3K2QOogGj90kwmEIMv5Ot5KYIRXn8l
rqnx+rhrTlH8py1rsF3rphGteDhKguuxYD3sBgymSwECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA
JffkXmLQiVrh2u2ojK/pgiHLjJKU9g1kxm8R9MWkZ5q4ZcnY5KC2CKaHL8AfkJQUajzZ6q0aYNQN
ah8uZnejNxzEiBDStV43JehuEUKrXxpkF585NOdMRIWMLZEEUWAoqRbm3Df+ePgO4FF+m2dQeHeh
gYm+ydeqklvB8zqEgil5S3QGn9HcamYmVffuqXd5Ou/a0BwiSvFWawkesfdJSWaYXHNb/16UbNqL
DPl6Q2XpsM67J8X1VOVK1TbD4soTVRzDIV7Oi85B2uCZa0X9OMh2IIOOK03pbNM04B7fJAMcASrY
rYwWckJPJLcWyfaRfDL/JJDi0ZLGd09hMxtkzQ==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>JBfk30tAnv6qY5eZBbh9KIgpUoSnGB7dgGLWjNUZtpTo/qnEya4RckdOtEa9FR5Fgd5sGxjahdcv9ZBQtUCaFmpMLnARk7jQBPUqOox2s77oUAiOtGo30xWxfk8Um/QrxFovrOIIuzSCWarC6jZuBsMVy8QcKAy8PgmcICMRX2vi6N06mjNaXZq2EUc2XaJJC9d7EFhwg+95NVGcgZUZQbJMvWv2pAiWCj5kteI+9L2Hh9X70AgK1zBFoWxv109iBT8tR0FjwfwS636c6v14oZXHpbAcQjqGSo+005fUDK2rna8CX3sqedkqmCczlwsXWprArjfLdL7QgGFQdfUw6Q==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>W9VSAZgNQydOUVSpRd6HxGQ3qsdmmNhK70z3HO5KFJTTxNk+7Pd3+sKKVpXGuEk5dY4v+Pf4UXGOExT5FTuo2PbnbMK5E4GwZOptD54/oUWw0f+1ztiKTt4amY+mnW7Gxmum0eD9pBGtREO75Rn397NqOB0EjDXBHY3snsg0e/KMcOfHWodywxCtAGCr/Y5sKXjKR66RBGD/hTqiDb4FXxNVInu8H8hHcptf67r1uw6e7ueaWO/WbNQLY++ysjct8Dj/6RgvtYO2Uloaur7H6noDxgGzY9XTTHYk5aP5wv2SSCFryV0UE+2TJ/EGGtDMh0bNTf05gg5c7Chm8mezIIjV9o5u0Nc1oqjcnS+m+YwH4KiOHp/K821KTYaIDTQQyyarzGMX5iORUO2txwR3H4IHHLv2SyNaZkLajUnQf0urziLiaPBVPr/jJvrhcxFGd/tNF/oY8gC+2zgJ4/ajM+35EvIJdHEd1s9se98Gbk8sAdIyV5KHpjyAG5SPQPSIreMEYzq7hQ5GwA5pr8Ew3sopuc8yqs1pIAwqTt/ktaB6F0rCZruZaOKq99ht4yI3tTIcpFx/iJoRYYUMB3fIUxG9sjSvv7q7JQPduuXBLofRQ3xKWW0eZGWBeyVXLgluSIvxDRzjqiIUDHg7M6963CZs7q/IFabgmZtvt5XHMHYJOpLxTMTqpgvwQdO8j3xmJOFChd1UUhFaYMmFvV7jTSruiRybpj/GXDA4mq3C4RGiPKICSIvXsjoYYONqDz8lKYIKFcGVkVs/n/dxyTgtpK2ZGE8ppHgLkywZwkeUo9apzQZXyjiKknESZOkXPqSMrZ1IMWPp7LBYGn0UO6H0WnO5mYOZV29tBz9Qy3chE8TAF7VXZ+A/wW7+uhHp2eh9mXB5dPQgACzAM3VrkTNs31Jof7DtINZcyCnG+SJndYQyTikrxWFs+iKt4LYZgQd8YbJdfNL1depbcx/ER/CZAwKmclK7AQQIQdi03YnWTy3QngJ0Sb2Sl0YoCQgOaH4DrGF1oxlfmBQhkuR0rFdEcHLs3BRnJeKVoqMWjc7hdb4ZGDqL/FD2uY5csL8YwS4ATJqoeRHY18s5xvcOR2IpIxMnWVuSrsZuULPrstKJrUqKBqI+y2vbzo37UQWlua89cj5RutNwUE00S+HKrkwKzp8kktbSh3dp11wji0yGJJmxrM6bQKAg1fAdA2QimUgXt0kqFWQDYbxOGCZUofbBVkfkDVfaUbjk0/qa7KDHF0I4eyUkPbKBHUwvIrJfmrWaEgCEweHljbejbYfdNO2quFQGC2BDDy1KWvTXz3LXt0bTgnMqXh3o0nh9Id2CL0NqcPUQ1OhcG44/UI8bGm0JPRIK6NUkNXXHctEczIFEaDSUEjJfjL+tNfJd/WFlNtl53f3vwNGs+Z3Am3GS4uQUAKN+/dvt2S4LLev+pPEE5hTmFsQwXTm5v12vk3Nyv4hP40y6bz0nRutmktfBSV+UQm3uYRA2hjgliIQsTUiBDYh9ljdKbkKhYTj8awJkqx8t8Uf6Kadt4m/bL/INFwkPhFZd5xTnjNc8tgU20upADLb2+x9YhoODWkGYmbwvbbDPYpPh8200lIe3ha849AAcFNYYmkVdT1ADkUOLBDlsiZSWnvy1iTWFGFcdXREcJWO0gqLGlMWFOb0Adc114aEPwo4NgsANoIyPK065ENS2w5doaRZo1/TWa8ZScd/xifcH4+oIuG5QK9WKGzoO4TgxtpmGOKMxpIUsMedcXx15iQoROJpezZtrq/Jmhrb8AaUKrdRPIrpOckCWj2JqVib7ax8CL1NDU1jfRFtKnh1t73degQZM9esZu77RsF+qz2/zWZNv/+So28HtsTREWFjBkzctIKoP+PiyvU1rG0d8ntm+4DPkMVxBnayEGWGB8c1ayF4CkCdOv8OhTMXcqiHBUNfRthHy4ar51T86n0hFB9omQuvA+hwl5pXIRCxJj16xuClr4xWBFY6yBv0KY06xXuCKM3g6W7AAnfOrIc7CYrqwCg8iyX2896zswBA/RkLdjvIqiLeBrYICBBWy45uKlBNuNK738MEb7uclLfw1r6po9BjTiF67cW4Hk8CSKfDfVQ4YwAXKnRHRLafuguUOOHvrdcYnC5gV9+BLFORiJ7CmP7/IPm1u5dN3unA0k+GDatab1CxxFpAfazZNdMpVzjSftZmNZbgH+OD6xgcQngJxXlmeIYH55VIreqBIf2cHKiMqWwuEienQwTWoCchxZI7gb4ix3H3Ne6AhgddEJIDZUh/PZH1sQ8ADXfC6U6G2sxab0H+VtNzlMNLb1MPun23X02DATKzIEPMVFCx6YQAvr0zYTdM1htzrf2MQKVfX1WHHfOYOLIYb7iFTr5ZcikdE+LRdT3S5y0oMUpy6Tfs6RK3Y3LphTauCDvl3qnwslS5hsiqFOo8Rnjx4hiwq3NBZnwpkDUD4D0/tezoWSNf2/42NHthX1tJpwNY/3NFsD2kDBBc/B7rW7ANLQV4eShBgxdvwcGY2cjpIdFZViYZ9Fz58b8i99ZtnxJvl+Lpf1pCgd9dJBKdWQW/ePpF3PcclYdc2rG6TC8oKGGP1be12wuCLv+LLntMuKTIBu8BiTlL5TIt7M6NFGsPUSHMYE1P89AHaLyzf0p1I6wHReiu3MCyhQMueStwwSvo7kkJYk7DUyyyZRI5njAemz99kPrMJTJ34xwQ/TMMThAjWT3c8CWTOJ+fGOzwYpmoQjx0FejKq7yGIwK2ybtucbmrqGsDPAbFtOuoD19cRGaNdtUx63zeCNGywFacNQriYU2Fwf+XbDByHfpu4ki1BGWk4WlQPp2FZG531Z87+Gs2w75ho3D1FETA25t3NgQocSAEKWu1QwwNFIl+LeQuNfHlI1RgLIoYGh2ShMQkLKKlHtwW/WJl494YanZCdSGwbTqHORVU1UtXRvk1vvbjTnnsxMa3B1wdeb3S0hDmu2Z2ZTcQMBMfjsDPKWXFCpu7tGgZn4yjLkCzBN1fQYrY+TqyJ9mSgCk/8eez/vp4VKlIqKMoJFNOQq5h21U9EOoIo1xmhyvRDG0ikfavefznqfjaFJZKDnjtcANlcjn4BWHRetwW8Cmz61Tm123mIYhElXvt2mTFAla00SZYKzjGRmCsUQIw5oCECninl15PsvzwYWFNhuIrP61SW+Rya7GJNfuEom/h3hrLHsrtTqTpdeTXiT7JSvM2UUG2m6huKpEZwPltcLdbB5irwBiu5M+Ogu0RfPGfMiUREvmFafryWOsgFUTrZdHMBNwMoplWxj3wB0TyKeGEeIs10ODb7vbIDBlIyadX6MN2d5i5HZ+T3uEjXuwjDNERlX5jspqmPOfbcTdwh3n1pK+U0BpMKeoZ6lVtcn3RKbAGahA7RN8tVc1xCvBkPuxt0a8qPhJcQk/vNTup01VyiRa3bwJctn4tOiY5Rvl9AGHEYHKBbCaeKQVoCkQZSr01vdLypYMmCp5A5iuBcboC4XVgs5XVLVzq2Apv/jSOHsqtpwsMrWKg5n2YwiHU22euFsH+7DOhCXhgoi2RnowzJ9QIeXxSPIxcbnhHB1vScFhz5QRkT5jp+HVfsBBs/ONNIW0bJ4bVqehPAbZScIVI+GRMrk5qPc6t6qCQ7HdS9oGtSNOo9TnjH7GeOl4N6SRXxlN1eDoAtFNvdhK25EJHcPAm/CsPXREkL3lHcn1gfLD1rZ5P98WkaqIe3Snhx3wfMH0DFWac9VG3YRQlvWirq/6mM0GbMk5hFIWODKyppeu0UyyOqQZNgNew0QrNOP+XjdUrTo9oYGMfC7rBoYSxk/L8XRxbyY9bUaGOw/AEotW61DGK2B0nOoVriuehPXMtc7jQC7yCtknkZAhKsJQvo4oHle2A3jSKfiaBuaPRqpUzNQULH6yPSCFiEA6cUBqhha9cyvmz17NWaQAhnPAmeFnZDBP06EVV8Sl183OsCkq1RNoYnhE/P27J3RuiE3Xv2UASheWflIOwwLjZ7gAVFgfS+HaEuScgVpwnTKnrGuUxnCfTtKEsuXMWoYybvGW5XdJ1g3wDGXvnafiGgt09RsL30/Ct0Gi+YbBTJtYgHVa6MERyVBx8B079xnRlFw2+Utz6w3iNWojUWH6L7NiAlBrzmejVsqnY9nXYgm0u7+TZo8rF1wC6WGgCHzA0xfWDj3y2syxVGm9NO606/yHsPP09oKO1t2dBSyHhufo9LJyFN4EN0SoVVcL46E1O/B2ovLcTXbjQQZSkwzMg0oYQneVQlLBQJZC50OY5a8CllJGK1KsxoM4u8+9pKWLfpbgGZ2RtKIbHPIHm9kHYokmM13kEo26xx/LFWSCMWYJw5HWwFZnJMvRWbjfp+fZPO2ClNoJ+70z9BUEqH5tuzCYkOBfzn1SaDxZdtP7bQ6vWGv1fLeCgorJ8DH7OyGMvREyUyIL4R7sqb3uKuMdnGqdbafGPANznipEti/dUm+q5CQ//r2g1P2Duq0H8F0SBlD3/KkGnYlffLXRsVptTAtDv20wYaxvCxpRWdnxqT3250CdRZdwHPTyGrPkC2oDAlRONDY696vWdIucVvRR18BhZO+KtXGiD6/l5GpOIR+0SJafgGF7QcfxuoIVtATKMW6SVkzWmF6ykjQqnGDXjVePJ6KL7PNbGoGUHbqHd+0/VANk2NGTbq/iz2iAZ6YRDkbE9xNaqziU9QHYcNymM35sbr4akOZdQrPTWfhdFuOg6BGHShOqNxEgy9UpgBsiP0KHoZ0xK1ffk7Qxc4xAQNRORGMkvq9+LKyPYeUeK3</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:00:51,413 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:00:51,413 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180051Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_e2dd848af29adfecbf7e|https://staging.biorender.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_24040bf0f5f33deeadf8fe3608d6458b|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxEGt/gt5twn+1U4IoRSqlT5/sJEN887iCTNzm9KwfbndI1g5RUGqjCMjEqUzqUAh2LDdokjWR0Ng5P/WmoruZw3my6t/JQD0yyOBJ3FLAiYfpKOXo6vzWT5N977355hau5g==|_a41ab7e985018b186ef023f6618c72bd|
2019-11-13 18:00:57,687 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18607-GgYUKbIaYxbtFvUYoS-jQqsx5Tt0m--C
2019-11-13 18:00:57,687 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:00:57,687 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:00:57,687 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k"
    IsPassive="false" IssueInstant="2019-11-13T18:00:56.762Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>buZr2UNrU5QO8RK/WA7o8zDRDyPDalFo6pFcaw4Z8d0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
AvnxKqgR3vNmo9Ln7n571QoMkpXP2/lp0rx4sOZ2kJNnn1NPhwB21j3YQbMtGUppLaLtI67V4Jki
u4i8SgDsw8y8XLMt3NaUludFrHWqm4BJUw+ZRJP27sTHmYGk6Hkbnp6NC8aDdTrwQbvM4/2gBsjn
/bOV4Y9KYTXyzfnNfu0i5PF50VGES5eBReUXFsZwJBrRwyWV20/CTYSRAxDEA97fSqSjlOYsrPiZ
ZOG/QL61M6cmJlG46QO+S1hc1as2XoEGgEjvSoSx0nzKfYzpYi6D2fyc9HX+NOwLZVpeF/xCrk7U
w1sZS7w2kDcPwP9rRSV9dUuigh9sgEc8IhETPA==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-11-13 18:00:57,688 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:00:57,688 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:00:57,688 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:00:57,688 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:00:57,688 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:00:57,688 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:00:57,688 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:00:57,688 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:00:57,689 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k', issue instant '2019-11-13T18:00:56.762Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:00:57,689 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-11-13 18:00:57,689 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-11-13 18:00:57,689 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-11-13 18:00:57,689 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-11-13 18:00:57,689 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-11-13 18:00:57,690 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-11-13 18:00:57,690 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-11-13 18:00:57,690 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k"
2019-11-13 18:00:57,690 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:00:57,690 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k"
2019-11-13 18:00:57,690 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:00:57,690 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k"
2019-11-13 18:00:57,690 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-11-13 18:00:57,690 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:00:57,690 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:00:57,690 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:00:57,690 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:00:57,690 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:00:57,690 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:00:57,690 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:57,690 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:00:57,690 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:00:57,690 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:00:57,690 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:00:57,690 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:00:57,690 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:00:57,690 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:00:57,690 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:00:57,690 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:00:57,690 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:00:57,690 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:00:57,691 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:00:57,691 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:00:57,691 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:00:57,691 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:00:57,691 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:00:57,691 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:00:57,691 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-11-13 18:00:57,691 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:00:57,691 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:00:57,691 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:00:57,692 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:00:57,692 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:00:57.692Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:00:57,692 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:00:57,693 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:00:57,693 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:00:57,693 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:00:57,693 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:00:57,693 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:57,693 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:00:57,693 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:00:57,693 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:00:57,693 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:00:57,863 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:00:57,863 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:00:57,863 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:00:59,681 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:81819abdbc486345a24abc14a194f6e08b6394d055a681741b09d933e58d2bf0
2019-11-13 18:00:59,681 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-11-13 18:00:59,682 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-11-13 18:00:59,682 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://testshib-dl3.decisionlens.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_b3ab19ac5a3ca7ed26dc289f7d728ebd"
    IssueInstant="2019-11-13T18:00:59Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://testshib-dl3.decisionlens.com/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-11-13 18:00:59,683 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://testshib-dl3.decisionlens.com/shibboleth' from origin source
2019-11-13 18:00:59,683 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:00:59,683 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:00:59,683 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:00:59,683 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:00:59,683 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:00:59,683 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:00:59,683 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:00:59,683 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://testshib-dl3.decisionlens.com/shibboleth
2019-11-13 18:00:59,683 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:59,684 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:00:59,684 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-11-13 18:00:59,684 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-11-13 18:00:59,684 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:00:59,684 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_b3ab19ac5a3ca7ed26dc289f7d728ebd', issue instant '2019-11-13T18:00:59.000Z', entityID 'https://testshib-dl3.decisionlens.com/shibboleth'
2019-11-13 18:00:59,684 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://testshib-dl3.decisionlens.com/shibboleth' does not require AuthnRequests to be signed
2019-11-13 18:00:59,684 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-11-13 18:00:59,684 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:00:59,684 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:00:59,684 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:00:59,684 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:00:59,685 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://testshib-dl3.decisionlens.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:00:59,685 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:00:59,685 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-11-13 18:00:59,685 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:00:59,685 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:00:59,685 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:00:59,686 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://testshib-dl3.decisionlens.com/shibboleth
2019-11-13 18:00:59,686 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:00:59,686 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-11-13 18:00:59,686 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-11-13 18:00:59,686 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:00:59,692 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:00:59,692 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:00:59.692Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:00:59,693 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:00:59,693 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:00:59,693 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:00:59,693 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:00:59,693 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:00:59,693 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:59,693 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:00:59,693 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:00:59,693 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:00:59,693 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:00:59,768 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'testshib-dl3.decisionlens.com'
2019-11-13 18:00:59,768 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:00:59,768 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:00:59,986 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:00:59,986 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:00:59,986 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1855265963::identifier=rick, context=org.apache.velocity.VelocityContext@79422d9a]
2019-11-13 18:00:59,987 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1855265963::identifier=rick, context=org.apache.velocity.VelocityContext@79422d9a]
2019-11-13 18:00:59,988 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:00:59,988 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:00:59,988 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:00:59,988 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:00:59,988 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:00:59,988 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:00:59,988 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:00:59,988 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 7541b64aea530ddd1a0947a2c250877efcd5c00fb4d819d44f69a0699a912bd7 for principal rick
2019-11-13 18:00:59,988 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 7541b64aea530ddd1a0947a2c250877efcd5c00fb4d819d44f69a0699a912bd7
2019-11-13 18:00:59,989 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:00:59,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:00:59,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:00:59,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:00:59,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:00:59,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:00:59,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:00:59,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:00:59,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:00:59,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:00:59,990 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:00:59,990 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:00:59,991 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@42f03a56'
2019-11-13 18:00:59,991 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:00:59,991 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:00:59,991 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:00:59,991 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:00:59,991 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:00:59,991 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:00:59,991 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:00:59,991 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:00:59,991 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:01:00,160 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:01:00,160 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:01:00,160 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:01:00,160 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:01:00,160 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:01:00,160 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:01:00,671 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:01:00,671 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:01:00,671 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180100Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:01:00,672 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:01:00,672 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:00,672 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:01:00,672 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:01:00,672 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204060672}'
2019-11-13 18:01:00,672 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:01:00,672 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:01:00,672 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:01:00,672 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:00,672 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-11-13 18:01:00,672 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@42f03a56'
2019-11-13 18:01:00,672 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:00,672 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:01:00,673 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:01:00,673 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:01:00,673 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _bf6158c638ba1573f16d1bd3fac482d6
2019-11-13 18:01:00,673 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _bf6158c638ba1573f16d1bd3fac482d6 to Response _30f3022a2c4b7944b125d92550be1ec6
2019-11-13 18:01:00,673 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _bf6158c638ba1573f16d1bd3fac482d6
2019-11-13 18:01:00,674 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:01:00,674 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:01:00,674 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:01:00,674 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:01:00,674 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:01:00,674 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:01:00,674 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:01:00,674 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:01:00,674 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:01:00,675 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-11-13 18:01:00,675 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:01:00,675 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxlZqgkQumN2FhgtYikTDCeDVFjMKxnWOeusWmRIwNISobNDiDZ2YoGweVzXayQkZcrwv6Jw8T/FJvmZ1D+4+7Jeg/gYgXDCoJMiZqRmIcqMGkViSAHSCSTQWp02KWqnND8nvyuxtT5hEtNkw/RCuAAGP6LGlsxT0= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.19.108
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:01:00,675 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:01:00,676 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:01:00,676 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _bf6158c638ba1573f16d1bd3fac482d6
2019-11-13 18:01:00,676 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _bf6158c638ba1573f16d1bd3fac482d6 did not already contain Conditions, one was added
2019-11-13 18:01:00,676 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:01:00,676 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:06:00.672Z, to Assertion _bf6158c638ba1573f16d1bd3fac482d6
2019-11-13 18:01:00,676 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _bf6158c638ba1573f16d1bd3fac482d6 already contained Conditions, nothing was done
2019-11-13 18:01:00,676 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:01:00,676 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _bf6158c638ba1573f16d1bd3fac482d6 already contained Conditions, nothing was done
2019-11-13 18:01:00,676 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:01:00,676 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-11-13 18:01:00,676 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _bf6158c638ba1573f16d1bd3fac482d6
2019-11-13 18:01:00,677 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 7541b64aea530ddd1a0947a2c250877efcd5c00fb4d819d44f69a0699a912bd7
2019-11-13 18:01:00,677 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 7541b64aea530ddd1a0947a2c250877efcd5c00fb4d819d44f69a0699a912bd7
2019-11-13 18:01:00,677 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:01:00,677 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxlZqgkQumN2FhgtYikTDCeDVFjMKxnWOeusWmRIwNISobNDiDZ2YoGweVzXayQkZcrwv6Jw8T/FJvmZ1D+4+7Jeg/gYgXDCoJMiZqRmIcqMGkViSAHSCSTQWp02KWqnND8nvyuxtT5hEtNkw/RCuAAGP6LGlsxT0=
2019-11-13 18:01:00,677 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:01:00,677 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:01:00,677 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bf6158c638ba1573f16d1bd3fac482d6"
2019-11-13 18:01:00,677 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bf6158c638ba1573f16d1bd3fac482d6 and Element was [saml2:Assertion: null]
2019-11-13 18:01:00,678 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bf6158c638ba1573f16d1bd3fac482d6"
2019-11-13 18:01:00,678 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bf6158c638ba1573f16d1bd3fac482d6 and Element was [saml2:Assertion: null]
2019-11-13 18:01:00,680 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_30f3022a2c4b7944b125d92550be1ec6"
    InResponseTo="_w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k"
    IssueInstant="2019-11-13T18:01:00.672Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_bf6158c638ba1573f16d1bd3fac482d6"
        IssueInstant="2019-11-13T18:01:00.672Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_bf6158c638ba1573f16d1bd3fac482d6">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>nIyPEAFarAfOh1EnPX/2o4nIDObNHtCZCrbyLUcPaP8PcWYqq90wsD8LXdXOB8KWzl8tb0dqJl6S41XulGoKJQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Xp0g4rTS/Z2aIqvG0aROhDzH5ili1ygGNojdq6/80wBiQw/pezASppEcs8SYDVIPzGS6P+uBKwafRNcaGdL5iJ6LCa8apOZzyonfJEjE54QjWvQ1/5Y8RsFbnHhE5jAAKRpLRrHWh/oUXRhi0HTiC/lgQ6g2fPv7GcOwW8wBOIULooAhfYPLyYCeMFzgXpwaqZm6/wHGPq5RTXSoCwVtcPuTcVtGZzvq5dbV5/R8nI1ZSUeQINHmriTE9Y8ALfjOj4yrbRoQ47C2X8iV3cFhvFrI8r14O5S3gHcJm9YGe3mMe1A4QBI8cdVxdUF3bWkrUDjTV8peyUwpK0SUoKNhkw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxlZqgkQumN2FhgtYikTDCeDVFjMKxnWOeusWmRIwNISobNDiDZ2YoGweVzXayQkZcrwv6Jw8T/FJvmZ1D+4+7Jeg/gYgXDCoJMiZqRmIcqMGkViSAHSCSTQWp02KWqnND8nvyuxtT5hEtNkw/RCuAAGP6LGlsxT0=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.19.108"
                    InResponseTo="_w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k"
                    NotOnOrAfter="2019-11-13T18:06:00.675Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:01:00.672Z" NotOnOrAfter="2019-11-13T18:06:00.672Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:00:59.988Z" SessionIndex="_83c61b06087cd1f9d14c789d83b5310b">
            <saml2:SubjectLocality Address="172.31.19.108"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:01:00,681 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:01:00,681 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:01:00,681 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_30f3022a2c4b7944b125d92550be1ec6"
2019-11-13 18:01:00,681 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _30f3022a2c4b7944b125d92550be1ec6 and Element was [saml2p:Response: null]
2019-11-13 18:01:00,681 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_30f3022a2c4b7944b125d92550be1ec6"
2019-11-13 18:01:00,681 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _30f3022a2c4b7944b125d92550be1ec6 and Element was [saml2p:Response: null]
2019-11-13 18:01:00,684 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:01:00,684 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-11-13 18:01:00,684 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:01:00,684 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-18607-GgYUKbIaYxbtFvUYoS-jQqsx5Tt0m--C', encoded as 'TST-18607-GgYUKbIaYxbtFvUYoS-jQqsx5Tt0m--C'
2019-11-13 18:01:00,686 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_30f3022a2c4b7944b125d92550be1ec6"
    InResponseTo="_w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k"
    IssueInstant="2019-11-13T18:01:00.672Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_30f3022a2c4b7944b125d92550be1ec6">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>dDX9TSmEtCGYxUWFshlnZdCvHTaJZ8Z9EmvXHXerhuwUyBF8OE8LkOBytBJ1u1jTtBChwDbRtu/1dr/trVeXoQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>JrCHFLS8tzgTw2+ym0dmHHOUIhbT6MkfLbwDIqAEdBSISEJE3puzfn3d+01GwdnSCwVSBEQobDwbY6GF2n6YZC4B9IyZbA+Ojc0cHXaYrM+Qdy9RmwpNu+WQaoVOCFlXwlqtUX2reht/O2vSJOvWrRNjI5V0Ln52GONHmFFZyB3HrSZbuDJnfdwO+Q/bZ5L8d6wsIC4/C2hWm7+VdvhW3z1U+KljHqOFo6mQDNOk8DuH50sxvmi7JmsiPn4H7uBnJr4dTpcvnoShQBfzoQagqiRtPa7U+VdqL+sNgZ0ARlw5u7vu2IGH1sPyWAB59okiYkxvStdaw06IpjRciVy+0Q==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_61b33736ff3d470d70ef8f2d397a9efd"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_a3080a89ebfede6769ce24c752bc94c2"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>pzaQ+GiiclyPced6/FfGUTKuVGz3Ks/9DE7bHZWbUW100HMLC5p/DeszGveuHPrMLOAATGH0h1YIy6TzNvq6Cyku2bAj/w3OfLbAxQeYXuaGK2fgUx1TJjLddjbip3NA3AbDJnMpPWGVW96ePqRdsNWmMhMFW+PExj0TILGP8ZFY1DeYP6sbpVt066HvzHLivO6bvh0mTKXkbWG+muAc09pjevHGP90Ba1aIHnL4OfcnVJCKrKJ9BhsDIhgcVfu1/vSsL3ixDJUbdu6cnJ/kNJ6WRLsAkXUT3ZV7q1mWw4XM1KOrphmmdlGu5ue4q0hdfsWQdPc88InMT8dhrlnUJA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>CN+dv64VJF+/CNLoI38suQf0jJRt72A02V0sxLy6KO42nzpFjafeua0JxkiBMWrXlDU/sTNe27WZQfnLw0PMVOzuGyMXoCAJDErQ/BeZECi+WVe6AeKHaa0wtWy+rWCPTG5wo8eX0C8ahLwYKo3ldpof8KlotzDcGIwB4Iqcv4VBQ0+gGXQfkTfyDqfdT7l+0+36dFp869cpA0VJDs3nN9Y/ox6u4D00en1SEj2a88hjLmE4PTdDGX6n9DA1rNv8Uy5ErUrpYqonJQd2ZhT994KtE9SW8FiQBBAlO2gkBsw1xeFfcTtfp/51wH/l7kLU6GOph2MapbWD4YgL8UljBYXTlAIs6I0FVQeyNFwbuY1WhNSuvSurHJo68egzuV4VdNhO4EtXk/LjGoPv8UQ30H0llydtq+oL4OYEzyjRUEPAZ0v1CCgQqoe+56ROK9NAV4cTTZ5WQuuszGzFWP5/bM9LiZSXMfZSleEhZ/AzPyMQ8k74u57RNq6RmYFXISRZdNA+fjgAg6C1afL52Vydg5LqFRA5sSlyzExZTL8Uw39lu/fxhKBc0nqy9l1Kw8NisCIUxGHJvcw7vMegGv+f61YZykBvvChhdGXdXLEviPEmZMpNLDhLU9+EMbBkyeOKG/gMcUfrNl4dQA/DgZv/Y460e6FFtB0K5V9TzatcXDO0Xym+iuuiKQKWqWkFI5ZGw/sP7amwgvQ/GywnRkGRzQKxXeLe6WgMh6u4DfeXFyJ7bKFqIzqixlBlqYG3RaiooH72gjhWMcHTvVQylGW64ITjcCKbm4j9Pr8Ur1au2ihxMg4V1MtWtTzKEytudeC7iReLnd9BwF9a6u4D2INUsXEqW91kZrNL9rodUs7eUaeJ2tprs0LnM1QqBn5e6aa8+jtC4KbmNCq+ker9uS3yGQ7+eOt5XUD0UtUXgq+xveYMqxNKVrs6ptSI+f7jT07Rsor1MphmIl/F9H75Ql6xVAi6HJc7RactQrJjDbSH3X3y5XHz0Wl5FIsEXdht1yBA/417oWvg/B6XSEHqAzmlYHLeVkiZaRwIIVqhl3FZ8cgykQ016b3sz2qRufWNToy7U76Xz9zCTKldjA3cZPsPEcnIJ9zm6OeHECIJiau5Pk5UPUbJ0vszvsTxzirhMmgXoep8s7qsTBhamD5wybO6hurgg5DM6XQwc5Yb7cyqfXy0s05CGGwRNDxDqget3zehp1OwxCuKaSmZsLih1BJeWHPG06PPHOQPPLyoZUbVUNG0pFoYHF0TCoLkGhXMRY9Ixo6cXPpUpwnBLuKeTwCySDq2VMdkLzH9Qse0rorSg4MY9mAj33D94FTvihWQSPkQQVF3bf3p7ZdyXUlwsXbEE50PcyHm4KKDu0q6GAyp62OPCQJfwMFI+KKg8ccqphspt88K1rJnjlXPmy7iv5dBp8frPn90KCj8jIYrfl/sXQftT985tS8OsRldy/W9IOko9+1MhEuKpDoolNBrK1rAu5Q6J8wjTYxb3d4fKLSRyooSyoqTHmT4nSW0mEiczWxeQuGcjHUhhGdG1FLXCV4pFNKb/4fJcqkuTuDRzmAkFP1BpdS1cLdhFBJeuMds1cgMmdz/K5ZnD/Jixeba77otd3f9VombGYbwIa+/JTjCxn/OYn8mQF/AuFWHQWpn523Sikfli/kespJW2fVkqz+Z2DKcEX6XU49IFEfFagczqEFtutVzEJxRqHLY6MdX6GBAt9TXEP2kCnJA8+LwZVYO3LmWzLoQj2KayjejEPdNzI4Gz174VIttD6UuWKm7dDZu+A28Upf5wj/2kDWpdHDJQK0qukWhI4jHgqpAMUrxR8gjgw5Lqv7QDQywwXYBw2GOuU3vwKHeaiQmn6vzuj9y2lK6fa9d3zJDrmPQwk0+dousN26cQASDCR4YT/cGXWwMn1f8keVnnZdm5JgI5uVr12St3YwcYjJfT4BPJOmKkaG8HujcdyR+k8FLfrpgdJJBg5AITuBE0KKpb2+uWgdVBkH/Y7tKwTOulBHg9jvmi9N2C3DT+EiuMaOCwH2pEkd32egeOFRyXto/UCS2Bizl2Sqo/Q2x+7weKiAwJRzUtnPSSuMvED3Kk9Fin6kQ+/s49PuMy61cgS/Y/B/OcwHbEnRyxRxmNVQDnDsIZjTfQwKtTnlHnZYKySSn7fBA3EI2/zfZN6PVdoRiE2nQTAbhVeS54bQvF5AHPtDdh0AMguQktbOuy+/39lkJMlfcRZD0sHwnrmQO5jeU4AXYkZ3FfMjrzC4Hsg5eza4B2tXzEaDiq1ZcPVa+bHcEFegDFzAgcK3wRhA9/6HODXEFuIKCuJW3DOJ2g34VxG0o05d/0VFeU9Mc+iabsuHk/z2LHdngDASDGYzjSodH1Oj4tg6zpI4p4c3OJiNurU5ubqmmMJ5SX8glvkX3g2Dd9KlUZwsLV6uO9eAhzf7CYKixyiSG4ulJ8aHMJ5wGv5QpCIiILscf6SIhodBElcWj3oQnd/YrbUNj68wqFgF6X6aVftyOqKJrk9bPVYxgSfGp0NQJO8cTcdSsPi/VJwC77NRHFtAN0jLW17cljoheqA/fAKkFyWB5TINxaJZ59AtTO6jaIVBl77I4/Vl4ODmjn1aXlFmBTqK1wP72CE7vdya7cKYbHJLyZQbFYjpezx18qT+qJh2GL4vqo2V05Fmj/s2MGJN+606Wnjr9jtvNlOyDjAzGVPO4X6arY5GswEdzAPSQ5spEcGGTa/fL+qTtPq5AWn7Xq7cTG3DBmM00e8fRZOOe5txXSB0d6DLvP+I0pVg+S12E8DGiqcNRbRhQK6tsh8we6PEx3ZUM8Wn4J7xh7aavfaVmz58JLwsEGQh2ybdwRsU3rEpBJap6pHix/6wHNQ/Yh5ldS+/zW40H0XwBJMf4yH2bdD/LAW3p/edC8Uemrq0dhuQ29nHPnuF4tYXCTlfMB+111X86Wqv1MLBsANRcTRzSLUByfKwl1MHe0XGcIXHB3yl17eqS//+tFOJO/d/8bdGBVj26sSlJxGYmy9Ta3ekgk2SEB9nz0+tW7Up5YEDeSUIyjMTa2E/DS7Z1RVtD9XTXevRoLCo4tMqpPlEMVw47DWCpahuYcMtGaVYa3cmA8XRBtrJ5RTlLFb8um+KUAJ/UI6y2amkRTewOPOSDx/5Q9ZgelaadPezypkzMJymUc/dtS/X8A8/X2nPnsGY1917io3ZPiT1v37j9NjAo2sTnY/a8ApyEdfqMK5Lxrk+T43jdpZCCXfVRxsluBC2t1SU+W5W3PsSj046ZpFD6ocT3PtjT7dQgNkj5FqIsGyL2YV+Xewb8l+qX9mVJwuzNN18KDZSfrAmI/t4pa6ljlNpluxhepFomrM0WktCeE0mkfHQbMwKLbQFbGkVCUPBUBg/Xr4orBuj0l7MjgINA0YRG34MMx0iI8e50haDSXcj69TTt1QgIldk/+iLD5xuqU3kg51Ww90M50DlcxGfBjoPUMDDBNY0cz/5DWQjv0xYt0GhVoBU0oL3ys15rW/LdzPht+PhL5qBHczx7ul1sSYWw1H+xXzUmv9XUyRRkBmpUhm+eSMO/LVqYQKhEx5AP4Lhz3X25/hUrLxmmRauSwYWoYviW/ZrCnAFo84llQa80g7DJzlarelu6xVC2Z6CPJ5EMnpEkuJIyJGNFQdAL+m/R2TXrFmrmcy2rJeJ+rMGIdxxF2GcxZmo5iIUPM8XGudeujohAec29e4iHna5K4FAQ4EtnEg/DNTx03l1VwWRfQCxE+yOpgsAwd7U0orrF61oBhjbkQ42bGLoYY5002UT5mOXF0xWEpR2zfadC/J5qMLVybAyE0rhBBpZb/gEcZ5HK8dUKnIT5bGfiagR8RWC/dy/CCIlGv/gwjJXkFxe3j1QBsJP+gNSLSAd0ijANImi0ZJ8HE4/kIOY+tLu67u9YAPFUvEsLGolSMF4s6/yL3wKPppTRxmhOBMZZN5y6U18ErZx+cuR3nMArEyNaSM3OG5AYWc6oTOSW1KygrWt3fAlCOHqT2/7JS+KBUQ3neRM0w6sgapkSTjbvvwBMJFAtwA2I5+4jXn7vtgObSbe2Td6e3Uy/pm9IugXKvcoVGFZfwT4QL899ZVjB09yyvzEuq7ysSKa+qOly9j4ff7J4h+gKpRUN6xXflrU9H5I4yP7YhJqNffqdAh+FrYLiUISltnhPbEq+pF2Cl9h79SCf/Lrlknnt3xDK2+fxPApx+2+4PVyd0c9P3U2U9RqDFYED1/QCDrIZVH5i4AkEOZABoSzslh+i8BrUZvJs9Q5OBKfJxrNXIzXsGuKHQ9tG4PTUtpzGx15gtasf/Cdqx3eQ/pXeLc8BDBA6dzVvXZ7cpuMYHzmhObjqmQS8UNFFRECsQFXeCpA8OkGbSrdUGedxotL+BSomaDhZJQRE13CBafQOx5Aj5v/Z6MOzMbCuJegsM4RmlmftB/qSvzOgcAe87OnF8dphhtJhCTvByj6g4nZ0CvMZCEnoWD4AslXl5JqihMhsTqAEFX8Zk3Z0c410zse0qZIn4CvfbV7lJsZ1wSzTNJW1vLUAkizKi8UrKqBr4LFdIZwKezZZMmHOiSP41pnofVR/zQX9KfLMFUTCGm4rm9VnfmoIxFQOmBjkLUdvEn5yyKX2HW2pwuXFPdqQeDh8DYkTlVAOIaElVzK4fBK+LXKL5J4S9w0wlyE0xuEu+EWlPsRy+FCCsoWjU7B0XoJ0MzVf6iVWoE0MBIWZyWW3Wg06gv7vxsLpGd8KyaZtMXANsxbJQNpxLqsBik2LIhXEp8Zhi91bsOUecB1eD2HQZyFWSg82QYdDnIYDyoRPfgFy9xE+no8AOMLQ/sTTxTak/60n6DayOL2kHRjaR3DzHvVTrZADMHQLzhVT0M3X+auNeTfolUeLrJmIa5qZHlipcXkGDl3u35iFKvz34dplJRjAzMk4hTj4xX+FSaS5xdd7zmla+WyAe/dCEgr9Rl1G3bz3N2vN1B6bVc+XRndc72q9/XpeQbdPrx9Qck0oEbXWZ8luNftdeNptJEaO5lYSMQHhDXJe6ZcLNIB+ub6a1WM+CSVr+IiV89ZLoZSkvbAOQDc7tvUhRKuprH9seoFTVlhhypvH5Chz0zlzTD80RqxuHSKRFJRGQfI/eFYJH8flxihq+an+UirR3WQYsfwlRzM9i9VoW385LO9pTyz3ATAEiuaw8EJ6GEHoZ/OZCWicVmp9X6sKnNm2JNqwt9K+ITJbaJKvgaMX84uRDo1xYN8zkkIa6RK+UxwjI/phKH4Xusf0NmASq1s6ZRIt2Uen9TGekMZ3V6PbxdDv8wvVrz9e0eO4bEZNf/n6YVjJe1wRvcfHs4vpzbf6pVTzCMAGaDr8goNJV2YysVCQXQi+uu6e3dRppGqtxHUMLkaDPvgTnBI2Kd8V/ZXky7l5rIRlAa+vHQY3ZtAbeoiC7zlkulGdklA7srHINCE085mTNE7NSS5tc0vR/X+3cKCXIp+yp0Hn90wY9cnydaPbSn+2DF5ns02OZzmLv24PnxTe3EScaklaJxIlqcBtVfABGFF3n6PDo7NQoOBWsScf/OxfOJPtGfSBl6L/3I9nUjJ8jy7arWH5CKWjUcSJUpT50eJSMXdPAm6EU7J1HVGNCLvZzKSi/ZzNfmEX5ykwxO6McHNtiBpUYlIYx+ab1TdsE6652LLzoDDyc57gh3UuLRHGYu0LDQs8n0dJ5gaCW1RU34xI0LSAacVMAhEwFvm33DflkfwXHB8LvwClQfqpITtcxqAQdZ6fDqLAUfO3AFVgGA2qnbEfsT06Xsf8j6FWk59ud8Ym0jyqDK1HuyG0wUY/b1ynmidxHAlEsGdtmWloZDWMoIuhbSYiRTWd3D9mYanhKAGzi1G7aNX/PJcouBIHHLq+sCnR3w28UaYrJYOXw+6l7DwMJZZ1ORuP/lpfoJS/JIDcqZLJHhThaaZF9dR4magv2x3LPWS0UaDCdJxiovRZIvhTF2RiF1e1tcSUBmwmxU6QTEb/AEGoWu4mmxPCeaG8ePRluTNO6c8UJ199VX0Qf9Trce0q2gGgMvbE+l6pp0TI/OJ91vBfYzzHg/WOAPE12n0gOBisClqREF+GIxCb9eLkBHfQOpy1gtKDpRYODEtI9RlDlCv9S2vFTlEHG1wHlG6/m+TLKi5x86LUcSUB2FLlFy1y6l4LDGvSGrf1znQeynu0pANAs3kfftQgiFVPm9LmpGV1RKz42h+JbHxPUhoaP5YuMYjo0/oPytUoiOCFw3En3Ke2TTAw2wsX8sh9uOZBRV6/8oGDpPXcS+DgWmsdnW0EVjm8RsWfN2TIhUqmvoFcecx74uT0L558ihja86pW9+OOgaGjjj+E6ZQS7qnkRezN1hT7asIQNTI+FcCPkkH5EJWP7OYFAKFwFdw1++Gg2aNiLw9/I9X3n5K67+1bTKlcDtmQ2yh1UVw+2cJ3Fjf+czhImH19khyyr1ZDevkkJKnsR7P6DUGyV1ChWlmvJQr221eQxpf49RWzwKxJz7HNuur9dN68lLhPCAkLX9TzTp833sngxdpRS8TsLCQlOYY5OPCrIrcaencWMWTLJDuNCu7Q2MNhdlUyFByBQROJui5pmd88YJn4UhHPXYfLh4n61bh7nfqY/Q+iUqcSV7fcSpewKAfAtgE/mbpvq6lQaVCBDslKzF62VM5+rjptYkf3JwXHlnubYqgH4qQKYFYQAtCEnhpXHwSg3fv9kOa3NJ2a1658D/vRCYiCekkt142hRkwY23e0Hf9ocXQrojfNF/W9nGr7ErMdSvY3Y2yJ8N9WzjG6SmjlPlkHOnUE9Paa43LiJFxrrEYA4iL8UwYn8fksLrBMD9l1JsGg7i6ZvVejWqi2lcguAZtUCxqS4gPYLpqsnb1o7nuknEtIrhBj+PfbQIQn428tBOq462Z856PrVHopGHR4cubntsZvjZ+Ej92wvd5u4Hs9adbZUVexkFiLlqD5FehcCw4J+p2Eq6LhegX/QPh0c9CneaQf6tKpbOkIoAByR4Ep+nxvpL6C8RaLV31L8+duvipKDRXjAXmjlHFqzjNfHJVgA1z0JQwjkBQG0le9Dok7c3IVCRla90wvlqZXpNqQjmG+nNUsMwvQsHgTOu5nOz2Q5amJ3x20PO5IRF5gJGmyfXydtD8wPQ8Qnxj2FcPe7jVPQa2UfmKzWiU+t0ZJN0alj0PuAfKMEp+RUD6f5oqxpX8w9JZWaH4B/jfakA/6GVFZuiiQnJOMH8KygDQL0nigd+vmE7xCK1d07UbHP1yeYuP1VzKgIPcy/cfZGJVBD9YYswt1O4m2eqv+WVjQ2BkxYJtXB1zUbX0fBmJVzTMNaMW6ngF/DfYveTfIXls7g3H/RktVfdOXmSb/uMMzrWwXXz489LnWOfvjL9SaAdaPFKpPuU58o8scUn1RhW+7cM/cBMLpsBhJRi2N3aUmM/96UlI4JZrKDZjNd4Z/ANzsp1vOLCP8MXJougz8n+UhXcbnYIuLA5qxrnwsPhxKq1LkGnXah58cH8rtHzgaa8dgv1Mq87qMhhWJzBflGod6vGXZSCm2bhdU5Ezl5F09SJyvV1Fwu3A9+Y54riV+ifSVIiA6ML+Ir6xaS6vkYNTlfieLTL2ko8XF9WSj90/zHPgl+NajnVkUTw2qTm7rMoJMaKrR0E2CYwUbX7B4UM+xEeQY6qZFSfSGk67CTAh/oBDwURtdU/x2cGUGflQo+h9ZAieuE/MjWbGqJDBBZ89VV2g/s1boAs5yLv5Or1EOqt8KC2Igf6OqQSkCL8rQIlJxYL4p71UXS485WIXPWui/D+oB1CP8kLFefqI/v9QvgwMxY3siKqF2f29zzKaOjTyJHYzHmbO3h7AVDhKFvacryZwvFyc5utG517Azq//wFv2oaKzhn4wqyYQeN7bXsg/wNe4cH7BVhHlUAzIwgPJbkyDRNDRTSilSvQtVTzZdPxao70nnw3ItcnxMJfRntPey9M5UV53a3IEFtjt0aJitNnyVqrxJqgRX+UNAjwgZVgfNlHhvRJxrfa1s1MgVu76Nk0fNsik2VmQdjhgj5aHw/myUHAlVuoA/YqdosC0V4QIJxD51muKrdo5ghv1I+Hlw0+FsJYhTu9ciWdL8</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:01:00,686 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:01:00,686 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180100Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_w2flxonbjukdy0pokvbyuatcdwojqrdujriyx2k|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_30f3022a2c4b7944b125d92550be1ec6|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxlZqgkQumN2FhgtYikTDCeDVFjMKxnWOeusWmRIwNISobNDiDZ2YoGweVzXayQkZcrwv6Jw8T/FJvmZ1D+4+7Jeg/gYgXDCoJMiZqRmIcqMGkViSAHSCSTQWp02KWqnND8nvyuxtT5hEtNkw/RCuAAGP6LGlsxT0=|_bf6158c638ba1573f16d1bd3fac482d6|
2019-11-13 18:01:02,611 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:01:02,611 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:01:02,611 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@154468857::identifier=rick, context=org.apache.velocity.VelocityContext@26ef865e]
2019-11-13 18:01:02,612 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@154468857::identifier=rick, context=org.apache.velocity.VelocityContext@26ef865e]
2019-11-13 18:01:02,613 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:01:02,613 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:01:02,613 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:01:02,613 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:01:02,613 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:01:02,613 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:01:02,614 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:01:02,614 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 9b16d298cff562242d113307648ee732857be7891b4f1ac9a6f3ba3ace883fcf for principal rick
2019-11-13 18:01:02,614 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 9b16d298cff562242d113307648ee732857be7891b4f1ac9a6f3ba3ace883fcf
2019-11-13 18:01:02,614 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1c55a5a4'
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://testshib-dl3.decisionlens.com/shibboleth'
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://testshib-dl3.decisionlens.com/shibboleth'
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://testshib-dl3.decisionlens.com/shibboleth'
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:01:02,616 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:01:02,617 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:01:02,617 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:01:02,692 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'testshib-dl3.decisionlens.com'
2019-11-13 18:01:02,692 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:01:02,692 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:01:02,692 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:01:02,692 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:01:02,692 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:01:03,437 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:01:03,437 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:01:03,438 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180103Z|https://testshib-dl3.decisionlens.com/shibboleth|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:01:03,438 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:01:03,438 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://testshib-dl3.decisionlens.com/shibboleth'
2019-11-13 18:01:03,438 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:01:03,438 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:01:03,438 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://testshib-dl3.decisionlens.com/shibboleth, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204063438}'
2019-11-13 18:01:03,438 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:01:03,438 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:01:03,438 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:01:03,438 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://testshib-dl3.decisionlens.com/shibboleth'
2019-11-13 18:01:03,438 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://testshib-dl3.decisionlens.com/shibboleth]' as '["rick:https://testshib-dl3.decisionlens.com/shibboleth"]'
2019-11-13 18:01:03,438 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1c55a5a4'
2019-11-13 18:01:03,438 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:03,438 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:01:03,439 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:01:03,440 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:01:03,440 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _f12354a1bc3cb0dfb1a3f6c25fbf34da
2019-11-13 18:01:03,440 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _f12354a1bc3cb0dfb1a3f6c25fbf34da to Response _1461d72c78c5f91cdcc3ab6166872786
2019-11-13 18:01:03,440 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _f12354a1bc3cb0dfb1a3f6c25fbf34da
2019-11-13 18:01:03,441 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:01:03,441 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:01:03,441 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:01:03,441 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:01:03,441 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:01:03,441 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:01:03,441 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:01:03,441 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:01:03,441 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:01:03,441 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:01:03,441 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-11-13 18:01:03,441 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-11-13 18:01:03,441 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:01:03,441 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:01:03,441 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:01:03,441 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:03,441 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxF8WJeLDmtVBwqZTmc88w6Hvc4VnSyeWUXvsQb6SpeLx1JH4bzk4k2BYLlSzDIgwoSuQoCruYN7IQyYwLtY5YrEOtXtMoG7+PQNYYb7gYD7gLLuHMuPUsLjAcDgQKcsFGnkAGHibIeaDoX3O1IE6iJEc= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.19.108
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _b3ab19ac5a3ca7ed26dc289f7d728ebd
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://testshib-dl3.decisionlens.com/Shibboleth.sso/SAML2/POST
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _f12354a1bc3cb0dfb1a3f6c25fbf34da
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _f12354a1bc3cb0dfb1a3f6c25fbf34da did not already contain Conditions, one was added
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:06:03.438Z, to Assertion _f12354a1bc3cb0dfb1a3f6c25fbf34da
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _f12354a1bc3cb0dfb1a3f6c25fbf34da already contained Conditions, nothing was done
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _f12354a1bc3cb0dfb1a3f6c25fbf34da already contained Conditions, nothing was done
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://testshib-dl3.decisionlens.com/shibboleth as an Audience of the AudienceRestriction
2019-11-13 18:01:03,442 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _f12354a1bc3cb0dfb1a3f6c25fbf34da
2019-11-13 18:01:03,443 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://testshib-dl3.decisionlens.com/shibboleth to existing session 9b16d298cff562242d113307648ee732857be7891b4f1ac9a6f3ba3ace883fcf
2019-11-13 18:01:03,443 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://testshib-dl3.decisionlens.com/shibboleth in session 9b16d298cff562242d113307648ee732857be7891b4f1ac9a6f3ba3ace883fcf
2019-11-13 18:01:03,443 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:01:03,443 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://testshib-dl3.decisionlens.com/shibboleth and key AAdzZWNyZXQxF8WJeLDmtVBwqZTmc88w6Hvc4VnSyeWUXvsQb6SpeLx1JH4bzk4k2BYLlSzDIgwoSuQoCruYN7IQyYwLtY5YrEOtXtMoG7+PQNYYb7gYD7gLLuHMuPUsLjAcDgQKcsFGnkAGHibIeaDoX3O1IE6iJEc=
2019-11-13 18:01:03,443 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:01:03,444 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:01:03,444 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-11-13 18:01:03,444 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_1461d72c78c5f91cdcc3ab6166872786"
    InResponseTo="_b3ab19ac5a3ca7ed26dc289f7d728ebd"
    IssueInstant="2019-11-13T18:01:03.438Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_f12354a1bc3cb0dfb1a3f6c25fbf34da"
        IssueInstant="2019-11-13T18:01:03.438Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://testshib-dl3.decisionlens.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxF8WJeLDmtVBwqZTmc88w6Hvc4VnSyeWUXvsQb6SpeLx1JH4bzk4k2BYLlSzDIgwoSuQoCruYN7IQyYwLtY5YrEOtXtMoG7+PQNYYb7gYD7gLLuHMuPUsLjAcDgQKcsFGnkAGHibIeaDoX3O1IE6iJEc=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.19.108"
                    InResponseTo="_b3ab19ac5a3ca7ed26dc289f7d728ebd"
                    NotOnOrAfter="2019-11-13T18:06:03.442Z" Recipient="https://testshib-dl3.decisionlens.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:01:03.438Z" NotOnOrAfter="2019-11-13T18:06:03.438Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://testshib-dl3.decisionlens.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:01:02.613Z" SessionIndex="_ebf000e270b8a8dba410e574e03b3a51">
            <saml2:SubjectLocality Address="172.31.19.108"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:01:03,446 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://testshib-dl3.decisionlens.com/Shibboleth.sso/SAML2/POST
2019-11-13 18:01:03,446 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://testshib-dl3.decisionlens.com/Shibboleth.sso/SAML2/POST
2019-11-13 18:01:03,446 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1461d72c78c5f91cdcc3ab6166872786"
2019-11-13 18:01:03,446 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1461d72c78c5f91cdcc3ab6166872786 and Element was [saml2p:Response: null]
2019-11-13 18:01:03,446 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1461d72c78c5f91cdcc3ab6166872786"
2019-11-13 18:01:03,446 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1461d72c78c5f91cdcc3ab6166872786 and Element was [saml2p:Response: null]
2019-11-13 18:01:03,448 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:01:03,448 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://testshib-dl3.decisionlens.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;testshib-dl3.decisionlens.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-11-13 18:01:03,448 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:01:03,448 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ss:mem:81819abdbc486345a24abc14a194f6e08b6394d055a681741b09d933e58d2bf0', encoded as 'ss&#x3a;mem&#x3a;81819abdbc486345a24abc14a194f6e08b6394d055a681741b09d933e58d2bf0'
2019-11-13 18:01:03,449 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://testshib-dl3.decisionlens.com/Shibboleth.sso/SAML2/POST"
    ID="_1461d72c78c5f91cdcc3ab6166872786"
    InResponseTo="_b3ab19ac5a3ca7ed26dc289f7d728ebd"
    IssueInstant="2019-11-13T18:01:03.438Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_1461d72c78c5f91cdcc3ab6166872786">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>XYxMINK69h/CwOdph810NW5hsXeCdBd8Mw4k+Qz1zXqI+L45ZEeNco6qtYVxLTFo3ClfPjdkrw6WLqz5dIXGug==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>oiQZdWBdR6y5r0iXtLeECPahaKmRO1nRHSZ5x4a2TcjizcA+UJIOipyjB+ZOjOsmr1mCsYHH2qfrK/jYbEBlG9H1G2NxcN9F8iiBxF+XsE+HreKKvD8ITb7ZrDgDtcGgG0v+npPGLceDAkJhPYDslkKHTonzi908BiQb39nxWixRPU8zuyOQEPQ/inGotyz+es04ajL/cj6vMdhqUEX/4QptF/YDu5vcBokR5y5ZSR4H3lgSBtrch8pRurNpaeWFPmaAy8jFMvPIfRs7WEDo/fR7YjSWwKvV+JTdOJ0igAZtzIpXwDjFg2O6M1WiMRaliZ9W6VEuKF9W3oWtmddfVA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_8ae09cddd9aed916d860512f0553ae9f"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_6dbb3c2c2b8b9c8d67da7c38f84ad35e"
                    Recipient="https://testshib-dl3.decisionlens.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIC7jCCAdagAwIBAgIJAIt4c7bMoguvMA0GCSqGSIb3DQEBBQUAMBgxFjAUBgNVBAMTDWlwLTEw
LTEwLTMtODQwHhcNMTUwNzE1MTQxNzU4WhcNMjUwNzEyMTQxNzU4WjAYMRYwFAYDVQQDEw1pcC0x
MC0xMC0zLTg0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkVYsD3XkIrZ9CMty7Yd
IaMLJmm5refA2BrVbdOa6FPJcvsRX26EFoZaevRMkqU4Vp9UUpVwjZrLa7Gqq8/vq77ZAsL7D3Za
7tubxdyqzdzts5mjtW0KFbsR1ENHrv4lStoTOS8eIRcEP0kzkXKqEBJK9LE+2FGeCwW/hCgJys1r
Cemv+B34FPR9F4GNaqrLw07I4SrduLinKSs70hwdAVFDBqxZxXFDJTXz2ivCIXlJEhP47nQDEysj
8teOKMldXzOfCCs6zo34FBH7dWWLxphvMEpJBxkaHZd0v7WgP+T3czalr1WWs1ZJ4LAqFlYOW3wr
r2/Gic0Nxwj+XdArKQIDAQABozswOTAYBgNVHREEETAPgg1pcC0xMC0xMC0zLTg0MB0GA1UdDgQW
BBRVjkIgz5pN9ywawCgIFrygPb0u+DANBgkqhkiG9w0BAQUFAAOCAQEALiwnGeiG64zH//eOk96v
5nnBUz5jdysnbSIoJs3n2tC+B0UQoGUVM6MQu2WDVAWxOUCCay4XEYW2jw+9yKeRpjdA7A1K20Rq
4hwFmoN+jb79nd2r6CQxdHXJvHNQ7AvpKO8c0NYONu1aI1eH5VABvMkS3QtXCb3umf5g96SkWYvI
dZgMWi+fF4iL5SI3dKZ8XWPN+RU01NgVUC49hgx5EqJlGt8GeSuO/81BV0OrcXEWwM+l0KSbtsfH
P1fUXuInGo03sjrf/wvwl0AmS3cGpUtA5dCC91pXECwKdbSTVHMMPTqSt3AvGDjbYyUfI8kRDU+R
Dvh4DgRNOOiax5D2ug==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>D6J84F8/huC/HzhrCBQZCqRVPrylUQ6pUbaaC+7Vg3Hh7kWvj5qDHnZ9amZrt7O1PgzsFmG3eCQLQELVk2llgGfL56IgmElbdT1llP2Phj/4f6+1YAizIl7VjNTxAGyppqGF6b160wFJBOn+qfRKQloaKEsnjqSj21OMeb0ArhDBVN2m6VexEkeH82CJnbKujOTDFu15ZJTW5p2H9OFxjciySkvPfloRT1zO4laULRMLsuOyxIESl+9DVCt0jU5vKMB48u0ATnRqtydUhlaL4CRVcccmfLChZR9vRH80hx8xRpNf4UpzV/k16j9luzWe376TTBQyxYdgZDSz0LeZMQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>YdoJ0+psDb4teabS3MxqAmDSlQkOWqwI1RWXp+eC8zX7fC9FkglYAM+DDRbJT2+HT/kkBNuQQGBSDg0D70my+ICAGVyfhdAtQofKWo2FHSwNUWe6cJxmjTRPBwbDOpk006ciMPsnuoYSQqJArfszNSGqYRcrA250ZI8wROH66BZ/up1yHhhkNvDpXf681vZZ8IEpqTLS1NTDt5DvqA0BxFVQ0gYec8nBj5AMcmotPXaIkO8eBp/XbxuoyQvWDkzcQZKW0yE+Khw/4qT9hxUy41VkKeXxMbN7ZLUkBUTM6mzpb4kwxk8Qfsy8A726YY31m/vrTCsMsraZHCm/1jK/iNLimtD6lEz9BMrG8d4ps69FYE4gxV79RgX1/Ct29TE8eRT2y4dMMc4UzA01ejyfX4O2BWF/BtWbuq9YS4xEiwjGoS5fc2YP9v6AAI0/zhekuQOYHHI3LcpPEhqLRn/v3LAmosHGL62FZ0TjQXvNDRw9wWldKfRQtZjGxKV+D6aZsIG+iObnb0PyNcs7D2gdTa3wq/OfY0fVYKJzyvDT+5dLg7DNNuoMevYAPvsz5NkHlrl68ZdGJqW3O/3Z5YEXpaXsLYotfpjQ4kvv4WKv/ocmPM8LYwxcbkaBQ15Kjrnb8VVFMJb+R/LwhaqznpG1er+eLvOmJQReydC/S1/6hQTYmvh0zKqLun/C44JRSUwKbtPRU/TUkB3ToJ0ejAWis9OBFEObtjlG6lZ0xDJteuRzHCKMqbWNsBw59dCybkZdXCjBsu4eiLGJAwImpZI3QRL0gfc604LjVWiD2RG2VWK8WD2Eh9Z8ds9E+bD6MYNY8clEW1VSYoyyR6+BaspFiPtjBJaT1rorXrx9I5P7BHb0LZX0fSQjRQflLPkzJL7im94TLnWfEse6Eg2FVPF0lnSEnKFusLNJJX3oO0Og2Zk3fCfIoCZpVu3fEsEOwvuRs0Si4K3kscSE5I2XAsdAilp2UdEBKHhfIwIVbw1TaFpDdfFraz6MK407IbTx7KU//zS0+cIZyhUMmuoTgwMQ9uSjvg7AlfWQXE5hm5x7jiO+tNP8XN4WqQKjk7cPmYgs5X2aA7SM+WQsVJjGCrBs5sCfiRrSSKxYgnH5qdiyUUEEHgrDcx8CmSuxaetA9CFhzSaH7rQn+hspr7Y7LF7Phb1cm3lBI1/44/HMNLWYDRNpWrJP/OW19HqrQnN6gzGUngYUm3o7nXJA5tTKA3u44ZNXGLuFnlveC0nvGAK6AjWKJoyIctr7zWwd/HxCf8iAT7gn8r0Inkh5KTFq5+tiN/EvkHV3brhG5iCKbDNSej48CkoyRulA1yCFU9U2SjznTEoYH5OgM4gboqt1N8BZK0pEG7ewTfIs2T4PGOAVVBQar4NRZRw0mvh4Kl0j2kjx3THI6GlO2kCr/m9k8ovX9kxCvy6B8CgoJ9cvirhEK8NIggSlRH6hC/AHuO1yWMwwlutAkeZFQ++zB9dI1rDiJPl60pXTpT/Q0Ol8IHnN9xMxdR57IcYdknV070AEeEGKeFrv7L2eDH0nrGcLUMAsJPDRgFeT32/dAZVIXybsxPCYp+Lj0dUIwyWaY/kTw48rzREoE1p9bjBce+xCZPcPrhjjbtmecsN7k0gAuWgJ2cVG1gKsnFqGRpYBbyKwhzfee1hJqHaHE3/roxGyDQZzJnEPyh7EdfiJv71rF/AO0xSjV4/ROTb5joZHSDkbbHpSVSJ31wIdS4vhIuiBhPZ8D+WPRVA6stNI/8XRKEp+XS+NQIGZO5PdhudkANqbomwarJ5TMuz684SF0Bb5kd/7oaI0jhX0yDoO8aY0w4EW2zHpY43WqXml0SKhdsdWcgRV+vcCq5s38wIvQKdv7vjAOhto6rkFzDIxAKOV+2S6OzWFpUP0Fmj4VNksyUq9Kwoa6IHdjw2GL76DjuSf1vSBrfn/8/REueqPXvD4sQxB5WWEqjFtMdrNzqbfcd8leCzOhDP1aECwWai+rMukHxK0i1B7kY5We/KfW+sxYrVFFAx1qgDFgYFM8DaQ+VHTb/qThT3NuzaXQe+d3YabxrkCvGfEFGeanuC6j04cH4cu4q7/RmtHwxfdB5lRD4Mvzj2YZNkL3Bawp4mdgjulTMuQlQlyfuWb8ord6HnxADbcGIkl4tgi29XxpYrA0hx6sscYAtd9U6vvwlHi4BtmJzauX3XKBUupX6YkX7ZvXF/l6DZT4AFvvppr3LmIvDjIx0hjKYEsBx7ftAjzDyn1xXH5BB0bMFCmlQKtXT1W3AFtc2Rro1elS3bNQq+2hRHUMeISvpGHeXKkXbshJQ8QSNZwhvoJepAPHuRq4f8n01S4dXzupPzJmRg+cn/5BfqtA1eHAH9aIWZlw8tGKAdbeCOZ5Tn/ZT6ycrXScnF0YF4q3IW3UDDrcChi+Ie33QrPApKwUOhgqjp93mwmMn/5jtU62tfGzNaHwjzbj3qvrqQMPENmVOOTxBGnxunF8QDLX4BWuzvHR9vATkbXLkdfy1tDIoqTg5PL+Yp6nnlLzwkPSWsMfBviNcAmC9Fzj5ccRmGk4vvaEEi1L10WUIfHuxkhP3Gk4jP39uorgHawEotX5YRR7PdpZxyqUpl6jO9F166R19M51HFASw3tTrMyFBk1Ecpxzd8GTXxsD3H672tKXBjGDwldXhS8E3qMm+inXSqXE9EjCMJSpjWI68ktptNismARZMk5T+0QG5LQPmfYpKtc1VjYacC5Ua6p5IG9lZOk+S7TA9mxFVmu99aEnnKAnK0GdO03S7mgxvo7gltYyCnGUhU+uaY3sLpCRuTdxK1wudpB+AKnF7x/73/4Txze9Zrs4HvPQ2ibBMgyhnK2BOfcPgup8dMhndD0KO92ubOqnBRzuE5C9xBHQmwDBMzY9JqqhSLxwK6IerChrZNVY4aSeAV5H5UHR117xCCI3LlhP5liRuLhI9rrXpkWD+y6V0aOvd1ZQBM5Pq0GHZ2gFvdFvx2qWBOCVwibcpE8VJREsu1Xlq5I4PgrCioPJhoNfLEDy4BiaLJRAhnZYsqcaC/W3RyUPOC+UhlTqWAYCGkrUiz8nd6+DAeRniaciHtyuewYr4yEZF0ZN1yk70l5fggUdmdqzkkislYSFdTK/c5xtOusFEOXHh2TuQzMEmwTKXNc6dmaFcIsWorOVp2h6PvhEUOPnxns4wWnmFA43YTNb8USauaj+0ZMVzoUCI8T0tTZ32e/pb3z/Rv7q5UfZXffag1WNlrSeEMyTA3htnc5i348viKSctR/TJ1b7/OKNBYYmFbYGIsNeued+3bznyRH8OJluL64MSNYx3QKPNuZzk9P0PB9gmqL6gZfjV6lqfHJPXXvPIqX7Lu27Alh8vHvTi082vMWMAgcNl8CQBYRvCw06UNnNMfkQoWZ7Q91/qFP4sQqDiuvkUOPh2A7QJnZSN+FMxCw+YBYXXefOSVomcNA6EF8OaYtXzgbBmWZ6Uj6Ha3f8ee9Szli+qTh59Yup0Xbpd/p3IHW9/qJgjKydmGA0wwB/627ogiXWsJ9TtFL87AvOZ8dcBpiN0tLU+oH08t+rS2wbNPoO8Bzai5mGIG8JMCex5PYVnm6q3GwlrovZ0UvVoXBWJ1NVW7nfabCxyAX1mxpaB1Ybpl1qDlZz5QE53IW911dwKEqgADPCsm3m760IYZFckkcw/UizuFYdkYifaFVHdbvFfIjbXX2UKac4Av199hAmSJ0Y1DnvNSIquq0yzp0iCRy4EU0zBJHp8tAduChy/6IG5K0JHmR0FfBt2OBwp4aKhnviuqI+WeoYCcvEQ/o0IPUBqmp39u2jsKm3bZvsfCWawUwVL4AHxCY4ReKz0xmZbdeSJlVGdZ8DVjug4gj4qFmlpn2F2PWZdwChbXiYS9uG5GmKeRdlgwsK8U8EBTk4Pn8szhHoxeOaLQgl4GHdvnNqtzLCYts1/VOktSVjNsknt0f1jUeDtAqvcth+7wEyCXEgpNsz+bu6TeM7t1rFOyjNqHkhlaesBPMAsZadgSkA9BgUZXXBBxXPVcu7YMTg7lKSusbOsp6wNZB+K+sroh7ir70aw3ekhDrNq+Jsr8nzfElVA2EsIbHoA2PuvXxjlZ436SjA7FtbSGs4n5bMc2svUxmkTWQY4aetI82BMB5HhMZwirV+ByIXXpMSPqd0X5974L0wURX10x7YfNGEpV+Q3VC373HtrG9FfGdaw9iHyr+lJEEX46/R4b+Gy1DZ9eeCdjgBkDT2Ef3hqSGkw9di1BwxCjfZTZKM6vbCtjVQjFfxscrikU2Fk0VZvavlJDJjI7oxm/85tvC7x3zJ1+ByIueqMbqf9F0boIogYosX+Ffg1ZlJOdqHSOFGx1UvY2b4g2g4rCV/cG9PvPlVWDfxZif2YqZMzcCMPnNxqaGm5/xtft4goMtbIRgYuOX478ON+yWMjyhKId1Ko6AHlipDGAbfrp5VVS9Bo0y0kNuKukU6v3LZB/oi/dC0P+18ZPHeHJ1VaZ9ZIKIaSH5Bz1aeGI82/UMfUXN7o9eJ38Xsqz1Sa4fNXS7TH901RZfqyQGFlKLNlRMyGf4T04B52OLRlewf8N526sUwoX3UDy/2B+/QDvZ3PzWfwruNEU+twbMPookElbwA3znSS4O4F0W92KJu8I6a5n3JF47IvuetYn0zgeXmvA8uOdce1fBAKcTXSETRqBDmjfblUotjXBHTd2WoE7yMI4qTSGI19CSd6/u5yo2iW5tDkUvo+ENWXt3HWCg0Oqu6Z4OVcRQCfQJSUbchDv7JUkk0vKIbPRBIanoPsfslF91SwXgwmqUkSZ4isWrv6oJgzRyJCHgfg3LVEQcdhTy4oDT1RTEdJcOeneeXrxQEOYnPqxXYhMPo60=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:01:03,449 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:01:03,449 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180103Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_b3ab19ac5a3ca7ed26dc289f7d728ebd|https://testshib-dl3.decisionlens.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_1461d72c78c5f91cdcc3ab6166872786|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxF8WJeLDmtVBwqZTmc88w6Hvc4VnSyeWUXvsQb6SpeLx1JH4bzk4k2BYLlSzDIgwoSuQoCruYN7IQyYwLtY5YrEOtXtMoG7+PQNYYb7gYD7gLLuHMuPUsLjAcDgQKcsFGnkAGHibIeaDoX3O1IE6iJEc=|_f12354a1bc3cb0dfb1a3f6c25fbf34da|
2019-11-13 18:01:07,797 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2019-11-13 18:01:07,797 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-11-13 18:01:07,797 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-11-13 18:01:07,797 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:LogoutRequest
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SLO"
    ID="_0e7a674b78f5380ea895820e249b1a98"
    IssueInstant="2019-11-13T18:01:07Z" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://testshib-dl3.decisionlens.com/shibboleth</saml:Issuer>
    <samlp:Extensions>
        <aslo:Asynchronous xmlns:aslo="urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo"/>
    </samlp:Extensions>
    <saml:EncryptedID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData
            Type="http://www.w3.org/2001/04/xmlenc#Element"
                xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                        xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<xenc:CipherData>
<xenc:CipherValue>Dpl34zJ0OgMsGEum0IJ2PTFMWwarpG2NzQdRIuhbt/qkglgkatqNR4WU79A8naos1UzAt1kY6K6n
JClGJKF0zepQcjuRMQNEgKgLfl2WMTHLrJCi26r9laGcWNiC3OwAbQhYxmossv8oE5z9UHok7cTk
nLgtJ6EBjyCtgdO0sAcDWRT65pUYrryK2zLGQXo7KwZB4TXuJxqzvN/7fZwjChAb78ql8Y4broLa
A/CWmL0XFxGz72nbUofKy+YPpXA5VANw3FoNSw9fmzlPQ67ctaLdV4Sb/vi14PSXIjbswdTyolyL
7CLS02kLFrzenxXYTVJbPI+5DXmtNPkkvQ+giw==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
            </ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>cyUOMlCOkyl3IwE1xoH7o+dwHIo6xZGTyA9OC1EuitRAt6bPrDqdcYag9eTwIBcZVQrNGvrqhwvU
daIV0ZT/5zsffA6j62huDz0Ub6FLhVuFyylBiIRweGKOypW1+n2SNKRwokpVSfbij2RLSS3OqA1O
0gmBUVOPNxFh4PDAeKuLZEgH658HBe6+z3hPbohJS71ploijU7rQzDnEa4YbOJYUI3L9HxNqXhiX
1aNhb/8866EzR2oR7jkOTQ9ZiZaye+0cFoU6T5WHCnNjt6dVsaeUgGF/DAy1bfxfiImbu/h1QN9W
21tovmP+NUm0UBEPr7NQ+8vd7LPD6b6tbOsb2p8A3bsrUha1cfgSl3xRl1DpxKHV7p0SSBt+Rwgb
aE6GjCERl/V2q95iL+GyeNlufARETbYOM5GzIdMx8IE+K9Dk2mAkh2vVgsXbgwywtUAQd8oJyx/Q
wA9nkYjg6Ypezp1mfQC5osytyUtn8h8eyqvzGwKnQqnf31VwkfPUoaNuapQTBFhuuYqYHHOZQSLK
sxWBqQfOedZ5/f2RPiUqrAnU0+jPpfGwBO0r3TWc0kI8WSAKIGlJKyltvK2GwUPmaA==</xenc:CipherValue>
</xenc:CipherData>
        </xenc:EncryptedData>
    </saml:EncryptedID>
    <samlp:SessionIndex>_ebf000e270b8a8dba410e574e03b3a51</samlp:SessionIndex>
</samlp:LogoutRequest>

2019-11-13 18:01:07,798 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:01:07,798 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:01:07,798 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:01:07,798 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:01:07,798 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:01:07,798 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:01:07,798 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:01:07,798 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://testshib-dl3.decisionlens.com/shibboleth
2019-11-13 18:01:07,799 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:07,799 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:01:07,799 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SLO
2019-11-13 18:01:07,799 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SLO
2019-11-13 18:01:07,799 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:01:07,799 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_0e7a674b78f5380ea895820e249b1a98', issue instant '2019-11-13T18:01:07.000Z', entityID 'https://testshib-dl3.decisionlens.com/shibboleth'
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=rVbbkqrIEn33Kzrcj0Y3NwU0ujsCFRFBEBFvLxMFFBcFCqlCLl8%2F2Lt3zPTsmBN9TpzXvKxcKzOp5BWDNMknOgpRSbbwVkJMnuo0yfDkw%2FPWL4tsggCO8SQDKcQT4k1saa1P2Bd6kheIIA8l%2Fad5lxdngMQoe%2BtHhOR4QlEPBNI5XmKfiv2c6sKDOIHUI5%2BlttCPC%2BgRytbN%2FpM6f%2Bv%2FQUMB8MLQFcRgxIk0BOJ4JLI0ZIdjlwFjsQvDuIRqhgnIyFufpZnxM8M8M9yOESc0M6GFc%2F9pDwv8waOj2H9%2FfbCYfOQVf1P2n4UBjGHxENN%2F%2FyXmIQRHsfvsJ9yLD734USOBGX7xUEo9PC5KIIleqb8V%2FFk9n8g16SK7BPz%2BCnCCJhJuMi8qUIZK%2FMnqYf9euyewJl14h%2FDc5fSp9581v5b5YCFnXtHkBPrq%2FH%2FR%2FlrDzPsLZA4I%2BIR5OH4OumtNVVUvFfeCipBiaZqh6CHVRXURP%2FpPuyaH3wiUE5jCjPTfe19qdizWXU%2BR%2FyQlISpiEqXfAAMQsyP%2B2XO9rje9Vx9PNNioWYA%2Byfv4X0Boih4%2FQHwchz9%2Bk9%2BB%2FJfq%2Fy9qCgyeEYD5cxoGTP6h6AN0FucRLB4z%2BWrZg6SE7%2FM84YbtijbDNVbkMqXVFbvZLdaHChS5whqt5W%2FVMnIJdbuGSXgF5GZshwdHGEtiBhBmnFYizPXEa3zWW80SZaUt6Bbmlncpt2vLkEMt1IOEPax3S71YzWKWL8YJULyDEc84s5JcKzrVKcL4LiJ51I6dJboK3u7ay%2FSQrHh5emlmJPRNGkve%2FLDd8aPcORVFo7GtrlhHJGjVeTrcHctVfWvvBiUE5%2Boyi6Tucbgl4mnoFkgHPYmaHVKdPi5qpRXYzHVQoDWD0yY%2FSqO9ZFTcAhl2NQ7SNtlYvOARoPv7oe1S95gZbuyjenFx5e8alDR6T5jpNs1e9UXRwqw%2Bnnb7lbtRB6P5MSXG5nq9W4Mwrt7eXqnf2t37YvscCvXb%2FnRf6l%2Fb%2BL1Beo1jrpOZeW0STq1kpkZLAQ38aqkivj4ru0YamzNGLmOylQjvbor5zfdOIBzDXaVOvfPeKgzlXtyi6u70fKDu6fOOGrU4CCT%2BwrNROW9px%2BUXerQvF02TTGN1W0FFM5v8wAwy1ja0bYWu%2Bd4O3PjCbnXb5sybxJg9Okynzt7cGPUiGm7mEtRK%2FSyHS34kLqeQH7RctHFRtLIFJk9QfHGEwmrnmQyGJ9dcnRyV08fL2rgdo%2FjYY4ARuZQo8rzcblm0FS5Xc2eNz%2FEZNHBAewvk8LvRYTnLjAvh%2FT0G0AmVBTWXGsYN6iBWU7ekIsYyxoceyxB0TzcDw0lpZypvCsGwBuLdF%2FTNnHd54prYZXNR4lxcOBFgvCC0E67eJsw8r7XlXshp256SwbYK3R6QeeUyk7cJtWdv41GsD5QGGkkZSFt5557M9UhpVX9di6o80MbzK5tK14i970N8dMOqqYgjWb6IVk1NWb1KGmfX0yXkTzlscyYNrNkI4YY0DsnESITN7d4qlZZZtyzgmH11DTYOAkYJcms3XURlebqdlkvzbNm61sP1YXqzAhP65xEVsNtN7NwKKXPowWWTB0o1NemC2x08%2BqqKB1vSVCVZaU1C7hqrVM4mBdJ3d%2Fmfq%2Fxp%2FOeN%2BXXubIgfV0jNfFi%2F%2FwHdoHtaISvQrghE3wVDhoYjYQhpzuXAiPl1vb5k%2FTJ%2B%2BTN5%2FxM%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Fd8DNjxlnB4yFX%2FYnEbowEXDHS6qYSnjbK4F3oOnFdOX%2BNgvDg1wkv43dmLMSeh8pND8662lM2eJd329p0qii0GBvHa7%2FFbkrSf3UG0o8WIauPaLoN5axHnq5Ykluh3U4nVbjYCjRYDYK6XNng%2FN3b%2BTLPmtLjDmBZ%2FHkzsdaZ7G8nyVwLL5p4js5toH%2F2kAwZe0IuA76bGFz0w9dIvIKmtmeKfyScyCbVKzBWUWnB8NITnm5cIWOAEkHV99jXF4%2BR7SkjcUqBG3350qoAP2%2FuKV%2BUbph6cUoIhoQMWH2w8m4IKLoB3S9lNlfh5d%2BoLeQSsLPClcrBJvjDuGHRTEkg%3D%3D
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=rVbbkqrIEn33Kzrcj0Y3NwU0ujsCFRFBEBFvLxMFFBcFCqlCLl8%2F2Lt3zPTsmBN9TpzXvKxcKzOp5BWDNMknOgpRSbbwVkJMnuo0yfDkw%2FPWL4tsggCO8SQDKcQT4k1saa1P2Bd6kheIIA8l%2Fad5lxdngMQoe%2BtHhOR4QlEPBNI5XmKfiv2c6sKDOIHUI5%2BlttCPC%2BgRytbN%2FpM6f%2Bv%2FQUMB8MLQFcRgxIk0BOJ4JLI0ZIdjlwFjsQvDuIRqhgnIyFufpZnxM8M8M9yOESc0M6GFc%2F9pDwv8waOj2H9%2FfbCYfOQVf1P2n4UBjGHxENN%2F%2FyXmIQRHsfvsJ9yLD734USOBGX7xUEo9PC5KIIleqb8V%2FFk9n8g16SK7BPz%2BCnCCJhJuMi8qUIZK%2FMnqYf9euyewJl14h%2FDc5fSp9581v5b5YCFnXtHkBPrq%2FH%2FR%2FlrDzPsLZA4I%2BIR5OH4OumtNVVUvFfeCipBiaZqh6CHVRXURP%2FpPuyaH3wiUE5jCjPTfe19qdizWXU%2BR%2FyQlISpiEqXfAAMQsyP%2B2XO9rje9Vx9PNNioWYA%2Byfv4X0Boih4%2FQHwchz9%2Bk9%2BB%2FJfq%2Fy9qCgyeEYD5cxoGTP6h6AN0FucRLB4z%2BWrZg6SE7%2FM84YbtijbDNVbkMqXVFbvZLdaHChS5whqt5W%2FVMnIJdbuGSXgF5GZshwdHGEtiBhBmnFYizPXEa3zWW80SZaUt6Bbmlncpt2vLkEMt1IOEPax3S71YzWKWL8YJULyDEc84s5JcKzrVKcL4LiJ51I6dJboK3u7ay%2FSQrHh5emlmJPRNGkve%2FLDd8aPcORVFo7GtrlhHJGjVeTrcHctVfWvvBiUE5%2Boyi6Tucbgl4mnoFkgHPYmaHVKdPi5qpRXYzHVQoDWD0yY%2FSqO9ZFTcAhl2NQ7SNtlYvOARoPv7oe1S95gZbuyjenFx5e8alDR6T5jpNs1e9UXRwqw%2Bnnb7lbtRB6P5MSXG5nq9W4Mwrt7eXqnf2t37YvscCvXb%2FnRf6l%2Fb%2BL1Beo1jrpOZeW0STq1kpkZLAQ38aqkivj4ru0YamzNGLmOylQjvbor5zfdOIBzDXaVOvfPeKgzlXtyi6u70fKDu6fOOGrU4CCT%2BwrNROW9px%2BUXerQvF02TTGN1W0FFM5v8wAwy1ja0bYWu%2Bd4O3PjCbnXb5sybxJg9Okynzt7cGPUiGm7mEtRK%2FSyHS34kLqeQH7RctHFRtLIFJk9QfHGEwmrnmQyGJ9dcnRyV08fL2rgdo%2FjYY4ARuZQo8rzcblm0FS5Xc2eNz%2FEZNHBAewvk8LvRYTnLjAvh%2FT0G0AmVBTWXGsYN6iBWU7ekIsYyxoceyxB0TzcDw0lpZypvCsGwBuLdF%2FTNnHd54prYZXNR4lxcOBFgvCC0E67eJsw8r7XlXshp256SwbYK3R6QeeUyk7cJtWdv41GsD5QGGkkZSFt5557M9UhpVX9di6o80MbzK5tK14i970N8dMOqqYgjWb6IVk1NWb1KGmfX0yXkTzlscyYNrNkI4YY0DsnESITN7d4qlZZZtyzgmH11DTYOAkYJcms3XURlebqdlkvzbNm61sP1YXqzAhP65xEVsNtN7NwKKXPowWWTB0o1NemC2x08%2BqqKB1vSVCVZaU1C7hqrVM4mBdJ3d%2Fmfq%2Fxp%2FOeN%2BXXubIgfV0jNfFi%2F%2FwHdoHtaISvQrghE3wVDhoYjYQhpzuXAiPl1vb5k%2FTJ%2B%2BTN5%2FxM%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: https://testshib-dl3.decisionlens.com/shibboleth
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://testshib-dl3.decisionlens.com/shibboleth, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://testshib-dl3.decisionlens.com/shibboleth' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2019-11-13 18:01:07,800 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID https://testshib-dl3.decisionlens.com/shibboleth
2019-11-13 18:01:07,802 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:01:07,802 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:01:07,802 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2019-11-13 18:01:07,803 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:07,803 - DEBUG [org.opensaml.saml.saml2.profile.impl.DecryptNameIDs:?] - Profile Action DecryptNameIDs: Decrypting EncryptedID in LogoutRequest
2019-11-13 18:01:07,804 - INFO [org.opensaml.xmlsec.algorithm.AlgorithmSupport:?] - Mapping from algorithm URI http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p to key length not available
2019-11-13 18:01:07,804 - INFO [org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver:?] - KeyInfo was null, any credentials will be resolved by post-processing hooks only
2019-11-13 18:01:07,804 - DEBUG [org.apache.xml.security.encryption.XMLCipherInput:?] - Encrypted octets:
Dpl34zJ0OgMsGEum0IJ2PTFMWwarpG2NzQdRIuhbt/qkglgkatqNR4WU79A8naos1UzAt1kY6K6n
JClGJKF0zepQcjuRMQNEgKgLfl2WMTHLrJCi26r9laGcWNiC3OwAbQhYxmossv8oE5z9UHok7cTk
nLgtJ6EBjyCtgdO0sAcDWRT65pUYrryK2zLGQXo7KwZB4TXuJxqzvN/7fZwjChAb78ql8Y4broLa
A/CWmL0XFxGz72nbUofKy+YPpXA5VANw3FoNSw9fmzlPQ67ctaLdV4Sb/vi14PSXIjbswdTyolyL
7CLS02kLFrzenxXYTVJbPI+5DXmtNPkkvQ+giw==
2019-11-13 18:01:07,805 - DEBUG [org.apache.xml.security.encryption.XMLCipherInput:?] - Encrypted octets:
cyUOMlCOkyl3IwE1xoH7o+dwHIo6xZGTyA9OC1EuitRAt6bPrDqdcYag9eTwIBcZVQrNGvrqhwvU
daIV0ZT/5zsffA6j62huDz0Ub6FLhVuFyylBiIRweGKOypW1+n2SNKRwokpVSfbij2RLSS3OqA1O
0gmBUVOPNxFh4PDAeKuLZEgH658HBe6+z3hPbohJS71ploijU7rQzDnEa4YbOJYUI3L9HxNqXhiX
1aNhb/8866EzR2oR7jkOTQ9ZiZaye+0cFoU6T5WHCnNjt6dVsaeUgGF/DAy1bfxfiImbu/h1QN9W
21tovmP+NUm0UBEPr7NQ+8vd7LPD6b6tbOsb2p8A3bsrUha1cfgSl3xRl1DpxKHV7p0SSBt+Rwgb
aE6GjCERl/V2q95iL+GyeNlufARETbYOM5GzIdMx8IE+K9Dk2mAkh2vVgsXbgwywtUAQd8oJyx/Q
wA9nkYjg6Ypezp1mfQC5osytyUtn8h8eyqvzGwKnQqnf31VwkfPUoaNuapQTBFhuuYqYHHOZQSLK
sxWBqQfOedZ5/f2RPiUqrAnU0+jPpfGwBO0r3TWc0kI8WSAKIGlJKyltvK2GwUPmaA==
2019-11-13 18:01:07,806 - DEBUG [org.opensaml.saml.common.messaging.context.SAMLSubjectNameIdentifierContext:?] - Ignoring LogoutRequest, Subject does not require processing
2019-11-13 18:01:07,807 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:01:07,807 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessLogoutRequest:?] - Profile Action ProcessLogoutRequest: LogoutRequest contained Asynchronous extension
2019-11-13 18:01:07,807 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing secondary lookup on service ID https://testshib-dl3.decisionlens.com/shibboleth and key AAdzZWNyZXQxF8WJeLDmtVBwqZTmc88w6Hvc4VnSyeWUXvsQb6SpeLx1JH4bzk4k2BYLlSzDIgwoSuQoCruYN7IQyYwLtY5YrEOtXtMoG7+PQNYYb7gYD7gLLuHMuPUsLjAcDgQKcsFGnkAGHibIeaDoX3O1IE6iJEc=
2019-11-13 18:01:07,807 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 9b16d298cff562242d113307648ee732857be7891b4f1ac9a6f3ba3ace883fcf
2019-11-13 18:01:07,807 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://testshib-dl3.decisionlens.com/shibboleth in session 9b16d298cff562242d113307648ee732857be7891b4f1ac9a6f3ba3ace883fcf
2019-11-13 18:01:07,807 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:01:07,807 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessLogoutRequest:?] - Profile Action ProcessLogoutRequest: LogoutRequest matches IdP session 9b16d298cff562242d113307648ee732857be7891b4f1ac9a6f3ba3ace883fcf
2019-11-13 18:01:07,807 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Destroyed session 9b16d298cff562242d113307648ee732857be7891b4f1ac9a6f3ba3ace883fcf
2019-11-13 18:01:07,993 - INFO [Shibboleth-Audit.Logout:?] - 20191113T180107Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_0e7a674b78f5380ea895820e249b1a98|https://testshib-dl3.decisionlens.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/logout|https://samltest.id/saml/idp|||rick|||AAdzZWNyZXQxF8WJeLDmtVBwqZTmc88w6Hvc4VnSyeWUXvsQb6SpeLx1JH4bzk4k2BYLlSzDIgwoSuQoCruYN7IQyYwLtY5YrEOtXtMoG7+PQNYYb7gYD7gLLuHMuPUsLjAcDgQKcsFGnkAGHibIeaDoX3O1IE6iJEc=||
2019-11-13 18:01:20,379 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18608-fu1BwiVl0yNyYNfIsmcY1eNENt7J4BIg
2019-11-13 18:01:20,379 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:01:20,379 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:01:20,380 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo"
    IsPassive="false" IssueInstant="2019-11-13T18:01:19.310Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>IJTmKHnEMjVs/D5c8vFqVLiD2WwX+SErtWx5CjnRAPI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
qIrU45k0EY4WhJED7ubxwvZpA0QNgk7QNesbba1GsKxwoKIZU9U+z4u9n/5wPrI1YVy7o1/yXrSX
rkK12zRLQQlTdNu2n8EOkf7PaNo1nMQ52CRocrdN+38p15oWhiQny3DtYFU9G2Q+IzDl7L161OUy
zucpOLuZtzcJYgVDBHdF51YkdXNbd5k/OXluTVniM5ylUw5lbNikam9ACQuF9qkJfuVrEfAvZOD6
HPfOmGN4sQoQzBnbo11ZJvTlzN60L3Vrbw+uSFlnWQ6ibmo6LLTHYDS6KGT1SoE2OAbN9A8AVbgZ
zsGB7aQI8bqQB0EQQUfcFKyWPnbC1oMw1T5Z/Q==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-11-13 18:01:20,384 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-11-13 18:01:20,384 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:01:20,384 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:01:20,384 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:01:20,384 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:01:20,384 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:01:20,385 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:01:20,385 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:01:20,385 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:01:20,385 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:20,385 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:01:20,385 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:01:20,385 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:01:20,385 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo', issue instant '2019-11-13T18:01:19.310Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:01:20,386 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-11-13 18:01:20,386 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-11-13 18:01:20,386 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-11-13 18:01:20,386 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-11-13 18:01:20,386 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-11-13 18:01:20,386 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-11-13 18:01:20,386 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo"
2019-11-13 18:01:20,386 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:01:20,386 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo"
2019-11-13 18:01:20,386 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:01:20,386 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo"
2019-11-13 18:01:20,386 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:01:20,386 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:01:20,387 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:01:20,387 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:01:20,387 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:01:20,387 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:01:20,387 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:20,387 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:01:20,387 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:01:20,387 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:01:20,387 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:01:20,387 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:01:20,387 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:01:20,387 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:01:20,387 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:01:20,387 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:01:20,387 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:01:20,387 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:01:20,388 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:01:20,388 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:01:20,388 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:01:20,388 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:01:20,388 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:01:20,388 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:01:20,388 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:01:20,388 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:01:20,388 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:01:20,388 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:01:20,391 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:01:20,392 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:01:20.392Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:01:20,392 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:01:20,392 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:01:20,392 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:01:20,392 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:01:20,392 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:01:20,392 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:20,393 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:01:20,393 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:01:20,393 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:01:20,393 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:01:20,571 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:01:20,571 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:01:20,571 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:01:22,956 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:01:22,957 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:01:22,957 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@114480630::identifier=rick, context=org.apache.velocity.VelocityContext@6e155a4f]
2019-11-13 18:01:22,958 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@114480630::identifier=rick, context=org.apache.velocity.VelocityContext@6e155a4f]
2019-11-13 18:01:22,959 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:01:22,959 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:01:22,959 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:01:22,959 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:01:22,959 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:01:22,959 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:01:22,959 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:01:22,959 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3423a8c9c28c3cbb17eac7d1dc84d4698f3c64c7d1e97ef9a59f7a1322ff70cd for principal rick
2019-11-13 18:01:22,959 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 3423a8c9c28c3cbb17eac7d1dc84d4698f3c64c7d1e97ef9a59f7a1322ff70cd
2019-11-13 18:01:22,960 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:01:22,961 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:01:22,961 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:01:22,961 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:01:22,961 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:01:22,961 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:01:22,961 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:01:22,961 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:01:22,961 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:01:22,961 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:01:22,961 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:22,961 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:01:22,961 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@133a1ebe'
2019-11-13 18:01:22,962 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:01:22,962 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:22,962 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:22,962 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:22,962 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:01:22,962 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:01:22,962 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:01:22,962 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:01:22,962 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:01:23,130 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:01:23,130 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:01:23,130 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:01:23,130 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:01:23,130 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:01:23,130 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:01:25,334 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:01:25,335 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180125Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204085335}'
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@133a1ebe'
2019-11-13 18:01:25,335 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:25,336 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:01:25,336 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:01:25,337 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:01:25,337 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _83355a2b01ca902415cfb4e26245d245
2019-11-13 18:01:25,337 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _83355a2b01ca902415cfb4e26245d245 to Response _1f4d7212867f0821199881d29ad50cbe
2019-11-13 18:01:25,337 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _83355a2b01ca902415cfb4e26245d245
2019-11-13 18:01:25,337 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:01:25,337 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:01:25,337 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:01:25,337 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:01:25,337 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:01:25,337 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:01:25,337 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:01:25,337 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:01:25,337 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:01:25,338 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:01:25,338 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:01:25,338 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-11-13 18:01:25,339 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:01:25,339 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx4zW3boP/Vl22z1ujfxB67hyrWiYnrPkOKhqgAaZg3Yu9VQRRO9pmGfdBwrbMNyCpcwH/VPHRf8SY1hMBM4GDMTZPhzgYJHDjqyXaHW1A05EvCdeIW+lx8KZuaxsMTaY+pDtY5nfquCXaIOQssBsHnfQ8ClX/kHI= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.19.108
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _83355a2b01ca902415cfb4e26245d245
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _83355a2b01ca902415cfb4e26245d245 did not already contain Conditions, one was added
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:06:25.336Z, to Assertion _83355a2b01ca902415cfb4e26245d245
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _83355a2b01ca902415cfb4e26245d245 already contained Conditions, nothing was done
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _83355a2b01ca902415cfb4e26245d245 already contained Conditions, nothing was done
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-11-13 18:01:25,339 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _83355a2b01ca902415cfb4e26245d245
2019-11-13 18:01:25,340 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 3423a8c9c28c3cbb17eac7d1dc84d4698f3c64c7d1e97ef9a59f7a1322ff70cd
2019-11-13 18:01:25,340 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 3423a8c9c28c3cbb17eac7d1dc84d4698f3c64c7d1e97ef9a59f7a1322ff70cd
2019-11-13 18:01:25,340 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:01:25,340 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQx4zW3boP/Vl22z1ujfxB67hyrWiYnrPkOKhqgAaZg3Yu9VQRRO9pmGfdBwrbMNyCpcwH/VPHRf8SY1hMBM4GDMTZPhzgYJHDjqyXaHW1A05EvCdeIW+lx8KZuaxsMTaY+pDtY5nfquCXaIOQssBsHnfQ8ClX/kHI=
2019-11-13 18:01:25,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:01:25,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:01:25,341 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_83355a2b01ca902415cfb4e26245d245"
2019-11-13 18:01:25,341 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _83355a2b01ca902415cfb4e26245d245 and Element was [saml2:Assertion: null]
2019-11-13 18:01:25,341 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_83355a2b01ca902415cfb4e26245d245"
2019-11-13 18:01:25,341 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _83355a2b01ca902415cfb4e26245d245 and Element was [saml2:Assertion: null]
2019-11-13 18:01:25,343 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_1f4d7212867f0821199881d29ad50cbe"
    InResponseTo="_bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo"
    IssueInstant="2019-11-13T18:01:25.336Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_83355a2b01ca902415cfb4e26245d245"
        IssueInstant="2019-11-13T18:01:25.336Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_83355a2b01ca902415cfb4e26245d245">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>Ahi8Kc1JhCybPSKWGbPwxnM5sBFQeXMWy+ZOytldLO+LNzno8Kd4RJCofXUAgoAhgKLOheyq5hz/GrCZ64+pig==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>nVuam/vYmLTxPwXvCZW93mka+tYm4+zPPpLRaWer8KKHlOLfK31wGnD693O7/UTLyMWRy2TBuF3Rf5tTLQhF7hYa229M/76244vcHk2CMh8T9u6CK1dX6kpDTwdH31Q7tdgPytB5Cq6Qf5Aq+HapS5C41k5JWgpFI/sZcn8I+phrEEjC08SwPwlQpFsjYaJEI3RKN0fsYrXshvEP9FCvvkGVws3X2SCoxT8BYaN1goTDFSjVi+Id4leuRuFBl+ZdjJismOQlZkNwDDJyw1Nr8A+P2f/2DlbonuCflvtEj1YS1hRO6ZryX9U+K5sRuoDC/fh83/Y+6KZlpcrhSaPVXg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx4zW3boP/Vl22z1ujfxB67hyrWiYnrPkOKhqgAaZg3Yu9VQRRO9pmGfdBwrbMNyCpcwH/VPHRf8SY1hMBM4GDMTZPhzgYJHDjqyXaHW1A05EvCdeIW+lx8KZuaxsMTaY+pDtY5nfquCXaIOQssBsHnfQ8ClX/kHI=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.19.108"
                    InResponseTo="_bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo"
                    NotOnOrAfter="2019-11-13T18:06:25.339Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:01:25.336Z" NotOnOrAfter="2019-11-13T18:06:25.336Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:01:22.959Z" SessionIndex="_6214e1c2b9396ed4bc3e0e5b5e1909e9">
            <saml2:SubjectLocality Address="172.31.19.108"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:01:25,345 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:01:25,345 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:01:25,345 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1f4d7212867f0821199881d29ad50cbe"
2019-11-13 18:01:25,345 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1f4d7212867f0821199881d29ad50cbe and Element was [saml2p:Response: null]
2019-11-13 18:01:25,345 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1f4d7212867f0821199881d29ad50cbe"
2019-11-13 18:01:25,345 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1f4d7212867f0821199881d29ad50cbe and Element was [saml2p:Response: null]
2019-11-13 18:01:25,347 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:01:25,347 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-11-13 18:01:25,347 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:01:25,348 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-18608-fu1BwiVl0yNyYNfIsmcY1eNENt7J4BIg', encoded as 'TST-18608-fu1BwiVl0yNyYNfIsmcY1eNENt7J4BIg'
2019-11-13 18:01:25,349 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_1f4d7212867f0821199881d29ad50cbe"
    InResponseTo="_bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo"
    IssueInstant="2019-11-13T18:01:25.336Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_1f4d7212867f0821199881d29ad50cbe">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>zNMJRPbYlBk6CP1H56FrqPWsoj02rmCK2ix06MtdVvqO2/Skafak+ph/81igCpDj2PqwSr5jBtznFK+r7WCGSA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>WTJ5Rd8SuR4BJJXbpKRhmLgNW1tO8embvqkhW3gKVYdgoYdO0enXdRlSZAXrgdPjNffLlsizI000U6BYf+xMJoD6rC009SEmgxtoxlYnMn13mAJPZW6D5YBEim/QTXuICdmjAhLjTGyhjsjHJ1P4vGjNk4xAR+OGRvxpetr5oVhtgukvwQ+XOlqnMpx0Iah6Y+CpZpeDgc+QsAhkpXrYb59ITQSxFFIeckGQLVs2QAXITFEMTV1tbRnHUoY6S727Jd4+aWpEmB9RX1bpTaHpUmaZDJ5GE6BR07ZmtHd5z+kYvPXlK9nzZTvM107owrPv86lIVyyyuf5T+yrgRHvy4w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_ac4d77143af861615c8235578b0496ae"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_36fbd1324b30bb1d3333adc8f8e21350"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>p+Z2mAutx65mNPTqX0qz6KOgLWg4pEBG41skILpd3RovACsfowD0gkLcRAdMS0jest0gKMGYXuz8UgmQ7tXszzgP8mmCUccx9bWRWg0N4IqWYc4oDiOZ1amVGfOHuLmMwKY+pt0Mqd/IFiGIaenNvwa67ngqfgCnB4zoG8FWDfbxfMoLK5ObuBZ3wxFvfebBB2ImoM1XN3+jZXDY2fArmc/LArA/zv3v1EtgT4iFfDHS0oJgoP774ou45VZWB2PdOAD+7FImMvCM0SyolHOJBzx8Rl3gk9FHQyc+D/6sa/cFEBIKPXGZgilbrMwJJ/f54RNoxG/ZpI8cX8Ziof8bSA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>fyNwy+R+rW4gCEcc+djmr+YgK0qmzgBM2ExgGmFbLhVJWVKEqYnsv7AXxY1L4MEFBxKpI8SU73uGYXB1VHwkyWhxYAOjbdZQxLOBguh1a8RYKRhVqC0x99xb4pxkFLTGxhzukTQ3uPmXfc4Gasz7dr48gx5JPdBrtoBDFSR/wfSM2FaIFdSMPMUdXqovOY2fyP1OGQJEnmg9DaNzQX1dmUjpoXAQpGfFV1dVunViGS0oai069s38UWQPN74zGjFV8DmVybAA6/XTYVnO327nQjfe5pmJthoqMBHuEATpPV4w9buyF/GqO879iHWfV/7adYS2NdAyqwYFO3tdj6+vozci2d2fejxwmdU73edROcpszZGMsHl37u7dVVfXC+f2L5keDIBEZiobQpVCh0oL+YCY1nd2SdRiWIZQDm+/jgDyE/VzS82kyv5dMYh0tknRd/sVPgJmos+mQWPgrHblLFSnaG6mATM7PIJq9U7BbG7oNIgpnOOpixOND1sJnXm2q0LyKzj0K+PnaRmDZiykw3YqNhvfBAAKc1Y7rosnESVtY15m/GQj0q3LArRkYsDCwF/aHjGgS8hyGE41uMyhhOlnqfozpKU3Gj3Q31wo+oo/DoQOaFpao36EAvnwR8+Fl2N2VIZ5hhG6SNnkqtIHcQ0w/fKsopxBoTn/vaY9jhuTmPiQNLl/BbuTRCvQjWIaOVU8jYQWdb4Iirm2J9SkntlYJZeKV83NkZzsN8dKkByIoMBWNAFIXjf3x119eNbHxFmwgpgLk4OavXEZ0jknrU8NlGpjsViFBpS5jFB8LAKQI1aAf7/CzsE3XuFg5LYDEb5y6jNP39eBwB8heooN3+1wqT/y55crt3qOW5xxaR1xpJ/xXl22Ne4HidbkMDrnuCJ6y9gObmDgyVQV14XnPTKIofcIkxMGb/Hh+OG1TG04ur/vrOGamhyJ8xALUz8XNN4F/iVQovMcq6Vl7zSmW9r/e7ffmPtplNcIqcZ0Sc489L3vq8AotAdCvVfkpGXaR3HCFeharBp/8ph77fuvNF7wcncOnGUm748hxyJVOFEo+qFvCk3GzpBv8FehCXjUMSaDCjtFE+KHGDhtQ71suQpxWRnQ6WGQRKD3AWmXKdLv6OAaRuumhs05Acbro+MHL2J2rCoWBbkq4r72VSm1RcxXJUZ7sIL6t/EpjhxK325kXxNNlKE74GE8uc7+6vmghPeZhUjFL1Us0SW1RyrCKV8vMmnDlZ1LBGzJHCHS6XoGFy03qg60yLTdGVoLjfFP8IRAqXiDZkEvxIXHXQraZ4M3lysP/GOuPm/LnH9a6FWsNcrvk5Ar22t4hSKi+ePYkStxwnWFmczis7h4+/5NggGrRMzc0Z4GU1c+nzsMl9+/2Ggr9NjILs6O0V2Wpy7/FT2eJZvT5eFMDumgBPkR9P/DuhNXzMOmir2HWtPXgcwTtjYtryU8hw8w28YIAEBEbEVWBCDiFx6ZtpSdIp36ym6tx5F2r8Lx/aWRPaQtQHQEZ63fA6zF98FGJEtFLnzjdJ9MHz3rGw5o4Pm9Uf171YqP/G+XXTbWMZl0CAgzRUIQ+Z2tgB0DiKfZeqVLitUcgnGBThUXuj7BsSf//Yru+RMgvz+CjmcmRPbl2/VeOipiYentpTgypEJY/IUFWNudboM+bBIoEmat/ecTcFXuiiR7R37iLwmnWsMCYq3E2OaGsRQSNidCY+JIwV0UsmeNJ8I4Hol/sg4iF0MpL2ENmS7tDs9MSqZzAA/tEAXFD7tJK82grXYtJg9D/K8KgmOBkObSifhCASkxzfm35tGjcAQ6lIgDeXrXEA8M+SGAZWG4KMd7qRafpZHh7s+DTNjJShezCj6DXfwrQH2tLPc5nJyZBXrxTqQJGuSiNGnNU7XQiakhMiMjEASSIgkckpVXFPJsP5AUsDdF7bdYEsV+ZaJTRAZpAUIFXPvV+Z33GIL9whYnoTKMK23iM2p2TnGIBa6y+ZAdTHasxf4hPbzEtxjfC10OhdpOMChT/h1D5F0i76D53+QDHl9OKySYBae6oMaobj6Yei52zDMJaEgFLLmbkNMNDaoAFYYgzikxzEWW33t0B9LPF9qQqBin7NEd3YPUi/JiadRv2AK7A5U8dAYPbEs3cFxJdVehn9iWf9WqZEcaW0toLP2ffXXN1U8FL8U1I98m1uu7D8NyR9D83rB/BmjYlCj/a+KWyKnBnKAVwX4N+oPU0fRUoY78OpRr2xoVFebcGq5TTe4GtYlmQ2SNXudxwLUCAnBc3F5sXrnNk5MDNcGYybD5aTBeH4VUR+FpZYdydVQI/VgGrMKCkeOVq8Lhpm1qZMK+B8g9wJAyPeopSrQpiHp85KU57AnBQzPGdeRO3rvok8JNzsz03PUTjHWJHYmI0gkVG+0Oc1Re3HstCI/4UbyEx1rrsX7rPQMC3Y3FnvcBBZI8dC1kUmjoNaFSsurDp23PiJtNAiqXRKOu9irf204cQ/rAyobRroshENpzxl6w6JPqHaWuEJXXtgOToNxRMHuFct2MVOQNmxx/vn52ilQ6juNoWKg8YMHct43fe/8ngq5Rj5ONFj7P1XN6pF48JPiutGAn+VVj5gwCjRF+lEG/xfgoFWmeH4mTixPpZtwEp2CwRbdijWSHEqWgrbvhHq5A0KmjUofE5NdVSf0tAzT0iQHOIhGqv3OGpy23xecJ6Dgtu1xuRTDYJo+6Tea2rLH211imc7En0eMO9tubwDj7KqLdORSLKWxZn2JUhj0dmGlksLI/DNqsZ7zMoSlvxAfn87dDRc8EZX4NGyD9FBOOYaTWRuZV6XprL+oTq1WyMWBeuq6i67X8yS2jm4tfdkyYcMvTu+8xdzWQ//xMrrMM8xZrp+/svrkyb2/blplEPYYwm4RdSoozWRaqUImjy92fOlVi8GdqtryPvOrukeGp2jjqqwMRIP8u8rSSMSIWB4xvKWHLQXgXE07nCCNyggAC4tbS97VAMaT3jgrH7zgtNUkbZP2QiYPoCxHywBsoDTvSfEtBlNdsNVOa2z7asgofq2auR2zNTiMByrV/15qdnHigPT9dWWOq/Vt3chJpoyWfeK/NEsvlsPCNtkVWrQuTYS+ZBzqdReGb30zWOFlX2LdrLuaOxs49T1wtHUsm0qgqfttyJZuIXrvRHj1NdaqBB3AeITIUqH/7Caoh3FSDA2Zui79FWb+X0PEyfQSmvNQGw6J8WEeH42MoiXv+lykdIrdZYZ2nHyfFGx6sourJDaq/JTZvCbITuEP3ujtIelJi+zZsABcrPDv9vezQ8g3srz36qBbupzZnIpF7V/jmx0I7GmXwzay91cna4o++kMl5hJZIY95NY6IId1tI4mF6ulgBek2QgYcgkYJdt1L1zFYPsXCQ8fQu0gpk3833B9x2/eIBeO02Krq5u59NRYAmtgAa/9lGrW6CZqzA7Uw2EEfrwYQ8w3ksFTrmfURbr/iT4axfwXaMgJPGOLJqZeLrdQTtDxOzjfyqhWpF2NTcWrVHkdvqphMbtM0Cm7XQ1Z+Ncc0Xf32yD2BfXOOzqlK9bIr4bvxEklTC000Gcx56KRtPkj7hTkQYdouDxSbZuz7UejWVfbt2rrWfuyfNbH+4tSjsg3V2kGoEXKKNCfEy/Tn09bOqtUhVOmEj31OQFhCZZlH6kxXAjlD80SU5xifXxD1N7ESkUIWKLLbGrNppcLa+PPGzltaoxJmyz1yssPouJknpTP7l1cMNaSq2EBT66a34oj9h+bZZEJyq+86vgZgfjW6T1M+LSlJ1oyfLgKw9tAcAliR58vmv4iL52D+glLH7u71B7TbdJRcCeNcATFg3+NOFYrRzk3C/xqPg/AUSqRDsDXKKY8RCFqqbhOwuXgHPhNRCXiHyoOYCfv87Z3jKHCAL8lIANTx9/wFiwBUSAckDLe2IGZWWMMecwthKPMSTUW25RNGyufAShFtPyzuboXF1+y6E9VxiSgfUmhrFGtopRlQ8menj7WPxOUfG5L3Avq1DJp+GeoftblL1PPfX4/ZoJNui19SHDNe2adx1JaJpzUp/uGjyraOEDwd5W873efNXZcZz4DZ03wp2yJeNtayUbg4lez3+QgO7J0Te0Eij6kMqiFYVxIMhPq0Id1U7WrLv4QF9lOVWLXX8dGV9e6VzdSsbHYn4PrHeh0VOpm8/T4q87Dpw/7N2FAmcDzUQ16ddLh0sxXCs2TKwHjpc301SemfDzoEVotcswoX9Vb8snV3ZeJsJAmXI080EBT4EtyyCrBkl8CjjH3ybtSFmi6P8uHo1gNDF8NP1IGhUaRSVHF/d6ydQaWc6Y/8cS+UpeGCcOdfJaV/GHf3PcZ5EFWb9fbk29pgXX0pzKtD9CkQhpcxTi7+rD6o1r+4yfu3LoxJ/1RSVr9Jg8h+qXfZ3iyQ9GKLJCrU+PQ5A0SqK4MWb0IfPrTOtH0SakFZ7MEfatjSebM+6hCbTjCdbLUZehTzFuyRQIbODw8R08qXf0aXWFxLaNu3k6KGs9FEK6GHs17DK4Z4q23SEL9MbGR1CD06XBLfXfIVwN0MASkrxDbZIYDSe6PFixuy6FgcFqnRiARTG8/bQMFedr7PpBClNL3VVmv89Bglk7m7hq7uBJOfyAfMpGigHUtN6zkhrSTUpI2SzIRBpso+vLjGjN9B7Q3LdBEFIFnLxs0ixfk0IqSrrUo1bpA935Iw+iLCDYSkllH8oCvd997Kn9kwIfIVXzKECCbtlCwTgg+6BrO8qbPOY62ngvD32ggrEFn3dppmngp9XJSXuB1VRWwO/sdOLTaVYhg56eGjnC3ncA3TZ6n8ZT1FQnqOWAiekkSIDUrdMsTLBxbnlOW/pRONsCJcTAII72sMpx2z/JxL4uKcSuwlTvIhZJ6qcBO4cfnNuOMMPJk65b0dl6RUtMfi+0Hh0K3ZeY1OALj3i4NdTvdjenjtHnlts/ZHWG0FHmt/fNdVHRzIyMBg2mWBTZKoRTqZ9M4jQYaMmxYyvXl3QBvQUdEzqXtHkhdQscVKGzUrtVie6jU+mmX9C2DzoIzydKPTIu4FQqQdsqp/mI8MBYIJobFaaERe/bDnY/RFS9B/eaYpyxs0xAfBJp06/StUp2IkTa3f6qOu8eTbt101mOJP5e3qfIXL7Z5Uxi+H9jULj6krvmiS8MyB0NWs8wRE1HOJYTxEwtE7pijJ+XdE9GQswSfaudI9Oa1qGbtzuUehqwvTEY4idGchZcdxfL/07HQ2cG2wa6Sr1TafAocTiV9FDDA2Of74fPuR1YistMSTJ7AXMXMaE4DJCxfOG19t6OMBGpLB/DSBsc7++8uhfClfQb4tNpWCrmzYeRk9g6DLBInDHw2RvRHTgdbXddlO7sXFwrOgxCPWCI6gU4jsIwrUsTWbIwGegK5Vq0QA9yYObEaMWM3rfR8TX8R00oUxqo1t6At+eW8tuHqQwh4eAwnxvG1lsRlOmQXg/BwB4YYAv/diIe/URgSiUwO/JTJMyn/t3JHLXE3G38AjyZxnOdidtgO0790bhknF27WD4ZUf92KtNXLpdt8OsE8w7f7nrBU+E/iVDdTLndkbyWLSgxzwJUtQMl+4AKSu0wHVigVeVFj6T4IDSOIDkNKai/skwq3lHImQHV4v6pMGk44zzD6As8Dpg34dtyzPQwBt/xEi1v/uu48fPiZyTKhSM8e1kVI7U16wpWzI9Az5JmMVAg1UC6CEX0PFPBRsa3hz8Um6oTzSQaTxjpjrqbB+g+TdsH2iaIJuUS+XniRDSVJ/KVpBOJVJzCzOQtYHyF3mNujxIGgIdMAjjFwNRzrSHJnw8LcYkaw1p4I5v641oj3inDeRh04dd8XwFcfOli2b6zK1UGAMpc9iYRBGyLo8Fj92jfMlNJpfrjdtkNP/dmwQWL9VUQbHSmcV7BybK0Gsvf4336DYuYTGyU+TuD851K4c2fLzrUg8t9JgVPrl8gDn5/aRHc+AFmuZxle0B44PhwodyyNw6mIu8zrxtPTD9VD4goihzSpFTrxh6khOM/gIRbLtMQlpC//GrVZrhKzsAJkMWPReDqXc4bsn4sVc/QPsKTH7eBP0Dx5ZlYVkJEvlpBk0vTLlD1Ce3LDqZobUj91tO0qwl4WUCbgdh2eYQFTlx6GSQHgGDL8qiVuzTy7u8+1zis8e0Xg6bhIuNqzwtkX3+74miM8m97hpLymnDKUSggkFqDcefWZElNaDsmBNtPfW0RXp8XNCh+0Iu8rBCJ+3J7dUPDdyi7zZW7+2lb0sRb+RbXIl7NNhx9CDT4twpOD7eQTeGTt9WhyAJ4U3JoBqApGfUPrw93vVHv+5/VAKB1ABm7nbqxgyagtZobezPL7y2iAX0i0+kTBLRsZNv29isXJhSdatcrMcaEX8W322IEixF66flVzD23MBTsD6HIuPtaGf/AXcokbdyRjbUk6yoyRxLDU2HCes314BPZKJRUGoCGmFaxstfSMdU6qzmLxWpiNsDU307Y+qDDK0Q8UvDzIQIy50ynBAcWg+dV6uHcrXTIbi0jhV9H9hX+fUFM7VG6n6ZmDPIVVZxJ2dZlH8ZIZERdpRJwBojM6u98uaMX/ul1wXTEHTDocLEQo4IjLL5E296zUxo1yDfFqagQUcwTEtxm54DBQHTxDFi2waOa4i/KE90XvR6ZrjMPdGp7kwCZN1LV0O04L2GrrwmiNlsbNrl4ghD/esH7wGD3CDWNx4J5oIAW8/u1mGmdDnDVFJRhTCMgS9osjkOv6m6FNtOIgPTljIcW0nXMxl3QhiVZVp7cUu6Jgi4WavBnGfv+irP0IdJnf1nXRuv/EQrSOYfQNEbAAUmcXtKxZMMD0gqvWBLbBv0/hKzb82ssIaWg73YEIod+CizNkT2vmUsj/pRGod7Jry5lcVeZ7iMy8kpUoxpTI7Ol7bVYY3cxPlKn6ZScDjdDuOFgsGMG1Cvm/7tPpTFTZ9z75lV441rLWb40XBCNO1wH/LefVMYVCDxZtgJyb6BNK0Gk1yZDCxWu3lEJMAR260Zgblr/j9Ta3qeT1lTuHtJkwpdzNX4UQDZRaHk/K8d/hsRgG9neCntgOAaXMOeJaX4AGY1WJuiQ02mOIGPVMAacxpAPOk+4N2BqlluLwizOinYPPh5WBw6crnttzNrPR9+rZGH4woUjUpvNrKKuut8osbiX9qQagFlXXqDT8otXOz8Z0Mxz7OAQazUECOG9zK4qfETQKxG9N70oQS10CIuVqMinhlzx0cmp/QhyXSHAQFUWyyCZEu9hEm4S15d6ORLpakJNqH1k8w90Kc09PAjcsYOupgulEIGGbRQGqK+Ho4tjOrmJ4XZYmzJjpVlNAjoHC2FSxaOTIm1lR7+Y9srJnNSDROc6G0Jdr5U5j7Z3jGJzVY+pap+fdka6DfOZqUA50QFlk4/kcPGQWIq1ZxQn6xLVeBXwuskBEZAxZ/qLhixFaesEBqeoKWKVXC+ecWXKvKQhDRpnZH4BCApJoKYGG3B10bKHv9aUJieeVxKUlo762eZJUDjx+xmf9xllf0s/XeyGIRRiZ7Y34u8GkMYxijQt/yiexMGczG1bxLY31x1czgerXNuxPA1xDCV3xlLQ6ljNyHtqidsvAQ1qHiOYny17yjKy3BlovEQQjL3d0KOjgdRpUHaAnzJsQ/ykGolU6NFWCDjCArlcA1HWW4zuaIHh31kaSU6uOK7WyNOfPgTXM5uDZL9v48NneNwdNRHTQV3OuufHppI0zHfJrxoRxVDTm7hmtuK4DAICXO14AiU2HDKrH0E6J4BUV0DNeEI8CuLlDfczd5Q+8nTpi22Kb8HL/vHLlcYEhfxZVvKNPlrpbg3zt9sQa/d5HyGo76tcVqEG+mr2mfcztF+b45o49PwcE0V/bAr036xzTBt46f6YNMxKOuPr89W76hs5g4si6gQqzooSu5pJ9Fl/vJrTQez/cOZQPgQlA+4/03UBkkyy2vl7QNJdUQon/X4J5FODxbEWuYhT6YEzS2FGpDQFl4IB7ZIs7RsHjTDqcB2pleuE9dvTV974VgE1fEkk0T5yDo/cXEi/fBhUShuDcG4dUs9xj6Vxd8kFKycKSGaHFPLV10ZYEHd6a8DOnMeA9zLDfZR+/+kCBeY7oCWcKY4</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:01:25,349 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:01:25,349 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180125Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_bnitqojjdg0s54vnkyi0a1mwrawaxij2rto2ymo|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_1f4d7212867f0821199881d29ad50cbe|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx4zW3boP/Vl22z1ujfxB67hyrWiYnrPkOKhqgAaZg3Yu9VQRRO9pmGfdBwrbMNyCpcwH/VPHRf8SY1hMBM4GDMTZPhzgYJHDjqyXaHW1A05EvCdeIW+lx8KZuaxsMTaY+pDtY5nfquCXaIOQssBsHnfQ8ClX/kHI=|_83355a2b01ca902415cfb4e26245d245|
2019-11-13 18:01:50,570 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:b7cb06e062074572a4a0fb0f9900747c0feba37be41ca90b9ab313c9f3a2df1a
2019-11-13 18:01:50,570 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-11-13 18:01:50,570 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-11-13 18:01:50,570 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://tstvm005ae.aeon.atlas-sys.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_00a296716f863d6dfdd25952138c2f95"
    IssueInstant="2019-11-13T18:01:50Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://tstvm005ae.aeon.atlas-sys.com/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-11-13 18:01:50,575 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://tstvm005ae.aeon.atlas-sys.com/shibboleth' from origin source
2019-11-13 18:01:50,575 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:01:50,575 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:01:50,575 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:01:50,575 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:01:50,575 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:01:50,575 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:01:50,575 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:01:50,575 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://tstvm005ae.aeon.atlas-sys.com/shibboleth
2019-11-13 18:01:50,576 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:50,576 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:01:50,576 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-11-13 18:01:50,576 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-11-13 18:01:50,576 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:01:50,576 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_00a296716f863d6dfdd25952138c2f95', issue instant '2019-11-13T18:01:50.000Z', entityID 'https://tstvm005ae.aeon.atlas-sys.com/shibboleth'
2019-11-13 18:01:50,576 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://tstvm005ae.aeon.atlas-sys.com/shibboleth' does not require AuthnRequests to be signed
2019-11-13 18:01:50,576 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-11-13 18:01:50,577 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:01:50,577 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:01:50,577 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:01:50,577 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:01:50,577 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:50,577 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:01:50,577 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:01:50,577 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:01:50,577 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:01:50,577 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://tstvm005ae.aeon.atlas-sys.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:01:50,577 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:01:50,577 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:01:50,577 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:01:50,577 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:01:50,577 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:01:50,577 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-11-13 18:01:50,577 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:01:50,578 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-11-13 18:01:50,578 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:01:50,578 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:01:50,578 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:01:50,578 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:01:50,578 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://tstvm005ae.aeon.atlas-sys.com/shibboleth
2019-11-13 18:01:50,578 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:01:50,578 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-11-13 18:01:50,578 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-11-13 18:01:50,578 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:01:50,581 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:01:50,582 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:01:50.582Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:01:50,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:01:50,582 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:01:50,582 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:01:50,582 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:01:50,582 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:01:50,582 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:50,582 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:01:50,582 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:01:50,582 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:01:50,582 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:01:50,686 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'tstvm005ae.aeon.atlas-sys.com'
2019-11-13 18:01:50,686 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:01:50,686 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:01:54,091 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18609-UsdILlQOVJotDzhUtrhp83jOFoKzNQbz
2019-11-13 18:01:54,091 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:01:54,091 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:01:54,092 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t"
    IsPassive="false" IssueInstant="2019-11-13T18:01:52.885Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>himeg6c00n5DY/OsuaF+AjQCdpdMIQnGx/c6ROTlAEc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
WJizDbAuQKyoeXbKIctTgUHeatiF/G/7byukZ1E0XF4cdPQCZq/H/aG+CiJG7PiDkYCD0UvQq0lX
/4GMbAEJqGnCIxwzPdnNXIJPlh8+8nAa5vdFKtepsq+VV84dU4zhnhVW76Mb6UPI3Kn93oHr+p0c
YT0PcsCf79TsXNr2cAGXHTMvHWmU7ULpyWZ19GCEctM6StDUWGmoC7osb3PLRj8+fFH+v1XEJZn5
CA/lqihHKwMNuPsLE5Q6IzBvUxhNtEWPwSIbhiSBQyWSUKEW+BnfiD42hyIS9a74WCm8Y8jiMaUt
DP+awwDJpbBB9SQkv6dFJmAfUWvDQdnY6nRrNw==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-11-13 18:01:54,092 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-11-13 18:01:54,093 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:01:54,093 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:01:54,093 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:01:54,093 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:01:54,093 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:01:54,093 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:01:54,093 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:01:54,093 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:01:54,093 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:54,093 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:01:54,093 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:01:54,093 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:01:54,093 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t', issue instant '2019-11-13T18:01:52.885Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:01:54,094 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-11-13 18:01:54,094 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-11-13 18:01:54,094 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-11-13 18:01:54,094 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-11-13 18:01:54,094 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-11-13 18:01:54,094 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-11-13 18:01:54,094 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t"
2019-11-13 18:01:54,094 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:01:54,094 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t"
2019-11-13 18:01:54,094 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:01:54,094 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t"
2019-11-13 18:01:54,094 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:01:54,094 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:01:54,095 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:01:54,095 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:01:54,095 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:54,095 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:01:54,095 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:01:54,095 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:01:54,095 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:01:54,095 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:01:54,095 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:01:54,095 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:01:54,095 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:01:54,095 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:01:54,095 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:01:54,095 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:01:54,096 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:01:54,096 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:01:54,096 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:01:54,096 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:01:54,096 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:01:54,096 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:01:54,096 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:01:54,096 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:01:54,096 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:01:54,096 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:01:54,097 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:01:54,097 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:01:54.097Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:01:54,097 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:01:54,097 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:01:54,098 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:01:54,098 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:01:54,098 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:01:54,098 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:54,098 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:01:54,098 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:01:54,098 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:01:54,098 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:01:54,274 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:01:54,274 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:01:54,274 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:01:56,664 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:01:56,664 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:01:56,664 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@838508289::identifier=rick, context=org.apache.velocity.VelocityContext@af46550]
2019-11-13 18:01:56,665 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@838508289::identifier=rick, context=org.apache.velocity.VelocityContext@af46550]
2019-11-13 18:01:56,667 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:01:56,667 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:01:56,667 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:01:56,667 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:01:56,667 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:01:56,667 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:01:56,667 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:01:56,667 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 9a2fa27df375e5c4a52ebab85b5995984d4189040cff51db8dcd4a8bd735390b for principal rick
2019-11-13 18:01:56,667 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 9a2fa27df375e5c4a52ebab85b5995984d4189040cff51db8dcd4a8bd735390b
2019-11-13 18:01:56,668 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:01:56,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:01:56,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:01:56,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:01:56,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:01:56,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:01:56,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:01:56,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:01:56,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:01:56,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:01:56,669 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:56,669 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:01:56,669 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@41f4b925'
2019-11-13 18:01:56,670 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:01:56,670 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:56,670 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:56,670 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:56,670 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:01:56,670 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:01:56,670 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:01:56,670 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:01:56,670 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:01:56,845 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:01:56,845 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:01:56,845 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:01:56,845 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:01:56,845 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:01:56,845 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:01:57,326 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:01:57,326 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:01:57,327 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180157Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:01:57,327 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:01:57,327 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:57,327 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:01:57,327 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:01:57,327 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204117327}'
2019-11-13 18:01:57,327 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:01:57,327 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:01:57,327 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:01:57,327 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:01:57,327 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-11-13 18:01:57,327 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@41f4b925'
2019-11-13 18:01:57,327 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:01:57,327 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:01:57,328 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:01:57,328 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:01:57,329 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _ab493b07a32efaea567219416cab5075
2019-11-13 18:01:57,329 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _ab493b07a32efaea567219416cab5075 to Response _0738f29b0d6547c6600c6aa503360165
2019-11-13 18:01:57,329 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _ab493b07a32efaea567219416cab5075
2019-11-13 18:01:57,329 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:01:57,329 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:01:57,329 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:01:57,329 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:01:57,329 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:01:57,329 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:01:57,329 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:01:57,329 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:01:57,329 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:01:57,330 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-11-13 18:01:57,330 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:01:57,330 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx8ea93QHnwmkkVDcVhzG4LEYWxxXHzUpS2oTcLRCVxlQhNeY7L+psYAIIrao+gkddrI7wG22L408auf3fUVflPssSzuglpWtv6q9APBB7nDMfjB1im3Nu1ulIK8drtg/o6n5Xj65nIlJl8Qhoh9a+7fDjrNNbqJk= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.19.108
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:01:57,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:01:57,331 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:01:57,331 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _ab493b07a32efaea567219416cab5075
2019-11-13 18:01:57,331 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _ab493b07a32efaea567219416cab5075 did not already contain Conditions, one was added
2019-11-13 18:01:57,331 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:01:57,331 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:06:57.327Z, to Assertion _ab493b07a32efaea567219416cab5075
2019-11-13 18:01:57,331 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _ab493b07a32efaea567219416cab5075 already contained Conditions, nothing was done
2019-11-13 18:01:57,331 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:01:57,331 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _ab493b07a32efaea567219416cab5075 already contained Conditions, nothing was done
2019-11-13 18:01:57,331 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:01:57,331 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-11-13 18:01:57,331 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _ab493b07a32efaea567219416cab5075
2019-11-13 18:01:57,332 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 9a2fa27df375e5c4a52ebab85b5995984d4189040cff51db8dcd4a8bd735390b
2019-11-13 18:01:57,332 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 9a2fa27df375e5c4a52ebab85b5995984d4189040cff51db8dcd4a8bd735390b
2019-11-13 18:01:57,332 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:01:57,332 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQx8ea93QHnwmkkVDcVhzG4LEYWxxXHzUpS2oTcLRCVxlQhNeY7L+psYAIIrao+gkddrI7wG22L408auf3fUVflPssSzuglpWtv6q9APBB7nDMfjB1im3Nu1ulIK8drtg/o6n5Xj65nIlJl8Qhoh9a+7fDjrNNbqJk=
2019-11-13 18:01:57,332 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:01:57,332 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:01:57,333 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ab493b07a32efaea567219416cab5075"
2019-11-13 18:01:57,333 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ab493b07a32efaea567219416cab5075 and Element was [saml2:Assertion: null]
2019-11-13 18:01:57,333 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ab493b07a32efaea567219416cab5075"
2019-11-13 18:01:57,333 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ab493b07a32efaea567219416cab5075 and Element was [saml2:Assertion: null]
2019-11-13 18:01:57,335 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_0738f29b0d6547c6600c6aa503360165"
    InResponseTo="_oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t"
    IssueInstant="2019-11-13T18:01:57.327Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_ab493b07a32efaea567219416cab5075"
        IssueInstant="2019-11-13T18:01:57.327Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_ab493b07a32efaea567219416cab5075">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>APJg9mTLPGMkCCGf9EA6TWJNlmNaX9PyR13lvfZTM1uplsl9tn7jSY0PG+bls4xhHyOq2Owy2o2aFIJw3WzIHg==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>J6PLH+an5R0nUZQNNCAnFkud/dOm3MkZQVYmpiLpA+hEwX9fZCZbmF6bzRBvvN9jnqXJwypNg6LlJuO1HHmuEacG8xhU13QFUenW4iz/BJ5++M2Gl+ND6SDBjTFXIfWUJYaEbjnxniBcRH2VjOXzPOn/whjfhjaNfng7ujarTOjRZCIXQ+t/BObytphQI3UnWsUi4hLBhaZzEl1F9nuxrJEi7Av9uB+oakL7+gHVSlPWLCL07BMbi+yGioPwMiMeZg+arFj5Oi17VxaCg5JYkZwzxAk58wkm2JsYmmqWvJXchF1cMlVTMtHIV4Pq5LxY40KNAC9gq/LvI+CgaokHwg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx8ea93QHnwmkkVDcVhzG4LEYWxxXHzUpS2oTcLRCVxlQhNeY7L+psYAIIrao+gkddrI7wG22L408auf3fUVflPssSzuglpWtv6q9APBB7nDMfjB1im3Nu1ulIK8drtg/o6n5Xj65nIlJl8Qhoh9a+7fDjrNNbqJk=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.19.108"
                    InResponseTo="_oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t"
                    NotOnOrAfter="2019-11-13T18:06:57.330Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:01:57.327Z" NotOnOrAfter="2019-11-13T18:06:57.327Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:01:56.667Z" SessionIndex="_ecc966bcc7e2ad3f17cfc3d980be5e13">
            <saml2:SubjectLocality Address="172.31.19.108"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:01:57,336 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:01:57,336 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:01:57,336 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0738f29b0d6547c6600c6aa503360165"
2019-11-13 18:01:57,336 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0738f29b0d6547c6600c6aa503360165 and Element was [saml2p:Response: null]
2019-11-13 18:01:57,336 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0738f29b0d6547c6600c6aa503360165"
2019-11-13 18:01:57,336 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0738f29b0d6547c6600c6aa503360165 and Element was [saml2p:Response: null]
2019-11-13 18:01:57,338 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:01:57,338 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-11-13 18:01:57,338 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:01:57,339 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-18609-UsdILlQOVJotDzhUtrhp83jOFoKzNQbz', encoded as 'TST-18609-UsdILlQOVJotDzhUtrhp83jOFoKzNQbz'
2019-11-13 18:01:57,340 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_0738f29b0d6547c6600c6aa503360165"
    InResponseTo="_oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t"
    IssueInstant="2019-11-13T18:01:57.327Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_0738f29b0d6547c6600c6aa503360165">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>CeOjsptcSx4Qfj4CG2qZGxVT1cvvrYW1z2FYpIRkYYaxukKZlj9UkiLlQ6V4v/9ivhCceeFKyTsODmH4+VPDOQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>WOFdcRKIPJX87Tgqnyx/0jSbRPIjE5mBrAXJqXWSp/wfcx/MSBZa4S3ZwEd4idrYCtFKuFB3Mqo8zIo8QNJarUvhvtPMVqJMGflslIQJ6aaG1mmfOPCuVaqwJ6PYTaIFziS5S6fPpLdDZbpga04raAJpwyyM6ffb47Gj7F1RTRyVXqPas6+2F/OODCqsT1bg4hW5sMlHviBAytgawvQDLuaDvSPsoRyVp6wmAAWPhsWrL4xBd0SM5xKhpb4YJny1fngRenTcnSJtKjmFcfaFD/SHI23q1uo+AUGf8b/dksAq/+ZYGPUnVdYpo1rpa/phyEctjJN96CJHkHUc8xvhaw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_8aa38ca189874432e1aaacf10c9a4c18"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_8c299f0a311c0c09f85d4b13bd531e74"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ZZ2Kju7xBR2rJ6opPDSKcJZrc0n1XuklcZiYNgGnzhMqBEQ+3Rviz4ynt/Yf6Y1fwSWFfuB3nHfhc78k6Ua49m0U7jYWaLuYWZ946U86aw4KT5bOOQYja8AE8f8A95SsHaFm+c0RFb/ZLmAqzXZrlNg1T8eij+dKCDLjx3zkjQVa/xyqdQ/b/BMEmFaof33klzJRo2ajzmi2Fd8wJ5RxlgEuwtn1sYjYYXlkw1Rohe5j7aeExU+JIoh8oDrgiXqL6ITbXYLOWWk4dKTjMtKqvPtoQMORsarFbEe71mwlVm1+Fc04U9hWIq4zSnbg7ZK9nE6XTjN5x2mSxQbea677Dw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>ZwWfp1A/O1naZ3Cns0lktM++lnFwOwSJrHFo0xZrksNK8yYySbqb6uEhJING+MCiQq7nA9U0hAqMOVWL9g0XQIIx1tkcVFRr/jvH48O8HzC6LyqKZ8X77/4kavVuCJoTsvLFo7ZvleoqHDZlKxLkaNhtjUN6DmmiiAFUjUI7Vm02smfgQvf6T6X6HQYWWwk4QyqdmuBsKxrHLNIJHRlpdC1HjOkS6ifIijw2jRG79UZw3SsKheJSDXrHwAup9HkD70zOnfK8mr31PgqwYdCsyCSoJ1VpXqrrOqJyL5+M1igX7k2vW28NHmNz64qxsak8tfrehSIAA/8IL35Lzn4TEcUOn/ipIbNs67r5a/XDFIwiLdA8iUDUSHTpQ9zOyzj/V+mBNJO3DbTXuCcZPSpw4MS4DUmpWtGUA/2CNgVrtWCxAvp8GPCai5Xpf+y2oqaC02rmCK7LZdDFLfsYdQzt4ExpqD+7p8uYyFBdTfRGs687scesvyv35qMcoUpZupHO+InFtdW46BbnzyuAVIA0zQj0Ur+1GfLIYnNiXW8ALCi7pgErQhmBvWm+1Kpwe5eRMSLVSta9vUxjwy408rFsd1T40lfvtHkB7ZgT1pf3JNARF9vwiJMLa7W/Tpu0AXklm0XQ1ppC0X1QvnjKSQvfslRoIbl1xr0pxaBcSwCyx2maTjtuRYOfFJXu6lwYJYKrkmK01Xv4NCvG12laRYQGMLtq6qAC6/q59v+vFnaNPlHrT1EwimrdWpzY6UsrKBZg3qZsQLAYFOL17YGF0oE8fbK4bnWeHOkQwpYngxbCgT43L6miy51aU7bN2BcrnDKN85ZUpqtFZPM2h443ffpPMChuxZ0rBkx3uHwTxlIbO+lTS73LV7Xqp+0kr3gD/AWS+DrzItJM6dK9G/KjboI+hUTc2ngngMRZjoQgvEK1689mLlkBDbxHSuHdIhEtDfP3FraQIGHJ2ILRjcr3jztanCyT+wTT2nVj/ryPYE+sAWb5nGCIHxdUJqgXzv8kJ/sWSX11c8iQgOrpRBhIpgOV/v+2SM4a9EXVn9ILbpofw6jK3/vl2TudwuVT+7VYpRMJV10wqvK3iiRctpwZ+m10yAm9+egh9bg7Yi/ld31b2Adl1HNqzQykQWOfr8niJ+IL1M0rerARxtMDi19mti6c+setsLnCqm8RN93XacDMGyww6tZWZW/ylgrp/B/s1jWdjB878RMCmK2G2nL7cI+ksnWGF4+gmI+ckIwGlZnhC2Y5Xu/7GrIXvIXmCNjzSDjn+W1MAXCs+MddCuQprPWlrGFA2Fcjd8cjgLNqEMogUmBM2LBXsyoX3btcer/8vnn6p0ZeNNkeRNZ2/MAVhJGbGWS+FNUHl2+HfepfBAGCxBsiQ7popk4kdu7fBlN++jobKy2BDq9gxkNIJP6EyExj5pm9qUOEBl3dp9wwFWe4EYdA7jbQdHNEV0iqpa+yhYhCV3lv+ah1JqHhWSVReq+hF3vSBehGPkUgTYzGiQmwrejeeWnhZkDeJj9l6lx827PGzQZEqXynUg62K2RCjhKuQ/MWw5zqWzTn1Jt8XSecZejJQxwmSj4oVogCc1c5flwGf6qsbY4YGceIuGQOQT5ZfnvWZENTaiUlaI3gtyHRjXA19ejmRa6g7FNRMD1PPcMzMxjJn5FNvoyJmtN0GZt0Z6l9Y+aWf9QJRVaYvS0izE23zw37rohzPijilQLaifp5eJsDCdQklP5lD1N+iMX+mISDDmT/LKbEVyojWrKnImAVdG5nHUX1znoswCR26shI7b2H1u5MyCRfvkGtq1F6tQIZPU1iosVAxuknQkoTSeO+sPQ40QFSzN2ybdTfBS2gTlFDKCVjuBKGlwYJEXc9d1io9gwtccf0rn99t2zJqig07/28z4Yiu6gC9ayXuum1AyLNX9W3/oHmh5gWv0sbXsb59Q7LQ9aP9JOXlbSSZuf56uJGDNdGxQiZPBNzK317vPiIm8qSymMhcGOp3wMbfF4B+Ez13MIcHeNs4XnKMVwX352DLJj9/knozZ8CbfcZoEMIm4AtgiETNA6kQUDFYMrld7r0Js7R1egX1EQR3O3UvKEmQm8GOrV/erfL0qJK1zKlGQH1rY32IyiPAc7HsXOOhKXZQvL5uNsaZ9f/dUdd09yk4e7hzEJC02a3iBQJ3QKJpV6ZD8tGm0/55rLAcbTrMBVBC+4zg5oIvTt5PQOq0+xzUd4UjbmVzMOEAHv2lFZ4Re8dnxlY9am7x2UH46SxIXYBFm4tDIEbrBH6bcwCmd49HPUeWQZEj1ftT+ugg08b8ofw5iXB246DDN4EZMPPScNwaH6zuYFqi9QYMbmOtJBxhlkiOKqepgiIkMoY49b0QtTcQWrscuOdMPnom1I9TE4A8mKRLs/W/SqVATALVw7rdm9trIhLfEMpZHKH+mJDnExQjYSOGlNJxK3fQ0kfgiEJVkOwC29TE4f4ABlFa2cZpY46W6UjHL8O+J4CVg0+dimE5TffPkwG7XX8tGPZb1O5UL4O/OnXdfwpMWP0DhUyVehNvVZo/txyO9gHaqLQ7tKdfrECoI/jPnwImty0PC6OEi/Q4ICPAA6TuABjjf6xB8MEwEvUOTdJjfGnjOWWwH1x/KyfHPNxVFKjmmwcPYuHH7ozFKADwKYj/IaCkS5g90vEvReFAi5ESSZW6OlHSs/8gbrOMts+vaa2NkkAdDlRvGiO3b8rh9cRw9e76JzC3qaFv9yzYKrpBRhVujlj5LfaKdwKKJ11bFmrvq730VL/hobt/CY7S9JV4YLk3Q/2UsJa2xwS96FGtBuOtUQx9k2ECUGaYAkOuPaYnha46Qm5vtRP5bWwqTrxT85y+4jmNfDRP5wYP5B9uYfcNQe6PIwtiMkIpPjW2WeEk0ICb06LgQEfqTNursnYVfeTUSasAKQ1G0C0ViS4iUW4fQnygA+sY9HLM1aqC5B0MLWFvzpGnCzbIxjEt0mwvhmDCL/Dpv+jsNN3rhwNKRaLB+S8nUv2WSMoXu8u/CC0Pwjvh0coG2E2f3zVMT6N9hOOOiOZtI/mmQ0hirjST7MQI4bvxgM3HLhBYjz/UKkF88Z7ZcjhuBHoa0Xj6rvs6BGckAYHxparZDwAjjfkHLM8aSuYj56B1+tqwGD133tVZ12yPRYHGjr5K8YkktdYj8bmI40tD45y7YPN4yHglia6ZkhgticY67UbPQUmRkcexEUj1y40Oq5c7huuJdv1/nDqDV0nPzTV5CYtb7fjLRhQPIh2h/Hfb4HkuKTFdgvEyET3avrAybyxlinXZkCXwSgMhpAC5VdHxsdK31dwcsEWO5saIEQSjRMkl074z6YKSYu+8IoqHaFUMSrvipB7RZjMsMtX9ige5wyZX1cFbFh3kwEY/FO2GyBrwhA1Xjgcdj78hfsi+kjDdCYSRak/5bAN3bUndddcoiD842jiEccwUsj4FFRC5log4RJl4U+2pOkfNumdgtzR7Qsn74uc8yfc4xb29BBjNEi6FA9eUW0XiPj8WRn2N9uQ2XQVEgHn89ycKEPH6F43RUP2xx+3qWrmFAoPm22+bCZAQ3f9xO+pYSOIMkdz6kieUKXb6sIuzm3hEorrtc6E4WrEtvUokr5Z15VJagB8wRzysyADTHDYbDa8S+9TrIWWbUtVu/06nOiCwslxFSxEiHLN176ygRLaQqtBgsxrxYOIax2NiaMiMVFtWoNikXdxS3UzgjODTKAOLn65Fy7nTcspYQRBEZ9t8r0UmuhOxlG/pQABf8xUCrYGyhQi8SYRUSwekqwvZ2EI35bbUJgVtmqhVzX29s4AEUvGqLbAnOXSbr7Cj9/vtBJDXoLuHxayJvrs9Cm+gj/+p1WyAlF9CudRP+h+gh7G+02ErE8vkx1SPBpDgW2empzUgsgqdhsF0g5XT9gmkyEk2UBqLGsQNZwp9eBYG3/dzSbZ+piXfvhxOfxtBI+3n9/1hiHszLm+KCU/w3LweavBWJWvq6xWbvo5eG+cltYu6uN0EfZRVuVfutrmLtD4ayQ2+OWQ9NF2Z6V1ruWLNGGfuWTYJw/h3OQHpaa0sdYIWAD+OTdgo/LIXb1V0+Q7dKR6V471pCAlsnOIAC2kuXyjFO0EZO2YfRd6lC3P8fOL5VyQVmb7JeZy23tlhSh3AhcQThs7LmJJ6GFd0b5YlIPtELyLps8+yii5I87QUkelo4q698Q68CpYhvvQaYBPmfgvtisuAtGxaiNaKnM8EZdgb/vK0FIQ+NXGzu3N3Iv8AIytyc2pK3renJC1zkXaGRHJkWl2IfOx5MDRz1Dv1e3jOy4GWDd1ULT7V0eypimIpplfPVYjQXRabC9J1ha1TBoI7VUjxSHLwARIM+26agEz/ihUf7h/gSgbG/UnZdviFXO/O5pO2VHOb7UuMqlm18Xd+7TVl3iL2XzUKktAh4Jdevvo4gtElPScJ6ThX4IUwt29z0Oi+F6ZVLfPn4nnkWJBkRp1saIGmtlnofjAeVICFIOAl5gssLlexd4lYovVt/ouY/efz/LAquNsJvAJkZJ5rlyboeOIq6qgJ20iasKjFiUvfYjhYj3g7JFm6CFQNVdozYWNTl1eIR4I+9AnoouIK0H3YJ4OsWLlcQRgf8Vk46uvnFHbQWXAeAJ4+CAQg2i/f+qsc+BySLlOI/sLup/Ar9heTlnScrthw787deNmQXx+V+8/KJTpO5OvpaSdt27m0adsxMaTmTSz86tXe5x7vKnfDU1EHMyN1UpdZ43E883X3eOB6PZdZRLtQPOweGVfgQPsHPe6IgGgxXqGudeFut5uV5jr5LuE0K4QPZrNswuVt4AMJWHtBcwbB2LtEpc1LQF8bmm/ME94qh97lejui/cxusxq6zPqBHDQTflNb/wEoKphzLKF5sIYh0QATeai3G78GDYLuSBWGkyYvB+TgkutokM2Rc6AF/1fEw6Sj0W28Hdyl5C0mH2Dfgb9PmENZQefkwxSfa5U4b7QEMgxtA1Ch1L/iUV6CVVXM9ilSiILPbJGyAhk5Emgw9sYaVMYOWRVn9IGe0WX0Z/1ACJYPG97KJcvmL/sGoKqm6XQDllqREw0ckY7xF597EhMdyerroHaic4ulsvK0Hlgbf7Lpe1CjJ/cQCBl+lwzQxZDbmVuagLyEdA5+t+NgRB5YBGSt86RshLA9QpINpc7Qc56Jq3lLajsNO+V7Z1PyCRhvOyN7D+oMiEQD42lP/MTpVVUgtiYR+PUEQ13130clv0K+w3Rp9Cyg1QV37RrNSzW9l7s2nKoKefjNwMoBJJcG8lChAL5Pm4XwGDZxBIMwH3QW+MLFA3RCZia+I/AMuYVxuV4ymavqLKfcWe+VPVNP1xSHvLMOX0UWXGCFgIuacH3KslC7E/FeMxfsv87cH/2KypgF8RxhjIXcv6IYbTM4MkbDaQzsWnX087QzSP3sTtBS+6QX5rTTnLKvZRDoWduXj8kNY8BNnwG8JhiQVXyFxnWo46rn9f0pkEtw8N/dvxJ2bQJrBB5vbqcDt79TzGkWvlN1f4pqVnndBKkwZTwq+qqGi+d19viAM3rRpkn67wiZh37Jq3Kv+7H+cIsDBbH0+GxyoHKJ4hRABf9hodDZts8WWykuVYw9JgvUAgLzbGdHneZcurXwTEywJ3VG5wsWJ0/OteIB4s3VEzQu+SGiglIY2M45jKT46xXdfq3fTIfDFb9z0fbk6tze5oMJMPIYcSmMNE16HN8zh9dWMUzmsRGAcucwxcKLQLNj2fQ2Yy3DvKqpTz7ueNbwhdDtieIT89Cgx8lExlpjR3pMldZZ47M5TxRb4Vz6enm7yncWmmmnJ01aBMU9ZGqqCUpx3w3Dt9KjhNgPej/t6yT8/T1fDF46q+1sLhvs18d6cE1hcovaJSUsGMkucRg6RJgiJUY4eVzJNWd7KMAjuHZdL4w2suOXvI6mElAX6Oypq4NMKzsauTsZc+eBN8kqMG4Ku7Q2XaJK3+RtYq1SHEvbFTub2wOOH/zpDxMSUKZYinxOTxyPOavT907EHYrvQcycqBDgeKppJyabRKiK72XYiPaPr0FH3vk4DnEEdTsNWRBCb9mjLqjaiIpFPw/tjVIwaLLUQNmr1akf5UHRheOsPUH4Q7yTqQ3bsCiXRJUumCoKJLupd5VSUO9KfVEGLZHGfAnDq5BvonvhS8L1Bx6/l/CdkaVanQ+MtpG9am4B1EBwb0CtdlKVhOUSiv1Cl46N1SnrWoMVKVUShWH3yIlDvyLa56/nwu474+PNb1vzJn2g4kNIcKba7VcOWNQXXiUdtmY8hJiHSxoxLBZIAhEmBLIi2PyvcNfpIACcoByd+89OKMt+T/snzfMx4UiRsteWqu94ALbRuGL/JNiFU8VfY8WeIBtXPM2l4dQXTHw6HlHBtO0bq4CyrYyHr2Rrw0guqmZG7rrhjLF+teLTZFwOQn1h4KoRS6JccfO3T3NjB+tZ6Z8vY7hfOfNJWVb0dhFwTVAsONguat8Io8z3Shx8DXVTyKQzpWdKOR1bVNBPuGmBZCCgI4XNaeaHX+wL0rCS5zt0dHlcQFmO+iFpj0Gl0qeEmPKFDDUvTJF6P/KYDF8D6iDhUDdpqSHhND+IlcjQm3Kv4ri249XfZ1FHY9F1shTRxQ06sLZ1AD0ThUhsB+CdaSkbp1raESz1X14V8oLcxmUvzwCpi8T51+eYi97lD22+Brsybv+nP5pFfcfQffX3Q1/DEv7caI40APIsiu6t3BY9WEPVJaAF4Q1B0lFiOUN9XQvekxZIgfl0L0m1EhIhUkrVDCqMhrzO5bE6A0ZcFh6urzNQEey46PvfF8NZJENT5mdAiDggRE6VElSsaLfH/rsvdM1cJcW2n1UYAcX5RP8U+sZsumZ4fUv5YeTlKvNaytHSiGTDttzo1DqmcT6TQJVFx6mVhOylEQM8m0W4anP8JwYA3jfN5JVc++COTX1qZBX4nTpSjhZo/GRfacIreO3cJ5JQRY/9f3SDjFfRxcHJQv6f0IgP/8TGt4A2b1rz6OzJJjkguYZozJQAnSNBMZmKct3qN5hWsX0fvvggqSp+EXpGKjT8jNZ26TMkeUJ1wze/ru6C2tAjChV1Nmg1F1YPWXy3MGaIMNcBt+zuCaeH5whjEsHvwhcWWA62B1XUOdbuGm+MjwZ7MaANOQ6ysvql/AIdcBq6Pq7gDH/NqVxJdp/8195T0LCpfj1cZXDoMlUlWaBjOKX1HfKUuSE4mxa1yCyP91+fZ9kRVLqflhE4POCZGwWeiQf+qIiSrbxXcornv+6KPGZQPMKyBru8qRTH7k/LVng18AOduYQhxkmBxzA0GogD7P0PASH+cK/SBp6E6bAVW0KsjNGkWG78ppgYfQcwoqmWZkNQ+Dckm8ZGAuSE0OjREGYF5xvGM9/zx3Wx/FLdwc4lsI/LZOveR0THctGQEz2LpYXCyQFRMjQTPAcJJzrDw4EBsEkM3lw8+mm8R7MxU8yON+eXgLeGZPsXgBvReVs45PY68lIDlSnFXE6vQAjd7SNnhoPVMQVy+86NfVpX27tOKGjgO1ZBZOAYSPS/+OU8KZC4fTC1kCYUISxxJ/U0ievidaVjk+dp3Ie6GaDMdvbJXKbFbXiqXtpj3Yh+T+aWmMC1TtWnf1oXYjEmYvA5MrqCUwDKr6EIZdPSUAjYGrR3E9En0X2/7Fk8/v98PBW+9Ez9tM5qQ08WCD2rU9nrWb+z4YV45slbTef4ZUnPM2YPeG8td+RwyHys7Gw5ee6sgkf8qv71QOYtrRZe6QlP3V0EpTrFcq8qgtlVNurJIYpBdCpEql5oYvfXHbrIn5U23aHnBy/cKa5zIRHOxtDnfc2/TgVR/Qf+/OR0PRHBat9uDTKEHU4jtYllCQtesoUJezyUF3FS9yzZs1Rux5JZwD+4p1KmTXPtvlS5i4rpdcLsf1sny0M6XGtdghv4M77ZzbG9Pj448N7Efr34QphA/5FbSlTol/KpZPeScW2a+cCBNVZhgSDs1k+cmdF/RIt9alfTohDh8sQxCURxhIo+5orkIbhbt8rLRS4rZ0fWyxm89FHwyQOJkGKOwsarmjElrg0HQIkTaaJUbEfv2HMQpRJpyW3l98k+SoUZBx92xPMvXOdRWYu</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:01:57,340 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:01:57,340 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180157Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_oevrgx29olzafcwcwac7fsecdlj9ihwrupohd7t|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_0738f29b0d6547c6600c6aa503360165|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx8ea93QHnwmkkVDcVhzG4LEYWxxXHzUpS2oTcLRCVxlQhNeY7L+psYAIIrao+gkddrI7wG22L408auf3fUVflPssSzuglpWtv6q9APBB7nDMfjB1im3Nu1ulIK8drtg/o6n5Xj65nIlJl8Qhoh9a+7fDjrNNbqJk=|_ab493b07a32efaea567219416cab5075|
2019-11-13 18:02:49,291 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18610-jx6qwRCCa3hB4pNGqBm58yYXkFYxa02e
2019-11-13 18:02:49,291 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:02:49,291 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:02:49,292 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h"
    IsPassive="false" IssueInstant="2019-11-13T18:02:48.354Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>ZsoIwJF3O4F3l8iWIuan25l2Ufz09RKYUJK3deVTsQQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Ou24aGccvoOCt7WRAGyMBzR4EA11OtItaH75bP8tIAbX7XFOrjczVfEm5OnWTsjnpWXiylFHd1Hw
SKiTcOYCi259b7Xlo7RSygPtvRHBwd2+m732rSajG7Zm0jdjMSusJtBAKutykXKedf2Alj1X711F
5pozt/LPQMw51tX/KCpxNgP+GHfIR0ZCV5LSjMKnNfqh0JtiYa4xvM6h6Rf7yhq6wFTtbCsca7LX
BOA/fa938naYhikkWVvKpXowTOm3TcIuiY97WzNc6EyHEEoE7ISMvP9y2wQNRnN0K/9ukdzn0Kti
gdtaUcpMackqggzk8GS6u9NvkP6m/vGUWZ9XCw==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-11-13 18:02:49,296 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-11-13 18:02:49,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:02:49,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:02:49,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:02:49,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:02:49,296 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:02:49,297 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:02:49,297 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:02:49,297 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:02:49,297 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h', issue instant '2019-11-13T18:02:48.354Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:02:49,298 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-11-13 18:02:49,298 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-11-13 18:02:49,298 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-11-13 18:02:49,298 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-11-13 18:02:49,298 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-11-13 18:02:49,298 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-11-13 18:02:49,298 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h"
2019-11-13 18:02:49,298 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:02:49,298 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h"
2019-11-13 18:02:49,298 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:02:49,298 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h"
2019-11-13 18:02:49,298 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:02:49,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:02:49,299 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:02:49,299 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:02:49,299 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:02:49,299 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:02:49,299 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:02:49,299 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:02:49,299 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:02:49,299 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:02:49,299 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:02:49,299 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:02:49,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:02:49,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:02:49,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:02:49,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:02:49,299 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:02:49,300 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:02:49,300 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:02:49,300 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:02:49,300 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:02:49,300 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:02:49,300 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:02:49,300 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:02:49,300 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:02:49,300 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:02:49,300 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:02:49,300 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:02:49,304 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:02:49,304 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:02:49.304Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:02:49,304 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:02:49,304 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:02:49,304 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:02:49,305 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:02:49,305 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:02:49,305 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:02:49,305 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:02:49,305 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:02:49,305 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:02:49,305 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:02:49,478 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:02:49,478 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:02:49,478 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:02:51,690 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:02:51,690 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:02:51,690 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1161988866::identifier=rick, context=org.apache.velocity.VelocityContext@5ae46334]
2019-11-13 18:02:51,691 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1161988866::identifier=rick, context=org.apache.velocity.VelocityContext@5ae46334]
2019-11-13 18:02:51,693 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:02:51,693 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:02:51,693 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:02:51,693 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:02:51,694 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:02:51,694 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:02:51,694 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:02:51,694 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session be7ba8c4ecdf385079a8a91974433ba319d18fafe91a138f02db80e76ac7760d for principal rick
2019-11-13 18:02:51,694 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session be7ba8c4ecdf385079a8a91974433ba319d18fafe91a138f02db80e76ac7760d
2019-11-13 18:02:51,694 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:02:51,695 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:02:51,695 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:02:51,695 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:02:51,695 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:02:51,695 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:02:51,695 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:02:51,695 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:02:51,695 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:02:51,695 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:02:51,696 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:02:51,696 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:02:51,696 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@792d1244'
2019-11-13 18:02:51,696 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:02:51,696 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:02:51,696 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:02:51,696 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:02:51,696 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:02:51,696 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:02:51,696 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:02:51,697 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:02:51,697 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:02:51,869 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:02:51,869 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:02:51,869 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:02:51,869 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:02:51,869 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:02:51,869 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:02:52,418 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:02:52,418 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:02:52,418 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180252Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:02:52,419 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:02:52,419 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:02:52,419 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:02:52,419 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:02:52,419 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204172419}'
2019-11-13 18:02:52,419 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:02:52,419 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:02:52,419 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:02:52,419 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:02:52,419 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-11-13 18:02:52,419 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@792d1244'
2019-11-13 18:02:52,419 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:02:52,419 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:02:52,420 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:02:52,420 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:02:52,420 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _612cfe9ba80f44a5ba8d17be35e85f39
2019-11-13 18:02:52,420 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _612cfe9ba80f44a5ba8d17be35e85f39 to Response _c31b017bc6f2a8be26ba85187a53e038
2019-11-13 18:02:52,420 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _612cfe9ba80f44a5ba8d17be35e85f39
2019-11-13 18:02:52,421 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:02:52,421 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:02:52,421 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:02:52,421 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:02:52,421 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:02:52,421 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:02:52,421 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:02:52,421 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:02:52,421 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:02:52,422 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:02:52,422 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:02:52,422 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-11-13 18:02:52,422 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:02:52,422 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:02:52,422 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:02:52,422 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:02:52,422 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxj4dqLs9AnfH8IpSYLPEFMj5tbS5Y79qAaFHFcL40vZ+ElXCls1Um/CHoiQfjYt358zsWPiUms27WZRpuf4l09csf5Oioiua1IrX9v4D/VmskiMqoBhXK7GH2c7WSR5wYzXCwm7NMmwyvPA/1juBhTkyBbBHx3d0= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.19.108
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _612cfe9ba80f44a5ba8d17be35e85f39
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _612cfe9ba80f44a5ba8d17be35e85f39 did not already contain Conditions, one was added
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:07:52.419Z, to Assertion _612cfe9ba80f44a5ba8d17be35e85f39
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _612cfe9ba80f44a5ba8d17be35e85f39 already contained Conditions, nothing was done
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _612cfe9ba80f44a5ba8d17be35e85f39 already contained Conditions, nothing was done
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-11-13 18:02:52,423 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _612cfe9ba80f44a5ba8d17be35e85f39
2019-11-13 18:02:52,424 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session be7ba8c4ecdf385079a8a91974433ba319d18fafe91a138f02db80e76ac7760d
2019-11-13 18:02:52,424 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session be7ba8c4ecdf385079a8a91974433ba319d18fafe91a138f02db80e76ac7760d
2019-11-13 18:02:52,424 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:02:52,424 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxj4dqLs9AnfH8IpSYLPEFMj5tbS5Y79qAaFHFcL40vZ+ElXCls1Um/CHoiQfjYt358zsWPiUms27WZRpuf4l09csf5Oioiua1IrX9v4D/VmskiMqoBhXK7GH2c7WSR5wYzXCwm7NMmwyvPA/1juBhTkyBbBHx3d0=
2019-11-13 18:02:52,424 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:02:52,424 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:02:52,425 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_612cfe9ba80f44a5ba8d17be35e85f39"
2019-11-13 18:02:52,425 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _612cfe9ba80f44a5ba8d17be35e85f39 and Element was [saml2:Assertion: null]
2019-11-13 18:02:52,425 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_612cfe9ba80f44a5ba8d17be35e85f39"
2019-11-13 18:02:52,425 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _612cfe9ba80f44a5ba8d17be35e85f39 and Element was [saml2:Assertion: null]
2019-11-13 18:02:52,427 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c31b017bc6f2a8be26ba85187a53e038"
    InResponseTo="_k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h"
    IssueInstant="2019-11-13T18:02:52.419Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_612cfe9ba80f44a5ba8d17be35e85f39"
        IssueInstant="2019-11-13T18:02:52.419Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_612cfe9ba80f44a5ba8d17be35e85f39">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>GxPwC33c7qXWrx8vBSIrQVGMRu4aM9jT/PxTRLBT3qfZVeELsxkLkru/M8yLM7Y9X0xRtQ+S8N/uNYtvHiWz/Q==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>h1pbfiFMW/wGpZTLEeIT66Exe+TQQRy8Xw8e/+CISQzfZifWqsVC5QLYAndgp3TVB/O2cuux4h2EWWsDfGbKEShjvrtxVcWlhyF+gxIniX8JaqY80/1WYtzu9SZUmJuCVh/xJ5cCf+gc9Yrln8g6KR1XBUY92uMd2wfUdvifLU9e1NB0zsejTdt5ZqNhaqcAw5uxOsZlIEooUdhBqb5lOYux/R6sNBAj2OqCjNX5/nas630sOwKXELlS3m5Mh4YCMy9zWZQ+CVm8/jPs+Aynflhq+kkSfaO5h05i5hrInadZ/CmVK4ZIUW+ELRj1P8Mugn1yiFnX5N/QlmkhKBuiyg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxj4dqLs9AnfH8IpSYLPEFMj5tbS5Y79qAaFHFcL40vZ+ElXCls1Um/CHoiQfjYt358zsWPiUms27WZRpuf4l09csf5Oioiua1IrX9v4D/VmskiMqoBhXK7GH2c7WSR5wYzXCwm7NMmwyvPA/1juBhTkyBbBHx3d0=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.19.108"
                    InResponseTo="_k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h"
                    NotOnOrAfter="2019-11-13T18:07:52.423Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:02:52.419Z" NotOnOrAfter="2019-11-13T18:07:52.419Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:02:51.693Z" SessionIndex="_aec0f33cf219de111af69fe3d9632089">
            <saml2:SubjectLocality Address="172.31.19.108"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:02:52,429 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:02:52,429 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:02:52,429 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c31b017bc6f2a8be26ba85187a53e038"
2019-11-13 18:02:52,429 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c31b017bc6f2a8be26ba85187a53e038 and Element was [saml2p:Response: null]
2019-11-13 18:02:52,429 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c31b017bc6f2a8be26ba85187a53e038"
2019-11-13 18:02:52,429 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c31b017bc6f2a8be26ba85187a53e038 and Element was [saml2p:Response: null]
2019-11-13 18:02:52,431 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:02:52,431 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-11-13 18:02:52,431 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:02:52,431 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-18610-jx6qwRCCa3hB4pNGqBm58yYXkFYxa02e', encoded as 'TST-18610-jx6qwRCCa3hB4pNGqBm58yYXkFYxa02e'
2019-11-13 18:02:52,433 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_c31b017bc6f2a8be26ba85187a53e038"
    InResponseTo="_k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h"
    IssueInstant="2019-11-13T18:02:52.419Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c31b017bc6f2a8be26ba85187a53e038">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>GpxFrkQQnRA+ErkJPpolcc36cnS5P4e3Ci4/cVzoH2TAG74SLG8olMeySPK3VkBEc/RKp80A6N1d7F2qJENoMQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Xu+hsGt4E+dDyJ5F76EM7PjS7F4iYeu6q79wqhGtVkovITeCdoVaGwONvd36KJfHySJR2Ffd7rvOQuBuZUXkfjO1I4/yX4lYyKZ/wmyxWzDBkiys4ixCFXs16sGt8qWTQQScXwya8moAD7pZWHxBJYu/OgCvLCgHxIcHpYZyhVBXJJgVswIyPzpdDCLMPXjhSoglkOj19B/285uCAsdspdfuac6k39Sj43VyspNg6sxwY2JZu4Qt+qj/JnaSjghyoFQmlt0NoegxOLyVS4HScEJ8QyFgk0VeSMckKfB67sShLEqOF+PcpdcCL0ioJ7a29qyH/DrdzbMe2tm4CE9QPQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_5a5f16c1c44eb0ad648f2d2647c49f1d"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_d2043947a47d1fc7436131a7760dbe92"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>rQN+mbkrZgKegi70BaGA+TWGL94HjuRlJBI7wPDiaLhko9R2jPRcz6Hc1+rFSaanwif7m+mkY+9wgaxqtVKOG425T/CCumU2eFxSVKKIibQG/n3lx2AXB/zwAxonPJ+pmoPGngPrp2AVLsMb1a+mMb7Li+AfeTMXzRAfAGAOCla9Czqe5Va8BDUqzqWsEDWPkhkAfwj9jUcwGa0KcGzwu6NU2naEB9yQgzJBXjwkFv0Wk1En5D48QLDtl7wbjSpcFeSgHKhJAKoypL4QC2Az3xVP+J5ODLWyqV+PpD9nXN4ok2pmN0anLNzu2dm4IjrK9j7CFdCbFCfmlP68Xfq9Rg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>QCQiPzIzvNs7pdaH5XNk1uq/YLBh2F/ju+qgk223cWaaWXORpoU45e8pQ9GaVtl3Q2W7jLXpfmikY94plPYpHDKhVDLvSI4WJfmh25XmOhVU4AyM2cfaCQZQpFqNA2lwze+npJW1QA1l3Ztec/5vVX6VNXldVdcWEMxYhMy4Hc1y73a96/0MzwNCaQrsWe47OJHCi9rxhl2FF6yGdCELtTgaxXrL1bmLnuyOE5X3PKJiPzw2NJFQABDvWec1797mbzMa3WcTGuvgbnecMxku6x+QDirwqWGWtJsQM7jLQO4JxrYQxSkEzIA5Br8qwDLUdwzjnCJjtW3laUofBoG4zwuhm1/ZrrMp91CDHVos0L5705DsRaKf5hfVVK/MLdRFJn2UYXivD/8tcHA6R+5wezOIGvgaCzwi/VBK5qFvWjyypmB/jk/wY3otQVfYBm0JqUWWCQBb2JJjcwDWRlI+7nlWEkPYYQHI1T7PYSpbAJLvpTYZzTJtR/7KTZmJF2XZ7+S6CYHxB2DEHLn9AUuOunWarSkFSSGblc4flEIuxEN2HaUXCKxhGeKGcym3l4gX56BqTNnCioErTwY8kG/JLjYtGtjy5gVmiBkRRBugzi/SCVkTzKH3ga1nvhs5ASKvaDO0d6aZUGckjmIdjMtoI5s054feCZpp14B6I3DTgZoUmRnZhw6wWquvERNqF+5eh+c2oX5FgWhBoMQmvR1LyixtKZcMK+vrrBnE6zwpKb3991gZdkcSBNVZQ/q1Nay5mYlpZ+uHgbXCx/dNtSVc6V9MEyzMnARIp8XoyTOTdqKS6B4DnewAf71elNBJheVhYsomQzKYQsPsa8BX/vDCi5Uabk8EuaBL4/TSJL3lgA5/MpA1FV8pypawXD34TQ2lfLnC/+oDTpvkBAr/W4rJjKVVTvl979ACkcM47ZmCihwERagTlumwCHc87l7T7DVB0TjDiQElxBN64p2T6OMqmLqjUTGXeCBe3q4Hfqyla7yfe2OaD1qbbaM/LYzvhKjofev1RFaifcaFTEP7/Ll8by3FqhzHah9rk1ieg9d7e51Us5155R3q25v+2V1Cx1f4qtiXc3T/pys8WNF3F0xN/qxXGBYnzr5s/t5VP+kXgTI/v2sPWpwjZhq2GFm7LiG9h1akvQq+XQKHCApKhZECTiLTO9HG9drqH1CPOt7qHqNGji7SnrkpE52RiCEhc4GqeC2KaFG+1ag1YHndPfhv4GQ+86jBYcDlB72mVHSdqHIdSPLuRutDeCHWc/d3rmn7eFUPDTjOJ31FrVJJCWKDJHI0J+gY41xpim1nQaTJDoDkg98YzXSRtF4eP/18s7Wx+l7uDyaefbTSOkk/s5Ppqyk9r1xylr7wy7/RaJDPRisdGHidebiK3nbxEu9VucunlBsn0sfwOB3NWVZLDEwicAGBXjsFLXxGDNqMoWn/XfSVBE2UYMiuOLqzWBB417ROPvrpu7JV9+Xj1WOEv20o4T2ExEDisEXCd3rTxIvtUxeAxSA9biAuaoUgNRQlBeAffhBRoEe9ZifgcaAeDgl7PJafIzMAyJWk3wlkXUyyHwK09yRf7Xkiv0xHsD9Qfo22E5z9HPu9Rv6fetxdQTJImenl5oqEQopnNPyqKQRqBumsPrZWgVf1goQvmbFsrY8l22H07vZThXUZnnANsqfv5ZarvUXz9fvSbey8uVVkyUYo/keBH3zTF+MpAllxc+W+uh3LxKDyu4L5C+1KHloRGgXiUfRWM0EAnwDbRptLD+vwscHbmnL6Q6IYe8Y9Cknp184Bv77vAGjy0EfvrhuTD2Dn/SaFGiLXmnXVkzcibr/foIZ/ZRJ2oVLzj4PM8esqosoRTGt5JOlFbD5wsGXChE5Uuyl6Sb28XJhvm8hjMZTn8ZoB5y3XDjDHjf+eBw0ZiN2gfJAADknOnnqVHZCb/IgFMnMfMg/e1wXQ6Rq3up7nrjirsp/IqaqQIxHRFEr7R4+kuWiy16k4M97QUcJ6gokOGDw/1/c8ZVLoIhf4fy6AlNpzepRbbcxtfuayqupXNuA5cA4N+mF8yO35BNglQuQIMb6DhT7QlHa/x0msdk8ChL8734ZBgLbMu8Ex5U92z3TbdWUHM9FfRcCaT/6vOOiXEnm1HdRNHcrbU1xXBblvovhc4aEOpvhsJVrGUyzpVwiNrQTyEXH+2Q7B7Xa57C85adS/eFP8kmWaCnaHIhpF1p+VzjcaC/EbMhXDvshCinvA8JYiIdUbljdtWSqVTbjkLjfoaqu/pEi3Kc7Okel8uHMCZn/AX7ZsF54GHsXytKsGuiQ2F6n4chH1+mDxouMxmknfuwH4JMqYSILG9iC1+2T/sSPgXVjQjqMgQhQT13sXy1Gmh6AOewiuf0N4tHmzdi2q3Aiain+LJcT3R99x/a0O0CxRZMcmJwvGkekr8B34yPPSSCQk8e3dZ8UXHRh7mvYuwq7p9l17FB8mhummZ2Psx0lcqUVmQ9q+Wpp8wNo/gc/ruLnAS6Q8rLqlugL79empXTmtOvkG0/yL7scktBp6uJL5cZAsKAwo/syAgEOioPxf0wOcmanvzo1w3OXGRtm8wXFpfPcOkroa+j7zICNkfYa86mRaLHmT4vbqUKHMnKRv+I6K73J8YQxkjOTxctJkkSbRHuNUjh9vto3bQ/QSSvuxAmLbuXzFdESW/I82tYGRglLLuRx86u4gmwPZ9UHQ6+mnekgQheyLNyPzt3Whq4FqOIW+D/CXvv9hPIPvA5Vz57mxBMowFYyquBOpD6fetB46zvkY5TwxP08hYRoxEfInD/UQuoWBzTfL93BXeZaGhJmZ/0/VfAAN9mkj52lB2hc2keC+brryRID7cPPEAGQXb8sM9/u1PtKJjtMywI3czIu4T3oSrso9sznVyvFe78GIXyCJbmj3RLpZVHl2BNl2+H1sBlU9xUEjB+1D5zXXKEQMfjpraQ7XhFv9b9UBRPC0Xpd/QLCB6UVkNzHrHrHK6UXftv9OlgXojutNZNpkmsq0H7Vlkfk4Kx4X9vg/+1mHBXL61+pIYBH/31Pz8qQ5xWAnAdyuiEJcA/Q9jSfjtNLjzf+0BLscdHU3NKbviO1PpSW0oJskLEUXSk4fvXnqqKGkxJ5dMiD0kpQeETMiyj2t2K53GWA7cSUhPy/+LDForl+mmR4pmQP+TIQKp7f0+8mSPBWaqk0U/xImJLzJ4m3f6ixH5euvlEoW0QU+6It9fpt9RRZtjsCMXlb9j+/P9sqiEPXhLKemWmYxAjHw/7sGl1LawaQHXTrV7o90f6i4Bub6/yp9k23wP7yua8GKI5eFLe7mn5JRdEg8Inp5vTBkT+0eq7HvJ6aG+QosZknA2nQdWVZyIeWCEOiHOWXZ5P/D+xQuYg8te6rQCV21FbiaWcXEs1H/GS5zxB8YQapsrpwSei7XNdckSvy2v4PjXjCMCowUY0BqF7GKKK+90csuYdS10eW3h0gaGpVhNWNIk4leqUIY+ZJEBsZ3+35LbuM3NG7Rh5hLo5dgT9eMsKhtB1z2M3U4jrdpZdDYZa4TqBkl8jC7+VktCxeqaQ9oEByUfKpvr7z7vQNZSMec6F68Jfh1SgowGxNiJEhgP1OsBamAdckyk0pN5+NlSm+IFlOjvnViLQWlGOUOnuhpHWRJyWmXVfqQCDJon23VlU/hgn+ohyCc/fSybbIrvJlVlcMjEOPZPMB/P+d/bUJxvZDTrI+S6yqg5LOMm/s30Y0XRt9cMNKj+F0v+bc5ePW4aeWkxxCF/DYB8SkUSZxsrVB0KHLd/8GJIXBGzloF5viVmYxSFXW9G24SWR5P2dGYkdqWEloQSyDKRoKCYTdIL7uNWVWMlDk/EdleqJkWgHTpPs3N7E411httHnorauVpo2WNc8EMBXPeFhTw+idd57YGctHLKvJqahKgKXrOG9tclzwguJIVegtCWLrhqB3PPle+RPnlsTn/2KDOt5CV0t4xAXYaz/bzKVFo/w8yiQJMF5T8/fqEM+yV8bOP1rKmz6OgkGnod68uEl4CwNkwOECN36LcnlDT+W1DGtVakmKBpphRYvcUPVp3haU+yaccIULBlCY6t5Znzbik4jQoGXSd3OijLQMjaljuB+0xK8CxgwUsBBtoQeJv9ckz5bNZmgfxcYSFEFC7rCwQVTzFmD8gJ4HjypGvtMegb/OpCM83laW8IGCtXVht9fpLKJ3Oh64Ltl2A7Cr/2KSOf2+XMjx1+Lw91Q0AH1fm9x/dUhGnQUY0lb7PjngjFi2DOYd8xZggzuvmxkIONAVuMxnVoeN1vGKn+Luz/nsfSJiSR0IqnaeslYYt6RTb1x4SFlXcyD6wuFQ0oJsBlWlKOCZdW2nGYSAyTjPQQJe0wFNtDMpg/zqZBzcvu2Hed5Umn+S2lZYowuWU8IMOWXih/0E7Vd5OWpxW9ZOvBAHSqwGWkQSWYgVSZKxeZ2m2odKb6VSyVGxIavvnzC55HrE+dN/3tyJZT0Iulc4v66Og3uSKyeNc3dMHgMmsE0WT2Qkn8jJMNLKvG9H051AHG34PGfhaqZc35ywfG1tSzzCcxVbn3wWI9tHq0spR/0ZPL03EmdUByfGwIpIZTTm5eHvzbjPBA26NKAIoZiAP0DEjw7DwCqhMaPPuKdvlxUBYCFZw93p4PWpS3t2gm2ZGwg0FOoNT/ZH6kXacK518X38KfcXZ9EmBTaZhdeC4nH86rsjZoO2rAgeAFsHMc/OPWjZUnNxBRLHcnQRBABHfGZrzPasUz6xXNdAq/PHvONmAMMEdEO4qWP257+QjxNgxhoRcTPA3EQvROForATkc/tf+fYk2OxklGtdaA/tUB14S95sfD+1i/T5NHERKaJefIDcnKd3/dfI5WcOLGCBQqTHg3olXwb5KQYghDeE/dzeqL+74hE/Z2f/nyyG2xCnDAJvsrK0ynyXdkRa2RLj+/hdkvRwQ5Od/kkJRgN4rjXRUNs0d/b9dS133iX91Ly5WNQsqDsqC1U9eiFGiX8qRbNVK1+AxxNdmH+mvk+EZeHA5suWH4hdlYIHYDURW4n3/B8YYjrXgqUZr/V8iw/KqCvGiCYfoGNLatkK6G5bE30+CGAO+Ak9vM61i3cYOS/FsujHCNPrBfBA8Ru3RbmbAa5p5yfAEJSpo5ZPvrfodKdsP4F990V5q2mhq71ViUDUVrS84vSWG9vRIuJJEAk+RZZIxzEoTO04zr4/GOZFuY/Ltad7Wogvb1ts/7bCgGfmvzupLqBIDeZxiTOrSycPwsGz2p9SGjOg8Z2tpnf0vqwX1vci8e4ZgMyKIMmTzcV2RbQMXm/uyI+UuiOmDo2QIcLBeSQuxnZ1W8fccK2plALt6UTpNn8zKJfkOjSEW9H8hNHsWYr2AvnMI7+K1hzD0bqY74+LLpFKwRMW4f3fDhrNJ98s2udOwzgh+SqnXm8TG5+O4aYr6QAh9A+xUlP7UgPVYnh7Wav2Rtj8m8DeYYBoOSJXafaKtBgI+RHkZdMmuONwiVRg/+elVZ1qQbWY/eBxmxIO/N312vXRalPUCEDewbj8MnQMawWitGBxuR2qCuaZcEGt8FqB2Er105VMNfqZ4RmS7nlS++W9i8KCGCOJQXHmuPVv7twR96P+IuZ7bGBHShQZkvB5ZbW+C/c3RbbY/q8DtMYcfRClBcfxGzfzDQPu321O7PFjLP8nIDzBsVgBFIUKOUNnyD7fz7UOvbMitfmNVCkC/Q2I1YVVmtN/NSDnfYfd4kBb4B0p3lA+OlGoxPFHvH+fgc/nFRZuJ90UAy96hmzqXH4jFYYDS7dBOYX0o6vZ9NaTMLlJI5MKtg5eFKSfZmvUllCB7LVlsLsEf+moiw5z67stgEjUE6+2J3pqQBFyL6O18qpiH/5RqQMGeA4WlKdfGsgRCINtZEcp/AXsb2k9mDWMZJg6ATp1iH8j13WUKq2RVZ1VUIGUbl6YLsuyhdOISRC0Qb37D2mPs4J9sjuKC8pmscfcqcqHO4tM8NA/FRxWBuxBldsJ3jcRQ7ZNOPzZRcjlRNO9NN9D34Ddz8dDIpSIffdBtQShkQqYvDzme6WkkNBx3N+DJj5ntOwWbHM1ZB+QNdfX4Zc1Q/mLVJhaTpIaJb6n5XmZV3zb4WCkCN3SHAFjBSerR4ZeFBuoze+25JxGvY3ZH9ktCcQIoh0Ay6eLydME42v6liTMRbKc6BlHdHaaohJwbbGamlTkb5d7+BmtfXBbL3hIewrKMZvBS7G3S6yXtna/QNHXfHJAaPBbF6onqud2dGyE+gA42XqU6w1PlUEDOqjP83rOyVNwoSkNc24Z6ChXoP87xdxArfQcSr63d9/2Txrtf8CE9eS3XzLw8R3XuMNfwZBvadXMoo/IabpJi3OdxAQn4tjcFbS4PvHLTG3MlyZLc7vJzc6B3j+kNfw1ICoARDsEMz6knF1hllFmCK/D7pdLsFS/scAWmvna6Q3nAMNZdVGY9LVgv3OJqQRousMa9c4Y329dAKRA/BnruyxKUtPjyY09w0aPCnkL2TQnTV5O+WE/J7ahjsoBVK4NNkNlQ2zHY26uBr4wSfENywRM1wDvmovV0RkuKIzUzjEHHZT91WnHLwPYrJpwAP6r67u21ZECHB4DmVoiHzu0Jhd2eUPFVi7jfJcB50CmRToOlUbCNpgzNItMl5f76J2dDPvuN/laBI2knzDZjp4CU/BXTx7yQugvbMg61ch2RtybC9GzSA8lr2fpFSZEKVSpYI/nOcVU3eCSo0ytmtJFm2DoDd8zadvrAMLsNEmKfKmwPosUEDVkd35o4RF4udnKPaW3R1qWcf7VIuBKYx/HSEsunpxCVXVgUHAunJhM8bEyREHIXMs9cIyaEPlH0F6zP1bgjQHYX9xkR5lfZRxLlS+00BKJRJ8WRvjXwy+TZs3b90m9xMUZJywY5gsIr4brK8WLstgV7KBmJPp8nRZh9FHBYTYDicaQApyeu3CDA7w2LyZmwIfn92rfmL9cm1H6WyjT6bDBSYJDGFvdLH4DvAdVml/eA+OmbSS7reD2FlFkTzAHJQr8GnCXvqPuxiFW89bf0EI16RudeHc/LjroxmYBG8vjaw3COl/762K97Cg9gNaCFgkpmebJ5MJIjWfmweurRb0C1JNOjmBGwyqc8gudFhi61ZVcGs0QYUX646LoRPVz81rpsZqZ1wDGf4PyVAfLZxjMUYtY/lQ+i2KagyUZJnTOWkg1I0ma/xc7uINAB1QIZO3rh0T4vX47kSAKD9iEIKevDO8O5Hk3S6U6ucPJW4O54G4e1QzDvTRCmVrS7yW2gKfIaCm7PNK5mtNLNzCrYBTZwsOvDutByU1yGcYtgYCQs75FpOSqa/uugyWK+z/Lkeao0hwypN3fU3LqdK/Dcb87ZZ7dD4Yf7nUvPea0nt4w7ifRuZ42ouUsMniX+/j/IBcdjx4mqB4gx1wYoqMqu8LxUgOwdurw6Dxs+o/XJZpLR6obBtKrNiA2EBgBFAdwZ9ngpZ4nYBEkWIt1oCVGLgP5Q7pLaE2Lbd0USPC6OdyBYyE9hbv0Y1Qdc2UaLS96rGIJH9chQSUHpjzTZZOM9f51bbMzHA+s1a+K+52qMCoLBQaxVT4vk2XnDPI8YWXl5O8ljDjXwDCGE6bBDWrYE8cKeZ41W+g7rpdSP5V41eBAiA4TNAeZsFOH76gF97ntJD6m39+KReTW/J8emGJ5DqX2XoI3H9rJbjHhUwYVt/5MpwMysgylmohc/HUPa/NgL9aBbgqtqj0tYJeW5gGsbYoTfFNWtz0of6CmLfFByKWvkwXggMzH5caDPZwMBVKXKFIb7Oj+PUmBskq3A3SAtZjtyavyRf7ejf0xlJD+fkOn//PPF2+DHlCC9sdHuvCjpv/+Ibhen4u8JidcVlpi66Du7pVCK4nO9eUyL4rGrMD9YxGFOyq9aQpHGpTnDDzntHNLDdmlbUXIgksUGiHzIaHvuGuh/UbDXmxg0IM+XyXpRACmm45L/x57r7fmeoelk3tWNVUevnQQmmP1qXWo5dPW4LdhS+pvndrc/2BALjEAzwOi5br/tbGoN3ybg5iiuQnFYJtgYqD9CBZSJf6PrrblE7anex3mFO26G6ux/FjWOERt/zpBaq1UCYSWT</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:02:52,433 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:02:52,433 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180252Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_k5svgtikq3zfjszighc0wxav75fcgxdi9rsln0h|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c31b017bc6f2a8be26ba85187a53e038|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxj4dqLs9AnfH8IpSYLPEFMj5tbS5Y79qAaFHFcL40vZ+ElXCls1Um/CHoiQfjYt358zsWPiUms27WZRpuf4l09csf5Oioiua1IrX9v4D/VmskiMqoBhXK7GH2c7WSR5wYzXCwm7NMmwyvPA/1juBhTkyBbBHx3d0=|_612cfe9ba80f44a5ba8d17be35e85f39|
2019-11-13 18:03:19,308 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18611-gYABMBi65NO5PLvktooXA7cq353wgkdd
2019-11-13 18:03:19,308 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:03:19,308 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:03:19,309 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka"
    IsPassive="false" IssueInstant="2019-11-13T18:03:18.564Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>j2cXVLDkeaXxP4hRM/9ml3dOP1JjtoypDuxpbJ4DJuU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
TLflbTk+gExaHhvP9+bBXs2YG4eLLvA1Idq2BgbQm5XHbehrrkCEbJ0p/GQsndtiE5neuEveQ3t6
q7Bg051BfEcvVk16TKrhCZew5r7Bnjpg69S2ZDcvxCRofAeLlgRg9haVd90mP86fCTc27i7zD00P
NytteyArg4/klfoqYoAk/wEwPa8PIWRiuqA9/i5mCQceq4iHabdydoPszLod75iQx5Uw7eLwCXnA
yjFVw/BglrOyJb0ZL4iB4efd9rBKhnHoZ1MAbmPQVpQU3w08OyUZN7YXyQ6iyqccHRcp1ckggBwQ
l6XuORIR3Vblrj3HuB0WsxZ9ndVsWEOgM5r36g==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-11-13 18:03:19,314 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-11-13 18:03:19,314 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:03:19,314 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:03:19,314 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:03:19,314 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:03:19,314 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:03:19,314 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:03:19,314 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:03:19,314 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:03:19,315 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:03:19,315 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:03:19,315 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:03:19,315 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:03:19,315 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:03:19,315 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka', issue instant '2019-11-13T18:03:18.564Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:03:19,316 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-11-13 18:03:19,316 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-11-13 18:03:19,316 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:03:19,316 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:03:19,316 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:03:19,316 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:03:19,316 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:03:19,316 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:03:19,316 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:03:19,316 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:03:19,316 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-11-13 18:03:19,316 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-11-13 18:03:19,316 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-11-13 18:03:19,316 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-11-13 18:03:19,317 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-11-13 18:03:19,317 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-11-13 18:03:19,317 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka"
2019-11-13 18:03:19,317 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:03:19,317 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka"
2019-11-13 18:03:19,317 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:03:19,317 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka"
2019-11-13 18:03:19,317 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-11-13 18:03:19,317 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:03:19,317 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:03:19,317 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:03:19,317 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:03:19,317 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:03:19,317 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:03:19,317 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:03:19,317 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:03:19,318 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:03:19,318 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:03:19,318 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:03:19,318 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:03:19,318 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:03:19,318 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:03:19,318 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:03:19,318 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:03:19,318 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:03:19,318 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:03:19,318 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:03:19,319 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:03:19,319 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:03:19,319 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:03:19,319 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:03:19,319 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:03:19,319 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:03:19,319 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:03:19,319 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:03:19,319 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:03:19,322 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:03:19,323 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:03:19.323Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:03:19,323 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:03:19,323 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:03:19,323 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:03:19,323 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:03:19,323 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:03:19,323 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:03:19,323 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:03:19,323 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:03:19,323 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:03:19,324 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:03:19,493 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:03:19,493 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:03:19,493 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:03:21,452 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:03:21,452 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:03:21,452 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@44178258::identifier=rick, context=org.apache.velocity.VelocityContext@58bd7f]
2019-11-13 18:03:21,453 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@44178258::identifier=rick, context=org.apache.velocity.VelocityContext@58bd7f]
2019-11-13 18:03:21,454 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:03:21,454 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:03:21,454 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:03:21,454 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:03:21,454 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:03:21,454 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:03:21,455 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:03:21,455 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session ce6eb252ff951964ec47580745bac34ce34a3b5cba7aea9c46d50c4c54794cec for principal rick
2019-11-13 18:03:21,455 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session ce6eb252ff951964ec47580745bac34ce34a3b5cba7aea9c46d50c4c54794cec
2019-11-13 18:03:21,455 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:03:21,456 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:03:21,456 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:03:21,456 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:03:21,456 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:03:21,456 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:03:21,456 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:03:21,456 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:03:21,456 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:03:21,456 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:03:21,457 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:03:21,457 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:03:21,457 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@10bafbca'
2019-11-13 18:03:21,457 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:03:21,457 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:03:21,457 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:03:21,457 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:03:21,457 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:03:21,457 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:03:21,457 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:03:21,457 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:03:21,458 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:03:21,626 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:03:21,626 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:03:21,626 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:03:21,626 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:03:21,626 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:03:21,626 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:03:22,146 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:03:22,146 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:03:22,146 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180322Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:03:22,147 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:03:22,147 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:03:22,147 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:03:22,147 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:03:22,147 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204202147}'
2019-11-13 18:03:22,147 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:03:22,147 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:03:22,147 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:03:22,147 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:03:22,147 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-11-13 18:03:22,147 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@10bafbca'
2019-11-13 18:03:22,147 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:03:22,147 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:03:22,148 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:03:22,148 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:03:22,148 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _0478c0bd95397d2d86764eb3032651a5
2019-11-13 18:03:22,148 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _0478c0bd95397d2d86764eb3032651a5 to Response _4114837b358a9f48219c9a5de6a2724d
2019-11-13 18:03:22,149 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _0478c0bd95397d2d86764eb3032651a5
2019-11-13 18:03:22,149 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:03:22,149 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:03:22,149 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:03:22,149 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:03:22,149 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:03:22,149 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:03:22,149 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:03:22,149 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:03:22,149 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:03:22,150 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:03:22,150 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:03:22,150 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-11-13 18:03:22,150 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:03:22,150 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:03:22,150 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:03:22,150 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:03:22,150 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxZK/iFaPW5AHSvQQw44gvqZ2LB+dRRUT4lkOz/2GVJb3+UyGLoZ5BWgMK7dfIFkU5J5MGBFgWm+IUJN2Nld53xjX/PHjS8+/L5YrVFMQw0j7v01Hfe24DlaNWBNd5oRQxog9CikRzRK/58eCkkObqwN1EtJQKRE0= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _0478c0bd95397d2d86764eb3032651a5
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _0478c0bd95397d2d86764eb3032651a5 did not already contain Conditions, one was added
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:08:22.147Z, to Assertion _0478c0bd95397d2d86764eb3032651a5
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _0478c0bd95397d2d86764eb3032651a5 already contained Conditions, nothing was done
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _0478c0bd95397d2d86764eb3032651a5 already contained Conditions, nothing was done
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-11-13 18:03:22,151 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _0478c0bd95397d2d86764eb3032651a5
2019-11-13 18:03:22,152 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session ce6eb252ff951964ec47580745bac34ce34a3b5cba7aea9c46d50c4c54794cec
2019-11-13 18:03:22,152 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session ce6eb252ff951964ec47580745bac34ce34a3b5cba7aea9c46d50c4c54794cec
2019-11-13 18:03:22,152 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:03:22,152 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxZK/iFaPW5AHSvQQw44gvqZ2LB+dRRUT4lkOz/2GVJb3+UyGLoZ5BWgMK7dfIFkU5J5MGBFgWm+IUJN2Nld53xjX/PHjS8+/L5YrVFMQw0j7v01Hfe24DlaNWBNd5oRQxog9CikRzRK/58eCkkObqwN1EtJQKRE0=
2019-11-13 18:03:22,152 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:03:22,152 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:03:22,153 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0478c0bd95397d2d86764eb3032651a5"
2019-11-13 18:03:22,153 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0478c0bd95397d2d86764eb3032651a5 and Element was [saml2:Assertion: null]
2019-11-13 18:03:22,153 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0478c0bd95397d2d86764eb3032651a5"
2019-11-13 18:03:22,153 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0478c0bd95397d2d86764eb3032651a5 and Element was [saml2:Assertion: null]
2019-11-13 18:03:22,155 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_4114837b358a9f48219c9a5de6a2724d"
    InResponseTo="_y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka"
    IssueInstant="2019-11-13T18:03:22.147Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_0478c0bd95397d2d86764eb3032651a5"
        IssueInstant="2019-11-13T18:03:22.147Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_0478c0bd95397d2d86764eb3032651a5">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>ecZacovCFWvpewknwne0VWCJIt6VrIVYPjTyUkLKs0GB+1gMWVkppqjvaBFvhCFj3J1TlPwWTw2+1m7dG8gfTA==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>O+En3qkhBEIh7BNggbrHIGFvP8x/62B/1Qt0WaIvsy6a3vwNuYHD5WWdl1uDPYkT5ftewWlnCJBmecMOpoITICTWCnJjGStKmdNg2F7fa0RhwQQ6wWsV1R+iNyIxvJWygNDWGwgWpMS9HA5aWBGP+pL2e9cdI+CtOpjm5hUg4ksxzBLC8S8Aspr4uh6znSKBGiJCHATO5uJMXVXqKKXtYm/aY4iE/5/MtkuyzGsFxSs+xO6EpoiVZZtOg1dcUYlUMVdf8TyGyJKz0DGAFZUp2z895NeLzrT8q3W8dv6mA5ZR0RlDc5KTZdpIuqP5Ask7Ly9finayprBaO03WFZ3wKQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxZK/iFaPW5AHSvQQw44gvqZ2LB+dRRUT4lkOz/2GVJb3+UyGLoZ5BWgMK7dfIFkU5J5MGBFgWm+IUJN2Nld53xjX/PHjS8+/L5YrVFMQw0j7v01Hfe24DlaNWBNd5oRQxog9CikRzRK/58eCkkObqwN1EtJQKRE0=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    InResponseTo="_y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka"
                    NotOnOrAfter="2019-11-13T18:08:22.151Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:03:22.147Z" NotOnOrAfter="2019-11-13T18:08:22.147Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:03:21.454Z" SessionIndex="_73258c6e5dd119e1575164a277c5b5f9">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:03:22,156 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:03:22,157 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:03:22,157 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4114837b358a9f48219c9a5de6a2724d"
2019-11-13 18:03:22,157 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4114837b358a9f48219c9a5de6a2724d and Element was [saml2p:Response: null]
2019-11-13 18:03:22,157 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4114837b358a9f48219c9a5de6a2724d"
2019-11-13 18:03:22,157 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4114837b358a9f48219c9a5de6a2724d and Element was [saml2p:Response: null]
2019-11-13 18:03:22,158 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:03:22,158 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-11-13 18:03:22,158 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:03:22,159 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-18611-gYABMBi65NO5PLvktooXA7cq353wgkdd', encoded as 'TST-18611-gYABMBi65NO5PLvktooXA7cq353wgkdd'
2019-11-13 18:03:22,160 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_4114837b358a9f48219c9a5de6a2724d"
    InResponseTo="_y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka"
    IssueInstant="2019-11-13T18:03:22.147Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_4114837b358a9f48219c9a5de6a2724d">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>M4vAt37TArF1hkL07GjUjopQ0DY3bDtx44kGOO9dhgMUzf8Rk7iKxuLtlvkwAhbgJ3d7I4beJcZpA73HgUJmbw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>EIPIsNcFG80Hx+zF0PM3OEmP6aopGlfXntuJyQQ2Az72Z2BV/s30EZRkSrkhXCJqaRYtoFlW4yAKLfGrhTjbOZTkUobSrtyeWfrAd99RfERLDPsxPF1HzjIc4uKYHZKUbL5LctrzFC1DQAZTc1yIw6VKUq1FuXrHAoOnuTyNOCoH0OeFGyNWtnSMUVEu9tufORzRFXJk41/SAVeALZXZl4XrViAO5Y+hISj9KHwtqDHlML1Kn3grkaiGbpX+PfDSgCq1W87At4NPUlE0hlnhgygNYKiChbTiqNG5UPRIKbnLVVG780heiJZ67JYQFZbsCryXZS2X6Q1mf2PHhILVqg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_8f60d929d9941f88b6568425c67ad9ab"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_21590fbe57104766bd742916df9af2e4"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>eLxyoZyufNFg3AwT8aJxyr/7fUjyjaI7z5O0ADXsroFHQTm2MlVXax9WRZ0elNHpJUbk3Qxd4AEWKknGYCXVBJMpFCH0TzskBEz48ANB+8yzFVLyd/HhEb8Rsyw40yW3UQ+TS3zebjSNiWfCLCEVYar/f3OLKVncNKX4OOdai2tafdSsT3UnNIa4a/XdJjpGi2SezLn6XxQEGFhSsbgePiHBG3GTHInaElPXd3AZed+RIOChu+t3P4lpHqA3nrIDta5SH1QUqMJtWyXLHcgmoBGEWLk2yvCqg9SL33QOTK/H1cHXI6qtc0WlntCR1PyiQWmsN57CZecQDIcKG3pXLw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>LovfHAkZbgzBs0KtCr64QZ7vfiZYglxNST71kZ5X7Csu4/V33tFyEais8sInMQ3B7DxxNR6XaRv3EEEUIQ+FkfVlDZDfPL0P8Mey2wwcVTF86Bx1061SYEF8mesGFAJvaYNp1eAGV17F/C5zh4KrYh5J7ZQ3GcDSZjqEJyTS1ZtHdwgOJ7ZgB76pwX8WoX5BIKYV/HMfo75WWp2GJrpI1icvTPTFcuK62Kw6VAxXM7kjhE1ff9GbdzCdPCFV4v6uuL+vCJxWAHDeJ/sbeZmsd/N3Q/iRfeP/eejMzIX06ESp9mKP+ycbdhIbPyXwn85tK088fHReIr+hqb6ATkScRcPNDdmwK+yP+DaAOqH6CKSTh2AUX2OEXAd2pp8RZ2SMr60v5iml+pBo+6Bkf/XQ3VLSyHc2+vwnQu2YbGi8gjjYRbNIrDV2TfXR/gFR8oAiQT1bpCMTxMnF6Hx5yTKh+6ajfrfG6Jzj42TiTY5aMqFq3msoBlWKoHVJqXWavp6ty7GaFCXpssE9Z9f70ZifjxqRn2qx8xWeFLUIcyhH2NJ4ChtmBpWbYqdKavIcJxCuvDX+wFrddMlUNyzpE6ajA677djgn52oxika6DCivdFQNCSUD6LVyZlUzC3O1gXXs0DoipezzvIwcub3FVsPVVxbdNNep/1RcTpfhcHZoe4LBNWAlkGE6Lx/Oef2aBwh68u5uf0n+9sfSAam9BUv8RgoqkImLrHwjSci8kG7bP+wO0tc3ObUjLURse7Yl8aqf5Wl1u/qYaDnM2kPee46ulm6BNy0D6CLoIlVabCr/Ge8mD6KT6wv31Rf2yI8RgXET76d8zgFqR0hnN4ddyT6aYDE3RZNULbnkYL2jAWLtMpVvLXyXTNq8NrtKJ966FAWoe23wUiw0oTUc78/Gmcb26cxGcfDH9aikb6Tbl0kG4jhF5jZW8tXBnlg4M2aZq8er/KPEFllSOeSwv4WmIWnd+npuCqd01E2+NPPAxSPqGnryhQBNsDHYrhLk0sLWAihDnPeXrkAck6B738MWsvIuGxObPSMEz/32i9Rr+7mN9mE5l20UDt8Nc0F1PlsAIX5KdzZTNkpGuIHt0ckZdKrEjtYkp2wigw34RPw277txtLqHShLCnQ/uc9yIV98vwQLmJt9sTdHEaVe1To1cXnZtodmSqN0UjzraXIy0vW5H3r5Ja/lPixmc0NWgZy93Yl9ZMz+hX160pCwmNRaNKeClZF6zXTIcbS8dAhxjk+WYzCVD/hFB4rUNdoQdTzfY+YADU+AlVGZfCnXwtByT//LOtD/GMHtSFqromMrgJkrDexLFnIEBTPDTM/a0KFZi6ZPcK1OT9vY2lpYYKUx+909SkEjXyqcilwGf7x8eqLWR7bgVyl5xl+wK+/mECYMIq/5mX/XNf9HTWxDOrXX5s6Kr3OCMiIgudUQoHpSDmMmyeXDQMsrOPumfTtOSW8tKEKyeKry+gkZhizQ0qnolNLnIPdJ0/yDw9G/E25tPoxiHRyaAraF9sakC/9eB/Ry9HxElIofv+eKpT4nb/jPpPDe/8XGH1OIEd4Disr9paNLcnk/l99bcKwzmIQTCJp2nKqUk4hZVwDVfGgbonz6VJATHZPKt5y3Uls9xxpK0Lz70xh253WdB5cAs/qyvIvXFvEESKJsnqRkPoPVcQ9AReIu3N1t2FBb0J0+sMH4HaCAEnEdrb/4Y+4ryKNKLMTo3bqf+/eSddNl/T0TWhTe7OqxvMHFYQXxsz1qcW2uahVd6DDJKsFkub+QoBDpOIoA4hYDuc0EMpt9K+3i6MDsWjkAyWkLdLsz9xN6tgq0Wil9J+NMCCGomgKxLJ1hWSEv3K49BMed83CeHmOos9sw6B4geCA8cUlwmIGWBm2cx2fyRWmhZdB6rhisUjXkdEhVTuWSTJuR7yu6wZY0D6BldM11mBCEM7DSW4nGtdEIUQDPl2bjLgNPP60sK4PcUJfLBid4KpZdfcP5//Qp3Pevhjss3+pAB6czwG4zbOTNFpw4BiGAzf5omS+om04+mSAy2IlyiXK/8j69FkHWDLiCKTddywI4RuzLqy5wzN2SjYv2lyKDcshPJDSGobmjos/DUAAajoV50eowZgQMHDKRUlNUgTtapXc+Dj5XMns2IoCA8m/tZuHLmtGZlKPCRV84bgmw4WSgU95aYcvursYtWVTrDYk5J4BsdUye91IpHWLqpVeQ+ZKkVKAHbxq6vuPl3bUeoBX4Hkx5uxf07QWNBQcN1DoKky5L/Kx6F4OAE8qVde+qlaQTlAOHFM6K6iHKs6C4JkRWf3hAxZo/wlox8e9xBCAGqGJI3+FAYKX0UFSXxsKJjSV8a3ze0b1epgEMsTFJIsWL0xaHIEF+vzdmgAKXcLB07pi4p48I+WXPH447zE9aJCey1UR/FJSwuc4eDpsLhykXPqkNjft/DjmmNynbUK3eUfHOZMJIxpwg6YAK9eB1axWeK8aIX+PnaF7FRuNjPF+FDB5hj/yHCbd+UnvAwucWs75U/31EqVyeLiYvUo4igp5L6fHEyCUc2DR5JfdwmMgL1XKX+5a8P3N/TpcqlGVbzWDTYfCMBPaWMi3Mmx0eSzTlJS2LowEF0Anm15u2CsxsAkpl4Cnk5okqE9PkjZhenemeKMgLqqU+DuKh61DiCZFveU8h2T36I4fkfCEyKAT1p0by0x033+NSKmlu3s+FAjV3O2L9BwWSk+Jkjsf2oGiHQBoY8qcRpCHqDOZD6IzZpaQduUQHRnT/lB5FaImHf0/MnYomZvZGBiCos0kWZYDg+e96EXbMTOIcFVBUZ32JdJ1RSUZYY7sNS6Y0ExOpMM1xuI9/xt3Bl067w2fV9Hjx015jS3tDtR6z4/JiGoBWCEdEhpnTFdorZvr2nYVTcUAaQqlXe6TVD/njLTJZERUhrXhQbdMQI3MV5hRTnCT/qBwqedWa7uikey7UtBuqXkv7rPn/8JpwqMMrpaXbxzm1NkaxSQMf646gwEuP35yD5aafAjQN1SDgI7JSjPPRGTun2LifGQ3NNjSJ7DrgQO+2lKFTi35hKEkJT+TQLlZzlGZUx5bCR5QQlvhjM6mRivr0Z5SeZGNxTR237Ca0b0dAEbbue3UC62zhNsarKK1bPBxKaMTzGgsBeOq0wovlrE3cLCruTKtiqJ4Re1j+ufTuqAsxhfxEPJq7yyoMJfTA+T4ZXfzIUl1pw5LafK4ZB734CxxG+KlQGS13ElwqYQfKbl/Zokb5pxwcWZT6qxNVehQn16gxzi8nQO0CYtrOMo7YRfWzUhRRoDrPp5DFa77Yj5Uv0dAI1KF6WGKFsSZ0LdPD/8SPgJa1tSp3zakDYWvHQYlx55qnLnL9okpYoEyZndFHht57rix7bQpKLG2ykQ7MrJIk4PCt7VFVxr5acl+Q+6CEQ55KCAo6q+0CisoiFFFdiT8OQTsVAXSCIH4IdpZwiLmAAMiPMoilaUhSP5vhdVBQRNlJEWUJMMnoEMD/3yM7QhaACSJUE00jfbBv7L4dtrZ8rylK7595nkMkuy1RLWfm/K0JBC7pVKYMXB2sj/8iTd2lHAnnOwgaqBcdpGPq2V2GpnSYmIN4uCEtprzkCgkSigYAjSRsLvYo/NpZIkPg7n89+53mivVbMz/faQY4CbPrlWjrHzSuqp+XU21kVkFSjCln+IMhiqdyp9rj2lGcF5D/Rw+41ELAKjZZ2vfr/udEZmRZRXv6YTV7yMtp9s2XBkT0fHgckMbDfwVylMcsWay0aNp7hI9W6G5/Wp5AjkgrrfduMY5iUl1nch3OQ3AM2OZBUQ2RF5COZI2QhDqGcaFb2rzMARzByziL+L614166UB1q9bACS83ub8XyzhJ64jd3qBsak5FwOrVLnVqQpgWEnDT0JryxxeCAg96MzdeiVujsHbR83JpjCTaph/RQVxvd/Ride+1QuDydQmPqpGE55Uw0BIFaxTbbZl/Zn8d9dMAF72doZHtv+y/C49W71SFQMKQlP2qvMVs5zDcWUGAhqTanTU/cMTCdqrc44xVVAaFzLq+togldPwmeiq1L707kPOFtH0dvn19AV+g+HHctsWNkFC3utfmWvbfTOiynBrl4RMhZaXH2R6PJDhT+TefY3BgWxgEuvMZupYSn230WUuSi5Ue5rJHGfvns99eBZDpKusJVD2cllHLySl6YGlG3SVPeMjnS8dTbChAaz7nc5TEcrlj1rRi4MddvJZaflG8bdk4Gt2tRjisSqMWpXbOPLpfJb5R0krUw/CqgkW+O3bUSeg2btpOVzH6p2/TzlRdDJVhV/KLzYvLhYUhicGToxXYDOCOTuPPcnVWO7YcxJTFq8tY0YV+LknR1D34BL43dUS8CSwAp6wHBTJufisidJPfiF1PBqs4j11IDK2jJ04hqdbVaptPLbITZgX9k95oRMISR2dOhrzawXDa9LPK+GxsDK4N72bg5q7kIddbGx2mMqRXR0bGGOa7kbDTz0B/2lSpp5OyJtpG46XIjMNrp2xoG0W1baU2w3SXrv3PjwNZ6gDln0FjXlL8XhcE9F+wusHg7cbTPCHAM3LJJdKeT9/yn+Rx2GDpYCbz34iYdk9i97aspm+CoiFkV63kQV8U/f21eL/hbt/RNw03yF/FT5haltX4zXo2LZxu3ITTeyXwSeYKNsxy/flmm+sfPmFEwoBN39faQ9WlJ3ZDHWaCSY+QTF6ic4jm2g62Ly9HKBUH/CCgvnNawopJWTAnXqk+2vlEO/BeGppcHlgVCPMYOyE3TQjU3xlHzS+5MHG2504I1kDQyiGQvikAK8JDEpbS65jxHGPugJipSV1w2BMr/7/oIAhLSMWpOIq2HQ6jMdnFxS2dKWfbvjIWAW2yGCB/9zNhiDQ9kD8ChgIneIaIOD0LSyN9T4CVidNmXVltfzeZCVuayJOScM4pycRNkR8xPmDr/CPJltSxL/xI2NS7qV5fnI3AzSFHoVn+ldfupeduR1KDGtYRQKa/blibuPze3ZyBdu4dHAfuicIfGSJSP8uyOquR0lRUTwItP+IKqZ3qQ67p3UmaqrKlTwimU22OMyuqzXsdWQGMV5wrDdZ7YW5yYTCNFhtnLD64bXtxcfLH6+Wz3qaCgOnU+tGhvAJMdyzPmmIl6K2+Dx6ThSuTuyuOgrqld1SZ7OkcwAmac5WlVCiBx8BFzjx/SE4spl5i0JZe/hNSfBB/C9fnsk6iSlaeuv6Edja73Rv1SJRWWRmLrPgJxym0o5KIinI0N4KSL1X235YeTtPyXwa24EcaroypHJvE0S75FRi49aI/0stcbd3LbkUYvKw/voHm+jnitRyTDBpobCv7Y5Jqcm0iUMc984cw39XpomvRKRoxChpHoWdVqBEnWWrE7wsdTH44h3lp05ckiRWuj00Im0gaudc9j/PfSKUe+mmm0PHG+wcJnl0+Hosp4BHGnGGOrEQEVIcAfwtxnd1KdX/iyB2g3b8z+8VoX9NkQZA047/pBGSDCan0BevD16DNKTrnyiFWLWVN1xmrorscQ5aYZma46VbbTXOO1X4gixqS5NcaZw2DtnnwH1bwBiOsu6t/FuTd04Nq+Qjs7Y5BygIN1MYMIm5x2l4+ubKPeGILqg6UW6REhvzWGBmZ+pxK7XvYlgLzhGbWFJzGb5psAV4PxDyjmbYGImtZuVK+ukVmpR+n4gT9gbyh8MurNJXYUTztiC7BHvq4RqIbnKjEy6RDpOySEYcCpH2vs/+RCgGfU42APvZlHlQZGBV3xyvBIyQbFS+ko3ru2PbhqaDqb2rkimWC8C0yZMO3GDqD2HlBSmAcuvBv8pN6vno+sK7zyrGET8cSfe4wCPn5xr9MjXXhI4ImfuxMtRiXD74aBKvSq15Co0c16HvbojeRetjUDR8yjfA1myuT9IOIWDN2sn09Ilj19qvJcEGjFpz2XhB4BCgwW9JhyJYtsq+eFeybfCaEA0a4t2pYJrnuezxEDg4BKcYNS/6vOCoe9v/d/SWcX1q8xTP1y6NT5RBa6w6HdB83kCmZB1M9QW3BxQD1COagVNSCYou1+MZR9HqRSdE+2wqdOuyOVXLuIZdfUEiu4KUWfoHsXea3XrChitV/6qQDJWkcGdyd5hX/pB9DdpbGqqE/07pIMxXYBJUE/YZ8iw6PwqZ6z7Os1ir7g9wtVAAUiKmhTGFvtjPnKY33LvIsy/o9Rbg1yQ+80I+YALclt0+kq4yYrwVAUUhovHJg0k5NvbUFVZIt7tYL1qQpyHkSUoAbbthjmm5TrdKpIoDelNlV00UOWgHlz0OJzj7OGRC5g3/YWWcsAwoa+yxilU5FOZjdaLoiJvVDNM0gZEwaFfAulYJmsD4fyayDcOysboKKjLJu3fUuFJfGiYXB40aef7pBN2loh+ES0tTaAJTQoGRPJw6EDEExUZaXnfo32Ze5Vij75uEr1pEP7kYqnRjR0TGnhpLZ+i+7q7PyHKjEbQMEHdi850VId/bCshb9J8xBQ6KDTtFxjWOVNzS5d0Qa/c6W2UW6Vsg4Wfi/r7VG0xrl+6LTRmHSv/LmzYSdRnzZ9gHny4W2T1v7UHUwfHxV+R6o8DQKTu9T7bCHUhu3b0rBr66pi4Ab66jFvBPimCS+lXMXMDSmAlXz82HgNWwnHPT2Fsu5hmVwyX5Z2wyCKOWsNOHhXMpi1BwOdzWh9A0PMiog0e48bxRikWrYH3tOygHufgIt6puwOmK966KnGIZ44uGEXpOvF/muEAyvfBRXCcPMMymalZ4Dd8MpY8I4dAIMGebXvaJYaBBpJY5BQZB5JkT2w2Hz/VUFerV3Uhu1heunclt3LKAhU6nl1NCatr+71zGqM8pOJ9vSpJJP/nWQ8TmIax2iUG2+gXHghlj2Bt7e1WO1VcWs8INFSA8wcOem/ls3TVvz8e9RbOHSfp0YtK/ozeSXDoSgmmsNYBhrYlj1JQz0Izh5yO2xJCjsLKYB7AHCbmNRD/82XWNGUADdBXny+UwQV9MStfJaz3cj+GdzeJdCfjSAYeq8FbXfQZASnIb1rB4yZOdam0IJ/BqrKG7S9RNrSW2cvhZwE70BX9xQgchcuEoilJQEKd6XVkom9AHrgDE0rW7Zkc+YGbBrplSiNXmXmhjCt32xH3oGIcBvEQNWM5JLqfr0tSYhuJOjD9rQr1pE22tdpLIDEWdeecWc45oud2ixz+OWyFcu1URZ4Xlouho1OXe6d8igC+kKQS2iml9bE3nK6hz23QJ2sxBOhoxPSmIDoHhv9ts2x+4RL7M7zNQd8auoA6OiGbJMKc2M8CsfCvNfGAXWHwFmkakrltLmiSsThD2/pQwSktg+U7Uh+dHKhLeQDIduNuu6PoFfybNMlCJZ+YZGG3hD19NqfW9lRGW6quWwVAK/DOcKOZINa42dUVwYgcNOak4ATmBbuTTOA49L+hSiqQiLFmfsCOoBk/LKPZK45ZzNHt2h+YvLcIRYllr2g5pGx8Y8VMvMnCyvbPR3oG8gUt3sO1IPH0m51nunWUgoLoWYN0/i0uzWjJh/xB8NU1fcl8CoFSJWib+qrJpfyjmlOTxKW7UuGLsmL7uFJviiiNwYytqaI1nEkuPDxvpLVA5OscSzSJthmUjGW8wqkLNPC0BlgVjVu2Iz406XaEK7iG/E5vN+E3M1N5IENo0Heijv2n7eGyUnn2D/3CWaiXPyK/0PkEXYmgCcqM2T6n6g7Pe0dvICjA5tGUXRfBWnZjRxxsP6mzNv1Oj4itYRgKZ0MFJqRfsI2f64kHbOdWmqlAS06HqmOCxHYpUd74FcTk6tuPqK4uZ1lX3r8pE7bMVZwvhBm2areMnn8JjI2+w8T13w9TMwkuNvcDBcnc27ruZT16+Po2e9YsnfdgRaEXw2p8zabXIvPi6iK7YKJiXWKuo18BEd1QgAohVEhPmZ9SbdGg/8f/wJDo+7NAVhVnhTgPIdruBpqxpjVL9FDnW9XW/cyl3YFlSy6w26F0jMmZD1hIR8xjfJAB5dWRBuU2RfvEO0k1KW/VQ6DgJTcQ9XUUGqkqZV/yyHRwCCJ17VFUNuZa9safDIojOh8Il2rWsDuT73IqLLv5UXVtfXQFPYFylGDVXJ10LP0pioksWlyNYfXwhm8T/BZqjbXq</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:03:22,160 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:03:22,161 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180322Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_y82rhdnkdheqdretsxmrkef7am8sqtosbsvpyka|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_4114837b358a9f48219c9a5de6a2724d|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxZK/iFaPW5AHSvQQw44gvqZ2LB+dRRUT4lkOz/2GVJb3+UyGLoZ5BWgMK7dfIFkU5J5MGBFgWm+IUJN2Nld53xjX/PHjS8+/L5YrVFMQw0j7v01Hfe24DlaNWBNd5oRQxog9CikRzRK/58eCkkObqwN1EtJQKRE0=|_0478c0bd95397d2d86764eb3032651a5|
2019-11-13 18:03:45,908 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18612-tAfUJHEU3L9CSQPO0QLnxmVf-85jOE33
2019-11-13 18:03:45,908 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:03:45,908 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:03:45,908 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu"
    IsPassive="false" IssueInstant="2019-11-13T18:03:45.018Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>b2aSiYCsl05ao9x5bZaYvHPQ89RUgIzRSs0LPCdXyJI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
vMjFPxhxaSYfTAPkUWI97SOqkOoJO/LPs3E+eRdQ/dYodT0ggcKD6LpY/jVw91hAYD1Z654zuKU7
uhFzACWBm1AXAQDa+IEgimekWO8BI9wY8/2bqEhhmmsHIm50y4G9P1Da434oaxWl0kDOVXK2KcKf
JUpL9ozh6HuEoUvqy5O0+PM25krsXlxENYonswW66cRiiqnePx6JeYKaUqa4DLgkoZ5YfRUHHpuh
5sN1i1EKi4B4gpAV8U+vkcug1jg/kOnIOsPJpn+eX0ym1Ok8pV3569dGYkP3pSF6eD2GjBhNEZWz
SMDcA18RuTdzPypnjDj1yNQkbmFvAsmGV2Wilw==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-11-13 18:03:45,913 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-11-13 18:03:45,914 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:03:45,914 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:03:45,914 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:03:45,914 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:03:45,914 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:03:45,914 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:03:45,914 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:03:45,914 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:03:45,914 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:03:45,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:03:45,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:03:45,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:03:45,915 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:03:45,915 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu', issue instant '2019-11-13T18:03:45.018Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:03:45,915 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-11-13 18:03:45,915 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-11-13 18:03:45,915 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:03:45,915 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:03:45,915 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:03:45,915 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:03:45,915 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:03:45,915 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:03:45,915 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:03:45,915 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:03:45,915 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-11-13 18:03:45,915 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-11-13 18:03:45,915 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-11-13 18:03:45,915 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-11-13 18:03:45,916 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-11-13 18:03:45,916 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-11-13 18:03:45,916 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu"
2019-11-13 18:03:45,916 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:03:45,916 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu"
2019-11-13 18:03:45,916 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:03:45,916 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu"
2019-11-13 18:03:45,916 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-11-13 18:03:45,916 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:03:45,916 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:03:45,916 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:03:45,916 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:03:45,916 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:03:45,916 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:03:45,916 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:03:45,916 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:03:45,917 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:03:45,917 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:03:45,917 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:03:45,917 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:03:45,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:03:45,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:03:45,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:03:45,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:03:45,917 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:03:45,917 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:03:45,918 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:03:45,918 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:03:45,918 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:03:45,918 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:03:45,918 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:03:45,918 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:03:45,918 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:03:45,918 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:03:45,918 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:03:45,918 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:03:45,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:03:45,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:03:45.921Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:03:45,922 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:03:45,922 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:03:45,922 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:03:45,922 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:03:45,922 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:03:45,922 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:03:45,922 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:03:45,922 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:03:45,922 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:03:45,922 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:03:46,092 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:03:46,092 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:03:46,092 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:03:50,860 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:03:50,860 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:03:50,860 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@662453691::identifier=rick, context=org.apache.velocity.VelocityContext@77788399]
2019-11-13 18:03:50,867 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@662453691::identifier=rick, context=org.apache.velocity.VelocityContext@77788399]
2019-11-13 18:03:50,868 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:03:50,868 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:03:50,869 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:03:50,869 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:03:50,869 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:03:50,869 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:03:50,869 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:03:50,869 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 40fe32cad2168f171aa4e0975669771cc46a1891d6882f2cc42d6da580449f4d for principal rick
2019-11-13 18:03:50,869 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 40fe32cad2168f171aa4e0975669771cc46a1891d6882f2cc42d6da580449f4d
2019-11-13 18:03:50,870 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:03:50,870 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:03:50,870 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:03:50,870 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:03:50,870 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:03:50,870 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:03:50,870 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:03:50,870 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:03:50,870 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:03:50,870 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:03:50,871 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:03:50,871 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:03:50,871 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@18884063'
2019-11-13 18:03:50,871 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:03:50,871 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:03:50,871 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:03:50,871 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:03:50,872 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:03:50,872 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:03:50,872 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:03:50,872 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:03:50,872 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:03:51,042 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:03:51,042 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:03:51,042 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:03:51,042 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:03:51,042 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:03:51,042 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:03:51,655 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180351Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204231655}'
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@18884063'
2019-11-13 18:03:51,655 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:03:51,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:03:51,656 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:03:51,657 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:03:51,657 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _7a36b17c3823118da42199e4fd799dec
2019-11-13 18:03:51,657 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _7a36b17c3823118da42199e4fd799dec to Response _c7f0d7ca4933ac5543124dbff0da8d7c
2019-11-13 18:03:51,657 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _7a36b17c3823118da42199e4fd799dec
2019-11-13 18:03:51,658 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:03:51,658 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:03:51,658 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:03:51,658 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:03:51,658 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:03:51,658 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:03:51,658 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:03:51,658 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:03:51,658 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:03:51,658 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:03:51,658 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:03:51,658 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-11-13 18:03:51,659 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:03:51,659 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxT1/8jq6/xYXn5Bxub57hB05aj6mK+pLeh94yKStYrfJelgGrqMo99SXe8dLes4XzY0IWMm21hc7OQIGUPqIhjbAYzt5aFLnPb1KHyxGBQbsDv1CV7XEF+z0vtkuiRLmYxlSnJ1sHsBFrVdA76mEAsmeKOAl31m4= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.7.69
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _7a36b17c3823118da42199e4fd799dec
2019-11-13 18:03:51,659 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _7a36b17c3823118da42199e4fd799dec did not already contain Conditions, one was added
2019-11-13 18:03:51,660 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:03:51,660 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:08:51.656Z, to Assertion _7a36b17c3823118da42199e4fd799dec
2019-11-13 18:03:51,660 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _7a36b17c3823118da42199e4fd799dec already contained Conditions, nothing was done
2019-11-13 18:03:51,660 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:03:51,660 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _7a36b17c3823118da42199e4fd799dec already contained Conditions, nothing was done
2019-11-13 18:03:51,660 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:03:51,660 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-11-13 18:03:51,660 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _7a36b17c3823118da42199e4fd799dec
2019-11-13 18:03:51,661 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 40fe32cad2168f171aa4e0975669771cc46a1891d6882f2cc42d6da580449f4d
2019-11-13 18:03:51,661 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 40fe32cad2168f171aa4e0975669771cc46a1891d6882f2cc42d6da580449f4d
2019-11-13 18:03:51,661 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:03:51,661 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxT1/8jq6/xYXn5Bxub57hB05aj6mK+pLeh94yKStYrfJelgGrqMo99SXe8dLes4XzY0IWMm21hc7OQIGUPqIhjbAYzt5aFLnPb1KHyxGBQbsDv1CV7XEF+z0vtkuiRLmYxlSnJ1sHsBFrVdA76mEAsmeKOAl31m4=
2019-11-13 18:03:51,661 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:03:51,661 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:03:51,661 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7a36b17c3823118da42199e4fd799dec"
2019-11-13 18:03:51,661 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7a36b17c3823118da42199e4fd799dec and Element was [saml2:Assertion: null]
2019-11-13 18:03:51,662 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7a36b17c3823118da42199e4fd799dec"
2019-11-13 18:03:51,662 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7a36b17c3823118da42199e4fd799dec and Element was [saml2:Assertion: null]
2019-11-13 18:03:51,664 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c7f0d7ca4933ac5543124dbff0da8d7c"
    InResponseTo="_cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu"
    IssueInstant="2019-11-13T18:03:51.656Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_7a36b17c3823118da42199e4fd799dec"
        IssueInstant="2019-11-13T18:03:51.656Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_7a36b17c3823118da42199e4fd799dec">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>xXvUMp+5+s+yep9FxIeX1vwK0mMTQwojTzIlzxntw2/WTCk9iYNKgYiUszadCeRIrrQquICLfAJPli99giSp0w==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>TFsxFDNJedegMt9s9NqdrTu5a9NkyeUwDHbOeOKQGIK1hr8Xk0geXBTfPVN9/VZe6HT5lW/F/Zir6RHOGbw5K8U3LR6DSiLANEFrEwR0FPhA98MkPR1PgFnVeJsjBHWAfoTaNR0gnU6yOCXmEj3LrtZauTICApzDJrGbMYcLV7hkkQGpHpSRYzCNvMQ9uR7LrFI2T9rhdq07B6pQCKB6BMUMLOUQTmWa1M1gjRdEOQRZurly2+rPjmHyiCIUcc6ZKwCSgbTCp5MqeAgza5UO7929kIcn0HvZSyYAXIBelwAAdpUcDV1llvtzgKE6W/GURN61NoM+O3mbhRZ1HfULqQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxT1/8jq6/xYXn5Bxub57hB05aj6mK+pLeh94yKStYrfJelgGrqMo99SXe8dLes4XzY0IWMm21hc7OQIGUPqIhjbAYzt5aFLnPb1KHyxGBQbsDv1CV7XEF+z0vtkuiRLmYxlSnJ1sHsBFrVdA76mEAsmeKOAl31m4=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.7.69"
                    InResponseTo="_cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu"
                    NotOnOrAfter="2019-11-13T18:08:51.659Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:03:51.656Z" NotOnOrAfter="2019-11-13T18:08:51.656Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:03:50.869Z" SessionIndex="_7953037ebb8ce510c762a4d8d193e26e">
            <saml2:SubjectLocality Address="172.31.7.69"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:03:51,665 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:03:51,665 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:03:51,666 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c7f0d7ca4933ac5543124dbff0da8d7c"
2019-11-13 18:03:51,666 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c7f0d7ca4933ac5543124dbff0da8d7c and Element was [saml2p:Response: null]
2019-11-13 18:03:51,666 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c7f0d7ca4933ac5543124dbff0da8d7c"
2019-11-13 18:03:51,666 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c7f0d7ca4933ac5543124dbff0da8d7c and Element was [saml2p:Response: null]
2019-11-13 18:03:51,667 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:03:51,667 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-11-13 18:03:51,667 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:03:51,668 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-18612-tAfUJHEU3L9CSQPO0QLnxmVf-85jOE33', encoded as 'TST-18612-tAfUJHEU3L9CSQPO0QLnxmVf-85jOE33'
2019-11-13 18:03:51,669 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_c7f0d7ca4933ac5543124dbff0da8d7c"
    InResponseTo="_cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu"
    IssueInstant="2019-11-13T18:03:51.656Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c7f0d7ca4933ac5543124dbff0da8d7c">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>p1yKqkT7uNJL7pA1u0HKZqTVD3qigRma7KucQ3qcRm7oO3Ok9KJftBDN0kRNnSVg3t0IY8xP4Bc3nieARI72Jw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ODQ2O5JjWPAWaR3D5htYxjKmZdESVwzF7w2QZo/qB8jGiBsvtZ845M/gl6F7WTVgOLU1Q3zdSNME3y61O/0u/DtFuUYhlFyBI8t1RQ2Lm95zmBAFqtdcZbeEd8Sa3FV5+07P3iUCMNgMe9bErcMjdtSlEKpr1bafyAeTOXO75i3P73W0tqHULwNaKcWvaFAaNMENQ5j1+4YJ3NnAyJa1RyKp0FEwVNDG8Vk5uz6w9g47X7Z275xh/QxF5Qpb4nziXnExGCItiBp29wOX8kG/FeNQczDlVzodLOjIAC8L9fNl8rSGiPhiNBNyDe2fMab99Emesxc9jNhwMNT4z2KanA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_37139d0e7f9b6f9355c0e1e07a8adab2"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_1c6d0f49a4bad3887f00d9d7a7eb4953"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>eEDEYzMgJ2E4ESX+I92fq7yCuMfLRoD/11/IeIFKa6fejkzUi35bxm8rQuvdG1nxXjb0HbQv22erxktPtzxS7V9naxlZkVLcXtayBXAjkyx4hAOejotd9dIhZVOYYRi7uUvfGoeOrNp4bboI6U8GiuOPwChCApqthQj8YOwMPwKwaGhkLdI7uhtso9E4URpuTp8CB9iWQSvlDORq/wqtg//FTX7qaJr35yz/ZhNvQgAG8yj9+JdMkiAyXs3q4fSh0ddhRjm3XRoI6EigEIJXNqy3dOXrCJxGEv3BDDi0hBP2HXaPuh95UKSVu/wsG2YgAp9mEVYcCM0AhaC7/zkM/w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>YgV+ap9kNnexYZ27ulx/3lMBUqlrtdnJ4bcVbduafppRyejVm62hwcb5T/M0aPDuryyj6561nCQF9fgFKI5S18pSKPm8RZOPM0MPifRZJ9ZW+ouYKm8Zdx0trkkZaQZEoosagYBLJpkJmPXXG/j632FM7BLkshFnidoUztZRdzorF8Nil0RAlr4VFOd3F7fJ6eH0ApiX5C7Z7s88xsOI2fXK/f1XLkYT5SPhfn11HjnfVvkUdWM/+StaFeijZ5kuim+FM33Dr6ttpkEDNljclHhFPPbzVZS0MCoziQrHSZXZrq6YJGDu0XJdXkDeNJgrhR9d8jn1iKPWSk9Z7S3bR/B3o0bRaUi0wOYu+KaVLbOrw8GSggBLbBYA7NkWQKFGVLRIej8R/eZK+Qspzk0LxM/QoNeXQWrCnLfyiDJwNt11L5JYkqtlYRSLLqQAEGzgWKtvI9LzBkG7Rn0+o6PK3dnhpImWbEEyFYgvplXxoak7nah7FdQOgCdUjla8e53f4PgngU2XFsrrVzHEaWZkWaMuYdeVW2xaX6t791w6xZ+h1FG9ueGP1qc7+pXsTEuTtyUUiqNnPaM+st7gT13Sf7Nd4v+r2Tx1LaN9L+CN+900pAknDgIugL3HVUg4wfMh7/wqxongzpFdy1UjcCdZYkNZ6B5DNov9Jei9IrZpJmbNXj58J0tn3TpudERihmCa1xBjsLsFwjnhOBcgcuB24kPXJEHaRDv0fm2dJmVL/7TZLn5FCvS/YwzciRK+2C1ldOlwP795hUx5lIaqFLUGZ6rHW/cZ+v3HyTBZ0Grk59dYAvxF7sI7PckXCcQcb3j7KTqV1iYTIpWpPp7etoXi6o5LVAq2nDFyrEqSqlw9GqEm7kBTkHVLyMe89KANuntUpTBc7/rUX2bqUjSdUoHQgzXpk7ylxD/wmNGrJw5vJc195tV0Z6auC3ZYE0eQp7KwgAw6jpWjB8/41fu/S04OH89CQp5+l5/UyoQDxw3tzETnfUYDRiIxxU/jH6hKl/wFSnVu3ka9iOfBYWbTdbRx94bkU5NiYgXZB/MkRuMpJs+p9HIYOiJKNGj2EG+2NB5q6C/k0jmEF/yzowi4YyHhLwYU2ZOPC+iXUgsLMIm8AMh/STkdEivyAuHXKhHRRSpDJneOk5HsTEY6L/UO2r5k+LFO6zZ8VLdwT5PlCLVhkffPu2KcLT7xa3vCOm5O6lqyA274SAj3GzZnJKe9QI54k7OZWJriV/E7g/mRZfUnk6o9cCaUH4R9KakKr0c1gA/bmdSTqJbm9QTHcfrEtH5yqA2lS+SBz1Rj+pyKuhgY7r6nFXAFKDbIqnrbmP3h/ffUc0zDdtaI/8svbQ1Fluxs3vpU0qWcqoB9LMJHmktsLvJN+vNc5hye3VxiO5oRHeaPw4IOTpXhZh1aPFrD5A1EyTYpQIJJ5oP/Ruah/WNgh/1y/ftUG3dLepF6HBvZQCCQjA1DE8Pu646ilw7tI59eoMIkjdmn/B2qgKcVXyl3XNU9gOLDqXzCO2Q9wQIcE8WOBWFF6X/Y1M8xOE7k6WHSrlnlyYXGozKaUs4OcxjuDaEJ2TBHsROTzoRRfJ6v1Sko8m61g7QE1AbD4DhmTa0kjAl8CSHjOlva79E38Ml356ru9Xbo3GxGwk+Bg+dxwnXaJqelpRk75MCtfQVeb1m036O4sh9iLoCHQWmMAHtsAfAqD7lCbwdK3Av3n0//ryfRaF1oBn5BP2BIZVIVFYKk+Yt2PtZmieHercsGs4cQ87YZlobVZo8/3tqS/iPXDsfeo7Zy07ArcdKyjZRH1qzX3M33NTEcarOUBh0vcivT/52gYiFm7rIk0EgEQuk0hX0BRqb3rQd1IQr5AusXCul8yPgij78JO5xG07Ukf9oBX3i2dXFQhO8JfTSFeR8iyCtL117a0+9u+TnQryqSvfdOs3gQJSurwN6znJXWjcLhbVsB6VkLKTd+pmTNoIogwaUH642QAfbne5qicntDYWzpkd728MYNSLwmf0lTckb8X4ustx6obHiejGUkET0JRRft8Ldsy0Rxq99+1WiQh+bTvGf9Xef6ifFIH8BShRWvB2hs01k47HyOjpq6VgdijHXNyzWsJqpa84NTw9vpoXn4sXJBywP9ZiuBg8B/IkDMoRkR2ojWMrOtozNhSFkkm9anXccEFXT4dCEAJ8NKn7aXytauFSda+bvkd2VzqcyBSbKAS0IP+JHsaY22lRT5nBI1L1q84kL2pCrTkvESs52PQlKMSVR/4jhn17Z7nqxwWYbL7Zk0KCKAuKfIQt58oDN2VwhGZXxPnouonlth4SCdlxrfcoLMSyxaeZYD0ww/CYUS3IrbgK31lsTQsPyuGe3M2jvDG6omC1nHGQvawpya0WJSRla8CCmPb+4Jo035394H60nz8ASXWx1HGpHkTfmsWJi2ZdTKadcLuWM5rsElRTkfcd8uwCAAhp5/zpojqmF0qLTiFpjmz0YbrSXr0Qlt5+rmrstO7KK9+JzILDsXdsU6hLvUwx3Z/IEfPR1qmHQWdC8wX90kMtOu017uEU7rs/ueJ9UMsGnjQ9OVSTryp9hCNfsWB5+P0+eA22SCgiVkVUyYWP3fFUxmqR6J+w5hk5ubPXhRxic1ia0Ub1XfEEaqL7pKSqWHnphn6nfODcJOQNBu5aF0aqrF2LarTYcUrUMgWWupgfzEsHBUm5Odz+nfoBZZo1pW7vseW1jz8HNkG85eFiorPuReVklV6e29yys1Dw8OEvoOkXro3L1kah+oU3Sig8GKzs+GzHFj2TSPXo9UiSwFdcS96iJ+NaiRiHIWj+d/EuK2QpuWEyP2TBCUU/efmEzZIIdMfRwDruwu+FjgtBmWyyn7e5RWPSjDG6P62RAz++P64hWto8s7jFmoDKc3qHF23+jh2PoQJGLyia4PTrd0jqyu3GGGxw0semWn08HzeIS8fOm92MY8BmL5Wo/aIo97PjYvlly9NhmhBaDQpic0fyhPRFyxpIrm+G3FTBaXZvGz2uSbcmcBPPTX+uTMSUgoipbHxv+48sAE33NE/KxpeNUGoc/DjR5d8ZyEXNuFDGvDZc1PuPH3CTAIOMB9CV+4iPc1U3Tq35qTNy0WYTiYlssM/LE4SC/DNdHPDIjluyxQYyr/Am6qtEqyK3R/k16PoH6hROoR2yIMtq1adK6EN/2O8cqWXOM8MnmTIZh7p6bZvtOReALBLvlXmEsF3VJ3f4FFyazh7CAl8ny97UITjfQohD4CK8luhnfeflOLp2P78bDygVcZp3PjFYQNVA+nMMFMu+Sx7zKlDVgRSioeJNrCq2kQUG3qwD03F0XJG0MHpbIfoPgVeH7I9gdktmPkrQLdcxGEAJjuh+9SjvP1B6gMsWPgzloAzmCaNfulRhMBzhcAMC3FvSSbRDQSirT8wrF7uAjnMpsFxJOKoRXD89k+XXEk+Sbh2W9FNjaR9mRGSMzfTkLUOZ6kpiEiNpD0yd1L/OFwwyIt4ODEedclWAqkRW059PWEviofk16bEm/BJ51uDeFuh7iatiKyfs7NjtHGOI8C8PwoGhGKLcDLGH33Ngv9Goffj+OVjNZW7WyU2hUiA/0mc5Sri0IjSChnKYhEI2DPX0JzXbfONcvW/iuxoLI7eg0IGV1aOpmLAjiNPg09SE2EBkG0+ugnxlVv2afKApWQ/8tdZE4YOBquaoAiJ82IdRIVXjLMuoUkB+ajSPRzPCXimVxfQXbR8GB3szctH41AlrGwcnHYfQeb9lDANCRc4fbs2mTFgLR1naGP3hDcmmsmEnQ2olofYP+lZTY18NFz7RsiWnbhCLeRqHuS9TX3tCXPNavu0Lwde+qenkjDQtkatEAmik6WOEToJzUgfbJZiZINnF1nFP6bYrVn+FWNBFC6skKn0BmbWr0XAr5vgiHFlzRwen8HR5yS/Gz9SfqcOOzSZnCO4eosS9l8CqUKyrAjyNddyiPiOuq4Crp0RoijqQX3Agy6WLsUfhS+i6X4H5h8chKiZ9mi7D6n9S6w59OHmycNdb3htX2Jog1lYNCGZxGvy3TNrMnCLYIrlPEijlSWJMFAgq1xqFb3AjADGWrklV4xME3s1v/uyq/MPNBj6GEEJEQdoeCVoEJdOCGHUKD96ExzP1zadkjFIFvQOKQ1xi98/JJu69n9njnkp/+5L2Uqnj//WlO3NFlDZg71Iowd+Cj6jpkH9tVV/KVQlWY+q+wSHsMxnEHwPpTLO1kqrJHMEyTYWyZqugJ+iEXu+z2C1RkL0W6edr/N11EWCAUPMRTudJo3+uPydbW67eDaqnfEqPZtuaLt2gvyT/UrDODH/kbb7zZ1MbTq5KluSsbK/k2ve/fbp7t9Rz1kwB8HWV5qu5QZrpf/B69M+H5KI5zEPt56v1QXiLazLT8MSql6jOdHGdPpobhS8osFpVNzZURtoUW37WshHFIn3C6HsHhrMg4Gqj+pWdCYqlv9MqPXt6lILbrP4r+EDHPBmuyBPDgMPAFmhxFUVhUhnhP8Eo9tFHdSz9JsWyjqm9/khIdeHR4pK+lRZTg7E9vkFsms1EGvH0V/xGMj81YJ+E6VrMqLC3XeyF2HcVTP90hEjDRny4YHS5dbAGqkm+6RYZ/8N59yQqHI2KMcOh1MDr9U5c7MWrcebOmzcU8rMbBwh5//Qr2biBcuc9g59IOPTOaydKbqa9MQ95cExYy2/WFbE5tYRvZ1D0hEOvoGjqngS4zjZoGtIcd/PZuPpd5lBqrvTuQbPzEoaAGg5btMyaJFm6ayP0SHPxHA6rKSk+df5lkMP1Bxg5YPnZJTqCvUyiA8ZarYjt8bjTPnOG0iwI2UeFpXhb2X3L3RwC9HGxVwM3Wvuylji4ULHdmddyUu8NAcgz+kJxjoT3Du2V9D/AxMntoyJd9J68IfN8ASXLNqLXvI9Z1jYYL0zgNK6QSTHDmThFb6a+adr6+jdSZjMcyzZvwLLTbvxpOycufM+VxNqK7pou/zDHDXldEYrLy3DkT0v8rIjFxCoQD938YKtR1fPR0fuYXYzIsDhz51NjFNhsZCD+8muxFDgVTqpAaltC3osqM+GAx7+VtQBtzPcQRIeqqpx3uXZh4eiI4UMidKgwICUE60VZi03meZJY2E7l96uQVoaTl1vXRwoBoc+oSBtR4vqTMMK1QWvyM7S0V9ALFBJLOV8F3UZj+qeLwNAAjrXCsiY6RLjva0RpRMjYyjeYqAbXJMdkGJQSFWcPGy4IbiBqYLkzVlHgEZwmlAnnPEpUUsMmTMwVMNfMGpe93zdQGwFibq5yNZXizLyDYqcuUCJ+1gnil/UlaB8baH5sSgVBj74zFnRC07hkBplCD7kH0cjQOxDNR4a7GDoZe8zzH1Wg5VAM7EuQ44IScsFgAhdp6ebG7hTZZmhTIxzUaTcmTqTyrl/ZnUm3zAyol+HNnniXflSoamwFU6zPZ4WRb3ZAJilbRqwmReS+nmql/r5U2teCWI4zYwmI+3Mz8P/H8QJzHkYTKcHeb4sRrQde5/6NkGlmdprj1By6YULB3tPiaigIJXXWwZLRcW1RKDfcxW6RwXTvA1q8cFqVy/m61W3myO/gj/Xb0hY8Q8zXy1YAh4WOFq1AQ9vOgqKipJiW69vaDZKs0LlIIn+8lk0+l8vv2gq9d8iydbshLokgbIu15xmtgFAOwI93uK0R0TolRsMiGnoIBNycdJ3w2q5StDMvMOxrFyS74G8EyFcpQB493ZaBpTiU1Jmfly1ty7Rc0FvcIGdv6SHpnPx1WnX7DFgC1QMduRC4UQkZPt11rDkAVersqDFxdwP1WPIcgdB2KdWAazknvwnr30oucmaYvSp04NMR1YzCvAR5dwJiV7egtYkE1MkgnZOrf371orIFUfub9QWVdH5EpZpdhPCPog9HLxFBh0R+p4zy5vbQqSyLuKa3+PIj8Idno3iz0Uqr4UFRaaS4bXcbNdVF9F6PetKk9P4JioyT2juQusH6iB+WbAUWMHNcrjT3lV1mlw2LC3Z055tOFUhUTf1i7sv2L/B5tnJwQ+nhCBCDbG6EzNmFLITKUse4zdPfzkiyFSM43l4i1cDSxfq+o7GKDA1ICszGb168/MwxX/7IF15cqF2ubQiiIlkG4lLuf0RqaIZ2SggiYIDRVzK6QfiiZDl/sMBqDGBaH1LORlKSBN4uubSneGWuk8b+kkvdxhDHcoteRq6+BxfHmQHODXBZLdJLKcDHhZFl7XH6oqZN9RMAxai00+dxT+2npovjOnPxFscPsT+0MBWtTF4e8J2q9uOE2m/ifiZfmhx19tQZ2XUiAmc1YZR34KofxaYQBdD+GDfn3/RRg6fu5YpQl5PHO8SRDVWC0EI43DEeE3LRIdkL0OfZ9lnYWnpowNlL09YfWx4mE+KLSsrYm+Q7PJbX2eKnFnmq+/1E0v2JL0c5rzb+nsfPPXHxBTWyR0RFqtGBoJpDSY+78Nc6tgvkDgNbgV3L0zhsW91RgLmbhqtlXSVv23ZBRVU75Ol83plB/EOeUQyyNLXII+wkX8agEE9v9x4Z/7LE4CCh5AmYO76EgFi5Ps/P/nViaMOL3vZWNpFUUDc6Hnpz18FSymyFFZDhhm1Ekeear+21+Fd/UGDlZSfoFjzxsquBOnD7cBlmqOR9uueul/4kGnblX0gHutyDTWfHJqmpydZGd+xo66GuQqA56/hKqs5zd/haDKBjfTF0VhqkjJaNeQnexQaGfjqP0/Qw4+m7MEDj7vGnsmAfzWsOh8op5V25biNT1/M8DzDzfsZ6ZCrsjfzLy6MT03WLexfFH9QRJZ8PCuN17U8BSqciLHZdJZQ95gioAR6xqRujm819vuBTOdrOXskiiFC3FqLW6LnpU3CNB+TXG1DGQa0OkG07ckWIREbTyTjyGt2JzUBckO9+VnB41sQuEyZdz+9aNm3IPdjCcs2nJWP85wZ+Xem10mC5PixHfm0Ou2f975Oi0lWi6vE3tMRHgzrNt2LcmBJYrhDUIIEdn2UskcvG8JJgjg/2//Y7EoiokcC5oYNVLm5HGW9MWXpQf8FQBONXxOKr91JdMx66QrP0hvKFvVp3tpavF4FLmaqmLqZlZFvv5SVMxVLMGrPhW1Njv3uHIf7ugZwWE/mSuyYisF8Hrqs3LyfW8DoOvikwLdbPn0I97Ur3Y76fkHP/FnK4zo3IesZ3u4wUYli/KeHWPbOqklhEuuc0x2bcgqzmh5TTRQII6RmMms8KsIkPeXDOu/A7uSWSzHcBqJ4xhjAc/F+hgw1BAgCL2BN95bTaIYhpm8o9SyAxCp+1OC9XiPO/bhpRphS1xlI+iNt2qUmuGPHSOo9ZxEJV4IQ51vXmg0QaVTnwIrw6ZCH2Hd9QEAlitD8gF6HLlMRza8VT9uzPVUU939cQszhhB1OlTCNcf+PmfVPUYJruGNsOJ3CMrzpD9uUtsv0Bh1ZxYUUdmelp34gGOQQ1FXmTGVh71LjvceQBV2rkmg0nvxcGAnX6IvsyjGaIbFrS4pAjuE0J/lkIib6LdUJo03+uG8I+3DyhVl9x5S5dCRmeYzOJCnD5WelKf4HuoukthiwtJIfNTvljvbtlU4iu8WPRHeLt6yEcOtMZJxrZXLXF8Yue8RWsZdwL0O5wNmzXKWPWqgGh3DoM4bUqYLEcMm4O2tYDAQwTTncX9edfrg2OVB/OpE8wpOk3HC+YM0QuxPEt6BGRDBFyN7xqwop6DEDlRDGgCvY6dEnbOuPe10Hk+VYXxhWp2scw/TG8xOYUftasgRcbNXRZxG9COG+ZJd79i9U4+q1H2c7Yg66UrqQBejhty0kAMTRGwoqh/Aqj7+WYpt4Rnu4zqXiDgR1TDSeruQ6eqJm5J7x6QrBK/nf5j8vyLC6yH+yU7ShDD0RWay/GSHTpU5jWi8BCw1skN5TLsn4wYD/wCGSziSudQNmgs3W43hlCge+MjzSQS3ktsQLb3iMnDdkdwKPN7eQf4uPCsKPOYdBD1QJzHIObTRfmztS+gnUbo6xv3WKaAR9HrO2HkKLLPM0uIix6dYtmKmc7PTawOaAHwpRKGwPIlprK6v1kJqFuPh7qCM3fQWgRgCp6s//vCc2fsGZmpxXJXjURhmqTQTL0uRY1Rw55Ea</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:03:51,669 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:03:51,670 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180351Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_cximaeufhk4etvh4odg6jygk4iipqlqff7jpdiu|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c7f0d7ca4933ac5543124dbff0da8d7c|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxT1/8jq6/xYXn5Bxub57hB05aj6mK+pLeh94yKStYrfJelgGrqMo99SXe8dLes4XzY0IWMm21hc7OQIGUPqIhjbAYzt5aFLnPb1KHyxGBQbsDv1CV7XEF+z0vtkuiRLmYxlSnJ1sHsBFrVdA76mEAsmeKOAl31m4=|_7a36b17c3823118da42199e4fd799dec|
2019-11-13 18:04:19,881 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18613-aG8o2exJfbuQ44T66P0AJ3gG-Ge-k22h
2019-11-13 18:04:19,881 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:04:19,881 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:04:19,882 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2"
    IsPassive="false" IssueInstant="2019-11-13T18:04:18.886Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>4Z2sZ03UBw4sQc4wdlPbPwzHHFjEed4QzFmQtsQ6dy8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
NRCbjFYKMAVrlXEM7A1oTY4uUb0iYPvlqZoL98jZTutX5Mw/J9L9e8MAvaiS1yitRhVW0GY8exHe
ZEdWiOXOw4W0F5YInd8dDQfufeT8+rdvn/7CpqeNlb1nLtQgyzF2YVT0cYLSam3bRkHyHgRWmDhg
BEXOuG7o7oEWIdTNk0UJyiJvyr5WRrM0ytwVtKK4Uogm6xrLMLxRWX2NklaAP5Ug2K9xIVsMbEE+
02XLbO58SV7Ze4WoFz4QVGPmrYZxKKgPlvCs2NxIAtB5bkrjJeh5FJJc5kbJ5nzj8KmTssKBVhT1
nwI53pm+p1mG+5gBcieiTmq15LMZiW0w8A9Rpg==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-11-13 18:04:19,888 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-11-13 18:04:19,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:04:19,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:04:19,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:04:19,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:04:19,888 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:04:19,889 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:04:19,889 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:04:19,889 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:04:19,889 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:04:19,889 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:04:19,889 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:04:19,889 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:04:19,889 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:04:19,890 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2', issue instant '2019-11-13T18:04:18.886Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:04:19,890 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-11-13 18:04:19,890 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-11-13 18:04:19,890 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:04:19,890 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:04:19,890 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:04:19,890 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:04:19,890 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:04:19,890 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:04:19,890 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:04:19,890 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:04:19,890 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-11-13 18:04:19,890 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-11-13 18:04:19,890 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-11-13 18:04:19,890 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-11-13 18:04:19,891 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-11-13 18:04:19,891 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-11-13 18:04:19,891 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2"
2019-11-13 18:04:19,891 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2 and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:04:19,891 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2"
2019-11-13 18:04:19,891 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2 and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:04:19,891 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2"
2019-11-13 18:04:19,891 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-11-13 18:04:19,891 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:04:19,891 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:04:19,891 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:04:19,891 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:04:19,891 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:04:19,891 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:04:19,891 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:04:19,892 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:04:19,892 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:04:19,892 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:04:19,892 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:04:19,892 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:04:19,892 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:04:19,892 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:04:19,892 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:04:19,892 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:04:19,892 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:04:19,892 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:04:19,893 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:04:19,893 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:04:19,893 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:04:19,893 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:04:19,893 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:04:19,893 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:04:19,893 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:04:19,893 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:04:19,893 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:04:19,893 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:04:19,897 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:04:19,898 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:04:19.898Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:04:19,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:04:19,898 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:04:19,898 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:04:19,899 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:04:19,899 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:04:19,899 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:04:19,899 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:04:19,899 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:04:19,899 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:04:19,899 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:04:20,091 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:04:20,092 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:04:20,092 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:04:22,361 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:04:22,361 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:04:22,361 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1383031152::identifier=rick, context=org.apache.velocity.VelocityContext@bd67fa4]
2019-11-13 18:04:22,362 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1383031152::identifier=rick, context=org.apache.velocity.VelocityContext@bd67fa4]
2019-11-13 18:04:22,364 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:04:22,364 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:04:22,364 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:04:22,364 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:04:22,364 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:04:22,364 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:04:22,364 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:04:22,364 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3b75b50e97392fe17cd61b2dae9d89c1c894be91ac8afce86e1cb153bbead4ba for principal rick
2019-11-13 18:04:22,364 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 3b75b50e97392fe17cd61b2dae9d89c1c894be91ac8afce86e1cb153bbead4ba
2019-11-13 18:04:22,365 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:04:22,366 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:04:22,366 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:04:22,366 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:04:22,366 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:04:22,366 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:04:22,366 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:04:22,366 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:04:22,366 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:04:22,366 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:04:22,366 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:04:22,366 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:04:22,367 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6239ce6f'
2019-11-13 18:04:22,367 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:04:22,367 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:04:22,367 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:04:22,367 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:04:22,367 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:04:22,367 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:04:22,367 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:04:22,367 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:04:22,367 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:04:22,552 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:04:22,552 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:04:22,552 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:04:22,552 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:04:22,552 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:04:22,552 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:04:23,043 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180423Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204263043}'
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6239ce6f'
2019-11-13 18:04:23,043 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:04:23,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:04:23,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:04:23,045 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:04:23,045 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _085c9caea1fede046efd6228c38e5cf1
2019-11-13 18:04:23,045 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _085c9caea1fede046efd6228c38e5cf1 to Response _53d4b2d093e338e3fb469cca2df3f235
2019-11-13 18:04:23,045 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _085c9caea1fede046efd6228c38e5cf1
2019-11-13 18:04:23,045 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:04:23,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:04:23,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:04:23,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:04:23,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:04:23,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:04:23,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:04:23,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:04:23,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:04:23,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:04:23,046 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:04:23,046 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-11-13 18:04:23,047 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:04:23,047 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxEjM4wKOfhM4jRdCI89eKQITcNOzD4N0Rn1LRfXzA9ri9kfc+WJo+mQiMPCpAiAbpQehhca8TCpevCS78lZhKFgp5zvBAC20pIjNrfxhdAd8KEkkGn9W7N/2Z2DzHExt5HCQUPX+5UOtckknMOLMENo43OplBRX8= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.7.69
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _085c9caea1fede046efd6228c38e5cf1
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _085c9caea1fede046efd6228c38e5cf1 did not already contain Conditions, one was added
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:09:23.044Z, to Assertion _085c9caea1fede046efd6228c38e5cf1
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _085c9caea1fede046efd6228c38e5cf1 already contained Conditions, nothing was done
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _085c9caea1fede046efd6228c38e5cf1 already contained Conditions, nothing was done
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-11-13 18:04:23,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _085c9caea1fede046efd6228c38e5cf1
2019-11-13 18:04:23,048 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 3b75b50e97392fe17cd61b2dae9d89c1c894be91ac8afce86e1cb153bbead4ba
2019-11-13 18:04:23,048 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 3b75b50e97392fe17cd61b2dae9d89c1c894be91ac8afce86e1cb153bbead4ba
2019-11-13 18:04:23,048 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:04:23,048 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxEjM4wKOfhM4jRdCI89eKQITcNOzD4N0Rn1LRfXzA9ri9kfc+WJo+mQiMPCpAiAbpQehhca8TCpevCS78lZhKFgp5zvBAC20pIjNrfxhdAd8KEkkGn9W7N/2Z2DzHExt5HCQUPX+5UOtckknMOLMENo43OplBRX8=
2019-11-13 18:04:23,049 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:04:23,050 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:04:23,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_085c9caea1fede046efd6228c38e5cf1"
2019-11-13 18:04:23,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _085c9caea1fede046efd6228c38e5cf1 and Element was [saml2:Assertion: null]
2019-11-13 18:04:23,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_085c9caea1fede046efd6228c38e5cf1"
2019-11-13 18:04:23,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _085c9caea1fede046efd6228c38e5cf1 and Element was [saml2:Assertion: null]
2019-11-13 18:04:23,052 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_53d4b2d093e338e3fb469cca2df3f235"
    InResponseTo="_sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2"
    IssueInstant="2019-11-13T18:04:23.044Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_085c9caea1fede046efd6228c38e5cf1"
        IssueInstant="2019-11-13T18:04:23.044Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_085c9caea1fede046efd6228c38e5cf1">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>7iBNgqpQPGOZj+AoYvc0fYfIO2JxKCWZYDrBiou+Ti+0YK0acz8386fE05zMFxwoZxTfwvB5IQV+dB3qEstZnw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>OLudi4qDq6rzaUsHec9rf92uK+Y2EQ5mtQx4ji4diW1Hyd6pGT+GH9y43/ov8PjNRoKmxvcjCw0yRvzSbfFk2y/ZVqK9MN3MCji18BvK37wcKC7QunEoYZAfXlOXzbABg2AiscZmiyLNr9X+UDb337nHI8fsPvqG8xQAcQe2MYoCn8JJTSGAwLee7ebGaelt2fZRWd+Qywe6Fr8y/NOLslarpR5ilBXEqWPOXM4ZiUn9NyRCBaQ21R12ZdjjhKQxjR+MrX+oVIkoGqCxl6UaTK06gDwPyunfKa4gqLx8N3fZNX6m0V27PNhhTG18ZeEFgGDYuX0kfWHldKIvWg5aAQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxEjM4wKOfhM4jRdCI89eKQITcNOzD4N0Rn1LRfXzA9ri9kfc+WJo+mQiMPCpAiAbpQehhca8TCpevCS78lZhKFgp5zvBAC20pIjNrfxhdAd8KEkkGn9W7N/2Z2DzHExt5HCQUPX+5UOtckknMOLMENo43OplBRX8=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.7.69"
                    InResponseTo="_sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2"
                    NotOnOrAfter="2019-11-13T18:09:23.047Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:04:23.044Z" NotOnOrAfter="2019-11-13T18:09:23.044Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:04:22.364Z" SessionIndex="_58b72167fb98f27205e824a890e2040c">
            <saml2:SubjectLocality Address="172.31.7.69"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:04:23,054 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:04:23,054 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:04:23,054 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_53d4b2d093e338e3fb469cca2df3f235"
2019-11-13 18:04:23,054 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _53d4b2d093e338e3fb469cca2df3f235 and Element was [saml2p:Response: null]
2019-11-13 18:04:23,054 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_53d4b2d093e338e3fb469cca2df3f235"
2019-11-13 18:04:23,054 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _53d4b2d093e338e3fb469cca2df3f235 and Element was [saml2p:Response: null]
2019-11-13 18:04:23,056 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:04:23,056 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-11-13 18:04:23,056 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:04:23,056 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-18613-aG8o2exJfbuQ44T66P0AJ3gG-Ge-k22h', encoded as 'TST-18613-aG8o2exJfbuQ44T66P0AJ3gG-Ge-k22h'
2019-11-13 18:04:23,058 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_53d4b2d093e338e3fb469cca2df3f235"
    InResponseTo="_sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2"
    IssueInstant="2019-11-13T18:04:23.044Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_53d4b2d093e338e3fb469cca2df3f235">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>CyXj/D9JX4Vf6L96p3JnPlocMrlwtGnqKumGnWe6b7u/vxx+nKEhkxNsihL+XYmsy4Dt/ATJZk6/WdumHDpRSQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>b8t4fWKtU7ufRi4JKlYiub7kVIMdLXqirfgrhsqDfdgHqS40ezuTaf1Jiv0iKO3z56gvAL7B1KnWW4onSyoDEuws6w8Z9pKEbCTOZwFK8YgmFFc5XEK9nGMn816RoYlavgaYmZLkx3ZXCurvbEGYrQWDbX4eKlmiVrL8TFc8nspploGAE1vUWvftOyYMWn9/oNK4pOjtYkxqHXWjomnoTFUrcK0Tyx/crpvBaJLjOUEo9FUJZnsXIapRiCYgyldKAzyKBhCHmehw/SPbQUq/FT6jM/vU6SfFsSguJEMZXBTkvZTkrXSm4hAJfWwJF/ZwFvMEfT5krifRNJmcg1g/qw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_31e791b80aaa2fab7b52469c267abf06"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_4f59f85ea04ea5f89b19d6c1da58dad7"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>GWUQ5sdYhsmbCeuyEEukuX3Q9+NR32STIyekR4bvgalAMpWAcXAC6hKJKWptI6AQVUHpZ7+KW/eXBU01kIajbqPThwZXEL1MKHv966sDGbkPleQyvB+JXk1m0pgvD98m42Ip6sVtdhcAf1frSwKw83kPBZxSuU0Crvm2M9veg94b8qVmVgy6jGKRDaQFiBuaBCbzeEapR8H7VqskgxKf1Cnz2ArC2xEvACCObhdI6I0hH8CAbPoqsLuiqhQwx8wzsYBb7tlkHEjYLCMp/hc26waCWk7reB3xFMkFZEIZk3nLLa5TsWvuqTATW4xnS659malo0DNp87IqK49g+VQZrA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>+uCi6kn7Ot8ha54OmmgkyeQ10tIcx+GvMgsgxkH4brze3mb6pXLHGB0lN9HzYO32bLw3X52Wi527y1XKcadqepcNpNg/3ro/GQBA8vV0huXBUZ5ikf4JxN46emhYpwiMHIsZeIgpbVyywPpLvnJIg+50JEazAnN419/hr0MSTeve53jeBC7qxM0l3vm4G+M83PeXZLdbQbuWpNxSGRfKbLqdqnMflQZ7ClEX+6gk569t9r59RahQXPxKaRjAPP6TmPWi4/oATPINohgSuwMMK+cO+4gNgxtztR6t05vFTtvSu9oX0CvgVju9AbCIr0orf0rZmUQjTN+3nDLSyga/zzMpv8MNi3be7YA/dCOWoOW8vgz4LUWEw1NwbqSCE3QrBihs6mnsNNE106WX4xkZy3czi0eszZDYdmjrfn11rOqOuQw35VFd6O9DcPnwpO6Yn+R639nTCwWigU6v44iAFehvV7pBttqb4awj2p15h4NdcRj1sXu/w/6PX3ZrDlwzpZ2Ok3BsR9hEiEfMV+KxSQqjzL0uprUTuIgF4u6Am/n1TR3KhcGrXZJ0bO3shImEwnXUsNFoUv6Ob7xk3nPfiBwvC7Ak1KRjyhtPG9UVaQ9kMDipqLI6bpOC8NATFjiBZi+ElpatfmCPxNLGesn2Scj8bri1YPdGoTRe+he3PD21F3kryDShrFJl+RGGlgtcnvpfmbXtCZAP3spgll/HdeysYRZ4dTr0M+1CVp/BACGvvv+Rxyn+hXo36IzXc5wY4v1AZk0XWsW4Qt+jPH1sM3bI1WZFvg/ws5yipXCYwiB75WY2Jjq5Tg4MZ8kxeDa/8xu6jIK1iWZl3MFonfkS411nZuoyV/1/zcck32Aic1J59oTUAmdvrpUUHXliuv6aVan3CXNdhge8MWzsP3u3X1d6joCVIg7Wuql4ZrzDPTCvaErhJ8O+BK7awEwAV/EZ+S1pjn4QMAn62sGvfxjauE4AkGu2lMms3zCMA0OOd+lY9fB1XCEy1uqmO8mHwzOJU2o8PKuOLgQ3+zjTo2IQILmGPZJrtEIpQrRenwFBoqpt+tQPA/dhAoNJLPxaNcFfuOyMoSVXQlcXnRo9Y2XO7uIUUxtV8TTLBgunFG5jmiwS5cWwwQsDjCNc+Wk0NvrNSWX4T693m5xcmiIC3OpqqYe6BgSgo00Kmtu1ac+KkEBSJzG5X94RCtHY0SWuKJCp8ILwsW+nhXoFffKmwIgCY3WUUNaje7zah+n9Usyv6VuCpZyScJ0bP55UDktwiM3UJxfMixdP3W1NxnXy3IZi3rIxOBr96rfAcT/LcoMQE5WI1pD+Lexx2QNuO+6B4PaC91ZCFZEOy8B1qwCb25fATfyWkUVHd+B03jPkabNibORIfjG12vKWak+pP/VLJgxNj+t4V3Dnfvl9PxWchqfLSpZetoifQfWmipGZDKmrIDftUYSupRPBQEIhpDDU6o6AUTuq/3UFI7EenRW2f87HLRhMNkOhChLAfbLpDU8LoKx5w0WDtaB70yN5OEsN5/2neQrh27I2zc/K73j/WXorM6Z7TayBVkL2PQsSvsnvcOfZ4VBfek83MRKfOf1aSV97cuvk2Wn0oniF1JGLXt19VgCEqoQxgbQ1RNAUlW+BRSfJwsDrYgrI66P74p49ajBFAhzr4TLK0HCHJ/FGI1ZX2zIko/vAtLr21Bc2x6+G7zzaY1ncQOuxWMzdranE23nTjOe+EAgHncVSMrELQ1bUSQtwIjxiZN2ByuEydi93GgJoUm3Yjp4ZHpRcfw9l/AZssNT+Yn/sQu4AZxlLRRDuxuu0dJufT7pBvVq4481FYLL5ASev+uwktKztUZslMzjCGmDTk93J0u7eoQuWFilYJ78Lfyc+PssRHoFqU3MHrTPOHX+OgSi8jG6lrR0Asa7kM99ODdh61mlVxWsAdMgcINgeLIiOx5dtsLRQEKqkO1aRzkdhQO/w/VrVl2NZHlwPIVYJqURGNffh0bhWhVivpYfAuIW+godMRePrSSR/FHt+gy4/OWcnOgRpWLbNBAXaulcSlU1xBG/w9PjpqzbTRrACEXN/WjeZVPMoo615n+wi3cgoENGqmFI5UkSqGcA+GZFs9V+Wi4nqwlEYv0skK0PpLd7ZiE3dH38j2K3jzEJ88i/YzVJsAwjc1rrf1CQrteiydQoaZytQN4QUbL3xrVp+9Fy6pG4OAeQ1exEek4hVt+ohMz2a51zVM9whdiraewiAqkA24dje965QRBRZPSleO/AQSbCAJ6tqcFELcrSmgDm1tX5slwf4PReRrUY9DjiI0uGq70Xa/cGNySbX9EU7r184KWUK2I2iR2Ms1kSlRSPAzvpF9IkOHnqb8tVUHA+iIYio6nMnryKP1kJrKXzafgXBBET/3KQMiP0v1Jc98FWdCNMEMoYx1ulEPIEe/Be+qD5EAq+gGy05IdfaX4A0dPWDJu4sQ2RlIRhzAgAuprlcKRrWTA9XTasdDLZdmYYaJi5d0MC5QSCCmpT0IkSJuV8vAoFHWJ5AEqbEzEdxHDAWx0Je5bolGV1EVgOC+A3pnennHF4GnGE6O1RVVOeC/UGrQlxeeTPR2Wy66hxz15QRAS1xgOv9VvqjFB1GvI2AmjwCP1XjNo4z0lBLdMpNd9MpdWBbptIke8TYDe70EBP3EHMAJNlTImYucO7+ZxEORY+0ZVgwYBSqY4HGslZJ+lpOOEq4lUQ7dKDt7Lp0Qvm/IroNKE0dNzdk8AauCwd5H/pCvlTW1AUa1jyFh5C0/Zvha+ER7Ju85eIRpYgpPXQ1HbBp3LjlveYMydg8bd1zqMSfuPvLrDcwXCWPMqc3sWzW5kipeX+oyy8Aq6kErU185JPGgI8GW1xQdDgi8Doj0jO6sE8A0h1K9haeyS00ArSZICZ/yObu06FgnkXP1LYCItsOufWKa1j3a5BQ936jlR98R9Fxx14MO/RVGdFRKIQPMuIh3rCk8Ns8+p9Nrjh9FCelXvygtlMaVHz5+1ZK7QkAipf4ibcs5aSJgNE8pnFmb+Iq04n84YQWEzJTnBMoQgyE6xEdfP6zhlKgQnXxltDyJw8OWEZsvy064besXWsWXixPV+jVpJwe0nMp9fOCuVIRfxuXVYlZ/c9pyNoG13NjQ2aUWpGZ802C7JVVx4HzC5S8iKwfxd3pEorQ4ePMPFpTyY6/3D0vVl7R0kNMNKyFmxzZx0+09CQv9r+kTMpBi/k6e6Eky6A5+30Wuwd3CL+i4z1KMkzTNK8JKwOpCyOmZG0wi3QHJ/rkNwhG+5nMpcW4EQzZi8ab4TELcFPvRmlkzxTHp9NFZ2UBKcPoBsKKn+p/OTUoPCTKic45acyl93FqkUSd5rwRrKZpfgQ/aQUqKXPYZbEfk0PFCSMvPIGpc/aDDY2F6lXagsJ2jweSaZIeZ2BSdQKcvdcP1hBVXDXvqsk4LoHog2WjHOB14VKvnE8de0QAQEEZowYiYF8V/uEzKlt1p8B+D03iunAlI/wGsy/irS5ARQnWBS9LKZynTJ4ow1DemN4gy07e9Zfu2jgimdTj+Rsf0ZnQaaTVXjNQqJsvd+R3fI6B8jXHPxBI1+qQ6ru9ZivAeNdDlQxpriGJh9eQzIB7iyHfaZ38IJ43U50zDAMozjVsp9zdUNi2czGKhG3gNk7aqWOcMWsbgu2FNs1hB4rKJ9FnKvBbeBipaqZSY/it9qF8N+B2H0HyGoWh61UR/tDqa/ZAm9otTlxaQSWDm7WeR3vAIcabEmC5l6tU0yLZ9p8ZCFdAo8iN/5Q890zsHYSKCNikr+dn3VnZwamJ+upkqcwi1xUaw3Q5ORcxDYVYmnDH78Rrj7TI5izCOM96jbD7qYavZAgLqIFrVzB+gaPnM+cEySJJDwDgoEyWBCoeefLBLNL6Wu6GhXqraxxcDDs1B0mcLXDgRmpNg1068EDvzqvhhqgTyoa+dI+75a+iuseVobBqUrhB1f1AAgsYQktYCQC4qQM51I0IapHHvzmSdZhSpylQxuvE34TqtPEcaGEhr0cgsjKyhXXLNHsI+G9ct+TLR8GW+Lyh/IYEV2OhycIPAtPUF7mhNG6iD+3M4zE86qimkgEPwNSacEXMMa/eRUc5dO3KpmaPhYNSWGoAaLDmHxci4GAYyDaPqRh0oLMTWCSrGTTcyr+KbE4vgUIqAJ3gzWxNVdMqLsw4aitQYUN6LcR/JEOrlKClSUVMmjt+3/3McGqkZfp81262QVqQgxDuRsZx2cQwftNVYknRpswOtNu9VASE+DIHg9OKl+dXuBRyWU9Rp7k9WiUoUXYctLT+1klhefyZFxcuNc+LMbvtZZQP1nm8nuTFulgwFmICKd6nIgE5ruygx3U9bKTo6qmHsjtnSNNUOqb1LBIHrcdgCHd8R10viIpN7aq3D3bLXIZTO5AXiW/5ywalY060XphBCgnfBKGOwj0bYFqtXx6/r1izs2PGK1vQ0GIdsglz9i+n5xpPLVJ9vpg+I8TA1lDh3CdHnPtnJLI6qJGo0bcIOb23aGpxE8eQiU11JlLX/9FtfcrNCnua/Mdoktf3a5+RA89ahyWnS4KorYSnHnYnVunSwq5kdftla2GvmYUFZBAgShr6RSK8CtUhfFkwGQBMuH4x1nt7lWzXgtn4Spru9rAhckbDukidYRstVgK5sdGJAAw5NQQ1bAhJH3lRI2342PCiJG7hIIhIs9N8BHBrJ9ZQM/H5LFa0UIyYLaWqZY3J5/gj35x39/ZqLpX4uV6XicSQ6JpsNieo2vreBqxeGgPv2N8g+PDca2dR8hj4GMWb3qB3sCovyl24b6+2XOEcxazwIa4itX/TOvOGl4+uSY9G2czBGPSvOhW++y8f4D0oiSwacC/rWKdh/9nYko9UCXXLM+vx0tZtjdLBtB4fE8yPIvuM1RLPsCDEx3hpfmK/wv78iH7Y/9mV3KadtjmxOs+hAd4OitlNjTL5eaDwyknbGUSnbSk7uTylz2Vz5S/cPztX5s47L4z4GlB12WsC1QWbhurZ1QajbMHNUk+ogKOaqvv0t0lO6CkZB6E6+gFT6eXn+APjMmwiwRV0//rjCeAJWjPox27uOfXFdyd9uHpbqVLtnGM/fgtw2GWtUJUNSbXTHRSzHMWM+BCg7hb3LnwJoH14/ouHp+9dEpkBd84kCBxB8kEDrqjWQ8eTKxU8UAqSlUm8wXfvLYw/JFsi9vfm0zA7YOG0/FIQlOLzRo05dcKu2K+g83oxhF/m1zT607qJt00o6Yfns17VvBprwkEKF61bxTDpU40foyIOSISu1EF6am1S8XjAFWnicA1qdVvNQTYNMGv5P/XgxZlxQ1RWHUEksnU9WtfamU3+trdwo8xksGXRwNE+oEhKYTwmVZsdhyrq1uYFE3cmKOY2nRD0KxzM5jSCbcDaULBdjmgJneWS5if4bguGszZVP1Md7Dk19bVDQbud7O3/euIMmBwiyphF0hMio31Fk259GT2ErMQVfD7UwppAz1SjRTRWbLYLV6shPRIpwdfDIqtreskXkZnM01VjKL3ZrKqC0uY3tt+BVEepfHRNyrkWShxk2WJmbvM+ZKi4p+sVN+cdZVQFZ7ndxR/UbQf02xhD1b5vhzegarch8rgtL59msQdK8GjDY74oKlzYy2u9JHcTwrV+Ct4frooRvllW/yaBdSH/vQuvE3uMFKqmKr3zpJZYy7Tkl76wRlB1JAsh67ToFGGXpG9MwPoFlHR9CDg266GoB8Qss49vcSNEqt648766zT9OYI3pzCCDfdQ7CqcymGWGEqX2++hAIa7gKPM+I3gzrN/uVyjAqhGErPzRHgxPar5ENF6dEsuqSPpgZ1u8m2fQOfbhjY9L/NmdzFGulVoigDTq6iQRy+EvtuVr0e/AMPkp1WvLRhenZVvl5bJLNVnqEMhM5m3YSkCIN1nlrX1jf3IkXxWSaWG3JWgCb2mHRqCYtmoUa7FOAZ3sgJEnGv3ENPSNNtFldD2TodNWS40V3Pv25P3BQ6mFMH/OlWFlVpqADMJOOoJtQ5yb3ZL9jeJ/bZRi21vE7EUM2GC7J+uMwrD2W8u8h+IkOWndCYpQmzpICAn+PwLfOtrjAv15i1KcvuQ/KY4tm/X1tyTnHeNCII597/SFkxb+9KWfsXH6F7/VK4YI3dQjGDIQPXlhFXZmqBOJGwFrxpn8+hKsBVef+dRCge93bT1PWXqHu7zQjzCeQGSCwc/ueOWdY4RRHrz0+CiqlQyNCHfxEQGox1ieC7LmPJp7VFIqUP7S0wvjhjspUm4Y+8LA8N8pQ5mIl52gptcsIda1tLo4kjGfFjCM7D5MRygN6uKMowKr/nTAq8H8rSq+tDfTJ47jJabH14BNli7GqT7ZBmLyTgRK56XOZJdzndZvZerZOuZ+yVen//hB8klbBuB/wmJYb+F7W80jnXLywwaz5ykj5o8f/PjQ3oBSwj1di+2qX0JiBPF0x1tBySc5WSqjFLkYqm8NI/wjpkVzDqPlMBVW+jFwXddV6ZFVsaK8X2wT0BWU26AVRB367VzzKOOmMjtnzt565X2E4kr2BPO7tgakYdePfrhw2RTgqVhkLMiLg48oudwbONCZmxeiTljZbql+XWwN4gatPvOH/akO8Hbem0V0pY2+7YDVIDK/KC6grsjlpTAZgXbrYIRDMiuG989gIrOUl1fWZcMvRLJYyVu5i060q4ZLYJb7XZZ2MrbZ5M2OzLX+Mo2BuRGiM2RUyVnXlST8XnY2XKIVELp1EOSdoxCg8L88nmryoHYraxxxvgJeskYJ5haZ0VaCXuYvF+LdFampb/TtbvZm8sFnUAwvrK2ULAz0RJN+aGIfOyg6G1Af7YdWE6GkDMN9mkhoAf/g+2DB/TBYt67CoRozB8Dj9WEv+MuiovISKTp/82XFO2jtIHNKx9sNfwvPvxpX6gPSr94Z88ivCs+AaTtjZbCBp4vM8bK8YESVg+cLZ0TKIF7mCQ4YT8n2ErnUfEFwvo/9LCRLWsaq+V0afsBVWcy9IU0QQZ4B6XEPmGt2iMoW53UGXA/B0KDxiclvqkpbWce3WqOH/deeMKAWDuReDs859nT1ESHq9VndFdD0AwBAYqAcCmXzrtJR9KjrDKmLvWbJRp8M3njBxn2ct3Q0vfy2GVAqwUQiyojHjzHi8h7kPxm6OfaxQq7Z00RWRkWQkA+Q49qsfyFT7QGBSzEUuvcXLwH+MGK3HwyVZSd5w4KfKqQdAmXHXrqNozirzd0xdn0bNTmWJDp6IskJsolrzxq6na9v97IPSHGmYCIUuxH2Ju0ngATVJTYGk8FAoRU3moMu/sgEScgLNeipZi3tTArEHxMn0fgM8RCATnD0mSnUCnhUMPXbn3y9n58tKabjD/UFblqYntQCSBctafKoFHLAo0/+Ndf1sutCsjNR3ubQESp7am8NSeG0vPDRUwVB48KDxAZarnNp5d2P05YTTpg0xeYYr32X0oYcTojHKiitnULMrO3ZkoxmSUiNvBERcv885GXXa7XZ2D3160tDie31tCM2JdGZiZmy65J4BemLHy66wixqEx4AuLeZ1KfjZUQeEFm3wxZIhSf43cRXnda9jkaUKXLiqdnOUpT17+8ao6lrlOefpbw5ezkbMDzpPlZeALWqewau7V4eQgpBtieKOM6gZvSP6DFxbisWA5vrehZMrd36LDRV7Dz9t69Bzj0eqLFtsVxp6WbSYHFFydSuOhPUhSFDdhRc1DWcV+0NSdlLHFkxeStSH+03sJR505aDVCrAVxVArEqCVHYNps2Rk1ZHOr6IezQe0akntsWjTQaN3yvpLbPnF7t531tTQfIC6Si/I75Z+j35BPPwX42vP1V87s71kNnm6ERUvvfSCHXzQH6qF7p4zbaHK9t818Mtyr0YXWU8s1RH6rDXjx4OV2Ox9jexo3fp583q4kk2iS56Qwa7XKdSgs2SnPYGdp/z05mF8ThGlIoYD7WqyHnnc5DtTgJXH/ZW/sfI2NnKArBQDgV9E27a4lRtZZjwEH9bVRvfwPhttycy0XRmXV/6muV6r/copoPSOV3G/AUzmUGGqr+Es0X3GzH1XWJ2JcizlJuqjDG4rWJX43g0AO5xky4DcsQb9eBpuXhpcRMSr+C5</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:04:23,058 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:04:23,058 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180423Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_sumltpydzh8ewgwymmsghaol7qdgcssiqa9bed2|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_53d4b2d093e338e3fb469cca2df3f235|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxEjM4wKOfhM4jRdCI89eKQITcNOzD4N0Rn1LRfXzA9ri9kfc+WJo+mQiMPCpAiAbpQehhca8TCpevCS78lZhKFgp5zvBAC20pIjNrfxhdAd8KEkkGn9W7N/2Z2DzHExt5HCQUPX+5UOtckknMOLMENo43OplBRX8=|_085c9caea1fede046efd6228c38e5cf1|
2019-11-13 18:05:19,191 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18614-NJ54D3j1cV1rC1591LUU-Ra94DIaL6gx
2019-11-13 18:05:19,191 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:05:19,191 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:05:19,191 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t"
    IsPassive="false" IssueInstant="2019-11-13T18:05:18.337Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>pruS/NmgHtfyikMZw9J1CJN14aI4FOLzF6zP1RIt+hM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
FhB04Mr5iooL1fn7mUOaojFWo5CjYSu9pgm5eH21yLBdNE+fLFsIkqoSo8E/wujjm4ed9phpo+Bc
SZwDQe21jtAvWDc2pzs0i5bEfVGwqGcOHONouGD0om7mFLHIpoysUp0TM8QFtdF42kUy17ImGSL9
Zro6WTmyFUsF5XmEUGQXSxeOkg9l4Ns+9wtadEQiIEI/h2zeSn4WgRjo7Kzx6GBj3tlYHE4JXxlJ
vJUJKoesvaOdnUIEE2ttrBe8m+XSrdRZzEsdnlWx6O4niM0sIJ2Fts8Rjs/7tiuyq61324LrPSvL
313yYppY4Dj87j88WKYXzgMHMoABhoCy58BbFQ==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-11-13 18:05:19,197 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-11-13 18:05:19,197 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:05:19,197 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:05:19,197 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:05:19,197 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:05:19,197 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:05:19,197 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:05:19,197 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:05:19,197 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:05:19,197 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t', issue instant '2019-11-13T18:05:18.337Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:05:19,198 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:05:19,198 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-11-13 18:05:19,198 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-11-13 18:05:19,198 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-11-13 18:05:19,198 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-11-13 18:05:19,198 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-11-13 18:05:19,198 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-11-13 18:05:19,198 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t"
2019-11-13 18:05:19,199 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:05:19,199 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t"
2019-11-13 18:05:19,199 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:05:19,199 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t"
2019-11-13 18:05:19,199 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-11-13 18:05:19,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:05:19,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:05:19,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:05:19,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:05:19,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:05:19,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:05:19,199 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:05:19,199 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:05:19,199 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:05:19,199 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:05:19,199 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:05:19,199 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:05:19,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:05:19,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:05:19,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:05:19,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:05:19,200 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:05:19,200 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:05:19,200 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:05:19,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:05:19,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:05:19,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:05:19,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:05:19,200 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:05:19,200 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:05:19,200 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:05:19,200 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:05:19,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:05:19,204 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:05:19,204 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:05:19.204Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:05:19,204 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:05:19,205 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:05:19,205 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:05:19,205 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:05:19,205 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:05:19,205 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:05:19,205 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:05:19,205 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:05:19,205 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:05:19,205 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:05:19,372 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:05:19,372 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:05:19,372 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:05:21,492 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:05:21,492 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:05:21,492 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@643070290::identifier=rick, context=org.apache.velocity.VelocityContext@67efd717]
2019-11-13 18:05:21,499 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@643070290::identifier=rick, context=org.apache.velocity.VelocityContext@67efd717]
2019-11-13 18:05:21,500 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:05:21,500 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:05:21,500 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:05:21,501 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:05:21,501 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:05:21,501 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:05:21,501 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:05:21,501 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session a28e0f4a3c877816d2e479015f8468d6a1ef254e1e216c8ce36e8a966efc0352 for principal rick
2019-11-13 18:05:21,501 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session a28e0f4a3c877816d2e479015f8468d6a1ef254e1e216c8ce36e8a966efc0352
2019-11-13 18:05:21,502 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:05:21,502 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:05:21,502 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:05:21,502 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:05:21,502 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:05:21,502 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:05:21,502 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:05:21,502 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:05:21,502 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:05:21,502 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:05:21,503 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:05:21,503 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:05:21,503 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@f6111df'
2019-11-13 18:05:21,503 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:05:21,503 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:05:21,503 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:05:21,503 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:05:21,503 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:05:21,503 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:05:21,503 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:05:21,504 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:05:21,504 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:05:21,670 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:05:21,670 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:05:21,670 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:05:21,670 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:05:21,670 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:05:21,670 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:05:22,182 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:05:22,182 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:05:22,182 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180522Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:05:22,183 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:05:22,183 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:05:22,183 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:05:22,183 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:05:22,183 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204322183}'
2019-11-13 18:05:22,183 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:05:22,183 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:05:22,183 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:05:22,183 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:05:22,183 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-11-13 18:05:22,183 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@f6111df'
2019-11-13 18:05:22,183 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:05:22,183 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:05:22,184 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:05:22,184 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:05:22,184 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _9f8cec44b1936e4aa5ceac5cb5bba057
2019-11-13 18:05:22,184 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _9f8cec44b1936e4aa5ceac5cb5bba057 to Response _c9d062434716f96c6146fcdfe6ed3083
2019-11-13 18:05:22,184 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _9f8cec44b1936e4aa5ceac5cb5bba057
2019-11-13 18:05:22,185 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:05:22,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:05:22,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:05:22,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:05:22,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:05:22,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:05:22,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:05:22,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:05:22,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:05:22,186 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-11-13 18:05:22,186 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:05:22,186 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxKaqnz37Ur9xGYR7JXqNXmn6OoBlqnV7yG0wEfp2P889m/WF8CKBgDl3sg94JsObrDiUGhSAV7gsS4cEz6oMDP63cCAmUinkQA1KRMlt5fDZ3VBeOb3TCz0f+2xHgBRXdEpXIuqS+ilIKkgpFoOy0dCYaxWKT0ro= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.19.108
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:05:22,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:05:22,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:05:22,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _9f8cec44b1936e4aa5ceac5cb5bba057
2019-11-13 18:05:22,187 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _9f8cec44b1936e4aa5ceac5cb5bba057 did not already contain Conditions, one was added
2019-11-13 18:05:22,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:05:22,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:10:22.183Z, to Assertion _9f8cec44b1936e4aa5ceac5cb5bba057
2019-11-13 18:05:22,187 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _9f8cec44b1936e4aa5ceac5cb5bba057 already contained Conditions, nothing was done
2019-11-13 18:05:22,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:05:22,187 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _9f8cec44b1936e4aa5ceac5cb5bba057 already contained Conditions, nothing was done
2019-11-13 18:05:22,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:05:22,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-11-13 18:05:22,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _9f8cec44b1936e4aa5ceac5cb5bba057
2019-11-13 18:05:22,188 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session a28e0f4a3c877816d2e479015f8468d6a1ef254e1e216c8ce36e8a966efc0352
2019-11-13 18:05:22,188 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session a28e0f4a3c877816d2e479015f8468d6a1ef254e1e216c8ce36e8a966efc0352
2019-11-13 18:05:22,188 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:05:22,188 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxKaqnz37Ur9xGYR7JXqNXmn6OoBlqnV7yG0wEfp2P889m/WF8CKBgDl3sg94JsObrDiUGhSAV7gsS4cEz6oMDP63cCAmUinkQA1KRMlt5fDZ3VBeOb3TCz0f+2xHgBRXdEpXIuqS+ilIKkgpFoOy0dCYaxWKT0ro=
2019-11-13 18:05:22,188 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:05:22,188 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:05:22,189 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9f8cec44b1936e4aa5ceac5cb5bba057"
2019-11-13 18:05:22,189 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9f8cec44b1936e4aa5ceac5cb5bba057 and Element was [saml2:Assertion: null]
2019-11-13 18:05:22,189 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9f8cec44b1936e4aa5ceac5cb5bba057"
2019-11-13 18:05:22,189 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9f8cec44b1936e4aa5ceac5cb5bba057 and Element was [saml2:Assertion: null]
2019-11-13 18:05:22,191 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c9d062434716f96c6146fcdfe6ed3083"
    InResponseTo="_nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t"
    IssueInstant="2019-11-13T18:05:22.183Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_9f8cec44b1936e4aa5ceac5cb5bba057"
        IssueInstant="2019-11-13T18:05:22.183Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_9f8cec44b1936e4aa5ceac5cb5bba057">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>7J5cOWOURX0x/0NOuG+QILUaosYiiH/JVtRkerQXyl7oRdBOPVW5RqeiZPgHTtIkalv/WzmRTJ6Hg46qgoI8lw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>QhsUqxPWR7GZPU1ALhld6Gn7AvBK8myL0RFyzm38EQXr6d7Y3AZjugUZE6DdiSyDeF8QxOEGS1eHgrHWIWW2NY6PcvSepPUxQjpPgv7UVMJFtSpFeRg22qaGcgDq3q0YGIoc+Q3uevNXhrzS38/qcDBrA5X2Y4bNZiyn/1qpSBPPoeCsSx5BMd2XYDib9ZqWGeqVgwfNWyIwdioU7p01xReB0fQBrKCCx9ZAsnZeXpLitq3I7Jkp6IkL0RqXuJqIMuOh6hvUGsD+Vc/U6YaoWahM0MQquAYgR8Lny7Eaw+Cx0IUyH/0+3NBBplIFWYEyT94TUOEoXoRwBRCFJSNj/Q==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxKaqnz37Ur9xGYR7JXqNXmn6OoBlqnV7yG0wEfp2P889m/WF8CKBgDl3sg94JsObrDiUGhSAV7gsS4cEz6oMDP63cCAmUinkQA1KRMlt5fDZ3VBeOb3TCz0f+2xHgBRXdEpXIuqS+ilIKkgpFoOy0dCYaxWKT0ro=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.19.108"
                    InResponseTo="_nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t"
                    NotOnOrAfter="2019-11-13T18:10:22.186Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:05:22.183Z" NotOnOrAfter="2019-11-13T18:10:22.183Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:05:21.500Z" SessionIndex="_b53392be30f94e5312fc77d1161781d0">
            <saml2:SubjectLocality Address="172.31.19.108"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:05:22,192 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:05:22,192 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:05:22,192 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c9d062434716f96c6146fcdfe6ed3083"
2019-11-13 18:05:22,192 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c9d062434716f96c6146fcdfe6ed3083 and Element was [saml2p:Response: null]
2019-11-13 18:05:22,192 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c9d062434716f96c6146fcdfe6ed3083"
2019-11-13 18:05:22,192 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c9d062434716f96c6146fcdfe6ed3083 and Element was [saml2p:Response: null]
2019-11-13 18:05:22,194 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:05:22,194 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-11-13 18:05:22,194 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:05:22,195 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-18614-NJ54D3j1cV1rC1591LUU-Ra94DIaL6gx', encoded as 'TST-18614-NJ54D3j1cV1rC1591LUU-Ra94DIaL6gx'
2019-11-13 18:05:22,196 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_c9d062434716f96c6146fcdfe6ed3083"
    InResponseTo="_nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t"
    IssueInstant="2019-11-13T18:05:22.183Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c9d062434716f96c6146fcdfe6ed3083">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>wolewyfYVt4GX0J7YwLJf+rAogNCWvGARnfMNwhsU3l72i2B3IHwFwzk19cVr2b+DYrfNG8yRe5OAOtMVnoaQA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>GS7WrtRiJsyomYR2v80GXKBnVH0vD98qDmvbg7HkUmszdJ9o6a8qv2rxBn/chrpFUUeYmrNFrkfnJJUs02kUtf0wQ/uUfAgHL8QmXwnMP9fTs+tFxi3KB6Jt6N4GrSBP7ZJWtrgbDWrhcJZ0l6WYWcCa4Cvkd50Cjb/zk74DAjNxwPeUMO1z46tyoyLwuHR6vDqk1PPQjzroDrj4xs40/fEP7OAbLCN3v3J87Rn4O8A56dZtNarOKkpGXjFODUCxVPaZpuzjt7uYkUdcDOKA3KeEmcecxvh4SLTABkaFnHBexeiEA7xzGOa2tRcN/fychEaHRNQFK0xO7SjyRy7WUQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_dff79c7f55016605ce04226e0190f18d"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_23260a7bd1aa19767d6619442e3d43d9"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>pKLi/WRAsOnmUDTKwGeTxUIWQpyjxL9dWNHsesiQr4M7CfudBIuJuwwMT8/dKS0e9LCpnTuuFFCI3Cg1Ic8Os3NbulWZ2O7OkwD/vKDgQCWCHvqh0+62oBlKUfLeHeN+DGq5fFFnzDfib19AHcDVIezE91nfgzMAUOvnP7ZWVwiB3GUHsPd4Jmy4bAfOMaEz2HgIA0MBSxPSzgt2EemhiiZ/VCTn+sP+ySChoioDSa90W81QKVh6IKNGEhdDt+r2YFMZZI1k1f22qJbwinWq5QF6FAHAFWXl/J850uVyMy/4BEBuYMc767Ge2HpnkWmuhvX98N5w1++OeSWYTneaMQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>TVnFo8JijiaWFvXuoJjKTG9WJG2XpR2nQhLP2D8hXhDtMMOkbxO5lcsPn56bKtBdHjIvxAPJal7p6CsOD914AMvyngNGwJz6VWh4QmtaqgspWpGi/LTdDX3ohb8kf2wH90VYNkY1eZ7IfLTRYif6IA45rHD2jZkj6N295UXPrNpc9tVCcylai1QrLV6Lt4cKijkYa4TPS3l2rOoaGBbzF6ZxUHgjOZYwdAdY8+6WozzpkVedwg9ZXhmRmuONVgzFH0WKLFCFKEpzV5TpmLyz2fiQBAZBnp+8dbW4C5m0V7HolLb8X0+dr2DWVW4sWmL+eiQbVidSYLtQmC67dqEZXXX7CwOjpMjEjUfVdfGzCnd4EUGDgUfG51amDWRhhcPvspa8V57v9HQccagYiZNqmhbXK6BGm616u9bNgPMPyXz1LQWd7yJqSdZ4ZBKv0yXwR6kDtv4DaVfcweBP9TM9QJC4N/mzqFJrZek5lbHYYyiklZa+f27f+w/tbZmZEOOXgJJ8Jyp35YIoQEVss5ugrZQL2UfXJAfsX9A1zIn6hwR5jIdnkl9yg22TDzLOKpAGclSaFGwZy4kmTHgW9N/6ZtrKKUTQW9J0tfbkxp3zSI8o2oobCWeHpCB3O9CC0LFWRDGtsPyWwDWy2rFU4xgMwJM2gxfOzmuBVLMvrYwv8GpVSiCZ5767EPS3gL8xX8izNbSozFno2bONmm+XCbty1aStSvlpr/RBCht4ZQx1/RwKru+URIUsM5lh2thoi6gl5Dee2hqYYpXE/l+Q3IfGI0fDXM9xgYwDM1jSR0igz032hLY7CbG3XeY0hv+YIgD/sgZoLJSrnpMFSkmG9/YmnuPWQwWUnYnOwArYxKVzDOHN98VX6Gq0B6i+Bh+DMsLKiOlBScDLfSsFxJ3b1Rc2SAEE9nVLOi5wHCFvtlbtLin7thyOTrF6XiVLTW3hLizWCKZnF1/5OFHPWp9wn7PAKIb5mZo6DenJooE9u+DgIH3PRzfO1MfueKuB8vDob7UwL/Tdsm9AesHbj/3KWralcosjDaZ5dE7Ci1ybRY5Td62YdZ4eYTTc+nXKlg4j74bkxu3v4/BzIpxCTCZlUxlCviy7xEO5B3XsCOVEYzANVPUynzkQEUOvPh/SMfx476RiNtOCfRGOfDMlThmBNLUHiMt8WvOhmAf70HcasvUjozYrPfQ5nqsOm0b3t0vLZirOu8ZbnP+QGLqxGzBoYgzDYkkcwU/fnjP//g8TOuaQ6obZMVCEDGTEhDNkLLlO9+bSA7K5nVtwA2udgEcPeEmue4M0iAhFaa6NUfrLcbOJRCNyNUcEa3pWGDJeIW82htyMuTFqWzW4tWK7jFPbpgOSrzqgK5MylvC+NMGgBnjfiOxe2h5m6MGuNIWd1i4m8JyIDSCOF3wHsrI5s47byTGrIzhiG27+KKOeJBvTXEnuDRvjdKTKFdz5GGBvSew24FZygezeJJVYMckYQYONuN3I+J6o9IKGqSg/mInQbjdmQ4K41twuE6eCbbr7UR0XFHsJWNNf38nycyRWLZB8SgQGz+vsYV6jszwW6PIXFv8/XqxMv0yh1l/jvlgOQ9aXuyXFptzwO0FEQsRrc0lEYAMeg3sBwcRAAkArcqvi5YK2xLIKpvw8f/IsqKiFJkfnBxXp8kueYKE9Qu+ouv2pxMzLuIZYmCTW+e/Pp3LHYf5x/ovCIi+RerjxBdhab9t5hXmdBkYxrY+opBGY45zvfZd8UfiyT7BMWxCKQx5TVLFRSNy9AsXOZDb/G8cyhYJXo1t3Wjhi+AGBiJXtLDWGgrAEd2bl3OrnQz+pVcRpuYsLHMTJ6blZfQnCDAby1qQOaF53PMBWd/YNEnfTNsOJXXqnRSS5ogjj2hyg07PNgcFCZtCqAdQ9k6eJGl2kl/rewFeRCnC8HYfCYvYrogV9Hm7NN56UXQu6Z+a3CAUD0hkcEKRyRK48ozmEVbpnv5GmZYnbz17ad5plZPWOuMqqvRqZurxBqBDv2/EmN7N+69wF2hWQMxeutnJCQZpY5MeuSWRn620FW9QczBO2pDa/gCOtlkRkdZxgFGjZuD9uKJbSHhvPE6dIjWYsMLD0lMxBx86KyOnbNlD8CaWU93uPH864FiGca9uUbIWg2htp1lodOi8ebQXtbJMsTyMNlxZhVqTZfHrabXHe4ye5uWHCW1Sr9eM+VYgo9gLjNX6V81BheidCC7hvTDTOn4XcDtY93aRb4TU0XG4Agwd2qQw1M9o9V7VH7doLsO25bBoaocBZ/GcLBqcQjqVOGeuGgb4hpJpfRxpcYhZaENR4LZ51F8z7u0q65UC5KFFmOTm2oP3o8M36sCvmFZqPb1MunPFuff5Q15ConQb/v1vG8zTIXkNfwFCVu67eLbv6hHRNVkHTUZQIyuy9xt92+ygkPdvgikSuFFcyGs4bbB0OJ6yu2g/9UWkXMyWnefniyBP708rFoopLC8LmtYTjs5MCZLygo8MUwLIuw6BMrPbDQqlro9hbxNnAka+l2WtPE58HmGJegAgZi05FnJoo0aVBDFthaMNkEO+SYO1vSroWYzdhipRJCbgjN+Gh29dDfcqaVzdHzn5EyGUAtTttySUOvEnjTlbM+6x7Hlii1aJhNLCsgMEyrz7nvhugTDT9CPX9L3XEy6NDMejD5r26V/xkNnfNus0D31tDpjCEKN1JrmSD7j0ln0E0dkJRd7llg+DGtReGeHDTho5hZLBP8ytCCD7AwBx3xudbNWEQ/2xYFNOLTmf1b3BQ0F1Lo1eGFYy6OwS1N1/serh1peBeDqqvElaWsVaYHG8pHoGsZ1jy72V0HTWEGu5IKgpfPzZZr+WF6e4evkFvDWpsh+fgwThyK9K34DMitAJvdGAuais84iWKkavK7p2jz1KD9lRN4SU+33pxjKPnXviFsS8QvJNLgtVcttCFGqZLSz5QsSnOYRS+ac1RiG1VrwTHrHivh//hqiAyNJ/H9OLmXl5FPXPrYir4OCdLe2JE3RLlzGPnuUAzjzzaBu5VnxWP8msmfRV/Ly3JXlXu7YsShyo/aONPSvq0ZeSCl1lxgAopWfXm2KNH5oaTd/XMxvzi2bLfhQ/y7FY2pmnXs3hDhVtHuSAuhZH64D1QcHTKMRRN3Noq+SYKSsyi96Pd8s/JgDvcx4NbdJ8EOWlOQjj2OCwkDNKYCZcnrLzPOI307FURj//lNzuK9HqcX/YGt8ZxVczUjij6Kds0jowHOnX0argGzQowhn4KnpavAa4Z0DzY0LP9zreIfB7i6CF0Mlu9jro4D1O+GntymcHoiIv9ool/dQrSA3TSIvec/kXyxlWYv62/rwdvH4lL0Sl5N2NupQVZ7oTpnCejxDXnZk3NMZT9ZhhxZqaDTki1n47FrMUZCodE07Lxy3KZ2+MEdtOTKjV+UndXnTzUUot3llObtRLjHGaX677Ybfx5sTqBbgYmhscemNvnGIKUp/B0Yb2FIV/DM10dm+YZot/YM3hrqFIEPfipK+x7e4J3JaEEmki3SHF/syDwzNT0Jo2+tKQrchp4iXNjdXZXnveN8teTZU6TXvCyXE0lqR6M19OGTff29lzOlGYJvsOJW8+s8TD/d5LA6KkuNAxFhCAy5Ij3rf8sICLYQH242I203CiWLR54Bm07M/Jx9JjsypsyCkKgJ9ucvxFUyEPiQ+Cm+fshWwki8OF4AEOOeRlYRj3cVNMBVWikeBkAtg6tQ+I81C78i58X4j42xAhc02G7IuuwO6DwH6Lc5YGihJaLztJRtEkzEdP87vRrvTA+XNTX3t0O24MW4HANkoH9VR29p5l6ZXHMsj8OeneXFoAg/PtV8LZkURGs0QT9Th79egHJg1t+XzR15pFDBjvwqV9KYB7PJgTo42hxW9d73e0vopp9qnnqARS/CxEkN1mhV2AnfUfLbJ5fChQbpzzfn30fOJkzEjdt/Lp7BpXp7ci5qbMkzuDfssEVqxC0FHLPsUPopftfkqRns1+dP1JcF5uOEiP6SKidLiGisHRDxdUnr407q9BF3hFNZ/dOoCG3R+N3R+lhvA82iMpXPph13O7xV+FFsrtXXCGsksK3dGpvdkP+p2FF2YreS57kg7YVDlMGvozU15KEthLmf94j62nt5KU4TbwxVW+7VSN5eJewQ3C06MIJ8DiaZ8GIIhsDYn2L6iP4L+KSDLIu+kZ/LAo3o5yHsIvyi80NNU8p+uB2M7L6tqZgpWh4kBKx4XiG8KPBfxUqSWwYtVr7ivj+lZbbKyBCWD7rZQpMTZ27Ilw3cejbjYuqPX9qdIpvmujpAOOWYYcBKSS5DVlsb1bAVrCYIFqQ2PJR4W8IdKnzAIOhdysqPRXWUrxojgpF+P6YwTWVjVGJ+iYDgXxrYEIrECqdX4byfrorAv8V4Ury+IJkrqCEWfvOAsZ2OuimaFrhsOrjL6IU9qjM0ZrmQd3uummLHO+IMgqfeS7y0JycZSKiSkEzTqCZsPoW2uMuN6TkxBngrN774ZhFkSesrdN3UtGsPRgVlo1wjqBEOl8wgezm1VbZqMqflwLexcshS5Nz4VQZ499BKDS0O7h34BQgBBGHbI1a/AoX6zqVtSOA1OmnajNMEV89np8RMHcVukbpknNZjwDmDsuF61NHPhPty6mi6ZeCVW4iqzrU3vZ9TSzE0X2vnfyArjZlti9+DSuZDUkQ3y9VFKTvbU1c/BiiH3BqcyU+g2H1hUXFbhEtuNymaRRsn+Af49504KvSHbLiOld80s3iCn2f24Y2zo1qAthSygm+dXvyc4ZT/gw/hCpAS0Kpf2W0vqn9YwOkJ4jK627kDIC+qAYncIsBheuRshWadS7wolU8oFEDq1ERjpNaT6mlPLFX4C306ClYu476tPlxeSUCvPaxoBZeuEcZUku5YA/vkikURCI9rYn4gxxrHf9ZMHCkspRYFDAxspyZti7b9elJ+SWP3hSwyf/uR36cdsBSeXZclsMXayg+RhqM0shIcQ2cgZUNI4iM3R1SE5y6Z5uPdVocMOZwLp2ftEJmAZi8gKv1EBy5Ek+voollUsUKYXa6SRgoy9o3nxhOYUknYbnq034bX6/o6FWbnKDoacjrdyRGE7OQPhVxsmGmiwmwhMJtPb/CzhWv+/g0P4mQ1PMQxaCzFPuXV2anhlBGlIaEl09Phg8edSowLPeNil6UE1P0OOGmnNXKpWxWN7qS+xIXTR7bJ9s8dO9yk9HbIuMvYFtJDdtCxFUtaXzc7rJ7GbO+aBk3ye9co3+sGU13Hl/jXFTQDxbAHORp5KFW5qBHxED3hakkoppQCusk9jGOnHmAJfDFwigjrGPDXJ6gj+Kvlrx22P5m7XjqVhBZc7Cmf9a9aSTJtRpCt4ZUBzEXtP6qeQkSLPrmaBeEyWr430sdscIDYnOf20VZcOUVP0M0HviStFPAyHKLs56kMmtPv+6HCDlhy/2gyzxdHNZpdSZhjYobxpxwGdv69cAwUlWtdM1/q4Xb967Qb02sLliikZMBvEcS9hXhSJ2nN0qns9/RwvFd6IZXQrzgHJZHwOKy1eCAqn7HrTMZiEC0j368ktYwE7+fUbgzum9Rto4EEffcJHt7/VmVB90JK4yKhlieV/lxFRAExvKpdDUn+dmVRuFxKShP9Aet4IigV18dRBHkxzJUYiHI+gd1wUD1Odl0Q8Qso9AL/lAJ03/queO1QiO43WvThGnml70z/mu5TI9PW5dDvBwZO/WdQuaNUpF8rgR1uQmhcndhQUcq+1Dyc7gOH07WxxcnzrHNOLQwhh0luEAGgybQgwgrFl/q4y0oGhFuBycT5fUPCPO4VOlPBLeGxmjRESWkQzCQhRFcUK7bJarsCBV7L4JZLyA3ATe1gjjb2nMk505nnCap+4LHTWOx//N0yS4vcFEntyvDHlNJ2MOohLaSG27v7ytXaM9DPEqICW2l+/6ldcO1iMF0rf2jqtIg9jeUQOjdvIw0mnj0tCJIVGliXfqvhxJlsiA204LyN7WhoWOP4CViZ3NdFld4PSeKdYzA0JB4YV7po5Q1NsTqkfhMwS4o3SmUVZJ+Ywqy+OU9e3hmTxanhe5WLH37xaUE6j4dGwNJIA4raerwGP3s9V9+ACdHvKnSCqvoDKRar/upJ+zXJSOrmh5zIi84FBf0TlE+vdEUlEA60mwkZ8bzIHzdJLKqduGw9F49IVshoSZt2IRGH2x1lBqnBjhjDxN/mtBppgFmkW5+Iym4+nNyb1x1BLYAQ8MWasmLgZfGY/LWCFgvSF85d4JS/mgv9mFr4Net3Z4WKUfzaTW+0q0VMWf5Lo2Xi+YIjGpflsf9GhSdXjv7hcaGE7DZ9+hV6Z97gDFt/Dr8iE1HicfrY6LU8cN8rfem1ddKZUGxOKvmVLjsy30JS8q2mZM0MwthwocZaV7d7fSledaOOhFm2PSd8+P+fDi6KFallBvDkXgKCdbW0UgTV+9q1LBB5LfrNhc66OdhhcxiYf9ENRXD9hjJ9pZkILI60br/AfRS/0FbiceNHMi0caAd3jlXTEwVj1ztaU0BrbhW7MvdZammZgXx8095d3bZDzLqVVSAeXPMHxyQpmjWZYtOxp2pEgj1oUogiP/zPe4C6FJU4GNqTOlem9TJPLyvMfHZF4CMNpILafw6izUYUGpNMswEJZhIQbn9C+rsRtdkGqmvEhInF5O1YLaVfGoj2p3Kp9UB0bjJ3tuwtJoP9KrwZMbJZ9KzZfZADG2xIsS+F56WkYfBNtcjOXmZNtt9h8CZ2We+HzKH9dGBmr7VgyoejH9dw0N+Xh3xqbaU6fkO71ebfUAi9SqMK1RqV4n6RWH5tGy++pEQrRbrg6PPSylFlDXZOjwoWccZDc6oU8oh7tTkPkkGGtl0ec6MxfZ0+1orQ16pRL4idKPbQrcSvrimRoM/FDrvjTCPUo8bb0Kgz+rwYDNjhLRnscZlNDpOq+ngAHa2YFFNui/+3+dSqzVUNcEdO66/C8pconlUaNU/3EtYasbdvhHBJthwLMrRuewgLqkv21AjCPIz2fjUUZXCeeja5MGZEb6d1IiYnlDFIR02p20pH1IzB/p18QwGCdUwkvfsXGc4RfonTWSw7ZWUN/jJBE8aKIaNUaTpca/PfpitGbDffQr4rSPVM5Op4POI44iLzCzMT3WCsSiRIYwv0BawGKHIJEq7tmrBx5PSBICK9XfKz7ypSOb1uFKKccYjVDuRs1jVA5vI2kPAQD58NHS5pLDcx4E4KxYhiGMBaHgJnprgR3/JUPqDpm7uIOVBl6lG/asxc/gRTuoB8l58OZSIRFhRrMhQwHQ7bbkUYKeUZ+ZhSh3bn7F7iManwbA1tEI9wJ39pyuqNi+DPIoO8zEv6p7Lps2aFBu+HJGSNd1W5gvRkLR1wEWRCPbkAwIAG1KCURMRM7qTOIV2SEkEw1S50zFC5kDSx6oYwbbG/U2/YEGjnXbhSTaGFtHrGnIpAodt67rDjoO2cKZAVT04EiUGq+Y0jxDVfKGvKOqOua++QXBhEUdtyYrBuVBxsUIMtGzFtLQQx58goORSBBYtWy7RT/DDZmRHJ9rqndfZCkRVtqP/PGFKs2CK69nK/HywoANDopDL5O9VbjjwWC9+8+zy4JZ3ATMqDJjOgyWuI+kohXB91Zcjs+HcmQFmN4/8gDVymDxB8vySUOOLmL9wvpVZN+0fIJvvUPBxCUlUnDSQ3sO0kOXppkxUkqzfNGaa8sD/L2hR/8OWwBhxolVQYHgvsYDbme+TpqXUALcnbcFJ0hP/5Jk8b0uMRl+TtARjU4p+y/sP3KSSADTyVQUfpMnkyVCzGvBvZ4/OtHBKoGXS/kobYjDH7yWiG1lK4Ao8RsSVX6haIuPHCOM7MrbDf0z9BEyjTOxGqKIzcPBs8WFnw1LGDQBJqno6l8ufz1A/3D+1JQgTedN/wf9f7kd3ksqFtCPyZ3bPS3xzAd2IcRSibz48Zc1Aj0AN6GpuopvnXaanxrDfniG2jZ5+7+r0r5usJGKvTPBnJKtsFoM1zw4O7CPFnDMfJv8qoxKySfNKOAbwLiB2exph3oCL/inm22ouGYq2bQqgTJfiUCg/vfv9iUHdR+IlB8pfSg+RzehbG5NvWlOnJqdPWz/jINWp</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:05:22,196 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:05:22,196 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180522Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_nefmzedpddgv0mdyzvbdiswy8luqlwzxkjcow8t|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c9d062434716f96c6146fcdfe6ed3083|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxKaqnz37Ur9xGYR7JXqNXmn6OoBlqnV7yG0wEfp2P889m/WF8CKBgDl3sg94JsObrDiUGhSAV7gsS4cEz6oMDP63cCAmUinkQA1KRMlt5fDZ3VBeOb3TCz0f+2xHgBRXdEpXIuqS+ilIKkgpFoOy0dCYaxWKT0ro=|_9f8cec44b1936e4aa5ceac5cb5bba057|
2019-11-13 18:06:03,345 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:06:03,345 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:06:03,345 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@230931267::identifier=rick, context=org.apache.velocity.VelocityContext@52f70d71]
2019-11-13 18:06:03,352 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@230931267::identifier=rick, context=org.apache.velocity.VelocityContext@52f70d71]
2019-11-13 18:06:03,353 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:06:03,353 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:06:03,353 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:06:03,355 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:06:03,356 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:06:03,356 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:06:03,356 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:06:03,356 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session b3c1dd75d53789a1ab17db41efea82ada2ba9a1930d70c70db19dd96023c63f6 for principal rick
2019-11-13 18:06:03,356 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session b3c1dd75d53789a1ab17db41efea82ada2ba9a1930d70c70db19dd96023c63f6
2019-11-13 18:06:03,356 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:06:03,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:06:03,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:06:03,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:06:03,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:06:03,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:06:03,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:06:03,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:06:03,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:06:03,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:06:03,358 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:03,358 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:06:03,358 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@51f400f9'
2019-11-13 18:06:03,358 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:06:03,358 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://tstvm005ae.aeon.atlas-sys.com/shibboleth'
2019-11-13 18:06:03,358 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@30b24c61' with context 'intercept/attribute-release' and key 'rick:https://tstvm005ae.aeon.atlas-sys.com/shibboleth'
2019-11-13 18:06:03,359 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://tstvm005ae.aeon.atlas-sys.com/shibboleth' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1595103100834' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-11-13 18:06:03,359 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:06:03,359 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:06:03,359 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:06:03,359 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:06:03,359 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-11-13 18:06:03,359 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@51f400f9'
2019-11-13 18:06:03,359 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:03,359 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:06:03,360 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:06:03,361 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:06:03,361 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _c8afda1246b6b968d1d62d57357adb1b
2019-11-13 18:06:03,361 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _c8afda1246b6b968d1d62d57357adb1b to Response _b3c25963fbb3ed950e2bd2fb51557600
2019-11-13 18:06:03,361 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _c8afda1246b6b968d1d62d57357adb1b
2019-11-13 18:06:03,361 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:06:03,361 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:06:03,361 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:06:03,361 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:06:03,361 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:06:03,361 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:06:03,361 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:06:03,361 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:06:03,361 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-11-13 18:06:03,364 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:06:03,364 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxpNc7uyJ42CWPLPcT8gVX4lSYA5ZU1Bic8HhGUBoAIvjaGD4D4bIUgo/K4Uy2Yk02dwa0/Qutk1nvdA+SIr8u8F1g6Xb+MB/Q5GEbM5d4kbp7h0EXM61emRsjPlQh4TBFMtbgkzuNtqf1uiXfyQ9P/QbxoQ== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _00a296716f863d6dfdd25952138c2f95
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://tstvm005ae.aeon.atlas-sys.com/Shibboleth.sso/SAML2/POST
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _c8afda1246b6b968d1d62d57357adb1b
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _c8afda1246b6b968d1d62d57357adb1b did not already contain Conditions, one was added
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:11:03.359Z, to Assertion _c8afda1246b6b968d1d62d57357adb1b
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _c8afda1246b6b968d1d62d57357adb1b already contained Conditions, nothing was done
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _c8afda1246b6b968d1d62d57357adb1b already contained Conditions, nothing was done
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://tstvm005ae.aeon.atlas-sys.com/shibboleth as an Audience of the AudienceRestriction
2019-11-13 18:06:03,364 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _c8afda1246b6b968d1d62d57357adb1b
2019-11-13 18:06:03,365 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://tstvm005ae.aeon.atlas-sys.com/shibboleth to existing session b3c1dd75d53789a1ab17db41efea82ada2ba9a1930d70c70db19dd96023c63f6
2019-11-13 18:06:03,365 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://tstvm005ae.aeon.atlas-sys.com/shibboleth in session b3c1dd75d53789a1ab17db41efea82ada2ba9a1930d70c70db19dd96023c63f6
2019-11-13 18:06:03,365 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:06:03,366 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://tstvm005ae.aeon.atlas-sys.com/shibboleth and key AAdzZWNyZXQxpNc7uyJ42CWPLPcT8gVX4lSYA5ZU1Bic8HhGUBoAIvjaGD4D4bIUgo/K4Uy2Yk02dwa0/Qutk1nvdA+SIr8u8F1g6Xb+MB/Q5GEbM5d4kbp7h0EXM61emRsjPlQh4TBFMtbgkzuNtqf1uiXfyQ9P/QbxoQ==
2019-11-13 18:06:03,366 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:06:03,366 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:06:03,366 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-11-13 18:06:03,375 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_b3c25963fbb3ed950e2bd2fb51557600"
    InResponseTo="_00a296716f863d6dfdd25952138c2f95"
    IssueInstant="2019-11-13T18:06:03.359Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_c8afda1246b6b968d1d62d57357adb1b"
        IssueInstant="2019-11-13T18:06:03.359Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://tstvm005ae.aeon.atlas-sys.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxpNc7uyJ42CWPLPcT8gVX4lSYA5ZU1Bic8HhGUBoAIvjaGD4D4bIUgo/K4Uy2Yk02dwa0/Qutk1nvdA+SIr8u8F1g6Xb+MB/Q5GEbM5d4kbp7h0EXM61emRsjPlQh4TBFMtbgkzuNtqf1uiXfyQ9P/QbxoQ==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    InResponseTo="_00a296716f863d6dfdd25952138c2f95"
                    NotOnOrAfter="2019-11-13T18:11:03.364Z" Recipient="https://tstvm005ae.aeon.atlas-sys.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:06:03.359Z" NotOnOrAfter="2019-11-13T18:11:03.359Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://tstvm005ae.aeon.atlas-sys.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:06:03.353Z" SessionIndex="_062a2f26a44c37915b76134b4ab92a6a">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:06:03,377 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://tstvm005ae.aeon.atlas-sys.com/Shibboleth.sso/SAML2/POST
2019-11-13 18:06:03,377 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://tstvm005ae.aeon.atlas-sys.com/Shibboleth.sso/SAML2/POST
2019-11-13 18:06:03,377 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b3c25963fbb3ed950e2bd2fb51557600"
2019-11-13 18:06:03,377 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b3c25963fbb3ed950e2bd2fb51557600 and Element was [saml2p:Response: null]
2019-11-13 18:06:03,377 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b3c25963fbb3ed950e2bd2fb51557600"
2019-11-13 18:06:03,377 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b3c25963fbb3ed950e2bd2fb51557600 and Element was [saml2p:Response: null]
2019-11-13 18:06:03,379 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:06:03,379 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://tstvm005ae.aeon.atlas-sys.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;tstvm005ae.aeon.atlas-sys.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-11-13 18:06:03,379 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:06:03,379 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ss:mem:b7cb06e062074572a4a0fb0f9900747c0feba37be41ca90b9ab313c9f3a2df1a', encoded as 'ss&#x3a;mem&#x3a;b7cb06e062074572a4a0fb0f9900747c0feba37be41ca90b9ab313c9f3a2df1a'
2019-11-13 18:06:03,381 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://tstvm005ae.aeon.atlas-sys.com/Shibboleth.sso/SAML2/POST"
    ID="_b3c25963fbb3ed950e2bd2fb51557600"
    InResponseTo="_00a296716f863d6dfdd25952138c2f95"
    IssueInstant="2019-11-13T18:06:03.359Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_b3c25963fbb3ed950e2bd2fb51557600">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>t9AVgO2IxZVvTX4h64EmIaNyaPYS2VVDMYKjGk+ZrSsD+O+RHFqkTT+HBRO85gykeHpGbbEmF7hIFJ96vj/0ig==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>XI7wQRJ9kKkOWR8thhRUHw3EgbTg5NKhV/NJNgDZ44OPs9PgOeZ6cI9837FmXk4oNVLg9O6DVkKQ1cUvOcCB2SDvR+IXMB8VVPb2oApqaHJHvipYo5I2Lnjh/dQQV3o00wi11TTkk0UFqhvyezJYWpY83/AdTOHh3N7+LjtQESlvToEbeQs6bNSqITTaIwyo+FDk2vYAYaFDi8Ig9QNFIRe/rN7iHlDW4RwNp0LFvPhLodEtPMHBl0QK2EWmLe392kdkuQWOXMQNO0ue1hBt8Bn/kRJDOyDu+ZpBUM/gQtjvR+gSHv8XKKqC7Aun4hmaFjQQ8Q5gmkB2zT7OUgfGTQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_286715f4defbe6cf60fc623bb7bb4356"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_35bfc25cd3e43bf156def6b1a7ed233d"
                    Recipient="https://tstvm005ae.aeon.atlas-sys.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIEHjCCAoagAwIBAgIJAOoD1ZsAvhZ3MA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNVBAMTHXRzdHZt
MDA1YWUuY29sby1hdGxhcy1zeXMuY29tMB4XDTE5MDkyMDE2MDAyN1oXDTI5MDkxNzE2MDAyN1ow
KDEmMCQGA1UEAxMddHN0dm0wMDVhZS5jb2xvLWF0bGFzLXN5cy5jb20wggGiMA0GCSqGSIb3DQEB
AQUAA4IBjwAwggGKAoIBgQCn0eZ+kzJNMF7TbF22yYbQsTA1ClMJNhIlTwk6rQc6Qk1Cp6VeWxiV
dcfYjW2Gas3871bB6xte0nPh2nNCoAzCjl4k6UDmUYF3U9/jGTu32arJfFAdY70ORralla0W7DNu
X/zfbMImLXfMCr/3OllRpQV2Ts65Cv5Rw3VaaGbMoB/AtixTytq4QA9IDJItOR5MQ/XGvBcrsb16
NLza1xAEcwSsvx85S2kVgLSNKY+sw7c4LGwmwzRzHOeTuBP3D9lFuPZHBkuzl8i957FCJT8+kKyQ
Ruz+Cqkrq1tROgCh9B/3UJd2GuHNwBWEqneCioJfttCiMi+eAVnMV9K06z4z3M6bZX6yNjezZLMw
qXj8Ug346mq8+CLxqO9gy7mK2SdpZN+kXSB7hybzaqoewzMbdq1yeCtj9ZsQik2c/Vn0rLT39SOf
YI6q22C6zK1Kg7Fe6ihpiRmWm3rVKjF/Y+P7vL13RQUoFfLRfIKBz6BR3aGPhcGjxF9H6Rl3UbPM
spkCAwEAAaNLMEkwKAYDVR0RBCEwH4IddHN0dm0wMDVhZS5jb2xvLWF0bGFzLXN5cy5jb20wHQYD
VR0OBBYEFIk7Z7cI7REUfJhi5n/vDohdXBoYMA0GCSqGSIb3DQEBCwUAA4IBgQAUiCvKTMpEn6Ut
uS8sCSKoxiYfwWteeEtQanm0RZnoMKEdfCChMH5H5m7ywnO78jHyyV5jHeCIURtA33mt4DG4tJKl
UAjdAgl0mia3AfTIo06QeTpRTLyCWKlNr1PSapEWkCL0+c2hPOtv65GWCSiGpyv4e+xms95ZhndD
33OtWrVMQtCgE+dv7Jm97CusM8pwiw7BcxX5NzsTm6wBadLj8DjXAN87UHgmcftF1nng1+6WKpdU
GLAeQt3STLeWgctmgfu7t+62lMGQlpAlC0dOE0SrSzKCQEkjlQEVccdFphpByuqkWYOJGw7uvyNe
g0A5ViCLdJzMZxtl8se7p5dqEiDPRxbWH+aHPTLLvem1OzuKqoR5y7fxKV6NeB7gTSEdxjKma2tE
SyrEQC4k+dOVS6MgGWGyndoq9T86m8WHADtHM/fju3hUnRhTDjQ9eu3SMjb65gZ9oycNvMRS823w
LfMYyVhEXDfC4TcAJNZV5RzQq5W60cu1wVd1QKI12Go=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>QE/Ftsj+zfwCfBWJUJfHyl4Lqa4mFOeB1s7hZfhGoAMoDClcoAvrj/BUXm3CMJsM2HQwLYWQWkFKAhY48eM1T8HBYW7rqmA0921NJZsSixXanRSpWilwsUm5TH61sGKS5NaiGGpwtmiV3Fto5g2kHc5YpOMy8vFpmmDsVAetPRQLs5M/VlgwOp5J+AauEUyh0IKforiqynRa+/s7nL02p0lXZILbhpSSBc5mpjw+rZ2SwYFhxvQrRh1zZkpunZsaUjj0nAiLjw0qhEfvTu3NGXEGqL1wF5YdovER+2oFug/gAwVpRJCETLyX0cJ5p7lN82PqPTy/1MUTgnGhI4KTL0aMUNtVbz5RZd3HN4g3vvI1i7bk7UcLh4nEAPHR+eDVu1eGUTFjn+wsETH7CgG1aKSSHyoOFvQaTaQcPVzckAX25u+6HqPm189qNt2guK3sPNCJXSOAyyTSnadPVbro8fwh4nhaHeuG17DDvHpFaLDpXwDkNonAt71bTm0q6Zna</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>vUKQHT74De1T8TDaaE/l6XNHUNaG0/YkQj08wMb6eim4xa1UPafmga5zy6vtYSzG35G8dvQzmhbhfbULkFzKfEl6dKtmCWt2+Dd6f+m4M3Jb2zKUqmmvVBxrv3UTLGcrQDT82fHO0EgugFIPN44OC6zEbsDJl7SUXxt8x2KqRe5AP5C1FTekOb4UKOUsDULFW1oMIePIsq63At85wO9G+EsTI5jl57wGSyk2mN8193NXcNj9RRAchAxYcYGod7Gr5v6nr8dk5VKKheJMjsahnLtRFRnL/jLmOFt/jnHJRSk6oXUxut35uq6mmbaQoekN+EPCKliCfoCD0diqBiOsO3xm7E/pEOZU3fXaGMIwrYtWL46Lmeg9A7q49PGAMOzOSdtFkEzk8bC55ecDqgxtC2HKM/DlruhKDaDhCrpy3XRh29CqkiaHXdxsgpiUALgtDRx/r6ZDa8DNL1qW/idor2dRjvJVL8SB6nCZOePLw4fHmi3QJ4mWWTA0KCzUNBD8qc/ozhU545AqqKjhp/8iT3biDyVGwu34+71PdUDVMAL4cXz9j8J5ZwaRchM9jY0c3EUAEjhXo5NCkRvF3UcDT4UAObOZdPCDplqthePf7DH02H2JjgzXkR62xSA8SaYrX9pYLCdkGLty0smlV0TpNY1fKizrnvuTMwv7vzam9vv5PfacrcUKBZn3O77zJHH5MZwTeGTp3CsdiZl0s82frWlx6UWFW3nZzl7emKmUXuea9izNzqrPNnEo29KCLcJuPXYYYHdEfHPhesxK7fpnzlXykrH1gEJlkdK2i5GvNQrJsUlkuZVptpfMWcJs8snbtpQSif+m9M/w9waz/6i4Bnga6YNjZi3dagOmoXSq/vY0h+qldb1dAnw+3vMMcYQ4OIspNznkek0RfjbtVrtY0GsEu6Ec4V0o+ECdYhR9YFWSFbhqjVXZ9Q7BBsV+qdMlJu3hPrEImcp0SXecasRw+zs6zdF6kbnx4TA4PTghFayy2bNKkJv/pSJDP/YPijahqetuwbV3E0slVcxYtKAdiy5T58pb74CzG9sCDJfjm7K49trllbLrDZm3Amf9rzu6InUIvY1LlolQ4TIK66VWwgTEwAH2qz+OjT9IWr3zaTdmuAdNW16GOulbKrI7mZNAoD3jzgKuoH6R2Ald9tb8H7i9xfpSVQrbTPos15NLBBbRCuKkkzGpDU2ouWaR3U+cgvRT32q+iR3q49IcXE/hlrhTRKhqrEQnQePsQhri8/Ci5fZBUkxw7jLEMWWpiyrOhe48auF7IHVIJiZ6or3Mldv0IsbRKVdJSFD8/z3dTEmD66ZP2zIbARDCaVlR7acREKmHht3wruz+stKHHZLXGx5amLDuCUtdfvI9ANAG98tqOX4MSjvWmva3XlLvzRCjSDJ7mktotYVh4IeUGTx+YbmHALrAah2pgQknCDBVIuBZvX0eGtsqGYG4NvyRox5Tu1H/qoKy64lq8Qf86vHevsqNfQdDkb3F4RiqXkC8geZvesKVWOvKacNVNbVCxFNA76CwJILaR5SWr2wvAxXOHpiVSW4glKWDGq+zBoRcUHgEtBAxUmUgvi4JDXWLTjpod6eOD5mq/jQ9uP3mqgqyf9u1BDm1hZ0gzVCNkwAwSNgzyz6fo3DJBW38oaxM0eob5NAHHXizADzKOLkG4PEw/SlubTY+Sduh18SfdV9GDdMn+mbZ6tQQRwG+iss8+1xGXB6t87SOB8ReM9VxUsjvpfqUUSvoAz4mm62N+Mc7wWEYnsY2XD3iH7D8Z3KjZtD6kKzxXZUH5KJVEXiO1mE/o7Qm6ILr3x24AqJA32m3Iz5SfaPMAQdOzjVUxtSLtftR9BJ2I7FlRy8ai1AkoYCPHmmJQTVmpyeg1O1NE+/QoDzrAx8vTC2P5aq7wfpAfQ0KYXXn/GF8MGiIwmmlYRA32krlJs5PqgmVgzgLa0PxniYK38WMvsmdYNROrV+edRjekiMwltRqyjqrvmDTehpGMxsEmk/ZPvfqB47sufsTIZ9p3X/AFjFjAL9S/jw37JPY8QA6BcivuZYkfE6d9X8ak6y7i3XqiycJhGWTnnCflxJ9TJjvQLT7w8EKoClhRsFjrRLBFGXCXTuuoRFA5uvCK/N8+aIqZ2NmCm18cdhqQj6AxHj6omMUeA1jf2Gbx6W2euD3pZHJgZbI8wsVz5FF3RMvQwOsmD5TKvcCc9h2xgEHgKIqk842rKUlgm5v9Fr5IotRF8HyMlXJSWRDsi/goMWZH3o2wF/c0iWHQzdVi7/75o61s7AuzZxRADxm1Tw2i4yIpPCd/G+02dpFU1jbu37f4QY3yC1v/x/QKfrsoOPUpZ3ohqGhMpO6JeC8H4PolnC79VUSP1eUfYFlTkI0IsOrqRNepUpxLpwAVokP/CVjKn5GpDokarG0TAo7iIpvz22+AsBd91WVk6psD8H4ScviI3u8L61GgD+SHBhMjHkbZZQ7ZkVQZpTI1cCT2YamHx8vIk5dR0cgv1m1b5n35B/VuMV+jxGLZ2R9+dkQNJQgTirfvXALBDpZy9/EWwG4vjU+f2x+ji8Jf4WX6rt6wPzNt9yt81I51MvqDmtkdvUGBplPP837MPjeTIzc0dYAQhvIN8MVHGapn6wfn/aI8d4XXJ2sH9FR7BhpS4V4iVgcdEsImXW18v1CSqigO1LkaCrM7Jp8A0UniyIVr6mGKA0ikWSsYRPQ6M+W8U+hK/0wOnwzlxxN0yNmH/zrd+jBjUvacbVmMTCIqJo5KI09fXTZiHkKX1mvrKwqleMT3s9KETLcsRIz76HyvtzqU60kzeuVjcFCusQ1aRa8hfzrplV+SMNEqlJLvDXxgfOe8ocn9wchcHpWnhoEO9gHUsmxzrroz3VAJvM1XHrrziD7U80LldVSF6SKLw5f77HH+8iH5tcjtJURBuoNanUOOV7r6SkjStJnCewK7N9SpqhxuXEX/8hD7vTBFJSnQPv9dQwD5gTqREsqxqtSuWgtpWUSrx83jmmqp5CIeQLXJMlf7unRgSiaCZ0nyVWPcgosenWMAFIhIHMwPl9CRZ03jyboapgnyGeIlk6+RblVPzYonhw626dXnXEWZg++N/IBg8WO+cyi59W/fJL+J7Ni3TImfNm2Ih3SGe70R+qtHEfRK9Hwk+967j15D4HmrXAW+agK4g9aJo8+6BQMLnEvG41tcK8yvhG31mc4bqx1oTx4AIx8pZJEXC9oOqXe1PDop3Sg2vXV/w/TkIlqUv9ylJEkeRITZ2hBV9NAwivfSIrDpGXOvvMc2ZjGi/KqJkAywIq7B2/0x3qfftL3+Oi8Be9hMDlEhD213YvqpKeRBVtRN+5OjuLotIjv2uwdoViqVDHrOEAHjdygNQQBYi/VVbtpj1yZKXxSainRjM0rP6zOFo0Um1gdOJCnkCv7C+KzjuZAmzAh7jFhYVQYwleRdCOD+spnhsBZpolvyR5p7eihPIvv1DOkCe7An4aDk0xKMLxYfE45qlxNcSjR/CVbUMnh9QE3k87RdfNtMKD5+e2VoNts6EoZTl4eWY9O9q49sgevSvCuEaRJ8xWtIJs0q5Wc5g2atOELncXPrzJ9bepCCW/w86foPwwHr6jD/2KhpAHTR3/ytRlqNCnrJWOpytpJ59R1qpwikkqyiP+vjKWd1QJVHwMlTb0PrW97zjOcYsfk9e4awiVfx8PitCM/0WtUTIdYJQslW+ojg7/u9DVFZAdja7BNZh0r82XtS7wzy9knh0DFxgYrQGklQOHGQxBlXLHOrVI5oT4wqyzUXWa3uFMoyvqTJKAWzNq/y3L8CCalM4a3zFWvl4tR8dioxpf3T5tFuwEN1Y+hxnBPPn7+xZIxSvsHyrUKE/SvXKgn4Wyzgt9HBKuZ83cgswDNJd8ITxohZUamB4HJEtLA0uvxbf0LEySPuEpfWdooseeL/1ZijHRs/5XZjd0hFIQ8OhvbQgdE2IT89LsSHhiHeLgimH1v6rWUhcuZ1cjjtksXqThxW1FQaplqY0iTV3Bt9M92OBW+itUOrOBfo5QwBt+wiWMDXNjEiiFALPokedpbFcxuEPwDRWNMEUsKuEPtiyLZPENDEnAO9XABGGwTX3qG7dpopf34uGeZwkUrmEqw1X37W0BDl66jh/FbaqUgCXz23SsmwqxrC2k2frC7F2+tK8Bc/lKvzuoVO0daYiz9ubqJJB5Cv9f9/y7UHIImOgxXcUcDWxesF8B80SR3k26SxZhYBUIhOblK9dFv8ETMkHIqpQtPukWznnnkfxAVfFkIeifztBi5DeCBOikB8B7vkSXyinYkN+ss0U92sq1w1GpvsBWUq6l3aLLrDUvS4eyPNoIafuEaeDwSuO0zwao7puN8eAn0HPgAkkmEkgm81PLt5TV5GJrJtXBBRfQuZPjercR1iNfSmmv6CEIPt1eL08kzsMSuwIrfieO1pJa8Eh86GZW2CvlppnqoX4SMcWW04fZLAPvxza2NQnEkZQK0r15OSAte5AIeILyEPlYUSvvCDqpQm+f+4Hce3QqUF/tVyvQPvzj5f0ljKfTiSFoibpYR3tBBrMEIN/scYH4+t6fYsstQrV+n2lbDtDHILw5dxuByJ/GFhRMAWM3Bu3sxxyuN1IdBaCqjazbgw+9Dvmo8A8RzNPYaEqkgFCVgHAF1dbaLCFJhquwKQRW4VUOZX8UkwmFUeU98MvI9m7ikkNmUlleNgE9OszTr77NQ4ufCGsbj8PghBGNmAY7/brVe9aZ5dyOvWBACdnSzcgnxXLDZFPvewzSBxWC43Zr/FkW7bolIpH+ldw1JnKIiJWwOIrZ5WweBI2/bIp12sVt3sFCG/f2MO2zunP6EseEZQvkeCf37XCl3+hkTpwrWxIvE</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:06:03,381 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:06:03,381 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180603Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_00a296716f863d6dfdd25952138c2f95|https://tstvm005ae.aeon.atlas-sys.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b3c25963fbb3ed950e2bd2fb51557600|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxpNc7uyJ42CWPLPcT8gVX4lSYA5ZU1Bic8HhGUBoAIvjaGD4D4bIUgo/K4Uy2Yk02dwa0/Qutk1nvdA+SIr8u8F1g6Xb+MB/Q5GEbM5d4kbp7h0EXM61emRsjPlQh4TBFMtbgkzuNtqf1uiXfyQ9P/QbxoQ==|_c8afda1246b6b968d1d62d57357adb1b|
2019-11-13 18:06:12,185 - ERROR [org.springframework.webflow.execution.repository.NoSuchFlowExecutionException:?] - 
org.springframework.webflow.execution.repository.NoSuchFlowExecutionException: No flow execution could be found with key 'e1s1' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows.
	at org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.getConversation(AbstractFlowExecutionRepository.java:172)
Caused by: org.springframework.webflow.conversation.NoSuchConversationException: No conversation could be found with id '1' -- perhaps this conversation has ended? 
	at org.springframework.webflow.conversation.impl.ConversationContainer.getConversation(ConversationContainer.java:126)
2019-11-13 18:06:12,185 - WARN [net.shibboleth.ext.spring.error.ExtendedMappingExceptionResolver:?] - Resolved [org.springframework.webflow.execution.repository.NoSuchFlowExecutionException: No flow execution could be found with key 'e1s1' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows.] to ModelAndView: reference to view with name 'error'; model is {exception=org.springframework.webflow.execution.repository.NoSuchFlowExecutionException: No flow execution could be found with key 'e1s1' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows., request=org.apache.catalina.connector.RequestFacade@2a5315c3, encoder=class net.shibboleth.utilities.java.support.codec.HTMLEncoder, springContext=Root WebApplicationContext: startup date [Tue Aug 13 02:10:25 UTC 2019]; root of context hierarchy}
2019-11-13 18:06:19,065 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18615-nz-DPT1-JvJhZRPAcra0e8mfvRvYZm9k
2019-11-13 18:06:19,065 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:06:19,065 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:06:19,065 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa"
    IsPassive="false" IssueInstant="2019-11-13T18:06:17.957Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>vGou/ojDtUytSwy1BXBr7kXR0S9QET/8inWOnhW9K0E=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
M/RLZnpztTDxhwC+4uHEueAssyofGnM7lEBJSYluJymp9GB4quN+cY2tyjCU7uoTBq40rTyg98wB
xHK4QoYB+2z1dUCr3e8hT5OGhV8nksygpEm3vj2xoZ1Rpgv0NTtczgGg1mSUb+ey8p5FWgaGjnEg
Ijzxtxzl+U5R4iLA1Nkr73bDqE9TsSZ4VwMFPI6Mj+j07uznuL9HaADA2EiwlKf6Xq8i8M9VZY+R
hc5WkTXKwKrFMMQR5ZIqgxrShJdYgfnx6OuMasEWRK6Jr2fvS4Tni3Z4Y1yaVF8iTmmIKPXyk5y9
/OtXRGiRorUN6qxxS5JRNB7/hlODEkqqKH4aLQ==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-11-13 18:06:19,071 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-11-13 18:06:19,071 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:06:19,071 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:06:19,071 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:06:19,071 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:06:19,071 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:06:19,071 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:06:19,071 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:06:19,071 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:06:19,072 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa', issue instant '2019-11-13T18:06:17.957Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:06:19,072 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:06:19,073 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-11-13 18:06:19,073 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-11-13 18:06:19,073 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-11-13 18:06:19,073 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-11-13 18:06:19,073 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-11-13 18:06:19,073 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-11-13 18:06:19,073 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa"
2019-11-13 18:06:19,073 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:06:19,073 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa"
2019-11-13 18:06:19,073 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:06:19,073 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa"
2019-11-13 18:06:19,073 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-11-13 18:06:19,073 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:06:19,073 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:06:19,073 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:06:19,073 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:06:19,073 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:06:19,073 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:06:19,073 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:19,073 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:06:19,074 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:06:19,074 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:06:19,074 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:06:19,074 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:06:19,074 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:06:19,074 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:06:19,074 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:06:19,074 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:06:19,074 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:06:19,074 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:06:19,075 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:06:19,075 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:06:19,075 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:06:19,075 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:06:19,075 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:06:19,075 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:06:19,075 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:06:19,075 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:06:19,075 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:06:19,075 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:06:19,080 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:06:19,081 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:06:19.081Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:06:19,081 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:06:19,081 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:06:19,081 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:06:19,081 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:06:19,082 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:06:19,082 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:19,082 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:06:19,082 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:06:19,082 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:06:19,082 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:06:19,313 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:06:19,313 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:06:19,313 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:06:21,955 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:06:21,956 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:06:21,956 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@966577014::identifier=rick, context=org.apache.velocity.VelocityContext@28b767c4]
2019-11-13 18:06:21,971 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@966577014::identifier=rick, context=org.apache.velocity.VelocityContext@28b767c4]
2019-11-13 18:06:21,984 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:06:21,985 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:06:21,985 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:06:21,985 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:06:21,985 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:06:21,985 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:06:21,985 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:06:21,985 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session bf93c7b86fddc67be85a0af47d4fa16a54c3b0ce202900356c7be1d5e29a627f for principal rick
2019-11-13 18:06:21,985 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session bf93c7b86fddc67be85a0af47d4fa16a54c3b0ce202900356c7be1d5e29a627f
2019-11-13 18:06:21,986 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:06:21,989 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:06:21,989 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:06:21,989 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:06:21,989 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:06:21,989 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:06:21,989 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:06:21,989 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:06:21,989 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:06:21,989 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:06:21,989 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:21,989 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:06:21,989 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6d05f92d'
2019-11-13 18:06:21,990 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:06:21,990 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:21,990 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:21,990 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:21,990 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:06:21,990 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:06:21,990 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:06:21,990 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:06:21,990 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:06:22,161 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:06:22,161 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:06:22,161 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:06:22,161 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:06:22,161 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:06:22,161 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:06:22,691 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:06:22,691 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:06:22,691 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180622Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:06:22,691 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:06:22,691 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:22,691 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:06:22,691 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:06:22,692 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204382692}'
2019-11-13 18:06:22,692 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:06:22,692 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:06:22,692 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:06:22,692 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:22,692 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-11-13 18:06:22,692 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6d05f92d'
2019-11-13 18:06:22,692 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:22,692 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:06:22,693 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:06:22,693 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:06:22,693 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _f30379926d51302904899ec93a82bdf1
2019-11-13 18:06:22,693 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _f30379926d51302904899ec93a82bdf1 to Response _16489ef0bfc0256ace0be3af4f9d8834
2019-11-13 18:06:22,693 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _f30379926d51302904899ec93a82bdf1
2019-11-13 18:06:22,694 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:06:22,694 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:06:22,694 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:06:22,694 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:06:22,694 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:06:22,694 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:06:22,694 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:06:22,694 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:06:22,694 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:06:22,695 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-11-13 18:06:22,695 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:06:22,695 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxFvKPoGMRdeJApKPCsMCh5rh5NjLeLCKnRQiBsdYDxgyPSbUA+YIjpcXxKh0rULyiDlEK1lXMCvM97cGNI3PXRFFtERsals+2HuZoKvYoO+hNm6HdtEoI8h3j2tvNXvSWG9w5sN8LBe9el9pKCMf30BopvvXJglA= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _f30379926d51302904899ec93a82bdf1
2019-11-13 18:06:22,695 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _f30379926d51302904899ec93a82bdf1 did not already contain Conditions, one was added
2019-11-13 18:06:22,696 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:06:22,696 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:11:22.692Z, to Assertion _f30379926d51302904899ec93a82bdf1
2019-11-13 18:06:22,696 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _f30379926d51302904899ec93a82bdf1 already contained Conditions, nothing was done
2019-11-13 18:06:22,696 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:06:22,696 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _f30379926d51302904899ec93a82bdf1 already contained Conditions, nothing was done
2019-11-13 18:06:22,696 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:06:22,696 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-11-13 18:06:22,696 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _f30379926d51302904899ec93a82bdf1
2019-11-13 18:06:22,696 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session bf93c7b86fddc67be85a0af47d4fa16a54c3b0ce202900356c7be1d5e29a627f
2019-11-13 18:06:22,696 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session bf93c7b86fddc67be85a0af47d4fa16a54c3b0ce202900356c7be1d5e29a627f
2019-11-13 18:06:22,696 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:06:22,697 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxFvKPoGMRdeJApKPCsMCh5rh5NjLeLCKnRQiBsdYDxgyPSbUA+YIjpcXxKh0rULyiDlEK1lXMCvM97cGNI3PXRFFtERsals+2HuZoKvYoO+hNm6HdtEoI8h3j2tvNXvSWG9w5sN8LBe9el9pKCMf30BopvvXJglA=
2019-11-13 18:06:22,697 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:06:22,697 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:06:22,697 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f30379926d51302904899ec93a82bdf1"
2019-11-13 18:06:22,697 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f30379926d51302904899ec93a82bdf1 and Element was [saml2:Assertion: null]
2019-11-13 18:06:22,697 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f30379926d51302904899ec93a82bdf1"
2019-11-13 18:06:22,697 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f30379926d51302904899ec93a82bdf1 and Element was [saml2:Assertion: null]
2019-11-13 18:06:22,699 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_16489ef0bfc0256ace0be3af4f9d8834"
    InResponseTo="_zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa"
    IssueInstant="2019-11-13T18:06:22.692Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_f30379926d51302904899ec93a82bdf1"
        IssueInstant="2019-11-13T18:06:22.692Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_f30379926d51302904899ec93a82bdf1">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>X07H56dLw/hoxXRlLMgB1XZx2Ci3nbwB7/gDF/qqzAUamtDKBL0zKb53xiNlMkiSreisbpcxC/KTyeNx5LcMZg==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>UaDcs7lEQOxvvbIlI+TClv6ointB4qRZk0ztvWCYS9VzQbBW3m7XlAl5KnJIQ6yYJyx60xU6DauoQ2n+0NsiBL5TNawnK8G8olQ7eglPzCPvg2m/KfkE4fbES2mU0tct4LkEV2OZ2oGTMLcavtgV3vctz+A+UpVlkFycl1BSeSA+v+DJH8OqZmgw46pkFkkENOdao85eZ2z0YwJS9g+x8bC21p+lb68X+ZsUVtnXLA5lv/QNKCcWuf/jXwnYEYPElqeh6ZgZPSk6xYzwcVXegtKSXNrCmj72YklFDPpU3xCnIjr6uBJqD1pYG02o3px4fUjEKBYAJwi8oC0KNDqDbA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxFvKPoGMRdeJApKPCsMCh5rh5NjLeLCKnRQiBsdYDxgyPSbUA+YIjpcXxKh0rULyiDlEK1lXMCvM97cGNI3PXRFFtERsals+2HuZoKvYoO+hNm6HdtEoI8h3j2tvNXvSWG9w5sN8LBe9el9pKCMf30BopvvXJglA=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    InResponseTo="_zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa"
                    NotOnOrAfter="2019-11-13T18:11:22.695Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:06:22.692Z" NotOnOrAfter="2019-11-13T18:11:22.692Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:06:21.985Z" SessionIndex="_aec4ae5582e53a62e58af79b70d5f7af">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:06:22,701 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:06:22,701 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:06:22,701 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_16489ef0bfc0256ace0be3af4f9d8834"
2019-11-13 18:06:22,701 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _16489ef0bfc0256ace0be3af4f9d8834 and Element was [saml2p:Response: null]
2019-11-13 18:06:22,701 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_16489ef0bfc0256ace0be3af4f9d8834"
2019-11-13 18:06:22,701 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _16489ef0bfc0256ace0be3af4f9d8834 and Element was [saml2p:Response: null]
2019-11-13 18:06:22,703 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:06:22,703 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-11-13 18:06:22,703 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:06:22,703 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-18615-nz-DPT1-JvJhZRPAcra0e8mfvRvYZm9k', encoded as 'TST-18615-nz-DPT1-JvJhZRPAcra0e8mfvRvYZm9k'
2019-11-13 18:06:22,705 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_16489ef0bfc0256ace0be3af4f9d8834"
    InResponseTo="_zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa"
    IssueInstant="2019-11-13T18:06:22.692Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_16489ef0bfc0256ace0be3af4f9d8834">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>+ZvFqDHc24NTqQQl99dcxcwTDGKRZsZnKOETRcLI90CSU8ZMcU96tFz7jUEQiG9aWnakwwbwuhLfXHarENy5/A==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>jO4f/l0hAl26NCHP2/pKupLuyF4OU+MiJIm9KJ8W2j9vL4Ci0DjlGofzsAq+F/RzDQ83/6QI7PuoWWPhmlICS2BrAKyIt+m9qGHeJoOY26Dl1PjoOL2AOmzpXHKfA0ASOImKCuO4caUefPxzn4pPeVErMbOva5PAlnnwVnKVf/fyc6BYIGN7vajSIDBSfH8Wj3+CXcBdi2NT1zJcRHgobnBfJ2AlJus5WLg6nstDgPpBv8nVA+4rAa3/gXZDGlzmgJaBhGmLsHrpzpGDBsgjK7Y3a5Az+KiMopv8alAntfXwKb6S1YAD2TBAgg5ZjQGOLD0xhgX7Jael4kKKVTyKvQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_cfb6e47185630c79f21438f70249680b"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_c630edf9cc019758a75f0be9c81d3a1d"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>RPG8udmA8zMAssC8/YmwcIBbDppD7hfLFVO7RWzk6nYg6diRHSc9yzg58V/HPAdWU30bz3wsffTzxql1sF1jLbA3TMzNVdr2FCT9jUIKXWkyHfV0xc/SzkfxbBT87BdNw0rIZGUkwtCfOxzo2V9oLqLZhuqcq5ejBaJt28bTI1qMX2RCH15tTFiihzAzsVbFsSawX6NYunCKnqKXEH7PXGVq8QGmGzFF+T0UWI/GJt42ZfWzqiPItwTisOLTDV5cYKfFu1sfuRDUZj3elTCk+Pmxq98puVouoor0/b68M8/83An04YtoT7egUg/Q43K8UskY/yp2mtGai2dRdb8ENg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>bOpnnn21nMWY/+RXTn3ir/sCju49Es0/lsPiCnCpU0q5EUUlvijmOsG52fb+4lvLpeQCv0bVRh6tGzswbYNPqzh7V7BjlRa+UvJYAiLivfbnfZDBDTvUKGBN+jO+KUkJ9ueKz1X6KINyysnodOgFhv9VpUr6d3G/u43wnrL/NhXZN9A+w+lmLHd9yhRPSoS2mOQMwceOBHvQTvyRbprkf/1hBvD4o1gpXMQdvBb11kqApHfys3WQG3LZr1Ds2vrR7Gcr0hpYsbEfUzAZFDdZcgo0gIxucG07VYHCG4uNgqXhh5TCqGyZ6C7XKtHW/bGwhrgZfCgblV+3zcfHZnN4jOzCMGY1xO6qYJfu1O275qaGTNQoHA2JZjaf3hfrdJ7zY2T4zUWHfKZJjbsYY8zTA9AEGIvnWbf0JHI4YEYiSj3Vgy7HwISWb0/hwKypbEGA+6WTu6uHzLuwcpge8zPLdWdqMP9LJif9m4/OFtonVGGjXS88oy9BVpd9F4J3+irK4nKUEyG1TMPQz0FgcK/bwSCR4JfDk6WeMtYxXpxQYDluhDwG9BUkANx/XtQCOz55SBkvRnaR4GSbyavVn5sOWv39JkQNI2PE12j8n0W9oi/P3MloG4fbhglMPRzga4VtjN+pp+lTZmKXw2jQxhE16wkJ6LlxQ2mYEHl2Z1+W+KnuSTmmp+r1wlquwtgmOUHn7Jk+qIn2JE0JjnxLtPZJC2w2E+mQoRThz5BFrHMZwqVHQ0xazGp+4+OpNm3p1h/CqQ7+NRVVDPqF3TWn0WsUukWjx8kkmrCaGyW+ps321qZ8uLFCyuCbK3rhAwNV6qt5bfn2vsLc0e60Z9ELpie/oRNRq1roGwoiObBZwFuIrAfzWtqbyR5D0YbMHup6gZKMRlcQwnl1JMI1B7kYsg2Vfd2UaT9SxXvsNmEqJidwBIHbIHb2QzX/2Fn2TDyStKDcqgIGFn7YPSdzKHpIHyJPjkebyKs1UAdr+JYXFXmado9YRJfNYPaXimY8Mja8x5FhfrpsgYjQGbkWhChO6/4HVoeCLDWysRKbQ5+wGBgq6gV7fJif7m+4kaWgj6sCAabT1TJR4J5DKOsiFX6uB59mDBnQdAguHqMcKwealF2bcY+h2ui1GmdHr8mtFN+2FtTHOaymiGS7xFEYI6LtJx3S8zrwexD/ey9ICMfdASEukyL+/94M6h5Sr/93V33LGh34RQ7+s7IJ07CfvT2tymlx92TOvEg+sEk0a0rYlyoeHR5kvCPiSviMQqQ5SykcKGi6gmSfK0qdvSLBSW2/7Sx01dFVWxiPHGatdhVwDXR+EQXZOWqV+M+FtE+pyWxqvG0KA89ccoUySiaNXN8xlGEaDQ1/7OXUNJ/q0uc9YBIbjpDzOybsjlIwWEV700KaZEgj2q+XoMB2JiVJDPdnKF4UnF8MuV8kr2jbKyyCV928X5qMvsVJ9fggJkU7f43oGYJeQ1J4twnzlpAVAA5BgS4vNt8g3LK4K8i/mZNF6HhsfS1e20bUtRfRhTeem8Z/K463amHN8kQr7RapdUoveoNnC2H5Ps9fMbMZ/77DLgKP2LJ1f0yzTL1Xa6S/K3Js/h5A94Hw+KKwSgR9TpPXe1wdSOLtP1eV6A/vk/GmVJY1WdN0vFx1tFCc3PDQIG5Jj3zbwWOHaV75UTPJsmbWJxQ6qLjJbLLA1Ng/8rwroEeGoifx+8LvnmPS+BsUY1zBd28Rm7wExXM9X/h6kyWz19Kh4l6+ZK9GYyMoZQ2txO1LT6H/qpDneRoDOgK6+ZOooDGJ4wAD/2dBomCQoQ33xJvefeH51zv8GtNAEpOjU5FwKXUuHSujxBFM6Yk0qIov3unhGKJ+pDSH9FvGCzgLCRWvJjdlZ/2y/XbJtPwcmXARf73GkaxRhUqSYOOo17gU6ygFn3vSouLLX4mEVILMJRB+9Y161E6eUK4wJORPksFE79lnXlJnLXxU5CX2nuSyVpmlv+Sv80vKN/KqnszPXs5BlI/78aVRdyYRmJUMBmYY0NLrWzSHoYC3h50hewguzWHcVA9Ayff++hikn8y3f7TvzBGPgTaxm9fAm6aadIJ0goJ6QUSdtK/3UXpCJKTpFbAHem6I8caJi4eUpA5GUBT8Zo7wwkllXaAl/wbKhClRxYwJMPTISWyACaOsKkROO/zM5USHed4OL95Tk7JXOZg9VUlUnjJqrTp+oJmPozKpE55NcftcEbWYA/2RJn/b0mUAKjh7T/NKiVUAsfwqnuvU8wKYpRjPXE2ngRfyX3gt72hOPzfWpxzPlxTY4PqXSwHs5hAkkZ9J9Y8ILFtaDiQe0ij6MKgbp+zjvLEFD66Nh+Awe5ybMguyHGnxSdyEpqrKMy+hDlkKq6zm2FxRWITR8BWpK9609svdOexH7vEmJYUq3gd+BXq5C8D615fMZg61mxymHsVMuYT+SLxMrdcL0yiU8c7zrHDQLPcbRvv8E66Qd8L2wt66JM2UAj+5iOYAFEqeVtcEOdrf6rGWVAhuz0kbOjm6YLhf7hYgUC8C1m5Eji9et5isVen7tjtRQ24osr0hXGbYU36o23vvCAVFFTiB7WcOj+Q+iELTcvoVjzAQsxxAheK8tI+c5Qr1Egv8J14I6dn+mzTY0raJx6PG2KYLq2lMfa6BBWb30JCIxLw+m0b/+lPZTHShD+FPzZc1Is24NMx3dppJ93xiwjsTmh0McuPTioekZk/mXo18QQvszYuwRjW42AnaPL9I5mXLMEccjbKu4s2A5/s+kb83pPMIiULXbW/JaT7u+o3j2Sx919pMC05F3rw7eUrY1Ga9cHRhb4cHifOEDntCYFnwWR4dI6m9ECqV/blFspndOPfmvkVVRrlbiaCoxlEnwKM+vKwTVkyPLvQ3zEttshXu1or4zAYguXHoH1jYhaPdlGT7pjmmb8OvP1OeGUZOpYlfOQYajwovC1UXTVnusGUmzi7CD4nOlwV5jI1gstdSe0TPJOWsJFwp3nowRkujY04ql1eyESCd4IYsTMxQP0VPu53GHwi0BwGL0TVhLmnXP41PeliOc6ncBlIhn2YpqhOD96B+bL8zgcqjgXctfxdl5N9z7XSKQkIX6x/RYrruSNxKq6qqfTSj++u1MmwqzurfO8RkZcWNzRaWe9OD4cJXsrBEQb0acpY1KUnkSfOus+1YCDX2W1aOreGqzTVOxeezSimwyPQ9ERICDyG7cXA61V6RT5BRhoB0sEUpNOjlXAorpUjwJUqhxrfy+PwMwxJF0uqDq6xy9UTRU7tPe58F9iEOZx429IT0YF1F+RNlaIb4dOXMa9CL20IQExr25TJwcXOFcyxMET0CFcostK5NQfo8B+NNilzpihWdlHUwhho5sGO7CmkkVxA4lhnYJ6KKC6CIvIlrjcTL47+KFsWQL/cwe4FLSEGzOfHBdLpMbbgJ9/lPyWhCyfuBvDQhWRtcWDvJ/si0T4AOUbDe+IAnNKnjnjw6m4H94jzsjuMdRsoK0aFsm5aWDOFrxCGp8umQw8CyGT0rnASJmyt3t07PqH1KMKqNu1iGgOYq52VV7z1uziOtO/tHIDhRLv5Xt3EVsrQLRC0MHIpRizichlVL5axy3wyeYPEJ7Bk55hqRfqyL7Ss3NCzmVhrFg2djGZV5zkaofaratsOyhYy/9q1ykmmsfH7YbSPYAn0a0Kc2j9ISRa2T5JsOrLvMrUUXgCn7rxOLpGyr0nKwb6Qtsb1Vrws9DKE7jEKhZDaZYt8wjpQ1UKK8iixIrlg0NZ8AGP/4J2zeaUQY7lvycp+BLXGeLgMM3VO80fP92anSTblw6pflRr83BVtyAdefhIwGWeCpB2I5Vh9g4p0zcpAMmVeBtVCKbFmgoPDHq0ft8apnJTrOEmbmiLxcw9yf/x7t9QKNT3GVNG6yFKtsAgdgM5eO2fe1meneUS8VhiCT+LhPWiVe/XO+sCUyC1a8eX3/eK0hRfq185FphnkO4U5uOJI2D7SAm+R1zIncphrYMkHai7i2GZXhV/GaAUz/7TVTkjjaSwTMADErYdxsSBnj3TD8H7D1lOWX5juFny5yZWW1NFrnrnWK8aqrDyiFGQRlZ4d98M5IJ2zn4AUk20A2rL31nxmT/vkvAyp6dZ+FRZAlgDQPqRlVkp/FPPyh1FtZMuBEaU303A/DA0gsKdTyxgIypzpVoyy6AicnVt6rcZ/2uFBsaw0RySIz63m+cQtkiXAhNkMhAi9MpP9g6UrpjaMXdYlI/a7s0nXP2pWFyU36JQXQxDJVRPll/SD+TFRc/BxPjJaxE7fnyOGHOnKFwl1y+Ye3x2BlKe4x7unqrriTrW4qHQdlaBmAajxNLrKpvapUekJ/76t3IdPGVoTfe7TAywagzliGW2L8qJ4H2nE8VbaQ78DIfgz9/DC6Nc8/k5oPhmc9Slx57xfQnlMZB/No5U4bbRb07+cGO4ATrLTo0yAfoO/1HdqEGuMCZ8WnlF7FRO2epNwbOEL5lDbSjxDHBm/6OJjkMuc5+0UxkZTqtnbJstpDKtwK6l4QWk820iTTF5/AJBhlzY0bLmxhB05bS2yd+wd13E2j+cmi0bYoxiyhICXliwhm7w/KbR6FmjhC14Jk2kw+JWHxlr/ehkO66RQQwCoTJCwdmnbAP9qJnYvPaqCUMECwIgqPZqbJpOn36fI3dycqHiOArlFx7UQG4/zRiUbnk2mmTPXBD+uRxiSNjnX5w8dAHbdGJNAXOfO8+3X1FZOmJUZ5OTRPciw8JmZYMghZzyIr5pSuTVyKbkHJhGgadA4b4IcFGmGIiuUJuWxuLyvmbjoWVtjw/CLajT5jKoIZPM5S1AIkKHnUpftm/6WKw3UmmD9nBD5FsRX0VHXycpSTZcBb8cwyUS6Jb4fTdM7V2SbgUwYa3rL4W2ULiO76CLsEohlnTcYbRltZTgG4zboqokkqupdGdri69rkFLsd37z+7Suu4VHZRbUyvIOBQCZwNlGy+BYBih1jDTXpscRILuSK6FN1Vf0J70hl637Ag1n/nFwh+3Vf4RbcmToa0z9xMe/4Zl6+RzGpaIrL0kLStB37WAE2Ch1dm6iSUvGLiPvUhtypUQg2uzM07JTuMWt5PiiiKWAUvtw4KFD2dBcfnFY8FohRr22aALgl8VGYMhnGbIyQWWusfDxWwHrtZ1N45tUBcMaJf3M8zqDRm2wn0ACBPtuq93WIMEELn2pKqrOKkkrGYwTlhFP2xd32b+HUyaKRtuJF0Tj/5H5g+RvURGVE5bH4v/dX4f6gFhuIcoo8GQeyeeRgTRy44HR/Ijz8LyzN1ExQTl0zy0ogeFNvsp/0onDIdzvVXRjH1DXTwv4OrZy+IWhXAiUulzdG2OSQxn0SByoHuaWxsm3ax3gaF9RO+9mo+QALwmVG0soC6tj+WvAIYFfk3kcxnGJXA+mDvD6E7VRnxPuaoCtWaiL8emEiJmFjzhtIZD+fGZkxqp3r7QKEErFG34CySVdZEfDUPtMvx/Sqhudcd8u0yiHh8QL1LZV/WDDes3KLmCBvS0jYllJ9+AZTx3zjdhY1dxxlDfrPsH6/i0D4M/ev5u3yC/mPPZrlHOSR60FChlq99Y1FZekhGYV6FeyEzkSqDnTGw5YKgVzIHlNRnYBNx0OK2df1q+IoSa1r14LFBdC6YvftznLhytIb0pNvSnkJ5y1TrUWy7zfMrGU12z4PNq6TUxMwRWbocy3S36bnfQhjoqajjxqs5s4ByAS/kTY+eBXbWXTOdJHle8MAoCABYPECXZVsR5u1mc5t4uHncyKWIofoVl0lFKrQn9IQ30sCqT69ji/LmoRyp7GlB2G5Ep+tCwex/ZK529GE1NnF/WK2Elt8YE5inTqho3GGd8k3xCtVy26WqPd5NsYnSUz3mraSB7zDRdFTpZEanpnV0HAmTQ9hMvmjql1tXGt4ppJDWJhqE3BwrObhc/u1fXEKfZgMbaVm1sOk9E3H+CNvTSevO7yslaJH4WcT/p0zUUPIdKtdFI9aSDypjTplk/CnepyDV7eLEWB5s4RSeihiOcq7gxNp9bzJ6796fij+XVrEiAXOjq3IF19DLgrH5iyAUawjJHapYuxQTtxTOUYaxv62qu6IzUBSkOB5g3KvpSiD3doVNax9GyaW9kzUMO722ty38GEHUQmQWiHoZbzRX28XAOehst+YnryrQ660xCqTBk8QMv4Bw40l9RgnG+cbgQuGcq19RUVDUJCM26N/iEPJmYnKKcCF6xoWomEJH9F6Fdf+QqUxs/wuctu5KSxQ4UNmLsNrPxBHlCm7iCFYoTQyj62vGVZ/tnEUOi1lw8t3dlLy7gn6g9m/GauaPiqhizSjhFEDgeoeDxdg6j3al+0m8MJpT9BSpC9o6hdwVoNioKkdEFQlc/W9M0/l+42Pv3rbOTMYLqZKONzWfVYSmngRumhu5HNGQX/j+OM6r64xw/b+BckDRk/IXaT4/tsFmyMoTLoCSht5eqiYlYbQwxbUFYqxCQzHxiRSu0VuBx99sNfh7rn8tJN3vJNkgudWeYr5YHHMsSXeYL6mZU/295zP1Z6Wasn61kDSFF1I1iIa8J9ceMslmIZfGuTgW5Z7ngU1JDKHQohMZADIbLlTTBdY7aUGYH95M/nw2HgQTiM9nniJKcFnKKPPB8kgiAtQBXebEK2vn5GHmlRvUFxJTDHg15ZpQ/pJH0K8DIILHtnlX5bBaE/n4l57aMficyh1eabLv5XOJCqwAL3Z15hFjKVN06hLVoD3Zz/Xm/5pi9/s0fHeXy/q3Ayol9fhYb5gCzBfxwpr9CykxTxkxib2Hf6ZlSmLANes5nusn7cMhKdbS/E+UhyKD3UtMKloE+sRysRocmGsX4vluuLI3+fHLE95G2WQ8XvfwZ0jFTjMUQ05ixx+U1nmaUMvmmmaknejG1kPLFYemVi7BzGZZmhY74rr9lpYpvyizp/mMoHkdd4ePJ9thL96gdv03qUFTiYM1fARTy+3g9RzYAKIYk3UvU5M1Y3ALdmyD1xxwbswYBoWslOJ8SS9M5m6AEfsM6w2CzRtA125BK/EapkwXgEIjiuuQc7e4F/P5tqwxWyRIjJEXUOZnD5WDkbUrdVH6HFHaLKFWUUb3bF0w16sRdt0K5Vl5vxr1IaHAZNcHuOYTTvHmOlTGCusUWkkp34O/brbzeHa9jrrpc6CMdRe1QpoMpTPMW0AWsH+SsUMH+hqFbpIKT5qOHanvluMBbHaSp9XHbOoCnCF80EP+T4V2VPJ8Ls6KzB1J3tKYP342KWEkcMn69R4scg/yqamgO7zo0cKH0PtKdv8ryB9o1JfJtuSsePBMPPJhfSLWRfoaHsf1mL7u5oDl1TDp1QNv+oGx2p4kHhUoKnOvLzr/Zd79MAxZd5aXzKAl60ROTH6L7vvuY4v9z1FtQgsdVv9UVMPuGbwg16dYcbbbN5mVJW+Mwj56vh75rYB7PaZdoswd9W/Ysi8+7V8MZhogBcydQxxLST3+dILBrNnyiqir+icyCddauSmjBB1IK2aLCGB/njWgd3PVg2R3x8nhoD/C+xM/I+dco4FzqgOUAgb8bxjE5AnkEmLkYJUeCpBymlQytj09ALbauDZHKOZu+Xv60XT6o0mgV0rFXSST5cS7tOohzv61yze1FaNrBOz8HkaocgEqkkO4hF3bMCXl79oYTdn51wdA/tMH9zNHKqsKEV+5AaRJvvPGrTJzU9T0/LVIG2htXa3SjXebmq/SKGjLI2Fh0mev6PTIWKO7H+1RWAiicFFzJKdoE5k9QhfvfA0WJVZ6C1+40T1DNgs5atFho1XGFKm6zSiJpNP9ixjCRuNS3EsF46QHEldVMkk6jYeOa+esLrvKYjf1678SuiLcoWRYOYmI7bHZUIWUefocoe+w4FJIuy3XQpIGr+0bZWsL7drBrAwor/h1qAcu4FLn5luFKm3ep4Wvc48oGh18D0DwU7OiilZNFEU45efRd106kZltclXMmc8auVu4dVn0Cab5FWTp/VWYWNX6M4p6t+ujbGNYgTKzFn4Z/RG9L4V3lY7qXLpWJjgewANzhDWyWVL7Yad7HcsmVUyA5h/MgDKearODu4YzkSPK/kyhX5ZMTbuXpmFGdwdRD6DObnDEoORG</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:06:22,705 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:06:22,705 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180622Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_zvnnmwkbezj3rp8p8copqg6bfflmeff1kmx4mqa|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_16489ef0bfc0256ace0be3af4f9d8834|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxFvKPoGMRdeJApKPCsMCh5rh5NjLeLCKnRQiBsdYDxgyPSbUA+YIjpcXxKh0rULyiDlEK1lXMCvM97cGNI3PXRFFtERsals+2HuZoKvYoO+hNm6HdtEoI8h3j2tvNXvSWG9w5sN8LBe9el9pKCMf30BopvvXJglA=|_f30379926d51302904899ec93a82bdf1|
2019-11-13 18:06:31,006 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18616-ogpu5rzakLOQhbaC0b8-pkm3tScJayLZ
2019-11-13 18:06:31,006 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:06:31,007 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:06:31,007 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m"
    IsPassive="false" IssueInstant="2019-11-13T18:06:30.014Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>BnnBbRzOeQuVzlDOPyOhM1YxkGXWanVojpccMaDxRM4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
di3tKXY34VD7mhT45AwOt7u418mAQCM/nK38QRcCE1Nky6Hv38GTRUcTBgJx06Mkp9NJ7cFa8aXm
hAQnAIIHqvN2HABqP1jSIO+LMinKTcCn9ACp8svniwWLzfILTugXwRr8l1k5lHoBc2OIHCMB//j5
2ZJgoZ5SzRRN0+6AM+4x2B2PQ6FvLcYKi9PmMaWTPwiDBuQprl+gW9KVeHLPQb7gzdNakuiYaB2H
4wa9IAXpZnVr3OQt5XghWg4TNSmiOUcaDIMSE0MoPn/bg4K1+IxeEyd0RWH2UxoHG3i2yJN+Pauz
TDlzpOOYWXRbtyLd/trcrUZi6S6fNFuJmByx1A==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-11-13 18:06:31,016 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:06:31,016 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:06:31,016 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:06:31,016 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:06:31,016 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:06:31,016 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:06:31,016 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:06:31,016 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:06:31,017 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m', issue instant '2019-11-13T18:06:30.014Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:06:31,017 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-11-13 18:06:31,018 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-11-13 18:06:31,018 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-11-13 18:06:31,018 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-11-13 18:06:31,018 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-11-13 18:06:31,018 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-11-13 18:06:31,018 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-11-13 18:06:31,018 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m"
2019-11-13 18:06:31,018 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:06:31,018 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m"
2019-11-13 18:06:31,018 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:06:31,018 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m"
2019-11-13 18:06:31,018 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-11-13 18:06:31,018 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:06:31,018 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:06:31,018 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:06:31,018 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:06:31,018 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:06:31,018 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:06:31,021 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:31,021 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:06:31,021 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:06:31,021 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:06:31,021 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:06:31,022 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:06:31,022 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:06:31,022 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:06:31,022 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:06:31,022 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:06:31,022 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:06:31,022 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:06:31,023 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:06:31,023 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:06:31,023 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:06:31,023 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:06:31,023 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:06:31,023 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:06:31,023 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-11-13 18:06:31,023 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:06:31,023 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:06:31,023 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:06:31,027 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:06:31,028 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:06:31.028Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:06:31,028 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:06:31,028 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:06:31,028 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:06:31,029 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:06:31,029 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:06:31,029 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:31,029 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:06:31,029 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:06:31,029 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:06:31,029 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:06:31,200 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:06:31,200 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:06:31,200 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:06:31,982 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: SSOT_932321354
2019-11-13 18:06:31,982 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:06:31,983 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:06:31,983 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<urn:AuthnRequest
    AssertionConsumerServiceURL="https://royalsocietypublishing.org/action/saml2post"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_483651158701035948" IssueInstant="2019-11-13T18:06:31.121Z"
    Version="2.0" xmlns:urn="urn:oasis:names:tc:SAML:2.0:protocol">
    <urn1:Issuer xmlns:urn1="urn:oasis:names:tc:SAML:2.0:assertion">https://www.royalsocietypublishing.org/shibboleth</urn1:Issuer>
</urn:AuthnRequest>

2019-11-13 18:06:31,984 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://www.royalsocietypublishing.org/shibboleth' from origin source
2019-11-13 18:06:31,984 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:06:31,984 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:06:31,984 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:06:31,984 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:06:31,984 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:06:31,984 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:06:31,984 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:06:31,984 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://www.royalsocietypublishing.org/shibboleth
2019-11-13 18:06:31,985 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:31,985 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:06:31,985 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:06:31,985 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:06:31,985 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:06:31,985 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_483651158701035948', issue instant '2019-11-13T18:06:31.121Z', entityID 'https://www.royalsocietypublishing.org/shibboleth'
2019-11-13 18:06:31,985 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://www.royalsocietypublishing.org/shibboleth' does not require AuthnRequests to be signed
2019-11-13 18:06:31,985 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-11-13 18:06:31,985 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:06:31,985 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:06:31,985 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:06:31,985 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:06:31,986 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:31,986 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:06:31,986 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:06:31,986 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:06:31,986 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:06:31,986 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post' not permitted by input criteria
2019-11-13 18:06:31,986 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://royalsocietypublishing.org/action/saml2post using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:06:31,986 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:06:31,986 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:06:31,986 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:06:31,986 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:06:31,986 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:06:31,987 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-11-13 18:06:31,987 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:06:31,987 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:06:31,987 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:06:31,987 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:06:31,987 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://www.royalsocietypublishing.org/shibboleth
2019-11-13 18:06:31,987 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:06:31,987 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:06:31,987 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:06:31,987 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:06:31,988 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:06:31,988 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:06:31.988Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:06:31,988 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:06:31,989 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:06:31,989 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:06:31,989 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:06:31,989 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:06:31,989 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:31,989 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:06:31,989 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:06:31,989 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:06:31,989 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:06:32,184 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'The Royal Society Journals'
2019-11-13 18:06:32,184 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:06:32,184 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No matching description in UIInfo
2019-11-13 18:06:32,184 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No matching description in UIInfo
2019-11-13 18:06:32,184 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No matching description in UIInfo
2019-11-13 18:06:32,184 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No matching description in UIInfo
2019-11-13 18:06:32,184 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No matching description in UIInfo
2019-11-13 18:06:32,184 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No matching description in UIInfo
2019-11-13 18:06:32,184 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:06:33,577 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:06:33,577 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:06:33,577 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@778549062::identifier=rick, context=org.apache.velocity.VelocityContext@1539bb4a]
2019-11-13 18:06:33,578 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@778549062::identifier=rick, context=org.apache.velocity.VelocityContext@1539bb4a]
2019-11-13 18:06:33,579 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:06:33,579 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:06:33,579 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:06:33,579 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:06:33,580 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:06:33,580 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:06:33,580 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:06:33,580 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 09533ffb4fac5ab0b9d819419cd9169750cef3646a26941fdefb22e1e0e914bb for principal rick
2019-11-13 18:06:33,580 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 09533ffb4fac5ab0b9d819419cd9169750cef3646a26941fdefb22e1e0e914bb
2019-11-13 18:06:33,581 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:06:33,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:06:33,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:06:33,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:06:33,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:06:33,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:06:33,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:06:33,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:06:33,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:06:33,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:06:33,582 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:33,582 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:06:33,582 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@520e5c30'
2019-11-13 18:06:33,583 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:06:33,583 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:33,583 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:33,583 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:33,583 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:06:33,583 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:06:33,583 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:06:33,583 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:06:33,583 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:06:33,760 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:06:33,760 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:06:33,760 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:06:33,760 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:06:33,760 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:06:33,760 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:06:34,337 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:06:34,337 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:06:34,338 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180634Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:06:34,338 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:06:34,338 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:34,338 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:06:34,338 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:06:34,338 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204394338}'
2019-11-13 18:06:34,338 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:06:34,338 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:06:34,338 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:06:34,338 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:34,338 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-11-13 18:06:34,338 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@520e5c30'
2019-11-13 18:06:34,338 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:34,338 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:06:34,339 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:06:34,340 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:06:34,340 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _50749386226984dac6c48f3f5a5b6a7e
2019-11-13 18:06:34,340 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _50749386226984dac6c48f3f5a5b6a7e to Response _a9fd75d61d17f113b423b2cedd47612a
2019-11-13 18:06:34,340 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _50749386226984dac6c48f3f5a5b6a7e
2019-11-13 18:06:34,340 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:06:34,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:06:34,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:06:34,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:06:34,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:06:34,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:06:34,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:06:34,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:06:34,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:06:34,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:06:34,341 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:06:34,341 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-11-13 18:06:34,341 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:06:34,341 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:06:34,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:06:34,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:34,341 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:34,341 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxEdZgnjgur3fAMgSgHPgpYXUPswPjiFol8K1voEcOtr7A/shvgu1I14OSH9SYqx1zrrJ4e8zwvrd0ZLdHe0dk1WiTrbBasTWH7nzma73V6OegVUAUse7+48GhRikE8OjrVkPuJQlIUjjBnAEdpMzD5hQZ74M/rCQ= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:34,341 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:34,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _50749386226984dac6c48f3f5a5b6a7e
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _50749386226984dac6c48f3f5a5b6a7e did not already contain Conditions, one was added
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-11-13T18:11:34.338Z, to Assertion _50749386226984dac6c48f3f5a5b6a7e
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _50749386226984dac6c48f3f5a5b6a7e already contained Conditions, nothing was done
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _50749386226984dac6c48f3f5a5b6a7e already contained Conditions, nothing was done
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-11-13 18:06:34,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _50749386226984dac6c48f3f5a5b6a7e
2019-11-13 18:06:34,343 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 09533ffb4fac5ab0b9d819419cd9169750cef3646a26941fdefb22e1e0e914bb
2019-11-13 18:06:34,343 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 09533ffb4fac5ab0b9d819419cd9169750cef3646a26941fdefb22e1e0e914bb
2019-11-13 18:06:34,343 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-11-13 18:06:34,343 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxEdZgnjgur3fAMgSgHPgpYXUPswPjiFol8K1voEcOtr7A/shvgu1I14OSH9SYqx1zrrJ4e8zwvrd0ZLdHe0dk1WiTrbBasTWH7nzma73V6OegVUAUse7+48GhRikE8OjrVkPuJQlIUjjBnAEdpMzD5hQZ74M/rCQ=
2019-11-13 18:06:34,343 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-11-13 18:06:34,343 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-11-13 18:06:34,344 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_50749386226984dac6c48f3f5a5b6a7e"
2019-11-13 18:06:34,344 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _50749386226984dac6c48f3f5a5b6a7e and Element was [saml2:Assertion: null]
2019-11-13 18:06:34,344 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_50749386226984dac6c48f3f5a5b6a7e"
2019-11-13 18:06:34,344 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _50749386226984dac6c48f3f5a5b6a7e and Element was [saml2:Assertion: null]
2019-11-13 18:06:34,346 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_a9fd75d61d17f113b423b2cedd47612a"
    InResponseTo="_xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m"
    IssueInstant="2019-11-13T18:06:34.338Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_50749386226984dac6c48f3f5a5b6a7e"
        IssueInstant="2019-11-13T18:06:34.338Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_50749386226984dac6c48f3f5a5b6a7e">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>jsEAP2lmqodYD6jhDx/svfPbly+9T1noSmGWjaaSeGbGK8gbFWMZO+cBBvfFZpvF0FzCFmB8rUNI3xmyBmzXVg==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>O73Q6ms7uCm3J+aPPMEOOQguIrn1GoGXh2gJv2E2GZ5ItvrEo2if9YeVZABB/G+IxIyPU6qB5NsLd8h09IqF/o+uGJSzIJIJMGFDnHR+TPWwXEU4c68QWdvPLYArmb84EqSkZAXW/LcUEuwgnqh1z69XUAKjSXv2LT6qc2NTFTuLnkhaSWYgxZS2IjieVZ30ex3dY8sHX1tDJnd6MRk6IaotQeHBWGLJbW0x5TkYeRZrpfQU8AU5/CRug4zaeF5EYTQg2ywlisyq0B2bs+A6PS5wje6Fkpvm9hk67JKU0jI/SyLgr116+zcamaFL5wZK9S0XlQHBZlWKELGcwqXXQw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxEdZgnjgur3fAMgSgHPgpYXUPswPjiFol8K1voEcOtr7A/shvgu1I14OSH9SYqx1zrrJ4e8zwvrd0ZLdHe0dk1WiTrbBasTWH7nzma73V6OegVUAUse7+48GhRikE8OjrVkPuJQlIUjjBnAEdpMzD5hQZ74M/rCQ=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    InResponseTo="_xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m"
                    NotOnOrAfter="2019-11-13T18:11:34.342Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-11-13T18:06:34.338Z" NotOnOrAfter="2019-11-13T18:11:34.338Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-11-13T18:06:33.579Z" SessionIndex="_ee885093f33513001cc040b2757ff9f9">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-11-13 18:06:34,347 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:06:34,347 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-11-13 18:06:34,347 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a9fd75d61d17f113b423b2cedd47612a"
2019-11-13 18:06:34,347 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a9fd75d61d17f113b423b2cedd47612a and Element was [saml2p:Response: null]
2019-11-13 18:06:34,347 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a9fd75d61d17f113b423b2cedd47612a"
2019-11-13 18:06:34,347 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a9fd75d61d17f113b423b2cedd47612a and Element was [saml2p:Response: null]
2019-11-13 18:06:34,349 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-11-13 18:06:34,349 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-11-13 18:06:34,349 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-11-13 18:06:34,350 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-18616-ogpu5rzakLOQhbaC0b8-pkm3tScJayLZ', encoded as 'TST-18616-ogpu5rzakLOQhbaC0b8-pkm3tScJayLZ'
2019-11-13 18:06:34,351 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_a9fd75d61d17f113b423b2cedd47612a"
    InResponseTo="_xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m"
    IssueInstant="2019-11-13T18:06:34.338Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_a9fd75d61d17f113b423b2cedd47612a">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>NxudmTysSiPqhCwJNK9m5uuhxw9ybgDKu+7oXy7MSk+fhKUc+DDPBmCaN3UgjCXHLre5Ul3klZrPYvMPYonVOw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>cocd0CNmDdHdBph6Wl2X+n2Q0l0xyTLeiRMUlJLznmxovttMi/rPys+dImvn/K85GR9whk9v9SuwKh9WbAw4i5WgysUxSFjvKbk5ZW2EFQXuV6wz9UiF1Ycno1RLckbP09yvYfRBnpdXx7822PnG6miQRL7dev3j4Nn1iJCF7JnHUl1oYP+uD1y4uU3XWbsGsEInpLXlaUcsAsBgo6HV+/Yp5ciKBv3TDw5eXUC+0nCaLM4+7j5AtGq63eRQ6lDyGXjDIhfNARYUEMLXfYoRVYtNsJL9sDhwztcwOw1+jzfBRLFFQrOp/eJqfzhpKrtmZ1mJITLM5tuviLJBLP3jzQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_d85914d8189598a8ec43e62993ad8d28"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_f43c67994ee09806aa06bfc86d0192e7"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>DHbu4U0+iDYwoiOwYIYJ2+f7bd4cZUZ7Hg0pm7dFhWYmO2pe/RpNPXYnRa9QRCVUmCkM9lzyWR5XUucUY/XCdBl+49+2yf5ezZiiGvgpq6xa1aIYXg1SlRfZuWBntMsTM1oLM4U0c5hz1EH4C9BVyaIek1L1ARNXYajFRvZPRbBwQbjyerDEXXRmp59iWwS5XhE8NSNdH+UY1LyrJQErhopD2OGYCiY9GRjla6mydqzfYkAkpmFk4El3k1kivn3Vxx1AavNO7Q1LVRu84c8YtTXucfAQCDo5lhbG+LJGei03FKQOqfSpol5qoPzBn7R8RUmhSLOMpAJbwn9NFe9+8A==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>imZyJ8MpC4sNKY1LP68OCqxo78w82h7jTSfU6zGmh5vhVNNt+Z8DKSgzsksqweu0m2bHh5jdMJEdWoFcwazwPNNPn4tcFJPMmINCi2Iv+gMFFStpODpy8h6Yl3X+d9HVNxGwCaxuZIiaoGgqKuOCh52SShGcxPii4Gu73spbA1I9kEItV0U+Tg0XXpZBIZ8y/a59TuaO0cS8dgV8au163J0iVLUb3pqK1uUQyefrd/OYEKZRes+33Yu7mPwDFy5jnV9zsJR77JKFcXPC44TJ+xl5JvL0Wv04PMxwmIbdWw/38phtGp/Jf0QI4AdZiAs9OmijbyAnXaZfH49mDaGU+Qo+/b4Vz9QfR0zUrJZkv86nLeVg1//ipfMbwpjtaOK53Ez34NthclhUXnk8mPZntjijX0bKGlbXO5IPdxImIPHtXU4B2A7YRs/oRN3hKlBaw+oZPlHdqByDHcxEdKZ5OjkyPGT/KKyuCB2ZadEoAvnhlYZYJiQ5ztJsRsms/bpqXw7Cow0a5GS5d8GkuBk2qTtxs5jlcjj2hHyaevSKHJn7FsYH/lGPfVKtToz6rMWX6JLUgaLI12qN1CgZYQiTiJFnKAHQhcbHBlo3EuR4z9KZR/tWGeLDodmxqf+uwJMKBSz4+ZBPxvhwzaEGnBgJlFa8IS08QKl0jw1tfXSBoxAF4qZt1hl8bgFAz1VDS3/I0kWQ6luDTAP+6QSVJ/NsGNg0IfUGI0aJBeWCHdTQNDYXvpSDqbyZt8+qgwC3zi7UblbUymDLXboGPoat4Sqg6jum/WzmYjL8dCMQn/jDddVauWJeJ6TGlcRk+bbJ2i63IZjVtwoY0L0Eb3BAQu+ZTpsk2UsU+jbATxhSHS53ganLj0v9CFvtxmVWv6k2kzNpEoDupQWenBwrONl4U3VSJXaudzaWSFK9LSO5WvoHhBGGhNfO6k+goIYutcWMrypSWo9oQRefcWWSkPyoiq415tkun8G0lVmGL5DYyDSbZ/F4rvvabByupkj/rqHelFoc9p/IUWalepdEHz1e7lDNym/LcGftBnRcUR9pAKjMVZNh+TiaAYITM0tXyMD52sBaUsLYDfvo6svqCiphe1oVO56efLoAoi3auwDBEM0HukHU1TE7jvKZscluWmFxBafWxpTMEzQsU1RebCR6yp1eXQZ+JT6FkORpk1P+R0QSo0ISoqHMP8jQCyPz34Vzxm7zKt2Uhf7DPaWCFBcpQWv5JP0Q8aA0YLmdghszvS33J4kJ19Z88wlE5behDjmntikJDewzELt8d018q6NgEiUL9ZiFuGNOgfyQGtpXJLSHNYajqoCt4WiP8T6XgdkiN6KttuB/oWPDDyAyRPOXgkE9GSIu8Xj235ZrWSqV/Imhn69e/5wK20PoGH7UiP2la9BkCC9lk0Drch+T09VWsIj3YNpfamrg0pJoQepjP6E/C+omqaCylLW/PhH89/bz1+zrQj8hoqHtuD3ekQfPt4gFa+nMMC7UiJYI+axgP4Fs6/RLhf5yDRp0EZ4Rtd218StbXw0s2AnAc3z/Js3hM4VhVBGxmBT7KwZvVaLI2BeDggt8ZQ935vHHa0qVWmiXs3h+E7ilxPkTFORsBb939yve2HoN3XZ4/HkZAyC+Ay8XIIEp/a9XexeBgz0Uq1ffPphdfcKUawWdiNTgfP7TFq8eI95mJp+QlUEOqoA6Ticyk/H4VI/gCoO6AfNcrWTkNi57FiLz1+rnlh3W9+A0bG0+jMd5GC3MRbNBHqkuO1pTQAtbRT0ObS7xMv9TZLkUqiBB0zKqItT7IMmwYrzFA0bbDWkpDMUqxWl7fdFPEjfn8p8R1r3Q7EkWC1FyG+Qj5RoNSVnFMl9TeiyMu++n1ZHd0HBuXcGPvrZSA5M7IwcZZQ90ZQqXstjvdalO/9ch+klnKU9+soji+OLCOAQvNesFMcxVxweVB/JzsIYcwAvlFOSeLZs3fKYGthAKUnqD+Zsr+p2L/zSr9AlZ/iWPaUUsWTmfLJXFuTdluUzkt4Mjf/PJTzZ5dFJixHbfz5TQ/p5vni8xXeilq86B2bGX5zEM8cduWSdN4rH7qP9DGWYfD69qUh1KudsCTPxm1t1ya+CVav0j61emlZx9em4HjdPDlwuLNxZMuPVeaWCggFQxyvZQyyVNtKaTS+I7msO8PATxOHk/d7PNI9I1civ8uupTXvOkoEWi5pXD4y6bNVzq0+YbbSPj4QJ/Ad9l5ZDDGRAaWt+BOXyGHZ217H3iH2m7o+FTJxMnm3GCUoiK9KPqbsGx238kcq8ijqWmsuu+GzoUWVdl2dwghcP67zJACyOO8eXxwW0THDPhQg/mQvgUdbIA+x7c6bjEuKb4sF6Zi7BcLJrk1f8WJ4la7MGlF2L+nG3M3lw1RorqUgyI50DERGYglnB1yKrKPcDMeIfQ9az+4FrudFf8GsAgNEbWKGuNDKhFizU4gP1x2ywriMCWmDGm1K4442xTfRGDqio1D4AWz0TNliSjoIeoBxfDUJRYS6Sw1GRvecvYXVVOugFcbX75fME2wpUyXldanXXaIv9RGeIoE8w0SNqeExKTo6qE5WQ19IF8p716ZpUNyvAnjheijz5OXjMlvmxHBBmiqyWLdL2byucOSdA/lZ3aKI7uM27Ym1RdkkujiyoQVZ73Fsjc38iNa2Kuu3XzfMxwMwLlTVE3JQPM4e4OSPrqNUS1+l6mYFT+Q9Isn4szZYfZgtn4m1gRfTv3zq8bCeLrqQROR7o4NCWshYHnpbKnrW80rd51PhepPgoVbabKm8iqHMcYRO9p/luG5v14hD2ALMBJaKmEO5MruEgNgpgatjd+GHQf6yBJaWfap9GUInXgFnYjlRD0P7qf0GTe3oQ2/yMPLoGLrpah5Hey6eBz/KamIMmhWHuJnMKouN0yq1RBfhy94AdgAdkJk0+97JxWPaGzuMbDSM09ePMXznxArQ1/puyamXj9DHuRsmslVNYmkTcPuAZZ/OttykUO3nw4w7FR20E6tIekFZIpqMFXRU57uXeWRK0peNAyGwih5AE+FqO3F0ewYwK7Yz5MzexV138cNDj5wsS5QviLQjPif5Qvfe3eRYzGsSmj72qNnSeC4B9FucnVSFQ7b+vJyjFnERpKgHWhT3vwx4CYZKsQeaDjos9XbI6TdGHiuT2YLM3r1K6gvPa12QhEmpHyqwVdSvFmxpPbnDQ5HGj42tqVN1OPTIwnr7qyodObDY0CLaLciBGOt6CCIsBVDzu1DJPB0QX/zL2aGnNUj71u1Qs79vP20WinCj2/dydH/xsPlUtjzbMVAp07q98ZTvsml6uND9hvWb6G7WjbsQhyTtmWDaSGm8Pin957sO6R2W55u10SEy17Z0KQj2bG8sn+NMoUasfyirX0meeNSek9mIdvKgdxU9WRJhozIvJBSANzLIiZic/s4PoXq18AN5KaHnWCrAbaK99zA0p1Zx/w+//YII6LWbGOwKvhSFOjk3qWZuPu34s0Q6EmbajZ6FXrO9h/TUYEo4CoBFNgtMnwsD4riKe9mdRJwXXsxJqLjEsgg0AMox8pU+/dtPDN5qQhu/jnKjxsipsf/l6xqNc38oJO012c8XrRg0TkEtpyoAM4/PRr4Zt89sao7mYCzVQUXSrZaAsKxv6sRKJZ1p44lN/gcKDp0Xpz73AVhkuQdDhVzbeW7unxScdoqFoyA2xrerBzvuN0NGthJC99UQSfgs3U5KkQ29/HWXaY0CIQfODao0HKUg2u1tdQNyuu4sHkwcq49tJ/dmcyJ4AHEpSE2pX3T3pAWdKG8gudCZjPeJRAsUn25y4TskSfgYH1XaaT1G63ig3DOjOsUYCAYJI42PL3v1hgc1r3YzUszaEdr5iSAYoOFAi59E3fow70zHuTZyIyDJoceQG3GLUbhXOyxioFPXRYd726LKceIRxwKEosgb+kkXDJ/1z72/bdVVlxtAY+Nfrv0cZO8my+PNn7T1rkAUourdiPd+nngwkPca51KHBlMXFBVk/HEzE4N4enAPo+0TqW4AKsuqXiFnhy5uA+VzdsPctYjBn9dwXMR15P++ifmnb7koioQ+u0ohrIVWfooVvoINoYPXFVi3abnnY2YTDpjum7FtVE7zSqj0eolXd7K+HxVaH7IrF5NyXT9R+LkHIv8Sevnj5nXKM5wXcSSy98/8VQ75QhL85WW4R8EZxHh7o+AgqtpIOe/eF95e4UiW1omW0IMcZ8EY41F7Hy48MaN/N2Cfd9DEIgMnsWh2soKhcQJAyz5+GHrm+H68DcyL59JuTAq+N4Hq710SR+/DaNLipQHp+EvIJr/T668OqVHaFt/d4o+oA2CEUNLWshTR0HBxraM9A6WhP4p1ltsJ+QLUZNTWm7syQGhYchsW0OfCaexK3bzP+slwIQArXWghwcum96O0V5BPDO3j05E5E4lthRm9TbMEmgpN8dwGu7fJI2kjPJEwkx9xsMbvxTrU6kd6G41bp1uCQSP1hwEu3xWzhPZjy9sANgoGczhwl/wet+0FvJyCszf/2h1kmWFnIq3zfUvBCpdrOP3uKs8QhndCbk39CalMo4YoqS/amD1NUYFV4v0c32Szow9SyMt6NF29UTTEs/V3pAdreRqb6QV3CYqCTf3u5Mq0aaZyGPhftLaasNrXUkslAXtkuUyiOF6B+KdtFQT+hj1n7vNS6m5xacESUH5r+1F0VWNpaXyOhyaqYjSjYQglPthQkiHg1SuuOOBtUavAJJ2H8zlIANx7XPb8RaG1gB71CxI7lDrDJLYLrxSXc7sPqhFMkU4tfDkX1R8hDF1blPOE9czoKx11/TXGPUkobehBvvJGcg5r45lAxbUWZLJ7xeDvdxsGFO8QAjSMCwZExj34rEH8G/dBa0Ejpg8NgWaoNJh9xx7xno92+YjDKEDDDdM7BvhER6vlhafzl/EURbbhenbddeiBBlA3dxgaUBYEIjKl2kRnSRWHu20v59frr/GPVU49gMWg8ATl+CseRRrX6CWMd53QRA5kjs8ATpAKkwAUfKb/b21SnBgfNj1/6V3+OxYcYB9fwTQhZ5Y1m9ydgZk4aKeikW3iBlYTF1AmtA2h5hs5fVs4uVv+UTAMAisPYMq58JzqoyiELFbEIkLc0Y3noRB0YjQFCXUJ6qquhe0vtYf4dxAKUdVMLNG1zK6UdG/b/rob5ElkL6wDbajDGu4pNNeZi0vgaBtrYWNwqURyCgOBJ1pnPrN6ARx0nd2ccbavER1uyFPH8D2bJd1SAZ/+amh2xPc7Apn9I4Vlu6QNbDUchqQw3P17V8UwXINqoeHcgQ3yIqmjAG7Yc5qTthvj4LnTd1JnDmEAJJ/whvC9vxP4FEY2WMAAT6q4D1ww9TdwpL1ZkPqiSSSdb++EaHFDnzg/S3Hek4PlvG2scyO57BPeMwD7p+i5NniwPfVfJB58Rxs0BwCyx12ppC8kO3vef5+4svpYigD08mzjrCerOEDgp3DKwkZq+T0uDFnwwoOQRHHj/IwC2IYC1QFC++4ZkE2Ifw+xLj/7tnXstBbyvk+X5Zm4p/iyOzqbIigTKiW2dB+5LMzH0LFR4XSoviYJQwvnn16RbtPTyVusWK11Ea+u7HVYAo5+l59DwJbUgLqGsg/gPMTLLfobZwzpLlZnX4xe93vizLAY6Pb8OoJxAA8PffuzV4RlLZbL0P2/DJWoSBkXDv8z61Wh01GVESdc7pT7Nvs8rt8G5FnqD3JsQivPe+8NgOo/ijGzSgLSolFcCcoH8suIHbo9h/KMdqbGEIZT6DX/9XIjHl7ze9NBviU6bCqwkMzCUt/DRVkNprEYWOO8jxDQlbOlM9bJb5CkW5DKLMLSBKBD1VHc8BFaUNXBAXxsSypyJn5kvuq6IajDyl7mAHLxqhNuWnVh0fsx5UU6weCmzOvUtXUgW3o3Du8c+vbZ+ECH7UdFF6REqnaLv1xZXeSkHhBpr213pnYR7B8FHaiFoysIAQ3Vc77SDO9w6Zkv8+iBDPaLZiTEj/1Du69G4UBDXKLv5Q6M3G/s/zQ2d286LQvYGYfzUVT9lMr80akh5lN7ERiBoZ5JIUhp9NCI4ZavqVKWqwFpxpn/Rv/0EPb3+rVLztAUrrdxUlJnO8ik/tdsPgdujtLvlTRG7JSlKGCFBG8OKdWLgo54sCYyisJ1wm/iTKkslbB4w90X33e0bjqJ9OkBjm9vsEmKaeVGre7Hwh/accm+rrFnGTc45QiUW7hKdq/5hxiGrgnRd+BuanllRIrHIRmD/5Dh9fmdmF4zmiYkP5e+P8pOJpEJDvcurBkC5aQ0Y5r1bs4ckp+NkDqfD+VlrSZIxxI1Fifeq7uO7fZQw8Ghk9rdT35GPhOLAXip19TWYLqwORKWYjvUdFj7dvgcf6WyOuRtP4hqx76tT2ecmf5cBu6WIMkhc15oPRAtvX3yTTHl4NVRDi8cAAA9P9XiAjtFm8YVvhrt4J3Gp0f2qyYlby8nKgrIodg28c22SKDA/zsEHh0bO4IY4+Yj4TzuGVuJy/TBoHupgnUpMnAgMqlvXFnlVQq35b1LlltAzKXoPokvPLbuM4fAyCxwsR4kTAGa7SJTyK6SOBU9WktrjddKE46QDATsGZbBXidq4fLw+lmVJWacQ5GDitxzivVwfZepPBdXLKZKMRl7AbP+ChYOsxn9FdIkX0NVon9dqbCZ/bKGA1eClNfk72iHfhdzSfE4nErZ+9LGQd4ygnx7CJkjdWBtHGJC3dL1cvBlZQ/FFmFT3kzwCxwdWs8t/GgIl8WbhwbcMCQVq79M8XdcXX4CtuUr55pboq3RoJwABgHDPlVhBh2dYBhBD1xnbwhBFp5hS+yxIPu+PvReeG/b1uJ16TQvh5Z5pN2r11P+7qX0EhxX1a+uKHjIWoY5fReIPG9OIEm1yz0M7243lH1UqyrXWRoAHxlHwRf9vSQ+Hyk+SNXRN38koqpVJiDbrFKwVTQQexyH1O5t2YBarYX6vgd2Xrdkzxpf/MkYkVi12suIK1swk0Lw+CP+eTukj7dAUGt3XR2HfrttgAiRq/zrX5MlZUVW6GjdeImA2YNZHdjeM+mANb06c+QWqr4fEcmtU5r1mxdiUaVJh5vK3Hnc6URsv0u1dM4garIEUIopbzTvwoKqbdW9lqVla4HFM+kSoNr9oqgfYHRn9vr6h99VeBBa/k1RN4VUvuPqAebC7tqGPvHOb6WD/OSJ+mZUyXIILqgbdX3Wh8tHO4Y3JEBZAxa4ZoZBdnbhUtzkNH+Wu4G+9AhuwrLlUkUq609p8l4qLhCO76I4Z11tCjeNi2KKwj6Dhdubkdk29svgywEwU8oPOZN+uC5hvbOvC/TsxSWt3XMT3Oe887mE+6ak4dkJMoNFankYGEj81i8VMD5np2s2UUighf+/6eF79rHk8UAJrev69JpXYohG0qfCAe+2/sLu2HcnAuIPvQ7KWO2zuRTr8dzPyvH+2BhXPdtb0PZesyof9a+vWPEvr3lVAIn7/Ha26iXcb59X7RQRpBX6f+ZVRaAQojEo2/tIlr2reJ9LLFAEZiXuPPhXAxgJXzuZApeatjBHYPNa8G5IVZFMAnPAMxG89/uovF0t6u8+bMwXJoQf0h1IIOHcNLnySJ8d8s/cJFvUxKLCn1o5fAkhk6wEkyxueJHZmTiT8pTFlm2e7V4/N6ekGckKcjldrFZGFZAyJ7/ZeKgjyk1BD6EUS76Xj/YXGCmahh/tKodmKYZI8k+GHoFaqOklAryt97HGlmQSNQjqdJHERH1oSzdtzdc8vonDpOXRFLSVi9QGB5cemyw7xbgoLi4G/zDBPfrsbughdAKWDsjE4j09vpoeHxywEo97ZSCd3C7tSEPfojDiAvSejKMQfJb5dWQidreVwN23wEKok8ZJQakN0YDZe0rklAmkhAa+AtGX/lYzQcEcYt8llvxrJNGOMW8s6zt0LglhV7mKBI3kzucpfi+vhWrMAz88NeBlcGGRvnYKJMPE3YW6N3U1psoWuQVjxLSNeMdFUlHai6fwS5gkPoHMSYVoKT3D9escmF+n+Hpk6/TLVCSexa+hHJe67B5xCjTK6FJsjt6Y9DEqDtKhl/x+E1Jdz56mg3GJLyU1NXqd4U+FlyMz2hf3kr</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-11-13 18:06:34,351 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-11-13 18:06:34,351 - INFO [Shibboleth-Audit.SSO:?] - 20191113T180634Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_xzto25ehbvylujdifsycuwzjeqkp5zcxvjnyu7m|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a9fd75d61d17f113b423b2cedd47612a|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxEdZgnjgur3fAMgSgHPgpYXUPswPjiFol8K1voEcOtr7A/shvgu1I14OSH9SYqx1zrrJ4e8zwvrd0ZLdHe0dk1WiTrbBasTWH7nzma73V6OegVUAUse7+48GhRikE8OjrVkPuJQlIUjjBnAEdpMzD5hQZ74M/rCQ=|_50749386226984dac6c48f3f5a5b6a7e|
2019-11-13 18:06:50,174 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18617-pyNnyhC3LLh4Y171pD40G2-Ej7pd6LrS
2019-11-13 18:06:50,174 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-11-13 18:06:50,174 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-11-13 18:06:50,175 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_9tq2qyfxig1v6zkajh4nhwqv0ceousr4bgb1q9l"
    IsPassive="false" IssueInstant="2019-11-13T18:06:49.183Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_9tq2qyfxig1v6zkajh4nhwqv0ceousr4bgb1q9l">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>J/oAAxwFqAl0iabAdRHHgVsvscFaFyMvWD4ttx6XB9g=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
rEZkJJQVtWaimsPtl74s1UK2PXdMmPSY2lLVFlAgVNrEHeJ/0Dy8pcqAjm8yGGj/RAT6+BrDwG9Y
p02g6gDqa8k51u73cL6VtzYC0gDwHH1sXulrOuK6306afAy2NM7okcXvPLR7gGfdZNcKXQoQN5Wq
zga4v8oKFnA7vXSWwey49dN7DZC1x3gMp/EYvmWp1XKTK7kCgKajo+xqIRpmSVW2laAHKdQwS40k
1lJA8Xl+5hHT87IkrU823NG/dnq2fIXVuIDrxNihTls6qibIH/QUDzTggRgvBYD9VzPwP0vKXY+t
8VHeGFoaCzL96RsUhw4eZnnfLkpvb9CP4CyuLA==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-11-13 18:06:50,182 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-11-13 18:06:50,182 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:06:50,182 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:06:50,182 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:06:50,182 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:06:50,182 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-11-13 18:06:50,183 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-11-13 18:06:50,183 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-11-13 18:06:50,183 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:06:50,183 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_9tq2qyfxig1v6zkajh4nhwqv0ceousr4bgb1q9l', issue instant '2019-11-13T18:06:49.183Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-11-13 18:06:50,184 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:06:50,184 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-11-13 18:06:50,184 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-11-13 18:06:50,184 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-11-13 18:06:50,185 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-11-13 18:06:50,185 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-11-13 18:06:50,185 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-11-13 18:06:50,185 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9tq2qyfxig1v6zkajh4nhwqv0ceousr4bgb1q9l"
2019-11-13 18:06:50,185 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9tq2qyfxig1v6zkajh4nhwqv0ceousr4bgb1q9l and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:06:50,185 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9tq2qyfxig1v6zkajh4nhwqv0ceousr4bgb1q9l"
2019-11-13 18:06:50,185 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9tq2qyfxig1v6zkajh4nhwqv0ceousr4bgb1q9l and Element was [saml2p:AuthnRequest: null]
2019-11-13 18:06:50,185 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_9tq2qyfxig1v6zkajh4nhwqv0ceousr4bgb1q9l"
2019-11-13 18:06:50,185 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-11-13 18:06:50,185 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-11-13 18:06:50,185 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:06:50,185 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-11-13 18:06:50,185 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-11-13 18:06:50,185 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-11-13 18:06:50,185 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-11-13 18:06:50,185 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:50,185 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-11-13 18:06:50,191 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-11-13 18:06:50,191 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-11-13 18:06:50,191 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-11-13 18:06:50,191 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-11-13 18:06:50,191 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-11-13 18:06:50,191 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-11-13 18:06:50,191 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-11-13 18:06:50,191 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-11-13 18:06:50,191 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:06:50,191 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-11-13 18:06:50,192 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-11-13 18:06:50,192 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-11-13 18:06:50,192 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-11-13 18:06:50,192 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-11-13 18:06:50,192 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-11-13 18:06:50,192 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-11-13 18:06:50,192 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-11-13 18:06:50,192 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:06:50,192 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-11-13 18:06:50,192 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-11-13 18:06:50,204 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-11-13 18:06:50,205 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-11-13T18:06:50.205Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-11-13 18:06:50,205 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-11-13 18:06:50,206 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-11-13 18:06:50,206 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-11-13 18:06:50,206 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-11-13 18:06:50,206 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-11-13 18:06:50,206 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:50,206 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-11-13 18:06:50,206 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-11-13 18:06:50,206 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-11-13 18:06:50,206 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-11-13 18:06:50,379 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:06:50,379 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:06:50,379 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:06:52,643 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-11-13 18:06:52,644 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-11-13 18:06:52,644 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1594451426::identifier=rick, context=org.apache.velocity.VelocityContext@53ba2b9b]
2019-11-13 18:06:52,645 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1594451426::identifier=rick, context=org.apache.velocity.VelocityContext@53ba2b9b]
2019-11-13 18:06:52,647 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-11-13 18:06:52,647 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-11-13 18:06:52,647 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-11-13 18:06:52,647 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-11-13 18:06:52,647 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-11-13 18:06:52,647 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-11-13 18:06:52,647 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-11-13 18:06:52,647 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 0746b52d618601fd4e2c38d5854719c8d9ad25776bc710806ffbd9477e7db991 for principal rick
2019-11-13 18:06:52,647 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 0746b52d618601fd4e2c38d5854719c8d9ad25776bc710806ffbd9477e7db991
2019-11-13 18:06:52,648 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-11-13 18:06:52,648 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@74e3bf75'
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:52,649 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:52,650 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:06:52,650 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:06:52,650 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-11-13 18:06:52,650 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-11-13 18:06:52,650 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-11-13 18:06:52,816 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-11-13 18:06:52,816 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-11-13 18:06:52,816 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-11-13 18:06:52,816 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-11-13 18:06:52,816 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-11-13 18:06:52,816 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-11-13 18:06:53,329 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-11-13 18:06:53,329 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-11-13 18:06:53,329 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191113T180653Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-11-13 18:06:53,329 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-11-13 18:06:53,329 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:53,329 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-11-13 18:06:53,329 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-11-13 18:06:53,329 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1605204413329}'
2019-11-13 18:06:53,329 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:06:53,329 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-11-13 18:06:53,329 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-11-13 18:06:53,329 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-11-13 18:06:53,329 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-11-13 18:06:53,330 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@74e3bf75'
2019-11-13 18:06:53,330 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-11-13 18:06:53,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-11-13 18:06:53,331 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-11-13 18:06:53,331 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-11-13 18:06:53,331 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _8e732f6cdfbbf4c61d45ccc76968fe0e
2019-11-13 18:06:53,331 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _8e732f6cdfbbf4c61d45ccc76968fe0e to Response _122528db72e0b419aec8b44440758ed9
2019-11-13 18:06:53,331 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _8e732f6cdfbbf4c61d45ccc76968fe0e
2019-11-13 18:06:53,332 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-11-13 18:06:53,332 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-11-13 18:06:53,332 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-11-13 18:06:53,332 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-11-13 18:06:53,332 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-11-13 18:06:53,332 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-11-13 18:06:53,332 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-11-13 18:06:53,332 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-11-13 18:06:53,332 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-11-13 18:06:53,333 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-11-13 18:06:53,333 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-11-13 18:06:53,333 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-11-13 18:06:53,333 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-11-13 18:06:53,333 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-11-13 18:06:53,333 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-11-13 18:06:53,333 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:53,333 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-11-13 18:06:53,333 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxdzCSPcyp0KrDiGdrnSKlejA1IBbQ3gQO5KqS6o8q+V9sneTzZjYr1f/RBmSnMIc4ZIu