2021-02-25 14:00:33,121 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-02-25 14:00:33,121 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-02-25 14:00:33,121 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=flextgsamldev, acsURL=null, relayState=null, time=2021-02-25T14:00:33.121Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_e9deef34-abfc-4720-acca-767df8de4b32"
    IssueInstant="2021-02-25T14:00:33.121Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">flextgsamldev</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-02-25 14:00:33,121 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-02-25 14:00:33,130 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'flextgsamldev' from origin source
2021-02-25 14:00:33,131 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:00:33,131 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:00:33,131 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:00:33,131 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:00:33,131 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:00:33,131 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:00:33,131 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:00:33,131 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer flextgsamldev
2021-02-25 14:00:33,132 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:00:33,132 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:00:33,132 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-02-25 14:00:33,132 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_e9deef34-abfc-4720-acca-767df8de4b32', issue instant '2021-02-25T14:00:33.121Z', entityID 'flextgsamldev'
2021-02-25 14:00:33,132 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'flextgsamldev' does not require AuthnRequests to be signed
2021-02-25 14:00:33,132 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-02-25 14:00:33,133 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:00:33,133 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:00:33,133 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:00:33,133 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:00:33,133 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:00:33,133 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:00:33,133 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:00:33,133 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:00:33,133 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:00:33,133 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://mydev.flextg.com/sso/assert using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-02-25 14:00:33,133 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:00:33,133 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:00:33,133 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:00:33,133 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:00:33,133 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:00:33,134 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-02-25 14:00:33,134 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:00:33,134 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:00:33,134 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:00:33,134 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:00:33,134 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: flextgsamldev
2021-02-25 14:00:33,134 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-02-25 14:00:33,135 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:00:33,136 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:00:33,136 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-02-25 14:00:33,142 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:00:33,142 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:00:33.142Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:00:33,142 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:00:33,143 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:00:33,143 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:00:33,143 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e to 2021-02-25T15:00:33.143Z
2021-02-25 14:00:33,143 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:00:33,144 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-02-25 14:00:33,144 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:00:33,144 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:00:33,144 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:00:33,144 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:00:33,144 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-02-25 14:00:33,144 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-02-25 14:00:33,144 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-02-25 14:00:33,144 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:00:33,145 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-02-25 14:00:33,147 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2eefdd4e'
2021-02-25 14:00:33,148 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:00:33,148 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:flextgsamldev'
2021-02-25 14:00:33,148 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:flextgsamldev'
2021-02-25 14:00:33,148 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:flextgsamldev'
2021-02-25 14:00:33,148 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:00:33,148 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:00:33,148 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:00:33,149 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-02-25 14:00:33,149 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-02-25 14:00:33,438 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'flextgsamldev'
2021-02-25 14:00:33,438 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-02-25 14:00:33,438 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-02-25 14:00:33,438 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-02-25 14:00:33,438 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-02-25 14:00:33,438 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-02-25 14:00:36,699 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-02-25 14:00:36,699 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-02-25 14:00:36,699 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210225T140036Z|flextgsamldev|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:flextgsamldev'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:flextgsamldev, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1645797636700}'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'org.opensaml.storage.MutableStorageRecord@753389a0' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '["rick:https://mydev.flextg.com/saml/sp","rick:8e448793-eb45-40f7-b0c1-c66dd8a9f56d","rick:flextgsaml"]' expiration 'null' as '[rick:https://mydev.flextg.com/saml/sp, rick:8e448793-eb45-40f7-b0c1-c66dd8a9f56d, rick:flextgsaml]'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '3' is less than max number of records '10'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'org.opensaml.storage.MutableStorageRecord@753389a0' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'org.opensaml.storage.MutableStorageRecord@753389a0' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '["rick:https://mydev.flextg.com/saml/sp","rick:8e448793-eb45-40f7-b0c1-c66dd8a9f56d","rick:flextgsaml"]' expiration 'null' as '[rick:https://mydev.flextg.com/saml/sp, rick:8e448793-eb45-40f7-b0c1-c66dd8a9f56d, rick:flextgsaml]'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Updating storage index by adding key 'rick:flextgsamldev'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://mydev.flextg.com/saml/sp, rick:8e448793-eb45-40f7-b0c1-c66dd8a9f56d, rick:flextgsaml, rick:flextgsamldev]' as '["rick:https://mydev.flextg.com/saml/sp","rick:8e448793-eb45-40f7-b0c1-c66dd8a9f56d","rick:flextgsaml","rick:flextgsamldev"]'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2eefdd4e'
2021-02-25 14:00:36,700 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:00:36,700 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-02-25 14:00:36,701 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-02-25 14:00:36,701 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-02-25 14:00:36,701 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-02-25 14:00:36,701 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-02-25 14:00:36,701 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _210003cacf94463c037afa0e42a5e97d
2021-02-25 14:00:36,701 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _210003cacf94463c037afa0e42a5e97d to Response _fab0ccb9dc013d69b2ca121a56edb7b7
2021-02-25 14:00:36,701 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _210003cacf94463c037afa0e42a5e97d
2021-02-25 14:00:36,702 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-02-25 14:00:36,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-02-25 14:00:36,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-02-25 14:00:36,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-02-25 14:00:36,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-02-25 14:00:36,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-02-25 14:00:36,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-02-25 14:00:36,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-02-25 14:00:36,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-02-25 14:00:36,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-02-25 14:00:36,702 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-02-25 14:00:36,702 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-02-25 14:00:36,702 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-02-25 14:00:36,702 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-02-25 14:00:36,702 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-02-25 14:00:36,702 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-02-25 14:00:36,702 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:00:36,702 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx05WIMDO9u1lWjtcdb1L9T9JgUw4YTKm4dNYCBX8L2DoV9KO9TYaZVCk6qnzEoIVew+QlTT8P6aBbkWU2ks/yr0erTV4/RkvyFzGashYIHL0= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 103.161.98.76
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://mydev.flextg.com/sso/assert
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _210003cacf94463c037afa0e42a5e97d
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _210003cacf94463c037afa0e42a5e97d did not already contain Conditions, one was added
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-02-25T14:05:36.700Z, to Assertion _210003cacf94463c037afa0e42a5e97d
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _210003cacf94463c037afa0e42a5e97d already contained Conditions, nothing was done
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _210003cacf94463c037afa0e42a5e97d already contained Conditions, nothing was done
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding flextgsamldev as an Audience of the AudienceRestriction
2021-02-25 14:00:36,703 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _210003cacf94463c037afa0e42a5e97d
2021-02-25 14:00:36,704 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party flextgsamldev to existing session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:00:36,704 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service flextgsamldev in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:00:36,704 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:00:36,704 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service flextgsaml in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:00:36,704 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:00:36,705 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID flextgsamldev and key AAdzZWNyZXQx05WIMDO9u1lWjtcdb1L9T9JgUw4YTKm4dNYCBX8L2DoV9KO9TYaZVCk6qnzEoIVew+QlTT8P6aBbkWU2ks/yr0erTV4/RkvyFzGashYIHL0=
2021-02-25 14:00:36,705 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-02-25 14:00:36,705 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-02-25 14:00:36,705 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-02-25 14:00:36,706 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_fab0ccb9dc013d69b2ca121a56edb7b7"
    IssueInstant="2021-02-25T14:00:36.700Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_210003cacf94463c037afa0e42a5e97d"
        IssueInstant="2021-02-25T14:00:36.700Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="flextgsamldev" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx05WIMDO9u1lWjtcdb1L9T9JgUw4YTKm4dNYCBX8L2DoV9KO9TYaZVCk6qnzEoIVew+QlTT8P6aBbkWU2ks/yr0erTV4/RkvyFzGashYIHL0=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="103.161.98.76"
                    NotOnOrAfter="2021-02-25T14:05:36.703Z" Recipient="https://mydev.flextg.com/sso/assert"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-02-25T14:00:36.700Z" NotOnOrAfter="2021-02-25T14:05:36.700Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>flextgsamldev</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-02-25T13:45:04.399Z" SessionIndex="_cdbc20fd1870e6059bc0038269cc5000">
            <saml2:SubjectLocality Address="103.161.98.76"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-02-25 14:00:36,707 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://mydev.flextg.com/sso/assert
2021-02-25 14:00:36,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://mydev.flextg.com/sso/assert
2021-02-25 14:00:36,707 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fab0ccb9dc013d69b2ca121a56edb7b7"
2021-02-25 14:00:36,708 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fab0ccb9dc013d69b2ca121a56edb7b7 and Element was [saml2p:Response: null]
2021-02-25 14:00:36,708 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fab0ccb9dc013d69b2ca121a56edb7b7"
2021-02-25 14:00:36,708 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fab0ccb9dc013d69b2ca121a56edb7b7 and Element was [saml2p:Response: null]
2021-02-25 14:00:36,709 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-02-25 14:00:36,709 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://mydev.flextg.com/sso/assert' with encoded value 'https&#x3a;&#x2f;&#x2f;mydev.flextg.com&#x2f;sso&#x2f;assert'
2021-02-25 14:00:36,709 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-02-25 14:00:36,711 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://mydev.flextg.com/sso/assert"
    ID="_fab0ccb9dc013d69b2ca121a56edb7b7"
    IssueInstant="2021-02-25T14:00:36.700Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_fab0ccb9dc013d69b2ca121a56edb7b7">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>OVIjJGRprAftA73+h0wBkSR87ivIsA7Zxkg9pxbFFG8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>scknHCLnrT55zvjY0oo6qQVuFWehYfPOrMMLMyLnRyIzH1N0gOIOsMAjuCkfkMv21vbsFRUaTT17/pBJoAJoetEqt7MhNelYErWCgd/OO+C7pJL9dguaTZuTfiGdpsrXzyggFHZryf2F7MBjAetgzILVyaR/INGfODKg+9n+aE7vqaIb5P/kXSiq3DQvu7HeH5Tp5dun6dWgMLmNbrkDGZ6GnKfUU0CJPOzKpTYHhDD4Qoku2Mf6yr1StzurrEZOuW/8Ko0YnnZm3KF1Cs1TIyYERjVTpxn5wL0jxo7vD1EJCdQuFvSaZz5KZndQx7EBRg+byPeMbB/Wm51vpx3IlA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_83f2f03d353fda86b40a702d90edfcb9"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_641708af5795e83c4661c3defd4f34aa"
                    Recipient="flextgsamldev" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIF6TCCA9GgAwIBAgIUPG4sFZXAZORpoWAwSkp7vu0IUawwDQYJKoZIhvcNAQELBQAwgYMxCzAJ
BgNVBAYTAlVTMQswCQYDVQQIDAJBWjENMAsGA1UEBwwETWVzYTEPMA0GA1UECgwGRmxleHRnMQww
CgYDVQQLDANGQ1AxFjAUBgNVBAMMDW15LmZsZXh0Zy5jb20xITAfBgkqhkiG9w0BCQEWEnN1cHBv
cnRAZmxleHRnLmNvbTAeFw0yMTAyMjEwNTI0NDFaFw0yMjAyMjEwNTI0NDFaMIGDMQswCQYDVQQG
EwJVUzELMAkGA1UECAwCQVoxDTALBgNVBAcMBE1lc2ExDzANBgNVBAoMBkZsZXh0ZzEMMAoGA1UE
CwwDRkNQMRYwFAYDVQQDDA1teS5mbGV4dGcuY29tMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGZs
ZXh0Zy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC8B31D4CpLPjhL/v/QHo1x
Lj3ZKv5+Vcb5EEAd/PdBHOtzlUvYPQTHwrkcZok2iE6fBks3a/4aJWb7eAXBlFmrYjw+mXw5VNTT
K4RI9fOWEhNJbiuw49E9/52ool3Im+lVmgEDTRv+a8jCywObU6qUnhVdlhgSBOEjsfRDynrwfJkK
aVIVr3DAWS0ZtkZ1mVfcNYHcd8r5fTiaoM1ocC4UorQwZCkeT7fJU4rhJy+CQVygXxJ0LFK6L16H
ml1uK8qYF5+L8RvkiYsEFDPC4+o3x8OoqwsDny203s4Q6O2z7EzgpLxxa7Am1kMFJRopDJ5Dbemp
z+OVtGgmdlkMG/XG/zx3W66u9ipKhgoyBXm7NSfHzrJ1px9XBatC1h2z0AijnV6ICTJe4Fbfn8Qv
Xz1rDwdV7DDj96VPYr0qgOBIaPKxamy3MXMUec0W5ysVZpxatWW8TmRyDqvawpLQzLvbpQOqx+nE
iiR6YIQL9vrF6fUmkgXEf28JiV2y4wSnCQgQC5i/HuKIiBt9/170ogNRJNNd49JwjqeENE3Ib8ne
O0hG7Q+TraAompQ+FeDp5vzZ4Zq4M+LPRlb/VcUkIwIy5/E8FRqbhMyG1oOjT2sd23zXxKtjGTdM
K2OPumJY9zw+iniNihCaSVNQVRI92XFLEZvGj22C5Y84EpDrikghbQIDAQABo1MwUTAdBgNVHQ4E
FgQUR31X5fJV9DyYC9ejfAWDYKY5fbQwHwYDVR0jBBgwFoAUR31X5fJV9DyYC9ejfAWDYKY5fbQw
DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAevymonukophI+n2JNTeV7XU9i3mQ
Rw1fdERsgwUZMnxg0u72tHiszlSCNrzvTVPCk/j3r4n7ez26cK0iaRPx9e5BlGutb48i6BpG0AIP
kAnWfjmgSSqQJudHNlA1NWEsjzuWm+nJkf3gaA9wA9CYTnRWHShdVkEt2NJ4FG5Lr0UXfRkEsiCT
959q0qi7CQXE66MCehxoMZhP8emXRb/ciMNXNYFQKIF+oPNiJwbs1LfTgBJJp812InPKKiJDbIPV
mC98n4Vi3h/rbSbb1irK/Pe9y0u21fmieyUaKGJ72mnK+cRW9JEcdVW49UdWDvUFQps+FSKElDWo
c+IW1Cdjgai+DK7wh6yvu7Q04urxaKC+wIMnxXTaZMX96CQUx1PX8K6RRHp66Bz5q8lls9mbZKID
qX8+mri1h+GJM5B6e78tKGWX8Ekr35Q0ag8yMljNQgOU+XpGG54ItCqgjUa64CIGZhRQ3Sn+BPd7
AvH03URumdPjO9IB3Yku0eAPw/siAiEFmKFr7JZPNrYBGUraIsvzhk2wkZ1JFbD/EjbhKsVSlNFg
5smM06VYfx0m44tndYKVm7Uhf1kD/7xcPN4hoJ3dRJe1dTtf5AYt9qj3GNkW28UmnGVhS+WnTXZi
8qoLfGECQQf1PrdYdp56QSH4ZIk/c5MHFe9a3EXX7gqhOrY=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>GhUa0KmOXcldxF2bldcY3wsebnjMHSK2qWAeC3XJGSVV1NbxBUrCx2v/CTGPY8Ut+ZFIR+8Xjf7WDOVsdG9DLefJ5dKZQzzTPAiXiOS7O8IOPxXc2qoESQ+eTVhoaqzL8IQ08ms2Ymr8EO6FGZEtwSFyso3+DAGb4tadOOgw1mrVGmMlnsBmEp8m7I7khAe7XeA4xzTsZkcL4gKV1pFCQJDPwRx+oEOrJ5CSquDXtv6iKHXJitidD1aKOvestUEkXJazPXjZ/y6gnVkmVWc0QvKzHgJ8kvBM6/FEE7PbWVtIMv0KrgEHicxwp220siDDR0T0NkmNxY9Boo9GkO/Q6oW4+v1aRr6qB/Tv9ApvQTb6A18985WgqVNUenLoOXG8q3MvpmlIIXGXCxnnQIqt6CEZrDz4dbg85Wm+6JqF9I+JnCL028RAF2QpB0ENBeWaz5C2AiwF894M5iW4jEPHN8QKqPFa5b3eV7Hbiz8CoWqhGIpR9XP65XMEu5lxOL1YT5Gq3KHQRjCfhWIoaB+4AKzdvzo+50ig49iHlk4CUqLExw2GpFeE+BrhSDyjrQ1U7MktnUDpTA0L9da2hlyzJFSTqJDdkB26q+3OzHS9WsVih3qKEKGWNKzPxH7E921MzisS7Wvkwb6WAZuJ08HhiIeH84v9gerdazysGrK3qWE=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>rUK1aS024SZ7Ej77FlKub0wG/ehGktGyX87n91Ifv0mnTXvqN2k/l/odSIMBqNoQ/raWrX1U/MAQXe8q3B5Qx3VVAUPkDJXha7TufOiaZF9t39y0u0OBMpbSDVON11btlJctF4dTsz2jP9KQh/Wcq/Q6OxnHUcWw618IynWvpWw/yej2Meppgxbyi+8BG5FC+hFluNGTBHtNlUbAXwl9snVcmcFUS7DTJIR2PbdGNPBiPyCxWxmkvAv/bEtm5o2X/xdXJNacnQa/v6aPsqU4FHuGIZoJyx04ABH0d2wJ1vlos4WZskm06D38chRoNVJiYY1S1zi+PhCEuRmdyHoIgYzJXCR6b2fC0QPJUl+qaiPsDhwK9c+/T6MoX8AHQalKkiVJmKhDTffXLhSIeeCk4sGlHlbsgImSZuWg6teIx481Mf7L804epVKTKIpHiI9ZDqRmplZSEFuG7wCngy8KZLRWwHhDfmF4XXpM2FCKB78c3Vgwrm79cAfe69jt6DbFzodqbkOLbUKwNCzRUJnXSfdrIgp4VBffwJk0XfTr5aLEQw6N7Qx/WH2EOCtaOdXMJZwYu4Wv2DslDRFhK3AiT566JpH8nY0wLN1sJSa4lVDGXiSL4BOrIDLg6Lgne0h8Xza7lqOqswxugffFeM7FFnulXg/s8N6Gs3d2/wu6Wx9l2rtRxm7bvPf7WKMxsMN3ZtPAv8+a9zzuPOx5l5KN4sQvss0Yk4P2h/rkwBd44WCZklHHWAtpOTkzjf0lAC/8+Tkdnspz//z1a5TRCsOY5Iacs01pqA+kqIisA3XFZOHwghhx65IavF3rw4wQLl1gND9VRTgwsitjE55aM+Y9zDIsC9vT05GupgMAEvp/z1HfM4VKWeQzvwkgdeLGkZREn4cjTFplt6OD3qGVbY8tKaB2+w3ChYQJOKuR7sjluPvqxWUHGHQdZj7/kIIxxw3rRJdw8x+zC2/N9bjHqIpBhAqjOLyUZ39qmzv4WGF1gGWoS5qLmAmus2Bs4hH/m0hTRcwKGly9vBS9WGpplqadATKASVil2B85yluHvwdxfeVUuSn7flqKzjeSEeMVpHcKOTzBbImS7S39d/M5ps5t+hBxJRdjhUActkJTaexZXg54yH4O2GruCCIihnSci/5Ozw3+w1PWNjmf/3oNVLWwQI2V4QsO2K0MRGKKXaE+o4z6srdB6m0nwXD07yYNcd0QY7XkXEaL8VOPax3aQMcNEUM7cavOIZIQhdVi5msmNqR74gvInsvGhPh2Asjx/82xfqmZ3amncxnf9wEGpA8g1vP5WnhS4flFWls2MEE3vUcKB/o5GRYrFtOCEfa31cEjGwxI2r/wCg8mZn2kLip26o3Um4IwNuOGNkDIl6XfeDBaDBgo4TycHNf+3eoxswKbzDkN1B6hq0c1jCrE24XkNV3qrA54ohCWqFWmCjZaaj8ayyfXmRM5D7wFfmjVwnftqnA9t5CDlT48ZFgjYwV+suXHiJJ/3hEB/6evcay37fHKqN9KDiw+HcY2JYhQwIXpp/MMnTcQIarnQkumonayxacoVRiFoDZIm0N7kNeDZBzgQ+I+BxO8sHjEQJXCrhcTWctzxZ88XFcK4jNthhfaYmYyih+MZSt3PwAqDYOVLJ/DlW+qe7k2uKUVf6jR2jaK2MnsQrGvSzH1P+4PZxf44MpRStd8NyGsHV072cOKNXNcaIcfcbWbXCeboEipm0n+y6RZrd1GhZxxhJ9lwpnDtnU0USz9dyq1TrIXxacOx9ZAhbK3+LHYvIShUlFphOfvmB4ofa2J++R0W51dVL5nxAS0KQsTXlEFy1Mulj/oBEPdpyngoYCnc7J/G81KBU0keiEbtqIyT7nI4kZPF9sZ9lTciEzNjD+MWb4S3LAg7cxEn3l4qtqkNaTZ5HfGa987YMxjWoHfLgDukf/5l1atw8PARDrMeH56siY/hHnrW3nS61qsd1YyzpRv/UCKoBaSM13b9Pu1seuvkgemQqSlnP1en56PTIAd5ukHQtzdWaek5NGE6ilrrtb/IX9KAy9E2N2Xp+ZWRWiGElwB2o2skGw2fX3Sk1MP6/dqH6cLSa+gG5hZZJwmkCtx8+EmrUHyX7B0vbWmSK97vMwiSHWCjsBb++CwHi/+olJTtYxz0OW/eUB7dxX9ip7jBVBhUUafzTYCrNqJXgM71G4yjQ44hWeIGrahAgerJ7DWJZEMm/RfA+PQW7xDHfejumLGbEQVFPkj7Sg+FU8erq+lVWhhMOY4Xoy41O+mhHXz01AXsFmeHRSbj+w09V3BNpx3xSsloCTLLAKofoH4FukUIzrfGse63AA1m/YSsiT9XFBdzf3qKCgdTo5FGBe8zMZ6cF7viwWQ3STjUo3fJDqR4hQEQy5g4lWgcVfk0Wg7AwKNH0rqu9kt9wsh0HSTVuZ7PDA9h0L/SU67uca6CkceI6l4QH6G/2o5VJa7dY85KyvTKC1HTiVIqmgpO4+DjfzIOSFhypWTNDXa7cL1x4koKSoyLysPWNi+jFHZuOw82Pl3ZU0GQmOWfLBVNw4g0S7UvdslfQoeqJ+9J2w5AQeZlUiKshG01EK3YzJQmnrWLDJI4mbR+vPVUlmx+1t+fJDrGEmzch/3PoL/3v6Vl3Lc7Kx7pegtPaGsr17JalSUpJHzPTdpiPCvgvA4dTFDh3YgY0nf55jLPyS9YR9hV75q8+O0cPS9PtK9ETPzvcrjLgYdU7QG4pYca2HbodFqiDPbEvdvacjTHjYuf+eZ9fm057loxnxikD+sB6Ljs3BPfIm1bscM6FG03JY4NVY42aI+Gn3DZ02Y5IfZJ35BqStcVOv9Uue0WTiR3OOPqLYar/Mkj31JpXbz9JzoUt9QqpH8B2+goqf1BmjFXm/xylsjPakb/zKGRio+Ndkyzog08ijREGUCun92Inlsn2hwZEzCyYOBhcz5nXjS7jUVJuZs4NKa8uYHvPPwgkj9X+UsKbWv92hEgDD9dJomDgpQaMMbhqgb2hRYe+5IDToim+OEtMrJ/DQ1SDSjd2RY0dGT4Zfps8udxE//tFuGvdGwsb/d2j/4FjaYdovJmwpXMXCLoZCFI2/8JhzhTCElXQa2P2UvFDcql06nC12/hn4nBogJvhpbIUsHuTHGmVReceXaoqPI/BSBjeuPTbuk5cLIw30YMFfpZzoHIauRjo+Poo7Ee+AepdxNVSFfoB/fpL7D6xVhHbbGvtvQFBGOpuOkGUatap/cy/9YjrZgN6IcuE2CDhrCChpMTXB/TbNCy3hblbIamGOIgYZnxTf4jupFvn/EUkLcpS92kYx2MMA7eyA3QiIMWpivEixbjDGtfqun+oUHj5cENuznVwV1mjV3AlG6Zu9tS2gs10C2/g/TtBPzPgD46qpf+8EBK1vD8isZ6J2PwNNFp2KFFmFULuEQatR/wYmvKjGEKtND6N12UEJV0u3ov1XCUzouNLOkmI3Mr4q5WyXdErAoobibDpzubW3cFxL2l+u3XQBbqyDA9PLpijB9BYNsyu7y4nBD+W2XAlGleg7tIpBt8E2b7Aa61lR6gqWZ3w/HzmoTaltMpI0NpF+BB8wacfvMPbyMjlMbtA38w7ktnqwxVo+JuR0J3x8cMuqmuoAd8g1J1t1q5eSQY0Hpo4c3gXw2uFof7HlLlzjq78fl0PKFycqM/SWBxj+RXS+7i1C/FKG8vEdko6BF0hWQ8txMHD77m7ieyjaGV7g1PbfwoIoK1TIaDDL6Q2Us939UIH6yY9kvjnlzW0hv2b4V5m+tlEv0pTxLFTfyBPjvkqf1nzJ4/254fafT56Y3o1jvLcQeOny7NQ0I6ux3CdFIdKm709w/U9sPjTVYwH0Po3iDmWqZxlaflASCVqJ2UP/pyJ3m3gpM4+QTHOpA0ll6G+uJLLbsDmJcyQWKfjsgM4epNlixB+NGsbqSHCvIdkQmmstWrTZQryuyU8/NKZmV1jCXYfzJ8aj0S01Mj5DRjNWIbsoWWRQqVHjjkInLtKsI9HqvVbLJr0h3PjEoueYGFKEU45n8SJPT2B9DHShKFZmhJjVKg7LUe+UW92cuNPvbnLGcdhq/rzeJDxLdRO2vnuH+FOyCyMktC9htXYYD1bWY6ZzaYCNcPMGHJO6Zl+MTuYwa05Y1T6wju0uMg49zjRTbSebj+oaHOjmyqJGcmfnD0lyC13HeOsyNXHvqvIHZn2dMICKwkPMvTS/PiP+wGqnxD/OZ0DwWgrtLahs1pNuwk3N0n+mDP7rBxZEUCizlEyjlBih8rMFfX69iGqUlp4uK1Vlnm48gQoO7OFIePNKLJM6/jRic71fZbIvdV0yowNmEPSrkdiaUT4GtBG+N7pqSvNZy2EBmk1IxdGc9/Spm/GbEGYlRSyc/RS4lBvU+M4O+Anaeibu9vBmA0MoV3X5Dyu5ojTdquTj8KZT+Lqi+BieFmfxaKLpa2HjMyG4NvDa99Ub/kj+SyoSVajEJEooDKIUVk/GubXKyhJx0YOvh9XJ91lgqb+fayWc0gFIeL7MBCaOBwESD8YhdjcuAcCXaCemQbn8PZBrXcmGaHjw4n3hzey6wLMVSDP4SkNDv+CZGtLaRCpvSKdSb8NQdyS+v/qi3z4gpjjvf7XgyDW5vBSOUUmlCgvKpZgoVxHmpyDUokdce1IzJjmxopv5zZVKUJPHwwF3P4BCZrEQLq9DlxOIg7v7UdYrhcdRt8L9cR1LJ1JRiN55rEh6WN8pIuB7pCokdELc0z8obc0hxV70HcgcR0axPpbHuGqcfwBPTYCNl+PESK2AJ8sfeSZ0OItq7GexxCIp7gnSp8lrgQrPkIkjpwJ56jrOVwf/qMmu3M97RAvqj/pLRwyVPe2Z6XRmLeL630N1bu+kQ2wUqpy/d6Ybl6+IMZMPwk2lJPIGjbDjJG2lxdUtmB9zfbhFDMrp7t2iHe23vqoxk/frNbx0DnuvNhZwhKJ/xi20T3kE=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-02-25 14:00:36,711 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-02-25 14:00:36,711 - INFO [Shibboleth-Audit.SSO:?] - 20210225T140036Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_e9deef34-abfc-4720-acca-767df8de4b32|flextgsamldev|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_fab0ccb9dc013d69b2ca121a56edb7b7|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx05WIMDO9u1lWjtcdb1L9T9JgUw4YTKm4dNYCBX8L2DoV9KO9TYaZVCk6qnzEoIVew+QlTT8P6aBbkWU2ks/yr0erTV4/RkvyFzGashYIHL0=|_210003cacf94463c037afa0e42a5e97d|
2021-02-25 14:02:48,221 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-02-25 14:02:48,221 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-02-25 14:02:48,221 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=flextgsamldev, acsURL=null, relayState=null, time=2021-02-25T14:02:48.221Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_a91164ff-8c77-411e-9b75-772f7ba93fbc"
    IssueInstant="2021-02-25T14:02:48.221Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">flextgsamldev</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-02-25 14:02:48,221 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-02-25 14:02:48,231 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'flextgsamldev' from origin source
2021-02-25 14:02:48,231 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:02:48,231 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:02:48,231 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:02:48,231 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:02:48,231 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:02:48,231 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:02:48,231 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:02:48,231 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer flextgsamldev
2021-02-25 14:02:48,232 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:02:48,232 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:02:48,232 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-02-25 14:02:48,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_a91164ff-8c77-411e-9b75-772f7ba93fbc', issue instant '2021-02-25T14:02:48.221Z', entityID 'flextgsamldev'
2021-02-25 14:02:48,233 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'flextgsamldev' does not require AuthnRequests to be signed
2021-02-25 14:02:48,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-02-25 14:02:48,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:02:48,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:02:48,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:02:48,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:02:48,234 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:02:48,234 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:02:48,234 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:02:48,234 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:02:48,234 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:02:48,234 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://mydev.flextg.com/sso/assert using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-02-25 14:02:48,234 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:02:48,234 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:02:48,234 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:02:48,234 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:02:48,235 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:02:48,235 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-02-25 14:02:48,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:02:48,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:02:48,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:02:48,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:02:48,235 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: flextgsamldev
2021-02-25 14:02:48,235 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-02-25 14:02:48,235 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:02:48,235 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:02:48,236 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-02-25 14:02:48,241 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:02:48,242 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:02:48.242Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:02:48,242 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:02:48,242 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:02:48,243 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:02:48,243 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e to 2021-02-25T15:02:48.243Z
2021-02-25 14:02:48,243 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:02:48,243 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-02-25 14:02:48,244 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:02:48,244 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:02:48,244 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:02:48,244 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:02:48,244 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-02-25 14:02:48,244 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-02-25 14:02:48,244 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-02-25 14:02:48,244 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:02:48,245 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-02-25 14:02:48,247 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2021-02-25 14:02:48,247 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-02-25 14:02:48,247 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-02-25 14:02:48,247 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-02-25 14:02:48,247 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-02-25 14:02:48,247 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-02-25 14:02:48,247 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-02-25 14:02:48,247 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-02-25 14:02:48,247 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-02-25 14:02:48,247 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-02-25 14:02:48,248 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:02:48,248 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-02-25 14:02:48,248 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@332c7cc5'
2021-02-25 14:02:48,248 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:02:48,248 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:flextgsamldev'
2021-02-25 14:02:48,248 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@a9a25ca' with context 'intercept/attribute-release' and key 'rick:flextgsamldev'
2021-02-25 14:02:48,249 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:flextgsamldev' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1645797636700' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-02-25 14:02:48,253 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:02:48,253 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:02:48,253 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:02:48,253 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-02-25 14:02:48,253 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-02-25 14:02:48,254 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@332c7cc5'
2021-02-25 14:02:48,254 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:02:48,254 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-02-25 14:02:48,256 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-02-25 14:02:48,256 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-02-25 14:02:48,256 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-02-25 14:02:48,258 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-02-25 14:02:48,258 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _7f7751d9ae92a709819a42c63b62ad1f
2021-02-25 14:02:48,258 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _7f7751d9ae92a709819a42c63b62ad1f to Response _df374b245a44a6716a0d5723e85d57df
2021-02-25 14:02:48,258 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _7f7751d9ae92a709819a42c63b62ad1f
2021-02-25 14:02:48,261 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-02-25 14:02:48,261 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-02-25 14:02:48,261 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-02-25 14:02:48,261 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-02-25 14:02:48,261 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-02-25 14:02:48,261 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-02-25 14:02:48,261 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-02-25 14:02:48,261 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-02-25 14:02:48,261 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-02-25 14:02:48,261 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-02-25 14:02:48,264 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-02-25 14:02:48,264 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxqDOfOs920dnoJ0vHa8BgDm3UVBt1jMl9XT5U4dWfksqx/zZx3vV0Icgke8dB5W+0p6HlOMp/K3MFeNkOKMkFhJgu8njaLVNfg3kULThZ3I8= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 103.161.98.76
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://mydev.flextg.com/sso/assert
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _7f7751d9ae92a709819a42c63b62ad1f
2021-02-25 14:02:48,264 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _7f7751d9ae92a709819a42c63b62ad1f did not already contain Conditions, one was added
2021-02-25 14:02:48,266 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-02-25 14:02:48,266 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-02-25T14:07:48.254Z, to Assertion _7f7751d9ae92a709819a42c63b62ad1f
2021-02-25 14:02:48,266 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _7f7751d9ae92a709819a42c63b62ad1f already contained Conditions, nothing was done
2021-02-25 14:02:48,266 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-02-25 14:02:48,266 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _7f7751d9ae92a709819a42c63b62ad1f already contained Conditions, nothing was done
2021-02-25 14:02:48,266 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-02-25 14:02:48,266 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding flextgsamldev as an Audience of the AudienceRestriction
2021-02-25 14:02:48,266 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _7f7751d9ae92a709819a42c63b62ad1f
2021-02-25 14:02:48,277 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party flextgsamldev to existing session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:02:48,277 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service flextgsamldev in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:02:48,277 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:02:48,277 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service flextgsamldev in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:02:48,277 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:02:48,277 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e: replaced old SPSession for service flextgsamldev
2021-02-25 14:02:48,277 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID flextgsamldev and key AAdzZWNyZXQx05WIMDO9u1lWjtcdb1L9T9JgUw4YTKm4dNYCBX8L2DoV9KO9TYaZVCk6qnzEoIVew+QlTT8P6aBbkWU2ks/yr0erTV4/RkvyFzGashYIHL0=
2021-02-25 14:02:48,277 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID flextgsamldev and key AAdzZWNyZXQxqDOfOs920dnoJ0vHa8BgDm3UVBt1jMl9XT5U4dWfksqx/zZx3vV0Icgke8dB5W+0p6HlOMp/K3MFeNkOKMkFhJgu8njaLVNfg3kULThZ3I8=
2021-02-25 14:02:48,277 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party flextgsamldev was replaced
2021-02-25 14:02:48,278 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-02-25 14:02:48,280 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-02-25 14:02:48,311 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-02-25 14:02:48,312 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_df374b245a44a6716a0d5723e85d57df"
    IssueInstant="2021-02-25T14:02:48.254Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_7f7751d9ae92a709819a42c63b62ad1f"
        IssueInstant="2021-02-25T14:02:48.254Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="flextgsamldev" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxqDOfOs920dnoJ0vHa8BgDm3UVBt1jMl9XT5U4dWfksqx/zZx3vV0Icgke8dB5W+0p6HlOMp/K3MFeNkOKMkFhJgu8njaLVNfg3kULThZ3I8=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="103.161.98.76"
                    NotOnOrAfter="2021-02-25T14:07:48.264Z" Recipient="https://mydev.flextg.com/sso/assert"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-02-25T14:02:48.254Z" NotOnOrAfter="2021-02-25T14:07:48.254Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>flextgsamldev</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-02-25T13:45:04.399Z" SessionIndex="_6581b7c8d149f65b7cf9cc5f4861c9cc">
            <saml2:SubjectLocality Address="103.161.98.76"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-02-25 14:02:48,318 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://mydev.flextg.com/sso/assert
2021-02-25 14:02:48,318 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://mydev.flextg.com/sso/assert
2021-02-25 14:02:48,319 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_df374b245a44a6716a0d5723e85d57df"
2021-02-25 14:02:48,319 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _df374b245a44a6716a0d5723e85d57df and Element was [saml2p:Response: null]
2021-02-25 14:02:48,320 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_df374b245a44a6716a0d5723e85d57df"
2021-02-25 14:02:48,320 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _df374b245a44a6716a0d5723e85d57df and Element was [saml2p:Response: null]
2021-02-25 14:02:48,325 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-02-25 14:02:48,325 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://mydev.flextg.com/sso/assert' with encoded value 'https&#x3a;&#x2f;&#x2f;mydev.flextg.com&#x2f;sso&#x2f;assert'
2021-02-25 14:02:48,325 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-02-25 14:02:48,329 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://mydev.flextg.com/sso/assert"
    ID="_df374b245a44a6716a0d5723e85d57df"
    IssueInstant="2021-02-25T14:02:48.254Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_df374b245a44a6716a0d5723e85d57df">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>JfxlSSD8KdXfEkvdzyBBGYEj2IRA8uR8u5a1upupqwI=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>s0jexGSzjQpA8QE+APfg8ovxmxNxPn1qEX31l28FMgC0zceMaVchwmNMagT+RO0uUNkysFdsyZTvy0Yvs7NkjwjuaSoyAvEmW0FZRd2h8W7NaozssSyNVqM43FojrE5S7B02YrL4hm3kAdRnO91aY7w9QKxzepEP/0LR7Nz99Kk5T5botOIZf6mYyUWM7SJM8WsEX47IxCmgI0iaFNFIVL3ZcWQaJK+fK28+pwEFPqHCXiqJuqGU5nQ5sn6pWVs7fbxNnf3jNkvgmDh1QfpR/+ZFdmI7K03XJ9aZ4123hACt45ubGkacuTNJWJKZ1nR967UC1BP3el3HCPPOLt6XOQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_9f0205592f8f633a2ca9620b7bc0da0e"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_f8b82b07254b5416adb550b69d830af9"
                    Recipient="flextgsamldev" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIF6TCCA9GgAwIBAgIUPG4sFZXAZORpoWAwSkp7vu0IUawwDQYJKoZIhvcNAQELBQAwgYMxCzAJ
BgNVBAYTAlVTMQswCQYDVQQIDAJBWjENMAsGA1UEBwwETWVzYTEPMA0GA1UECgwGRmxleHRnMQww
CgYDVQQLDANGQ1AxFjAUBgNVBAMMDW15LmZsZXh0Zy5jb20xITAfBgkqhkiG9w0BCQEWEnN1cHBv
cnRAZmxleHRnLmNvbTAeFw0yMTAyMjEwNTI0NDFaFw0yMjAyMjEwNTI0NDFaMIGDMQswCQYDVQQG
EwJVUzELMAkGA1UECAwCQVoxDTALBgNVBAcMBE1lc2ExDzANBgNVBAoMBkZsZXh0ZzEMMAoGA1UE
CwwDRkNQMRYwFAYDVQQDDA1teS5mbGV4dGcuY29tMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGZs
ZXh0Zy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC8B31D4CpLPjhL/v/QHo1x
Lj3ZKv5+Vcb5EEAd/PdBHOtzlUvYPQTHwrkcZok2iE6fBks3a/4aJWb7eAXBlFmrYjw+mXw5VNTT
K4RI9fOWEhNJbiuw49E9/52ool3Im+lVmgEDTRv+a8jCywObU6qUnhVdlhgSBOEjsfRDynrwfJkK
aVIVr3DAWS0ZtkZ1mVfcNYHcd8r5fTiaoM1ocC4UorQwZCkeT7fJU4rhJy+CQVygXxJ0LFK6L16H
ml1uK8qYF5+L8RvkiYsEFDPC4+o3x8OoqwsDny203s4Q6O2z7EzgpLxxa7Am1kMFJRopDJ5Dbemp
z+OVtGgmdlkMG/XG/zx3W66u9ipKhgoyBXm7NSfHzrJ1px9XBatC1h2z0AijnV6ICTJe4Fbfn8Qv
Xz1rDwdV7DDj96VPYr0qgOBIaPKxamy3MXMUec0W5ysVZpxatWW8TmRyDqvawpLQzLvbpQOqx+nE
iiR6YIQL9vrF6fUmkgXEf28JiV2y4wSnCQgQC5i/HuKIiBt9/170ogNRJNNd49JwjqeENE3Ib8ne
O0hG7Q+TraAompQ+FeDp5vzZ4Zq4M+LPRlb/VcUkIwIy5/E8FRqbhMyG1oOjT2sd23zXxKtjGTdM
K2OPumJY9zw+iniNihCaSVNQVRI92XFLEZvGj22C5Y84EpDrikghbQIDAQABo1MwUTAdBgNVHQ4E
FgQUR31X5fJV9DyYC9ejfAWDYKY5fbQwHwYDVR0jBBgwFoAUR31X5fJV9DyYC9ejfAWDYKY5fbQw
DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAevymonukophI+n2JNTeV7XU9i3mQ
Rw1fdERsgwUZMnxg0u72tHiszlSCNrzvTVPCk/j3r4n7ez26cK0iaRPx9e5BlGutb48i6BpG0AIP
kAnWfjmgSSqQJudHNlA1NWEsjzuWm+nJkf3gaA9wA9CYTnRWHShdVkEt2NJ4FG5Lr0UXfRkEsiCT
959q0qi7CQXE66MCehxoMZhP8emXRb/ciMNXNYFQKIF+oPNiJwbs1LfTgBJJp812InPKKiJDbIPV
mC98n4Vi3h/rbSbb1irK/Pe9y0u21fmieyUaKGJ72mnK+cRW9JEcdVW49UdWDvUFQps+FSKElDWo
c+IW1Cdjgai+DK7wh6yvu7Q04urxaKC+wIMnxXTaZMX96CQUx1PX8K6RRHp66Bz5q8lls9mbZKID
qX8+mri1h+GJM5B6e78tKGWX8Ekr35Q0ag8yMljNQgOU+XpGG54ItCqgjUa64CIGZhRQ3Sn+BPd7
AvH03URumdPjO9IB3Yku0eAPw/siAiEFmKFr7JZPNrYBGUraIsvzhk2wkZ1JFbD/EjbhKsVSlNFg
5smM06VYfx0m44tndYKVm7Uhf1kD/7xcPN4hoJ3dRJe1dTtf5AYt9qj3GNkW28UmnGVhS+WnTXZi
8qoLfGECQQf1PrdYdp56QSH4ZIk/c5MHFe9a3EXX7gqhOrY=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>nMK7Cxw4EFAQt+sHIkIxUpiYFEGl9HNKWsHzXxnt4Vn2lGXsp7nMstcGbKqo437RWdNIEiIsNYWjQPt5jTYGzaMA1sWtnONtPyLHtz6LzzTlqdWibPHts9w8mCh0lUhzkIgnK471FRn0VVytuJV3S4n7PCpBFoDJiGxTh8CayeiwsYKypKH6k9x6z45zHNtmhcqYbat243C03QuDc/ovVcZPe6ihRy8bDFa95dYLREk+7ixh2JyCROC4Cl5+w1Q3goQkbgtBGs5v1clfriuhLYQtAJjbPARB8EwK3nwUWsvVxRZYVvw6+sNxfiuooLFZ+VwOkZW17qdZGVhsy+sNiTH0IJDpbQvaKUVBVQtnvB6OvgszmCITDDAcOXRHUWXbW/xrTI/28r1tdHxG6qvl+CxqqedyQFuB/XoipT3H5OsTXSgzNV+iNvp+XcjIYMvYGrbB6aahQCHjCS/rrTFtpUmH5MQatDt73CbsHhoznNxA5XeNh9SUVPYU4xLaDFAyGcd9G+PrWyNwn4Uixfw+afyQ78c3XG1aWWjxL8/E2Z+xbEL/eG6T1NhMATsR7Mf3/uECdEw6063msZmAeo/i/KLElIGH4YM5bOC3pLUUBIDxPs9lToXZtToOr4hsdZ1C29ZODSBOzkU4n+IixETVoZd/8PJUaIY0LmU0eZ9lliw=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>6qpROEwrGibEm/ie8qSwzjaY+MQZxjoab1jgVhUm91WtkSCKbaukgFEngY1HSTO0GCvKB77qbN2At7GV2a2UFx1/9VGFL5uMjzOcmTs6Vp8HsA8JHgvV3MkIA6771/dcsQUJw9r6yLp8MJappGR6qD76jhI6AEN3lHHcSXONP/eAt3sUZaMYs3kr9drUTHU3t60pPm1v7GxwfJLpedmDSa2QoNwVecfZnD1Sy8H5jidtn6cFXEGUBXZoDErY/2iiYvjQnAGdg+dGE91hHCKWfEHtY2UU2d1a9NSmIgUKGkpngq50cNz6ICXedCeFn2Nz/A7Kgz/Sg9oVakp0zMKkx2CmKDB2XCjm8/SOZ1nnjUfimCuNGQK+Edph6m9tvnZn6E1x4zlOA+nQ28hwDhUipvyKMSRjJMYUcjNMYZmJVlTw4fyaWshZ7+SF2Pka4xpQ78z+idb+OnK/SQE1Dfd7lBvtDgIdAGRRM6DnU7TEW6SLOTVFKMSQxlC0Lq2lIbQ6y4FiRp+JvtxNxe4q4+d7o5gHR3AkCtzg1zC9I7i+zoTXbZyaFINqwvFySrCfJ3PQ2cKVblezjJJE+/yeqcpKdUfrOo0y/xF19XV/AewGShpbVIEO2SUxy/gLS6KvWoCRYrUyOsSSXUZPFtTSLu8Pet8SBk1LQov15DztTGXdLMabr1KBugUNNBW7xKF8Pp9DDEkcPL276plUByFEE1e0fqosIsLG/2qV/6gLbR4tN6DggNC3F+wqRAyF1v9dsj5wWk1E7Ic0Pdo/yLJiNJZVVIA/yaeSvc4roGML66Rb30jpuivwdMv0P5VSYMWjCKlH03gpciVdHQ9jhJWQhVVrK/pIHUwwIj4zGfneeTi2iqk2U3qTac+y19lqcKLgG3vFtMMZIePD8DlothuvbtHNy2NYztYH23+Fty5qskYUO9e1cPbCLy1KInOfNnkjqW/7O60z3iKw0EAYjAiPqDcxnSbhuZcKyueebKKZwteGGSdgHDnWsJpDxjsRYxoOHh/BSgt3ecmTUzqeiBYCrC663vtKoGujJrcM7l9Rjot8xZ1m8yd+gYaSjSbH05Zj3IEHVCeGMMxcBVFDDmx0A1PSCYWoAHA/hycEhFP4xl0bjfP1v7fyr8nRl6U7bUVcS/bX/vVqp6xmZ0uO6d6EW82m+l/mmtBg7AFWaYmJYJ6pf1TVJWpt1K5tveJmMmnPkC5OhNBBet7ZNPtWTiQ7e57bF2vZ1G5omfXh2bLaqKS73pIa3A0wLP1qdpuicaenqcNhzmJodRR8ia+RlfT0xZ9AB73JIYCLJObnswaPwhGHhsQon2Z+IZjgy2uzggSE6xB3eVstMpJbMKbTReqX1Dn3UjtRuV4GjiAE8SXlBNnWHuFywumlZ8xKUfCiBjxmxCsWaF+FL67c8unn/kU/i4z3NSWFdIkpZw2XnYpqFs+4uaSTrdqolZw8FY8ED3jJm9v+L3QDhOKl1eyEzvHHyI8aI4XOmj76hpQK8icQe7YGfJl8CVnzx+bCGCo41EvFLRhydAOK48KmB/EFC0Qd3thsH/DT9MHWjJGwMgjKhR1F+KoaEPkcOgzXdXSClDD1uViT5OV+n4SFDSiARz2/taUoNybXXOCg3Z5WYBv1giUtL2ymH4vxdggbwckD8+KOFv7zz45WJGu3lDNRhwllu2gASqE45LfeszQ5lLVpoMgPetLlWOEXHoJap0yEJuz4cqXNvqkKDSxV4zKP8N6g0OSSdz4MDCEzGpa34dQIo+HlcyjftE1mNJILNzsYqZ3UQrO7Gwm14Nerz3OCeEkZDYtaECMBfxJ/HuUKHDuDWjvPi4nBf8aCHElwmAcntMhCrtGPTI5d9CdNwioTRj0TxXm8tQ8LmwxRs8T8a58BLG3KPuh1aK3kBA1fKdrmp64KFmZgxpv1Ta5NuHJ7w+3dgouosDJ6teAqOagsQ2gPQkEpJy990T1CqFkM2dxmvdm3sdaH2eO04PXEAIFFhY9XjiPUq0N1nV8aUdCzLtdp+x87pq6POv8sseNE9fdDJ5F4sU4UPiC8xQjrUTGybLXAKyUIgo1ANBmFNSXyVeDYM0DKY+1oWDAaFGpPm3xiO/s90MIn5ipNr2lIgV+GQ8ujbTR7mysTsOPp4bElvKQq8Fvew1B+bvbQB4fl9tDOngF+Kd6kg/hlsygxEiCvqbdS60msUIP4FbWhoM1psa8Nb+VoOaJjUpSh0jVEtZR1WBkje+g8BV8XjhirKQCjQEIeTk54ejoqR/08t0w7hN6sH0jYlzwGM/GBEdQgX1oViO16YAhkFDL8XYay7yBvI9glti/cAL/vbRVpSm8OUaQjz771C7719DelrhhMVNrpMeaM9fzNXtXgIE6vhZs9StadLKl1pkw0s4ack0yjqU44SKmlMXFBjN0ZncHUSe/ZwScQe/2l3PtbVfFutzbDxKxor9X+jz8LgNnBnn3bN4HshyaICPiZ/G/1wepvsU9ctGZB7939ZkhItmg2x32tCXu49egZPgMLosSg7HX6tMC7eMyMXZTESYe/xZmcMELe+qR5huUwgDRHmtRRbDYrhYGQlTRxJp+jqYCdXS53rhhJPmhoDuVEVoFdjlMhb5WXK0iPANXFjJ5QJp4F43cwgLiYQhMTp2JN87Ios8sxXrK9QEP5jNizpVlNGfbsgqgj7/d5k0A1tydUqk1uhG5yEAPgCipANabHU5y7HUx1HgCcnODAzL3saY2NeY18VgwgMTqdMhPHSYFdtFNgcsFwOE76A70MDebI2dgtKRqV1YA4axuRhAymPWlG8v56BsWQQ1+QMrfvLZBGR8+x3dcATg5QpXkms19/qOG7OrEyfcDArUX4/ZX9t0ZIFALfDIremIIjvrcRgpI4GHP54xPayjI22d5EE7Bvk9uanhv8ISGZCt6plZPbXUIsc7Pb46hq5Tk9t0f9W2+/Ro1KtdWlswTEKsUN3YiFyFoEU8/csinfrrJn0n8RirFWbHWeCnoz5YAAmvOhNL/vfuf/67fbHlaMsJ2LceHacoh16yA9H5tIQmBQfPRbu2/QFXUWSI7kkzO148ZVRH1qxj/jR7HsCPUaubXW05mr8RdOF6+w+sSmVdiA4VVPh9tYmSNSHLxhVQ5WtXIdFszjPzaZah+lgn9OzBjbGuXKPEBLVHB7OkfZpj3kfxstEcLi+izODRj9wUH9ZYQNxBnmrjnunapBFl5e74r/rxvf+rWIPQH/czLLg8TmW2LCQtfbsGOZBk9wZxA1h0VDZnSYDjWhDryDxUD6hzqLls9VXbtwJN7wQzGb7Dc5ops5ijNR37bbvgwxzzCa8wThsrFv4bx8TPFfIZuYtA+EzJJmHG/8Xyv0s8GOZIci7aLtwix3GGcgb8L4H4zGAqQMzo1KgYvGUfqefWToXzKAw7SoS6LQzKn6HOFgYr85/JcAG6Itfo5S7lhiGQECtotpH8DfLYlDC7yD8Q+uiOy+xlYLHMAOcCk3msO6vqCw3/2FYsNCFeEXhPm444jrKYMVi3ILmHjrzSimdkfuH0ZKtYeyemM81PkzIxHzcjHermh8AxYLsrAru81E4HYyfInpMkM0nVwtJk2Sy01T2RZIIsGaiJPeqBjmIJrACDaQt5N43Zcq2aJ7AII7/IaMqiWA7P44v02Mb4p1iUK37v0TCMtNWLbsWzl3racAK7zWyN39ihSgAKRh2Pt4nPKCZ2cc+fbsSakHncoCXpBeezzE4UuSrL/ykcjV4EkJmTgnInYSX7kisYjur/rrjlyN3lJwjIEaTPbiJZO8f1MJOQDVMAQa2J20Pn9c48lgOKaOMqVfzUsoFTofEPLOtZxFUGaAJkkmdUvcumHh1PWl+GrPqQ/m+UZBjlqB/JR8hoCH77eQotuLkJzpu7N6Ac+4j8sMBeT7NWou1UIUJRwj1jFMuTNns3N8XkLdsEGUTaDiz4LJ6vOfdgSWR3IdIpJ45CX9qQ85mI2t3Fxj6R+5mi4huBp+COTs2+UhJilAdeArIZvy0v3WDCcaM6dtxQrdlZj3G76WWNMwjeFba/AkwyQNedf/1U69G7K8JBqAagHCIOf5GCITp3WER4yvUCjv5tte8Uv9cbf5R29Q0ERBtOBkElIvYfJ0kt25KJlwcr0p0C5GhO2udEMakfcRxdi6wZpFnWo+UmpthyszytIDFuOXcr54a8N6Wnv9dMH32ZbqxEFW457wWN/kNIvK/I/gCLdH5R/+tZAhAhz9Zel1xD3jfQkpJZiKKAJY1TRBcibfVioyvf8pi2D4M9wCbpCNvuOsOEY2cAFBY0Pxw+pzvQQFWPHze40vscWZwAyE7cPvRweKtBXdj7OHvRKGkWJ8/nbFlSEBISTyggZuki1FWpfAuatfXU9pCQTPgeNaBbfvObHSN4w0DsZA4IipdG0wpCpeI/n14wDAWS6PKWuivLrwqoGspsMEeMruH3bV1FChPjXkoVErVxzUgnFKTxcbRioUJWDoFcsdFYKBVviEWmtLdeZQEmQFAAd3R6E1XJ4I676XQogQcrbJ2mHQnXxO/KyhNo0F9o34EFLm6irbCpT5DLSTbc7QXgcWRIxPsEb7HzyyRkNSI8YwSsD/R4ErK277AqEgWeoz36mpCRd/uzXaOXR1LvsRwc3ZErR8DEyMj2h33lUTdAy2d8UnX8ZYZ2bAlr6rRvp6tXMrQF8kh2T31ON0h+0hfeQGUVtm8emSA1nmNZiaLnWn3Kxbkt6UNhGnUBZf9X70wDetvwWVQY4M2C9coRuQEjkeJbfLtEnlKVBsjJhkwDUCYOOtR/8yunYutYe7BAvWc6+DTIG0Ba59Ix//KaO5jr1hmeqz95y+gALbg0wFvg245lKsK84RKJih9mwn3cq1YR31xCYgwlyWMSN0oI3r7kAIkCRsEM+KgBgMMxt1522Z187h2VEW8Aage9+P19xDeWYSVwLS/fxBnHUfs28F+GWdNrRQ/lABZAY=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-02-25 14:02:48,329 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-02-25 14:02:48,329 - INFO [Shibboleth-Audit.SSO:?] - 20210225T140248Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_a91164ff-8c77-411e-9b75-772f7ba93fbc|flextgsamldev|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_df374b245a44a6716a0d5723e85d57df|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxqDOfOs920dnoJ0vHa8BgDm3UVBt1jMl9XT5U4dWfksqx/zZx3vV0Icgke8dB5W+0p6HlOMp/K3MFeNkOKMkFhJgu8njaLVNfg3kULThZ3I8=|_7f7751d9ae92a709819a42c63b62ad1f|
2021-02-25 14:03:15,483 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-02-25 14:03:15,483 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: http://localhost:8888/auth/realms/master/broker/saml/endpoint
2021-02-25 14:03:15,483 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=http://localhost:8888/auth/realms/master/broker/saml/endpoint, acsURL=null, relayState=http://localhost:8888/auth/realms/master/broker/saml/endpoint, time=2021-02-25T14:03:15.483Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_2de1f242-d71c-451d-ba21-04e19dc0d389"
    IssueInstant="2021-02-25T14:03:15.483Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8888/auth/realms/master/broker/saml/endpoint</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-02-25 14:03:15,483 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-02-25 14:03:15,491 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=http://localhost:8888/auth/realms/master/broker/saml/endpoint]
2021-02-25 14:03:15,491 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-02-25 14:03:15,491 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for http://localhost:8888/auth/realms/master/broker/saml/endpoint in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-02-25 14:03:15,491 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-02-25 14:03:15,492 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8888/auth/realms/master/broker/saml/endpoint
2021-02-25 14:03:15,492 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:117] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID http://localhost:8888/auth/realms/master/broker/saml/endpoint)
2021-02-25 14:03:15,492 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-02-25 14:03:15,493 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-02-25 14:03:15,991 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2021-02-25 14:03:15,991 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-02-25 14:03:15,991 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-02-25 14:03:15,992 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://gitlab-create.bastion.developpeurs.cosinus.club/users/auth/saml_1/callback"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_384695c1-7888-4ad7-9abb-cef63d0dad7f"
    IssueInstant="2021-02-25T14:03:14Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://gitlab-create.bastion.developpeurs.cosinus.club</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-02-25 14:03:15,992 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://gitlab-create.bastion.developpeurs.cosinus.club' from origin source
2021-02-25 14:03:15,992 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:03:15,992 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:03:15,992 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:03:15,992 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:03:15,992 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:03:15,993 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:03:15,993 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2021-02-25 14:03:15,993 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://gitlab-create.bastion.developpeurs.cosinus.club
2021-02-25 14:03:15,993 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:03:15,993 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:03:15,993 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-02-25 14:03:15,993 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-02-25 14:03:15,993 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-02-25 14:03:15,994 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_384695c1-7888-4ad7-9abb-cef63d0dad7f', issue instant '2021-02-25T14:03:14.000Z', entityID 'https://gitlab-create.bastion.developpeurs.cosinus.club'
2021-02-25 14:03:15,994 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://gitlab-create.bastion.developpeurs.cosinus.club' does not require AuthnRequests to be signed
2021-02-25 14:03:15,994 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-02-25 14:03:15,994 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:03:15,994 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:03:15,994 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:03:15,994 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:03:15,994 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:03:15,994 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:03:15,995 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:03:15,995 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:03:15,995 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:03:15,995 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://gitlab-create.bastion.developpeurs.cosinus.club/users/auth/saml_2/callback' nor response location 'null' matched 'https://gitlab-create.bastion.developpeurs.cosinus.club/users/auth/saml_1/callback' 
2021-02-25 14:03:15,995 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: No candidate endpoints met criteria
2021-02-25 14:03:15,995 - WARN [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Unable to resolve outbound message endpoint for relying party 'https://gitlab-create.bastion.developpeurs.cosinus.club': EndpointCriterion [type={urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService, Location=https://gitlab-create.bastion.developpeurs.cosinus.club/users/auth/saml_1/callback, trusted=false]
2021-02-25 14:03:15,995 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: EndpointResolutionFailed
2021-02-25 14:03:15,995 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-02-25 14:03:26,802 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-02-25 14:03:26,802 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: http://localhost:8888/auth/realms/master/broker/saml/endpoint
2021-02-25 14:03:26,802 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=http://localhost:8888/auth/realms/master/broker/saml/endpoint, acsURL=null, relayState=http://localhost:8888/auth/realms/master/broker/saml/endpoint, time=2021-02-25T14:03:26.802Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_e831ba8d-ac14-45e2-bc5d-96d5de4e63c1"
    IssueInstant="2021-02-25T14:03:26.802Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8888/auth/realms/master/broker/saml/endpoint</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-02-25 14:03:26,802 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-02-25 14:03:26,812 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=http://localhost:8888/auth/realms/master/broker/saml/endpoint]
2021-02-25 14:03:26,812 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-02-25 14:03:26,812 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for http://localhost:8888/auth/realms/master/broker/saml/endpoint in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-02-25 14:03:26,812 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-02-25 14:03:26,812 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8888/auth/realms/master/broker/saml/endpoint
2021-02-25 14:03:26,812 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID http://localhost:8888/auth/realms/master/broker/saml/endpoint)
2021-02-25 14:03:26,812 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-02-25 14:03:26,813 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-02-25 14:03:48,894 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-02-25 14:03:48,894 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-02-25 14:03:48,894 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=flextgsamldev, acsURL=null, relayState=null, time=2021-02-25T14:03:48.894Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_35d75ef7-5219-4ab5-a870-c6d5dbe47bb2"
    IssueInstant="2021-02-25T14:03:48.894Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">flextgsamldev</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-02-25 14:03:48,894 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-02-25 14:03:48,902 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'flextgsamldev' from origin source
2021-02-25 14:03:48,902 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:03:48,902 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:03:48,902 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:03:48,902 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:03:48,902 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:03:48,902 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:03:48,902 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:03:48,902 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer flextgsamldev
2021-02-25 14:03:48,903 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:03:48,903 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:03:48,903 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-02-25 14:03:48,904 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_35d75ef7-5219-4ab5-a870-c6d5dbe47bb2', issue instant '2021-02-25T14:03:48.894Z', entityID 'flextgsamldev'
2021-02-25 14:03:48,904 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'flextgsamldev' does not require AuthnRequests to be signed
2021-02-25 14:03:48,904 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-02-25 14:03:48,904 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:03:48,904 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:03:48,904 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:03:48,904 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:03:48,905 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:03:48,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:03:48,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:03:48,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:03:48,905 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:03:48,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://mydev.flextg.com/sso/assert using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-02-25 14:03:48,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:03:48,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:03:48,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:03:48,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:03:48,905 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:03:48,906 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-02-25 14:03:48,906 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:03:48,906 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:03:48,906 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:03:48,906 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:03:48,906 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: flextgsamldev
2021-02-25 14:03:48,906 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-02-25 14:03:48,906 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:03:48,906 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:03:48,906 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-02-25 14:03:48,910 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:03:48,911 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:03:48.911Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:03:48,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:03:48,911 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:03:48,911 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:03:48,911 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e to 2021-02-25T15:03:48.911Z
2021-02-25 14:03:48,911 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:03:48,912 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-02-25 14:03:48,912 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:03:48,912 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:03:48,912 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:03:48,912 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:03:48,912 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-02-25 14:03:48,912 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-02-25 14:03:48,912 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-02-25 14:03:48,912 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:03:48,913 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-02-25 14:03:48,913 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2021-02-25 14:03:48,913 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-02-25 14:03:48,913 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-02-25 14:03:48,913 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-02-25 14:03:48,913 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-02-25 14:03:48,913 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-02-25 14:03:48,913 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-02-25 14:03:48,913 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-02-25 14:03:48,913 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-02-25 14:03:48,913 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-02-25 14:03:48,914 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:03:48,914 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-02-25 14:03:48,914 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5dc89512'
2021-02-25 14:03:48,914 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:03:48,914 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:flextgsamldev'
2021-02-25 14:03:48,914 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@a9a25ca' with context 'intercept/attribute-release' and key 'rick:flextgsamldev'
2021-02-25 14:03:48,915 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:flextgsamldev' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1645797636700' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-02-25 14:03:48,915 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:03:48,915 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:03:48,915 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:03:48,915 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-02-25 14:03:48,915 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-02-25 14:03:48,915 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5dc89512'
2021-02-25 14:03:48,915 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:03:48,915 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-02-25 14:03:48,916 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-02-25 14:03:48,916 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-02-25 14:03:48,916 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-02-25 14:03:48,917 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-02-25 14:03:48,917 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d58db23dbe0d74f0d9007d3143f63519
2021-02-25 14:03:48,917 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d58db23dbe0d74f0d9007d3143f63519 to Response _5defc5c753ff41083222e1a9d84f1b82
2021-02-25 14:03:48,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d58db23dbe0d74f0d9007d3143f63519
2021-02-25 14:03:48,918 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-02-25 14:03:48,918 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-02-25 14:03:48,918 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-02-25 14:03:48,918 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-02-25 14:03:48,918 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-02-25 14:03:48,918 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-02-25 14:03:48,918 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-02-25 14:03:48,918 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-02-25 14:03:48,918 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-02-25 14:03:48,918 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-02-25 14:03:48,919 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-02-25 14:03:48,919 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxVeBivqlG+H8cl64QS6mFoHGNBFXLrUwsj3SL6/qlLoLkB3FuJynQsYsBjTJg/paYDsIeU7S+NW6E133EkMuA91OaHZay9ceLMjwRaoy7TCM= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 103.161.98.76
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://mydev.flextg.com/sso/assert
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d58db23dbe0d74f0d9007d3143f63519
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d58db23dbe0d74f0d9007d3143f63519 did not already contain Conditions, one was added
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-02-25T14:08:48.915Z, to Assertion _d58db23dbe0d74f0d9007d3143f63519
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d58db23dbe0d74f0d9007d3143f63519 already contained Conditions, nothing was done
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d58db23dbe0d74f0d9007d3143f63519 already contained Conditions, nothing was done
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding flextgsamldev as an Audience of the AudienceRestriction
2021-02-25 14:03:48,919 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d58db23dbe0d74f0d9007d3143f63519
2021-02-25 14:03:48,920 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party flextgsamldev to existing session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:03:48,920 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service flextgsamldev in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:03:48,920 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:03:48,920 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service flextgsamldev in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:03:48,920 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:03:48,921 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e: replaced old SPSession for service flextgsamldev
2021-02-25 14:03:48,921 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID flextgsamldev and key AAdzZWNyZXQxqDOfOs920dnoJ0vHa8BgDm3UVBt1jMl9XT5U4dWfksqx/zZx3vV0Icgke8dB5W+0p6HlOMp/K3MFeNkOKMkFhJgu8njaLVNfg3kULThZ3I8=
2021-02-25 14:03:48,921 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID flextgsamldev and key AAdzZWNyZXQxVeBivqlG+H8cl64QS6mFoHGNBFXLrUwsj3SL6/qlLoLkB3FuJynQsYsBjTJg/paYDsIeU7S+NW6E133EkMuA91OaHZay9ceLMjwRaoy7TCM=
2021-02-25 14:03:48,921 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party flextgsamldev was replaced
2021-02-25 14:03:48,921 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-02-25 14:03:48,921 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-02-25 14:03:48,921 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-02-25 14:03:48,922 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_5defc5c753ff41083222e1a9d84f1b82"
    IssueInstant="2021-02-25T14:03:48.915Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d58db23dbe0d74f0d9007d3143f63519"
        IssueInstant="2021-02-25T14:03:48.915Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="flextgsamldev" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxVeBivqlG+H8cl64QS6mFoHGNBFXLrUwsj3SL6/qlLoLkB3FuJynQsYsBjTJg/paYDsIeU7S+NW6E133EkMuA91OaHZay9ceLMjwRaoy7TCM=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="103.161.98.76"
                    NotOnOrAfter="2021-02-25T14:08:48.919Z" Recipient="https://mydev.flextg.com/sso/assert"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-02-25T14:03:48.915Z" NotOnOrAfter="2021-02-25T14:08:48.915Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>flextgsamldev</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-02-25T13:45:04.399Z" SessionIndex="_ca9adf0bdb5cf5a62940a0fc18928398">
            <saml2:SubjectLocality Address="103.161.98.76"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-02-25 14:03:48,923 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://mydev.flextg.com/sso/assert
2021-02-25 14:03:48,923 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://mydev.flextg.com/sso/assert
2021-02-25 14:03:48,923 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5defc5c753ff41083222e1a9d84f1b82"
2021-02-25 14:03:48,923 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5defc5c753ff41083222e1a9d84f1b82 and Element was [saml2p:Response: null]
2021-02-25 14:03:48,923 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5defc5c753ff41083222e1a9d84f1b82"
2021-02-25 14:03:48,923 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5defc5c753ff41083222e1a9d84f1b82 and Element was [saml2p:Response: null]
2021-02-25 14:03:48,925 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-02-25 14:03:48,925 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://mydev.flextg.com/sso/assert' with encoded value 'https&#x3a;&#x2f;&#x2f;mydev.flextg.com&#x2f;sso&#x2f;assert'
2021-02-25 14:03:48,925 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-02-25 14:03:48,927 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://mydev.flextg.com/sso/assert"
    ID="_5defc5c753ff41083222e1a9d84f1b82"
    IssueInstant="2021-02-25T14:03:48.915Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_5defc5c753ff41083222e1a9d84f1b82">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>VuPSExwE1oPvIzELS2u8Lhi4Sy1IUNw4BIMo2E/8qTk=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Vsx8pBKl8bOufzOeG+b/rB4ODS1Y/BSh5fO2sdRQ4Uhupql4KArtzg+hz6hhoYxn3PxBPcqNbEyrqJGuLpIzLLQKFgp4hwId6gffGUIb1lIgyWpe/qaqjCo2YOxp+ka7lTErazfbzVVzoQh2q2OCwFYFqGKKiJ6AWpBoXIbp4u4etKqS9qFUyjJZO3ZsqwIw8KK9jvSl2HvYFTiwUl5wm+GokxvtmPCucsKCN6JmlCylBskfZ/IyhRisHXdJfuP3ewwecMtlMxNYtzz+lbQn851TELw3TnV/uS238RmDK0uRi/E1LBh6Pu47Ozkx4otnaza7hdhiVIIGElWvkkDLGQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_bd7c6b8d379a5f764a4eb6f8db04e9ef"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_9e8e1c880af2676ef7065a421a46a4da"
                    Recipient="flextgsamldev" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIF6TCCA9GgAwIBAgIUPG4sFZXAZORpoWAwSkp7vu0IUawwDQYJKoZIhvcNAQELBQAwgYMxCzAJ
BgNVBAYTAlVTMQswCQYDVQQIDAJBWjENMAsGA1UEBwwETWVzYTEPMA0GA1UECgwGRmxleHRnMQww
CgYDVQQLDANGQ1AxFjAUBgNVBAMMDW15LmZsZXh0Zy5jb20xITAfBgkqhkiG9w0BCQEWEnN1cHBv
cnRAZmxleHRnLmNvbTAeFw0yMTAyMjEwNTI0NDFaFw0yMjAyMjEwNTI0NDFaMIGDMQswCQYDVQQG
EwJVUzELMAkGA1UECAwCQVoxDTALBgNVBAcMBE1lc2ExDzANBgNVBAoMBkZsZXh0ZzEMMAoGA1UE
CwwDRkNQMRYwFAYDVQQDDA1teS5mbGV4dGcuY29tMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGZs
ZXh0Zy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC8B31D4CpLPjhL/v/QHo1x
Lj3ZKv5+Vcb5EEAd/PdBHOtzlUvYPQTHwrkcZok2iE6fBks3a/4aJWb7eAXBlFmrYjw+mXw5VNTT
K4RI9fOWEhNJbiuw49E9/52ool3Im+lVmgEDTRv+a8jCywObU6qUnhVdlhgSBOEjsfRDynrwfJkK
aVIVr3DAWS0ZtkZ1mVfcNYHcd8r5fTiaoM1ocC4UorQwZCkeT7fJU4rhJy+CQVygXxJ0LFK6L16H
ml1uK8qYF5+L8RvkiYsEFDPC4+o3x8OoqwsDny203s4Q6O2z7EzgpLxxa7Am1kMFJRopDJ5Dbemp
z+OVtGgmdlkMG/XG/zx3W66u9ipKhgoyBXm7NSfHzrJ1px9XBatC1h2z0AijnV6ICTJe4Fbfn8Qv
Xz1rDwdV7DDj96VPYr0qgOBIaPKxamy3MXMUec0W5ysVZpxatWW8TmRyDqvawpLQzLvbpQOqx+nE
iiR6YIQL9vrF6fUmkgXEf28JiV2y4wSnCQgQC5i/HuKIiBt9/170ogNRJNNd49JwjqeENE3Ib8ne
O0hG7Q+TraAompQ+FeDp5vzZ4Zq4M+LPRlb/VcUkIwIy5/E8FRqbhMyG1oOjT2sd23zXxKtjGTdM
K2OPumJY9zw+iniNihCaSVNQVRI92XFLEZvGj22C5Y84EpDrikghbQIDAQABo1MwUTAdBgNVHQ4E
FgQUR31X5fJV9DyYC9ejfAWDYKY5fbQwHwYDVR0jBBgwFoAUR31X5fJV9DyYC9ejfAWDYKY5fbQw
DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAevymonukophI+n2JNTeV7XU9i3mQ
Rw1fdERsgwUZMnxg0u72tHiszlSCNrzvTVPCk/j3r4n7ez26cK0iaRPx9e5BlGutb48i6BpG0AIP
kAnWfjmgSSqQJudHNlA1NWEsjzuWm+nJkf3gaA9wA9CYTnRWHShdVkEt2NJ4FG5Lr0UXfRkEsiCT
959q0qi7CQXE66MCehxoMZhP8emXRb/ciMNXNYFQKIF+oPNiJwbs1LfTgBJJp812InPKKiJDbIPV
mC98n4Vi3h/rbSbb1irK/Pe9y0u21fmieyUaKGJ72mnK+cRW9JEcdVW49UdWDvUFQps+FSKElDWo
c+IW1Cdjgai+DK7wh6yvu7Q04urxaKC+wIMnxXTaZMX96CQUx1PX8K6RRHp66Bz5q8lls9mbZKID
qX8+mri1h+GJM5B6e78tKGWX8Ekr35Q0ag8yMljNQgOU+XpGG54ItCqgjUa64CIGZhRQ3Sn+BPd7
AvH03URumdPjO9IB3Yku0eAPw/siAiEFmKFr7JZPNrYBGUraIsvzhk2wkZ1JFbD/EjbhKsVSlNFg
5smM06VYfx0m44tndYKVm7Uhf1kD/7xcPN4hoJ3dRJe1dTtf5AYt9qj3GNkW28UmnGVhS+WnTXZi
8qoLfGECQQf1PrdYdp56QSH4ZIk/c5MHFe9a3EXX7gqhOrY=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>dZ3/n3ayCgNOnL8V3fubgbi96iL6p6Tk7X+frdLWiEgxuxkeSgwsRJtCZRDQe8QQujQHXKyx8eNJ9xwfPFGSjc+OZ7q1HpqPXvTDOOuljJXGDHNO1BKFIH52EF9bu/F9y65nPqYl+4Lsv9SRzkwrvR9Ywdm6MjzHUFb4fAewHFoSJudnci6Dxr1u3c1nlB2bvY1SStcCdjBsfp5rXR8XFoyvgSi6unjNH11VBdTJTxhh5fxmyxm/QZKWeMCqr0rYap4qPsucj0GwBXb5smhS1SKerU33dULxtDKJYFIf67N9spDLZ82BRZzIv67H1Za1FNphlGXlw/5wFM2s6y92BYPD4lGcJxM9Rtysz+H6cHuaLJJbY+MijE3M4TLN5I+bZpJRFdrtB3hVAxaOis5a+Fat61mVXOo+uFq91OTcx9vTs7hW2wtSa6ZAISrEORWQr1ta1RCegy6MCSXuXLtR0qSVDef7BeXCCLByKcvpet8qS0gYVgJ4EUpcI7fYsEKuzQRLEsToV7MWvMOYiCIRO3L9IEr1Qc49uzPwlOQMsEInak3Y3oJMnwIMwLoACIvY9zvTd49neLL0ncmJA6wIgEP7GmA1nHW54EeY6u06/uCy/VGe3NFTEj0uXZ36IvU4K7raH+jLy6GE/RgxZlbmVLbOOIWoSSO0XF99AoSfIOs=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>YBBaOLZEHSgvkQr1GHjl9eYZetCEkt/rLQ9THDIGZ6nwwhtKeUlp1dVU2LIfFNu8KgOOh0ECdti+3uJa0LGZtXD3TqpgQ34og6vCgYRywFZ2ocVJI0nFQc+0zTzPthkJPwsC1k0PYK3m5r/OXw361+9oC08SGQMHvYAeEpJ7NlyB8R33WFI6tdnEuHNIQrN9e1HGIBY6D6+PsHpKqvxkqK2WOfO1bh6mAr2aYsb8/NjHcaX+yZfFu8YH1EQ8U/XPDQ0eYmJBDqcPloV18eNrU8I6T2wvL692PmcsJDgLI21HrXfPAU3WmXqo9q6Zf8u9/MA2JtvNldgEmZJZz+qZmp1ZH3XsYB5I442zWEBmMABl7HUPbrD0F2J6ySauhddoNFm/CnRX+JIdE+Vi9w/B0E9S2uM8dVBuhlg7B2JPKAbQgHVCXuGfLpAkzx9/uUXgzbb6C1MSPrIzI4S8Y405Vo42fFZyZ1L+1+LEN+Iwbt9RCmaDzBVOLp5ABiSniAwVOqgct1Lne4sV52t8EArJcItn/8fgHwps4B6cWrfqKahiKGEYczENI962KuYm6cRuks+ZrqeHbTRm3RHi0+4cfXUru7CcSNq44cBl+SzDIPjDM+tm3NstsIlvELS9Y2Y5M3VyRMqrb8H74AynxSbDgS5CHXcVaD3QAi664Z6OkBXjFq3YiF/dkSTYrgWt8VYc9Kg4TrtwO59dg4f60W1FwGIBc/dIxYjS8kf2pEuFQ4SbEFJHFWEffAqzHL+kSt6UBSojsYIutTV/pFWhxlpe8FrmW2qP1VZ9G9E9nW0NODR9Sva6yBlEk7m2SULSuEWC8902eV0flGeuBhKl5HHKPKIa9tFhBP/Vv0uJ4pkTepY2QJeAZBX3xFEnNg3vrcwsyvOatMbzHXxw+mDb+gUnqfpqtQt4dWHlCNuWsxqVYAItwZNhZKpHv9pNSeSbRgCRwMbrSDLC/JSFC5RODy7Xr7SkVGtKu786xz9LPZUMWsjjM3J6sy5O0OBwZ9INpqjO9mSW1xGWevZzufaV40bLfR2iF5L6pmOEXeiHaMtgAfs0yl5G0z1slKAcn7L/+jNmtZYywoFXWqTiiriMEXfKPzVLe0zvLdW4lO66ASaLN3iWifTQ2VcvPGrSrRqOIYuCyi9dkWo/JtWXXHWNuNffLBC1GS/njzl6FggmR4+KHKBm9OobNpRk+d8uVhoKp1X/iJas28fQyCYhDFg4ABvvf70PLt7WSbix42Kaz6VTrGgwSB96PrJ1+EbNnkyCWUuUe0Wf5paDyHsZQ2fJG1+ZKpY5Ss/aHCpqI/QS/tIOiyoXCM91JZAV2bDmUs1CFesc1hQjVLjyDbOpG6LUQGf89zMgF2F9DXHfwtxV+qZonW77YP2DHRL31XJeMVEJpmFoTZWw4B9iTaDmVZndx5GSdQtH0H1mSMc2vNcGNKXWVkgMr1XmlM4eNpvd5WGTbVXDyIyKzsMizuNlycXr3xtCM+Vh6To68jufFQz16SoKJD2K+pDnAk7CSwZsGTgArncQdMqf5B+5lffYGwPLFwrtS6jkYIFTEMZkZ9jMqq9xC7eE7KWw9kJCSpI3q+xUWT1HmHTUnYG5F5apCMUilXX2zx2kXDlFIaZgzQhpSsmYmwzkEISHwGyMFv0UDKMZa3p9f7lLEGbi4joYKlabAlwwwJVBswZ8U1eM0W6DH9Oc6UMwm+QtXpLVPSheFvpmwmFGTDI7roxgXe2/SGVoRu3HTt4b/loazrG348gXJRIEQFQXcNJLX+dDF5pM3D0OI0wYtsc1AaIXrpohucfcxb9GUaogkSHByMT+GuAkYzRIJDcxRQbBLglEtZO6Ja0OVrmgsCecAH2FQEX7CNLrddDWZCAX2HfY91FwuJnMRJELU0B8U3I1X+46NHhkd+2P64GRfyh4jcv9pMR8Fqw6Z3PsVfRqolwjgD6wY7bzGqSlqu/4nnwRPiAWhZXusK+RsW4HvFU7u9PiQT3BogE1fze/R/gc7Siqi5+mo4J1N69ZyUwFWGFGfJmzMdQ9R1vyFiU1qxIct1UKvEzQz+dJFiJoKVnjWw6r2dSltT9NLIM53E+Xo/iUV+mtIF1bYZsox5W1io9G1xfVwM9yFlPQHDGoQuJEQ/Ao3N1Aq4ThRDLFsuerNhmjlKdOlKMazGhKrbezWST8kD/WQ091uKYzUHCca0qs/P3NnXBXQimNujMWIgJkxozyKTbSu3W+lR4VmeonqMKwkyLmTT92Sinqa1LU93DM+si4Wt2mfz95Km+uCyVH+1f/XjAo1aVN3ZKciead9Vr7eRB7PdRbXddmn4O0lrSUkmL1H787C5MfWrrV/TWkDof74rSrD3W96NzBVPU4hqKNSArJDKMYxeFF/rfJHroO1jSjDvZVpys8LOmgjMfwrRTU1M0jHL1hHvBFhN4IPIzCl4QCh7XEONMzUvRE8L98MQFBEkKd8pkZraVk/z/Vtl4Kgjf//Wq+S8jxw/NLhUsDafOpHSLOJzO9JOvmr+0M2BFl8Dr1pBSpB2tsMPEI5z25oQB/5oQu/bhMdOhVYah3buHK5hRUKDySvBB3IW10WNMfB366FN4JN68XPU2eSVLTyoo/seoEToHihFyH9tph+97+GHQ3z47sueSV+4ZAPGYu1nydS1wc3hXNNqF5wjmG0cCYxH62ZBMCCVkm4E3q1Jj8LCUoUW97Sn0doNnLYb3NqM4iT/5oB8hv0Bl9qOIIk3gweA/V2igbTFfMww0BM3C4sO9bpAwkNd6ffKeOClQylb5rJ4nIcPsD46KQFtuPSdkFlrY3GwaryeZvbO1w2UMpGGm1buxjbPHyXmGfE5aUOndZruUzalLK4slHBVfOt6lmH20j/y7dAd+42hJqJIcb+JoR0DpRRnMiNARfn522OawO/vm0GU31/Z5Z0JRBC6WpxnLUKrzXlLuTOiXHdqXLIaohantGZVbCW3ezI1wOKiKoUSAwQ9QmVOrcldClp+lsgvItxWfzT4+kLOl7lLEo6kWI9oJ5o8qmZQQD80iYjLo9+2+SeXnaKKGea0afIcVIaWIsRkHGD19YiRaUwXzyM0HPNwx9aMVtXbHy+7ICFvvK/pz7uOU/8udSEYYuxt2mFWhCbXBYK8/JuhpI4Zh9vvgoBQcjH/vWrqlCT0UWor2UH3/Y2WVIWf7mirS8Zjz8/8kk/kgd6ERnc02ks+vmW+hfhP4wJ66dHpbtGc3KQ5n/POj7JHarnwVK1A1bNQOWWb9vb9i9vuBb+5QVx8/NYA1TRxF+Y+WrMky8ylXBZraANOZZuWr5LvmUy7MeMglsozxwy7idc2eX+ychiXRxyQViMB4NqNWw4d6PlceUh9VvjY7Oa6bJJ0C8BnujEl146JyKy/DDXzJ2FpDkA8eWWfdlhVkijFVH2e80HuoAG/WGH80ff09RbCuESARpe/6gVJSXz96jhVtc067a18aStOh4oItRLBCoH4UxvJK3EKEuRaTNOUxA0Atvr0MB7/BMBa/blcUsSlq3JwHoPnVwhseKT/hUslj7e0H4HJhrsvPEhc+fz4LpNSE+f1NIDd2s9an5vM5Jn3V8NmKWA3JgJ6HkFYFC7Po2o7v019NlIsr+txiXvfgXAEl24tmm5JozIzCDktzRYfEwx4Dr0nnTVluEQ6A4yhwAW/L2Epl4UlKToeGZb/aZvixIFuYeaHwS6ZY1vJh3JIth87tZRCqVHFYvtYzcnkAEHJ+wUTNltgGgeeKUfxNt8IGQCq2L54DwG1SXhmX/2bNaCqlcRkKAG1W3xFKxFN9THI1RU/C+cDCFXuOruaVuFFryHo9nNCnfdtWE7oToZMX17bL01U1xBzer3JVj6ZPkDmme3+Fi2JQQEIdBAMA+mqOW+2e73YfmxSYjHPiWB9w9S5NVmFZKKpHZB82aj/Z7xiYuJHIFKcEgrEBrnhsqi+jFIxhERJJbUjg0WIdiT8j6aSe3TeRrwXGC8D9WrzMfyXdAaUvz88Pharul6k41G81w//tFArkdvX7mYpoRPvV8VxY6OO1Zbd3ndX4/tthshgr64g9RG6bl24D/dPGCztiKtCf3RpsnIHRVTrPfPBVfDmAyYzMnBfpw4k0Lc42fwiMW+H5vjnqsJiIpAhJBRiueGQXJvyrjYuq6pk8cl9WHqPX+cB4T+N+mTOwuNY7IABXbECsN7EUTnelTKhGh1Q5o5QUX7+zIoKs8e51Jqvz4VHG/10LOFPnvC/qZx9GjpbrLWoSmIpbIj3gTMR3fhIcwZK/SHHFjWk9VVAW3LmOcAbdelhM8GhOeV28kYwIn/gqbMyKOV4lS/ONYDaaUdVKHLuuUdIXiip7v62eyp3bci8SKTOAgzYp5RxCP8OlNRAmjCojEFa0sbrBGKw7dWvijVGBAIVeimmXmKtZY9hhnCvvJe51L6znmw3mUkBSb1Is2CZ9s5mkursXbIQ2SvAc7ZD7cQGM3Yg+0TQvOaBvROIGaTlRO0tVkDNUJKqh6JsfRrK9hN0TaHMGNThpJWZWt7kJIQHcLxAc54NM4pgf+4wgA5VW/3CtXRETtX1Z0dXLHbSm8F+7xIvRCzo/d5zLmj6sP8COfZCL6cHqz1YjZvvK3b3UqckzMlEYcqo5k0005nEvfw5KQGSt9mmem1CWJXky/4IgKDha/X7DzaKF57NQkt53JcLUtOQmcqk8WBWdPypAclF9nB3HkeVtzCYTcZ/xO93V23rRDsemhLhPqgmVdPggM3O++LuwbnStd9p0GsE673sGFxEPMsCN8Wucs0affTDNIS+k49U6YogAM0i8hH8F09NhtvaG/mV9YAsExSx7GBzE2alos/uVs6DTmoG1SzV6p/kk8kZImWID2LFJQNRH8Nbugepkr2lwAKVzggOrBh/Yzi2hpQjZr3vMiTs3evmJSPf51mOv+iz5cFdSa0o+YPC8/LNndAQHG12Pgg6u5LFrdEuGr78w0IAk=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-02-25 14:03:48,927 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-02-25 14:03:48,927 - INFO [Shibboleth-Audit.SSO:?] - 20210225T140348Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_35d75ef7-5219-4ab5-a870-c6d5dbe47bb2|flextgsamldev|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5defc5c753ff41083222e1a9d84f1b82|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxVeBivqlG+H8cl64QS6mFoHGNBFXLrUwsj3SL6/qlLoLkB3FuJynQsYsBjTJg/paYDsIeU7S+NW6E133EkMuA91OaHZay9ceLMjwRaoy7TCM=|_d58db23dbe0d74f0d9007d3143f63519|
2021-02-25 14:03:49,821 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-02-25 14:03:49,821 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: http://localhost:8888/auth/realms/master/broker/saml/endpoint
2021-02-25 14:03:49,821 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=http://localhost:8888/auth/realms/master/broker/saml/endpoint, acsURL=null, relayState=http://localhost:8888/auth/realms/master/broker/saml/endpoint, time=2021-02-25T14:03:49.821Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_32ffee7f-47e3-4e50-8bfe-e7388a6d93cc"
    IssueInstant="2021-02-25T14:03:49.821Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost:8888/auth/realms/master/broker/saml/endpoint</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-02-25 14:03:49,821 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-02-25 14:03:49,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=http://localhost:8888/auth/realms/master/broker/saml/endpoint]
2021-02-25 14:03:49,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-02-25 14:03:49,822 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for http://localhost:8888/auth/realms/master/broker/saml/endpoint in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-02-25 14:03:49,822 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-02-25 14:03:49,822 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8888/auth/realms/master/broker/saml/endpoint
2021-02-25 14:03:49,822 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID http://localhost:8888/auth/realms/master/broker/saml/endpoint)
2021-02-25 14:03:49,822 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-02-25 14:03:49,822 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-02-25 14:04:41,186 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2021-02-25 14:04:41,186 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-02-25 14:04:41,186 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-02-25 14:04:41,187 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://gitlab-create.bastion.developpeurs.cosinus.club/users/auth/saml_1/callback"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_78d1f401-4f31-441b-909d-0f6872f4c0d9"
    IssueInstant="2021-02-25T14:04:40Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://gitlab-create.bastion.developpeurs.cosinus.club</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-02-25 14:04:41,203 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://gitlab-create.bastion.developpeurs.cosinus.club' from origin source
2021-02-25 14:04:41,203 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:04:41,203 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:04:41,203 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:04:41,203 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:04:41,203 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:04:41,204 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:04:41,204 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2021-02-25 14:04:41,204 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://gitlab-create.bastion.developpeurs.cosinus.club
2021-02-25 14:04:41,205 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:04:41,205 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:04:41,205 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-02-25 14:04:41,205 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-02-25 14:04:41,205 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-02-25 14:04:41,205 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_78d1f401-4f31-441b-909d-0f6872f4c0d9', issue instant '2021-02-25T14:04:40.000Z', entityID 'https://gitlab-create.bastion.developpeurs.cosinus.club'
2021-02-25 14:04:41,205 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://gitlab-create.bastion.developpeurs.cosinus.club' does not require AuthnRequests to be signed
2021-02-25 14:04:41,205 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-02-25 14:04:41,205 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:04:41,205 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:04:41,206 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:04:41,206 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:04:41,206 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:04:41,206 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:04:41,206 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:04:41,206 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:04:41,206 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:04:41,206 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://gitlab-create.bastion.developpeurs.cosinus.club/users/auth/saml_2/callback' nor response location 'null' matched 'https://gitlab-create.bastion.developpeurs.cosinus.club/users/auth/saml_1/callback' 
2021-02-25 14:04:41,206 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: No candidate endpoints met criteria
2021-02-25 14:04:41,206 - WARN [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Unable to resolve outbound message endpoint for relying party 'https://gitlab-create.bastion.developpeurs.cosinus.club': EndpointCriterion [type={urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService, Location=https://gitlab-create.bastion.developpeurs.cosinus.club/users/auth/saml_1/callback, trusted=false]
2021-02-25 14:04:41,208 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: EndpointResolutionFailed
2021-02-25 14:04:41,208 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-02-25 14:04:47,412 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-02-25 14:04:47,412 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk" IsPassive="false"
            IssueInstant="2021-02-25T14:04:46.766Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>wbdY4dYvTa7nZ1gcD7cYVNkPR94=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>Fb5taKiEB40P/FoxWj5xqiWNVFp/msP0XzcXmE7EW9qPvcwpYXHVquFfL4Zxkakw3VfEhSYGh8xBBaiYrHMMNQjS99hSfUkQBeIoqctK3pYXIm4epLOC/4JEHsZNTwNtlnhKwaobjH0kbBoW7XMiq1VsUKJrxNsNpqD8YM3uVoM=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-02-25 14:04:47,413 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com' from origin source
2021-02-25 14:04:47,413 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:04:47,413 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:04:47,413 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:04:47,413 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:04:47,413 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:04:47,413 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:04:47,413 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:04:47,413 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-02-25 14:04:47,414 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-02-25 14:04:47,414 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-02-25 14:04:47,414 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:04:47,414 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-02-25 14:04:47,414 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-02-25 14:04:47,414 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-02-25 14:04:47,414 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk', issue instant '2021-02-25T14:04:46.766Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-02-25 14:04:47,414 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-02-25 14:04:47,414 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-02-25 14:04:47,414 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-02-25 14:04:47,414 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-02-25 14:04:47,414 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-02-25 14:04:47,414 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-02-25 14:04:47,414 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:04:47,415 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:04:47,415 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:04:47,415 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:04:47,415 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-02-25 14:04:47,415 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-02-25 14:04:47,415 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-02-25 14:04:47,415 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-02-25 14:04:47,415 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-02-25 14:04:47,415 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-02-25 14:04:47,415 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-02-25 14:04:47,415 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk"
2021-02-25 14:04:47,415 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk and Element was [saml2p:AuthnRequest: null]
2021-02-25 14:04:47,415 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk"
2021-02-25 14:04:47,415 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk and Element was [saml2p:AuthnRequest: null]
2021-02-25 14:04:47,415 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk"
2021-02-25 14:04:47,415 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-02-25 14:04:47,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-02-25 14:04:47,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2021-02-25 14:04:47,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:04:47,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:04:47,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:04:47,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:04:47,415 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-02-25 14:04:47,415 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-02-25 14:04:47,415 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-02-25 14:04:47,416 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-02-25 14:04:47,416 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:04:47,416 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:04:47,416 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:04:47,416 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:04:47,416 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-02-25 14:04:47,416 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-02-25 14:04:47,416 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:04:47,416 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:04:47,416 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:04:47,416 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:04:47,416 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:04:47,416 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:04:47,417 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:04:47,417 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:04:47,417 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:04:47,417 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:04:47,417 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-02-25 14:04:47,417 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-02-25 14:04:47,417 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:04:47,417 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:04:47,417 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-02-25 14:04:47,420 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:04:47,421 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-02-25 14:04:47,421 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-02-25 14:04:47,421 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:04:47.421Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:04:47,421 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:04:47,421 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:04:47,421 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-02-25 14:04:47,421 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:04:47,421 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:04:47,421 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-02-25 14:04:47,421 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-02-25 14:04:47,422 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:04:47,422 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-02-25 14:04:47,422 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-02-25 14:04:47,422 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-02-25 14:04:47,422 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-02-25 14:04:47,422 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@812543764::identifier=rick, context=org.apache.velocity.VelocityContext@7a33d2b2]
2021-02-25 14:04:47,423 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@812543764::identifier=rick, context=org.apache.velocity.VelocityContext@7a33d2b2]
2021-02-25 14:04:47,424 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-02-25 14:04:47,424 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-02-25 14:04:47,424 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-02-25 14:04:47,424 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-02-25 14:04:47,424 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-02-25 14:04:47,424 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-02-25 14:04:47,424 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-02-25 14:04:47,424 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 8af3146c42276569835c2fa7604a1dec0cd104e688b816c94b20e6c46fe65a0d for principal rick
2021-02-25 14:04:47,424 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 8af3146c42276569835c2fa7604a1dec0cd104e688b816c94b20e6c46fe65a0d
2021-02-25 14:04:47,425 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-02-25 14:04:47,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2021-02-25 14:04:47,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-02-25 14:04:47,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-02-25 14:04:47,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-02-25 14:04:47,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-02-25 14:04:47,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-02-25 14:04:47,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-02-25 14:04:47,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-02-25 14:04:47,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-02-25 14:04:47,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-02-25 14:04:47,427 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-02-25 14:04:47,427 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-02-25 14:04:47,428 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-02-25 14:04:47,428 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _53554eb440e7e58131de1137614b2a3a
2021-02-25 14:04:47,428 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _53554eb440e7e58131de1137614b2a3a to Response _3039982a26295be6b8ec4ac72805a22b
2021-02-25 14:04:47,428 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _53554eb440e7e58131de1137614b2a3a
2021-02-25 14:04:47,429 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-02-25 14:04:47,429 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-02-25 14:04:47,429 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-02-25 14:04:47,429 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-02-25 14:04:47,429 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-02-25 14:04:47,429 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-02-25 14:04:47,429 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-02-25 14:04:47,429 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-02-25 14:04:47,429 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-02-25 14:04:47,429 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxVFK5OVGG1olcF0QK6cboE+blzEX2jvm0d1YmMxRJZVkVSwuofnbHam/pwCN62seHLO9vVQWwKazKlksQpiTgQl8fMbZXG/wTDGytr5/wH0Ehtn2QFzg09hwgirCrwBn4U8ij25SI1XAGkkDe with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _53554eb440e7e58131de1137614b2a3a
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _53554eb440e7e58131de1137614b2a3a did not already contain Conditions, one was added
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-02-25T14:09:47.427Z, to Assertion _53554eb440e7e58131de1137614b2a3a
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _53554eb440e7e58131de1137614b2a3a already contained Conditions, nothing was done
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _53554eb440e7e58131de1137614b2a3a already contained Conditions, nothing was done
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-02-25 14:04:47,430 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _53554eb440e7e58131de1137614b2a3a
2021-02-25 14:04:47,431 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _53554eb440e7e58131de1137614b2a3a did not already contain Advice, one was added
2021-02-25 14:04:47,431 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 8af3146c42276569835c2fa7604a1dec0cd104e688b816c94b20e6c46fe65a0d
2021-02-25 14:04:47,431 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 8af3146c42276569835c2fa7604a1dec0cd104e688b816c94b20e6c46fe65a0d
2021-02-25 14:04:47,431 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:04:47,432 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxVFK5OVGG1olcF0QK6cboE+blzEX2jvm0d1YmMxRJZVkVSwuofnbHam/pwCN62seHLO9vVQWwKazKlksQpiTgQl8fMbZXG/wTDGytr5/wH0Ehtn2QFzg09hwgirCrwBn4U8ij25SI1XAGkkDe
2021-02-25 14:04:47,432 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-02-25 14:04:47,432 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-02-25 14:04:47,433 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_53554eb440e7e58131de1137614b2a3a"
2021-02-25 14:04:47,433 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _53554eb440e7e58131de1137614b2a3a and Element was [saml2:Assertion: null]
2021-02-25 14:04:47,433 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_53554eb440e7e58131de1137614b2a3a"
2021-02-25 14:04:47,433 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _53554eb440e7e58131de1137614b2a3a and Element was [saml2:Assertion: null]
2021-02-25 14:04:47,441 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_3039982a26295be6b8ec4ac72805a22b"
    InResponseTo="_pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk"
    IssueInstant="2021-02-25T14:04:47.427Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_53554eb440e7e58131de1137614b2a3a"
        IssueInstant="2021-02-25T14:04:47.427Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_53554eb440e7e58131de1137614b2a3a">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>77pf9wdv+sjwHXbmS7omoZ1OBe6Jfbx/12UHjfcNzcY=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>b0CpEBV5cQd5zrfog4yTm4LwhWgJ3NxFCXaBF1dEMc8aqoHC6TKRjXki6Z5DiCgzA+IR0Z8QMXSmR/v4Qn2AHMgXFWxwWeVUeYjRbp6jLZeoJCjYLyD7GnQx0N4da2Zcd71MURUgBrTXaAshq/ShcQCxux6upL15cQlCpnhNQuxNO8R2Ocq08tdV0rWfNDqi86uhfiKOQvB09eUAOVRdceaafIQbPD+maR4x6WOjl3FORNdnwfbitTB+3yUY+DbpYzEbEJrhC/TXIWG5tbE+P8uTFxhUZVRSOnjC/c0F0MTzhOXQ00jy7lEblxm0svAFu22x60SqM1wbm2kpsc7HGA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxVFK5OVGG1olcF0QK6cboE+blzEX2jvm0d1YmMxRJZVkVSwuofnbHam/pwCN62seHLO9vVQWwKazKlksQpiTgQl8fMbZXG/wTDGytr5/wH0Ehtn2QFzg09hwgirCrwBn4U8ij25SI1XAGkkDe</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk"
                    NotOnOrAfter="2021-02-25T14:09:47.430Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-02-25T14:04:47.427Z" NotOnOrAfter="2021-02-25T14:09:47.427Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">OBwrVlfa/VndYKiloim73IXAFrvzeOkPCqDgEDPknWc=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-02-25T14:04:47.424Z" SessionIndex="_a441ce18c7cef29d5cbc423f6640e095">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-02-25 14:04:47,443 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-02-25 14:04:47,443 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-02-25 14:04:47,443 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3039982a26295be6b8ec4ac72805a22b"
2021-02-25 14:04:47,443 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3039982a26295be6b8ec4ac72805a22b and Element was [saml2p:Response: null]
2021-02-25 14:04:47,443 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3039982a26295be6b8ec4ac72805a22b"
2021-02-25 14:04:47,443 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3039982a26295be6b8ec4ac72805a22b and Element was [saml2p:Response: null]
2021-02-25 14:04:47,445 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-02-25 14:04:47,446 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">OBwrVlfa/VndYKiloim73IXAFrvzeOkPCqDgEDPknWc=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_3039982a26295be6b8ec4ac72805a22b"
            InResponseTo="_pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk"
            IssueInstant="2021-02-25T14:04:47.427Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_3039982a26295be6b8ec4ac72805a22b">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>s5sjL6VCk4FHQ1E27n+hgsAr+6ZFuOBckYEL2n5ZXfY=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>b+k4XGs8zn7jNtQ/jBG82ycA6a0IQcfRwOGmEI0cS7ukJloI78vuEDgcCLYBaj9zF2C9iN4tydEuujiajUADiHBZntwP/QHiwRd/8JkG29v9zSIAbJHn+asMep4ezXa8TmgSwYfjzFKE70n9RHR3LwEP/ATqibRNvqIvWESWf3iv2TFw1K5E0ALUhQ+BmAcQJ93AZEdoAD5+/AXo0XSaDl4uFntl56nrpVO0kaDfz2p2rkUyJY1uoB1faYrDGX1B8ewN8jIKel6lo5FG6l9PHSpRzT+XAR6xbcXII7ZM+2k6LWVf8LRkmop1w7xYgStvVvWfrXZW4wrzl4l/D9ndTw==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_7d6043f11e6a8643403795f74a84eae8"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_c6d463aaef81163d755b8c0ac9235fc2"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>NJe1Fq2du3Qk7cZJi4lokcQqNmg6dm5IeipHJ9l1WfZSFukcwdYpg+Xb1oI03+FavkCtmc4oaA1Rwr8X+Gry1SOyyByrs5ux3XFG4Wo0w4sUKx3dNiXEKWxX4C99dXSULsOY6JzPMsQxP6z4Sb8jfmCwz2JL1QkT2bDH+qLpT+A=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>tcCEDEHQltSUq1KRcHCr7NrkPI4AjCJlbJs6DuNnO8fCS5/9+7zNVOkApTCo1o+TsH14o+GsWp4ZyhMU1e6B5Sj2l4iSQbWiO50OQouyxgLhd50WfQ12mMG/KLWaL51+bK8CkxES32jY/4sQJEMZ60+q/XoxzzlP5Woj8OW5EHzQXwYCtxpqWGrpJgXmx5kScC+d5Yvp65lMmp4AnPwKmnIxxshBWMmc1PVjz2HwZrALWGL1YHVIlii+Q0TgecQElg6Fk556G18pcuz3e+1Se3iJL2IQ8idKtWNt8IRW0j1GdPZSNfccZkEN3T/Ntpsvbn6uBzrN6IaujVF6/acSrl3WdT1ooMGB8gchkQL0UbqzwW+6TPSaefGEHeYPwrhSNoa5B9zpW9o4JrqcS8fMPuvz9X2j5RgQ6Df5i7+lypGOqEHnLAMFUBJWbi1R7Q7FDcdNSNWyWWijij+9sZFurgFeR3kykUHBk9i/GxfK6alp2llb/yWQnRTAUg8kVHnMYIIPGNC7AqHLzC5oXTwOq5jVpd46zprx/wZKXj9QDOnAtt/KM1K7Wj5XfBgJgXGBvSCJ9eq7Ik3eyT5CXc39B3c9N1wGLmMy+3bwe2tnaC0yUOAONyqK2DO0mem9Wf9dPyq9fl8pm+9UcUhtU5Uw6v2Cua3D8xg+bkMiieUdR11CBQzcbPe1xo/lPZJzu7rl2ugpAe5eWWXJ535FqRRcrCHlJwIehppEDIkVXPjksfPoEtpo8RfYK4BCr8+d8is9znx0Vf2EaJPTqqpWCRX3+fYXEFvnbiZo8c/TU8OfWRmnJB5HJW9NKAmdQTGZRl+JOZiw5G6EpiGMShsfUb8WjCVj6k2gforeH2jHtmzpVTsNEwKVUXrWpele8NO9SU5VyRQx9yt4IYK4RjTQ4Z9hPF3AW02qy5MhNEhYA5XKi79rgQrYs6DavbHVuFlEbs5PBiZ+u3HwRut4qeXFZz24rAOOcFt/s+SGVA06Pe3D8ssVdeBBGngbJOMgEc4f07JFXODRr/FyTn5rNdcNEUAMxrwq8VSp8R8pInElJHn3yO0hcfF3osgm7GVS+Q2CGJ/Cu6pLYPkme+cjJ5EmCpTYItyVM+cXwRNv8tFN0hLJdlFGAWIKNjooYN/x1zEMepeGYvKc2qvYXNG46d8QIShQI53f8l5c25fkz33mG3hT6rXyA/T2zeyLQo95jvQqaTuw8oB1OO/vV5j+YMDVUUAQVwLXPaEzDI5750ZdfvD00HmSo92UO4j0jhfpHtWILTAHqvsRSkwfmLsIx6S8VT4wJIwUxBvQph6BfJEueJz2JUmXaETko5MxAoM8SuNoWQi5qawRb5UT2A4UmK19vduHXVVi3Mzt+cc4H+MpygbUpgm+4PNa4O5SOM+6q+no6I3Ds86tZfmJLhvc6t6TMg2+SMLlSBX3Yx4MY7Kxrg4Sf39Sb8Mw4O4OUVfOiLBoiIUXRoHh9Byh18whcCXKDkLWx+1Bc+WBU/ffxJdqcwsjdUs8+E63lGHg+esgkzUBRFoSO4lVxMi3xUCNC33oJhkiursjzQ5w9wdURPNkigErz+jIkkdU/cFKywS7PVD9g7tpd7P37YEk0frfaB/qoEWXD2Yhn8iEyOO/J7bQfrX/0t00MAFliVvymOamLA3zr584KqqtOu/BUG0JS6dBPqC3om3WulcKoA8NhP2oaxi9TiLbRIH9OkuCa1To1hYR7CJ7QaC6z30LbgrbRN2hb+78BxD9k1eFQF25UXZeUoyu8cM+Mtwt8icEuUcE9ENcb5FAoC2acbhsxDezGtkhOmbjrv72D8RJgCazgtmDnGkWoGqqjAhgimP8PfhBXR5SbTd91td8AMMaBNbWzpuKQ6ado5dpIewN9F8YgVthMBBUMDsGWeHj6UNIrkKBo4JBno9CPB2jgmE16v7hBXQz0AioMREyq0M7fXpf+EveD/Anm/jOKxo+rQVqkNm0mptMclXPHnTefNisnkIso29jZ2qumaRaUjH00ihweud3R98IAu/lFX+86hxACRYqHBUInRlyF9o7pJEG02MsOHznEZFbsTu6D5tb+L9O8UdSGHThz4E2MLW2srl3jt1Li+BYxC5w9qMm8VoNtqaAwza67/at52FBFLCFNzSuIw3iurFkVipnis6CnUBnFi6GG/OjQJt4NejUyWSVR8oI1NVC3cVWdy4j1To30ZHOXBMcqxO627mC5NpzA3iZ7jhiVFZHyeDjiiP9S7v2ajuxmehrTs/pJ13INAL8El98jO46JkSjCSwe5KjfSDL6yZHJBOPCmB2HWACZvxcRDh5l/Bda7h8rVOVIJmJGcswJQBfLhkUkO/vFhuvsOEihti5cSPDb3p5mGxy35H/bWjq03qp1KNIq+EjthjQigaBLPHewM1oLwsJrobk/Uk6EyG8A6dJbRDj9kfZuF0TfLMfbpdJ1kY5qp4UxY33VX9C63g4neOke76d2EiJkxEj9iMXus6FpwYoMO8WGiOa4dQFWWeR0CeAE9s8HVrK/HUBxDD0TjTQ5dfpu0VMKDn3sgJrEsvve9v9i9uxO1Fv51viN1x5ETAvQ7jKtQBQKBxDHz0bYGn8MD29Ili7EsOXqNiMehEZu+2qvCww/mwUrtraidQyqXtL8PFFaC5D1tiGl1HaXvOVrrINJQRQ1OhMgeXiBRGA9EosqVgT1zm8M8NE2GbBhT5mHVxQkAJJf9KDe0eumirFhY1nHhAscg+MHVAfi31jjeJa5x2NRmGmOf1Rs0/HIZ7VifKXBjNFjLD4lbdcihK9KzJkbi61VRFXUpgLHP2uSF4D7QVTzX3KR+UTnFLw9Iea1NdI1hiVRJ4jhvkRXK/WbNnEan1a16pK0U8aUVpkhSN+GvSnqS7beHv6ntoI7chUGa02lb+H64pJGc7S/0k95Ta4JrbzoIG9gUjgvWgVYK6Cnx19HX9SwRgB38jE0SdAhDeRYeJyHdmkiOBYzj6BLbaIiTIdQ1Qo/hcriMuVs1Nun0zYAKBQ/a3rT/2D4+WA4V++VVVjctw5yGfrbnCb/uaMCmhNsfraX7OZZh9Q9E1O+LZLBMP6puIik+nIDpCa444WmdmWPtLvq3fjgf0xVVA/roALwkPLd008gR1jkJPBirLv/GEo/uHAntxiQP9gcZS6mWUK0DdyYlSWlNoOAkgxrpSJL2tKF33XxK/iGRcAdGSL89bodo4M/ZkWTbDLdTZaRhOdV7ekOO7anfUILynUT1SJyrbL/MrXhfmQO3u3FoRSywoBZm81natcTMzb3zTuBgTqBc0gCGvMr17qd8QLOuvTClxmHz8HjM/kXGQ9E7+95z7+fr31cp2NHpY7PFSIdDibP1PwblMxf4Q1CbIRTomjmJ3YnZMwqsvuI7TMdB/4TBkalJ+eCjiPGWvr8rYejwfifK5Aw3++f+/UftEQk7CEqLOHaJmbqRbaRlDsJ2AubGBWgY7jXCyAKnlZdnXnMJP39Xr3PHBVRn/YijWvg1FurWySU3qeDzbKvsIVKXJ4SGhtYdGMcD8MyFQSxMCvGiCr/naGKbpYFOoMRZoLUmWMfNVMoJazP/BsQfcYIASAzHRL1DjRJtOVX64Vbo74a1HlevqrMHusOrZD7PM7jcWDLvcK3Cj/S083Pvn0pFIGVt7UfHqs8LtpvSaFh/KG46a98h4nMk35QRInT15cXiJXDizss3bv//+nfBveq/SbXxnFlYZqoX2qj15xhrL4z6iXty8UGpTwt/vNen0XKtbQDU0jSnM5GOxnH+fI2p04dJ5zgrRWv8cjvNe0EuFPkeZIMwOLaqnQrfkSoUH/+u3eg9yzZUlwdKVcLMgB62hWKgpT60YfNLtqyKPaCBCzakTP13vzdPH80S5K29zu+9AqxysbmXNNumO2vK+FUExXDwkSbIcHj1KoN1T+dAgqfi4zMXISiqwff2gMD89DrQU/6Rl9KLgn7chZy/dc6K0LvPPV623jmmlRr+DIEWKN7m9pOIKj/efOU0AH02cC631uQxcWhTWIjwX1Ssb5+pkl4XcWx/spTX0PzdD2+Z3NPK3HNv+XMki/YcW06Ky2hDWydNMJmkL2GC9uEuu6S6XUaXyxsmQfYwTiTd9CyQRvkky8mpXLpq6VYDb3Vps8w3H54vjeYsoe4OoYxWyJYGZwJQg5D2FJDEgIhy9bMebEGi0f3ffJIXLNWCJ3v9+agWWuqfXWVagiP6cJUwbVcUBHQXACy0ZJCcKTbLHstR6my44SrmZ5ebrHL8yaQcBQdD46kghyb61Lg5oV35oRIPJzbLXPhNEniLHgorvuEbh8WuJ54FqF5maWQTVJoZ4zqUO7Slvkj+IDR3j1WeDzN9qDAo9Xj2iNqU0IDgngoK/1sU3vPFc0ecLFezoO8jzFranOjjFoZLGuNyotUXpcFU7N8CYox5BQZGj6CKBMGzGLKI2i91zseI0X4m8fUX/m2JYJqs/yoZC10cDE5Vs2OBSezA26BAuV4q+BNImhTBT/dWuf0fJ185FBRoPgzFSF9nOKY1W9JmDTSmRuWWWu5/9q6Yx6C/sAMk6KOLEnKnaUR3nAuUgojbwJqkm7EVOZYhzwfHSs1PrYCafj82Jt4URhIGbUUahpNzgZgd+gk6ZN5gk6dbp9pm8GTdLhAmCdSLALU6M4ujrqpIvkk0kXRw70OXar6gjJdxTM3ge+WaP0rdXozVraFUVgwi37fFk6RQKk/BeYBX5KM0Raj5cOpXdafEeZmkZ/vcPCA9v2g58TwaNI3rIanOFXOqPKxtaipta3X4TDhl6qL0Oez7gCSKC/94h8r1SA9V0v9QtWaeJP676T+WIZn40hJcqfJo2v8htSO8j0f4lv4sm8mdKrlJMqWUWbMbnPi/zWGRJy7l2c3nuOQELzARIdWiKdwckTum6RbKlCKNR7ZLTN/3z6Mah3em+wZkkAdQqAZOLV5ePEvZeWZsRpw/8xbB7RgHSOfByOaQ+cPYojnb8v/GeHqVHehf0XmCogRIYdusOVyRrbqEWYbjQoJqrZs28meBmLHHI+OFSyEeXpZ09biA6G8D6LElFheFGL6nSQw+H8j29P/9UOL7j6rFi5ojVjiqwrXeyZDVTirkWaPjnUfUcM4dJ+A3p2M1nFrmaFGj2jvY+0Fnk0YlgPzjKwDdz6sX+oDv8M68WFbF3vIQahXOH5uH4gsC1YUKL2ssYFmvq9H1FEvQvSbNQyhSEHf3ker397uaygiiFNcjMM0p2sH1TJ5mPZATps+ehudqgXMjOsvd6QckwngKqGDOaj3wB1ICWGGYR9PfNHkdFUZrtjK6vN/HdTn9OniUAs7S0H3aGAoPYW5GeVKVafAS1YQcFkLsZHq6IOsDsIYlY/UUmgg9dB+z0l9oktkQluf2BeIKd1zxUWdPIP2+jVSAYRwN78LH6JejneyQ91Q4Ppg6NVDSJOgIxCMfTcd5iNjHx1LFZtRnkzCSFeb1lNtTIpLbJlfO18ADZ6e8SC4a1hhnKIlDTCk7YtUuxTjva5iWWRu5c/4Ga2Ttw/H+ENsSfhTaab1vHS6e2DtScawxeKhqFY7cI36V6SmvohReXmhzsT8Wy8p1ncSMTkunwf6qtERDNCisqvd3SHxAotePeRQXDn/magRGdAjlRcEBQRCoqOMF8+Sqjw9CbfaBIta2yQ+chnDQals2lXLcLJej45PKCKpltXPWYYV6NSljpbgWyhe9BizWs0Ujpfi4NOuj9fysmLSSw24d7OGl4m8DDTJDdqaB07AT4OzMJNm2HXHzmO4Nr4DM8ydbdNQoi2m1RTYJcdazCIIwKLIrepNtzGeTrWIqu+7zCqVAMJ5nHP6yc0YlJafCapEz9lPTXWmao7BoZ8/s0T6Gzliu0fqauUDADTRQWp25BcGvCmfeIDFLIfwWSHvP+E91BkeGM7+qP6o5PyzmzNW4tDqUazK8jSTIm0jus+9Bym0Bhht2a9K6/OGd0eXN2iS5dyOFgXWLQatX1+W/ebqBJEi4LVdhkhzEbQ11mt4hbtBwaVWrBMOwIZiMd6yUkMk50DvolV/UWF1G8+B7Wz+HpEyq1wGnE5824Sqw+wHYc5M0JhWsYcyndyQ1yIsiI26v1uFr17R/Xwx8l4h9411Zs18xNxlZbVobuI6aWriQwThQbJRf4JKaCuoiV6T2vqNLJT7VObJnOQ1XSB1abFNsv2zzXDUEXavY4DkTOkrFTfw5hLGSmuCNONnCy8L4F/ctUwRgsgmKRydR8SNLdBwcJnK/2KdqJ0JlNyFbiNcvHcQHfhqY/QhHfZbo3/tIygvHoOhQje33XAlKebJJvybmhO0/f8n94Lclf6IQpSPrAXFpH2l+IU8pfkJEBYgO7fIj35IaZy5t82DG98CB1uKt+JMA4us3y7zEIvTM5UmW8fV3gWd1BZuUsDPqeq+MZYCOVt7AhwrWKxjfqwh/JpN4DcVl5Dulw4LfVPkgj5DG99WdcR3wu2NH/UhDZmVCAT11+q54uYjkmwH3wIgZeCk4J4bqbeRK2uaHmaM0+tUoC/q+E2fIo8C3nNJUMi5ifiinUFmPu7ahwGV2GIVchF+Ic/LUwlrWq54GcnbBpZKX3if9Zd3BV669I1JKL6kIiH0D8DlcYmxNuzSdCf89z/K/TEqrQoqnyDsq/DWqKLK2NfFog4SMpDswAXjY7aWSY1fDJfzsUIH4oHDzia9tadPLNac1qI7lB0iDtJGug9t7s49qp8NOZX2BcTMWvR0xt646Ux168zg9Jikf9LgFmMl19eJctrs9/m5nN+GRng9MnSC4D4cA0G3Ox80GEa5euspqDIGE+VSxpReYFlNwahkaPAZNcQkGk12yYnQbcPl/H5+sGMybNnaEjuDKI2865xzKG3cYFfw3/q+F8BnjQvhNqg8cGLQTjBdnHp00+cz4lnIaZ2SHA36k+EKdXBQ6tVvWL7UQNe4mx5oMOcRG7ubKZqRzRSQwdKdNXnZwNSDLRAAfmtT6WxrlRCMFrJxE6U1jb8iQPydB18AKPu7ySTpERTajzXHILYMXgnVd6HJUeZvQtzNav1tQ2leug1lxpF73fYRuc8gzIhhtsXi4ygnKomFbdPsQj8zh7phsdKOBWrJHB5v8oAjLrTWSululeWdjlZ7PUDxHOLWzq6rU/erWYnkjUi4/Am23w6Kojsm1kWEuRFODtfTkhL6ugT+Dsq+pALdGmu+HIQBepC/FLTnp71J06lGXHOQI2MAoigkoJpeB4e24LIyqWpb+sg7B6XxzK1aXwlxB9iulfxzxgHWYwhyPB+mf4doMmwHCvS0VwmVOq/UiaguRgwSljpIe6BOHdIWRMAnJDTANwE8JTAYWe3Xx0ctoHMf0WtJhzcPiaONE5SJLwxP6T9bpawhsaWBrW3TsRdhFsgXabbVRHmmTHrCYBuHB6zCO0LEyF8RYZwE3S+IIfl7XB1ZMjmKoMoijoY1D+AbNOqYyVQVBeE8f0llZONL1U5O4M2EBnL2N35aFRsiTgCiXYTxXs3yJz0RfBxrX0Yh7XrIeRos5Fa94MeCID91m/rLR0WYQtcAXuYbkPhY3AQKHUqIVK3uB2Jry3yPy8UNn85hZ3v89bTKOyl7ewEbyFeu3b9F/6renWjb1NdCYdVicoAro+k/55JYANQUDC5o2CnE2MCtl08phnF+pGaYO7c4CPNLOv5awoHsDfEvPynroCPIlnxP1kkM7JfUJmruQGKgjEp2z9jGyvm4fVrGMdxCLht7TJ8Qb6vWe62KIC6C/C3rmlpyPlY63Q3UqMSy5qtDxrNGZg7cPBbNBwY0PvTRifBTaJy/cHrRf0Ji8CSxiw7dPzZ/zLixsE/GxPurBrpZtSnGlYQV6WqIqqOYxf23qgvomp3alqz3YzmXIfsXMbDxWiQybsL4PKT3NtIA8RPKwvhC6ORYHpf+GUFGfxQMzGrFPwaPDXW86ZF7moKdM20UyynfZGKy5oR0jyPzAnUpRONHqDLClUo12SWFiMfWaBfWub6ULLhoh2m14mvEkswQCZ+daZmlQGSUWjr0Ki1MVYJOtLTiyemaiWvd42if6xNrxBK8bfIOpOCAP0G0AbEnyyfzakZlyk5SuBWhsfmdmQoIKHuOqVq76r6TUN8rya7tWvRM2GHDvc4CtjLHSvCOFQs1JLJBO5UU6uWv+dAodib7umefAI6FfXatfouSeH1T8sEI3mMg6suviX6W6xqAzw4KunD9Wlwuuu71NdxMl5qI2xygiPXkON0iHBqYRtwlAcZo+lzzvUmY+K0O1sOJ8QibsoHuI/mimqkq5IdNYwxM3GUJUqIV/lwWQh/+ODUM1f/U2yZU2tbyog5Cv8ImqAPY/iXAwCltyeMG4hmVyuw4zFgWD+nnCzu7xVKLXylPIHZHxjvTLxtTSYyOZJzFzjqMixiPsgJkQb++yZDsdNl6Fy+R+pZKB0xISnZNP2OKo+pmgXKjOn0nKp4oTHrlp3WuhkKmjEMAXmdZXRgMwRi5AIBS7xP4cLD8eJF6tRxududTunHiDBBQyUnVqzElZdD4N3RqnsaD9+WC4rUIRScExqkEeP1wOCAhZcat6v9Ma/c1onu5yHx0coXdGvp9pHH0aQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-02-25 14:04:47,446 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-02-25 14:04:47,446 - INFO [Shibboleth-Audit.SSO:?] - 20210225T140447Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_pfo6tjjy07qraoiqli0atjlfk80bga3yrxmk|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_3039982a26295be6b8ec4ac72805a22b|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxVFK5OVGG1olcF0QK6cboE+blzEX2jvm0d1YmMxRJZVkVSwuofnbHam/pwCN62seHLO9vVQWwKazKlksQpiTgQl8fMbZXG/wTDGytr5/wH0Ehtn2QFzg09hwgirCrwBn4U8ij25SI1XAGkkDe|_53554eb440e7e58131de1137614b2a3a|
2021-02-25 14:04:48,225 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-02-25 14:04:48,225 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-02-25 14:04:48,226 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=flextgsamldev, acsURL=null, relayState=null, time=2021-02-25T14:04:48.225Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_4d8dae45-baec-4dc3-ab4b-20ce78a7149b"
    IssueInstant="2021-02-25T14:04:48.225Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">flextgsamldev</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-02-25 14:04:48,226 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-02-25 14:04:48,227 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'flextgsamldev' from origin source
2021-02-25 14:04:48,227 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:04:48,227 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:04:48,227 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:04:48,227 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:04:48,227 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:04:48,227 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:04:48,227 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:04:48,227 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer flextgsamldev
2021-02-25 14:04:48,228 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:04:48,228 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:04:48,228 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-02-25 14:04:48,228 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_4d8dae45-baec-4dc3-ab4b-20ce78a7149b', issue instant '2021-02-25T14:04:48.225Z', entityID 'flextgsamldev'
2021-02-25 14:04:48,228 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'flextgsamldev' does not require AuthnRequests to be signed
2021-02-25 14:04:48,228 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-02-25 14:04:48,229 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:04:48,229 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:04:48,229 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:04:48,229 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:04:48,229 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:04:48,229 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:04:48,229 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:04:48,229 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:04:48,229 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:04:48,229 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://mydev.flextg.com/sso/assert using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-02-25 14:04:48,229 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:04:48,229 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:04:48,229 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:04:48,229 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:04:48,230 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:04:48,230 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-02-25 14:04:48,230 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:04:48,230 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:04:48,230 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:04:48,230 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:04:48,230 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: flextgsamldev
2021-02-25 14:04:48,230 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-02-25 14:04:48,230 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:04:48,230 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:04:48,230 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-02-25 14:04:48,231 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:04:48,232 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:04:48.232Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:04:48,232 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:04:48,232 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:04:48,232 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:04:48,232 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e to 2021-02-25T15:04:48.232Z
2021-02-25 14:04:48,232 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:04:48,233 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-02-25 14:04:48,233 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:04:48,233 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:04:48,233 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:04:48,233 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:04:48,233 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-02-25 14:04:48,233 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-02-25 14:04:48,233 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-02-25 14:04:48,233 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:04:48,234 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-02-25 14:04:48,234 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2e85294a'
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:flextgsamldev'
2021-02-25 14:04:48,235 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@a9a25ca' with context 'intercept/attribute-release' and key 'rick:flextgsamldev'
2021-02-25 14:04:48,236 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:flextgsamldev' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1645797636700' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-02-25 14:04:48,236 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:04:48,236 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:04:48,236 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:04:48,236 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-02-25 14:04:48,236 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-02-25 14:04:48,236 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2e85294a'
2021-02-25 14:04:48,236 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:04:48,237 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-02-25 14:04:48,237 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-02-25 14:04:48,237 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-02-25 14:04:48,237 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-02-25 14:04:48,238 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-02-25 14:04:48,238 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _dfac4f397354c32dd6771389307ca19e
2021-02-25 14:04:48,238 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _dfac4f397354c32dd6771389307ca19e to Response _8f5d740823b30295e25b0e9dcd2d9797
2021-02-25 14:04:48,238 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _dfac4f397354c32dd6771389307ca19e
2021-02-25 14:04:48,239 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-02-25 14:04:48,239 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-02-25 14:04:48,239 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-02-25 14:04:48,239 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-02-25 14:04:48,239 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-02-25 14:04:48,239 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-02-25 14:04:48,239 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-02-25 14:04:48,239 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-02-25 14:04:48,239 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-02-25 14:04:48,239 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-02-25 14:04:48,240 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-02-25 14:04:48,240 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxH2tK4NcjnKPF1nlI/atJtFRF81aN6KsXvlKuZCdjWjgWZxwmox7nmu+r2x2TA4FcsqSfuFxQOt37E/0n+QDibZSkWEm8zAR98P1KXSeFbdY= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 103.161.98.76
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://mydev.flextg.com/sso/assert
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _dfac4f397354c32dd6771389307ca19e
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _dfac4f397354c32dd6771389307ca19e did not already contain Conditions, one was added
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-02-25T14:09:48.237Z, to Assertion _dfac4f397354c32dd6771389307ca19e
2021-02-25 14:04:48,240 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _dfac4f397354c32dd6771389307ca19e already contained Conditions, nothing was done
2021-02-25 14:04:48,241 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-02-25 14:04:48,241 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _dfac4f397354c32dd6771389307ca19e already contained Conditions, nothing was done
2021-02-25 14:04:48,241 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-02-25 14:04:48,241 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding flextgsamldev as an Audience of the AudienceRestriction
2021-02-25 14:04:48,241 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _dfac4f397354c32dd6771389307ca19e
2021-02-25 14:04:48,242 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party flextgsamldev to existing session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:04:48,242 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service flextgsamldev in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:04:48,242 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:04:48,242 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service flextgsamldev in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:04:48,242 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:04:48,242 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e: replaced old SPSession for service flextgsamldev
2021-02-25 14:04:48,242 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID flextgsamldev and key AAdzZWNyZXQxVeBivqlG+H8cl64QS6mFoHGNBFXLrUwsj3SL6/qlLoLkB3FuJynQsYsBjTJg/paYDsIeU7S+NW6E133EkMuA91OaHZay9ceLMjwRaoy7TCM=
2021-02-25 14:04:48,242 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID flextgsamldev and key AAdzZWNyZXQxH2tK4NcjnKPF1nlI/atJtFRF81aN6KsXvlKuZCdjWjgWZxwmox7nmu+r2x2TA4FcsqSfuFxQOt37E/0n+QDibZSkWEm8zAR98P1KXSeFbdY=
2021-02-25 14:04:48,242 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party flextgsamldev was replaced
2021-02-25 14:04:48,242 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-02-25 14:04:48,242 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-02-25 14:04:48,243 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-02-25 14:04:48,243 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_8f5d740823b30295e25b0e9dcd2d9797"
    IssueInstant="2021-02-25T14:04:48.237Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_dfac4f397354c32dd6771389307ca19e"
        IssueInstant="2021-02-25T14:04:48.237Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="flextgsamldev" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxH2tK4NcjnKPF1nlI/atJtFRF81aN6KsXvlKuZCdjWjgWZxwmox7nmu+r2x2TA4FcsqSfuFxQOt37E/0n+QDibZSkWEm8zAR98P1KXSeFbdY=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="103.161.98.76"
                    NotOnOrAfter="2021-02-25T14:09:48.240Z" Recipient="https://mydev.flextg.com/sso/assert"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-02-25T14:04:48.237Z" NotOnOrAfter="2021-02-25T14:09:48.237Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>flextgsamldev</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-02-25T13:45:04.399Z" SessionIndex="_cfce4610f71ee73ff4561fe80ad57ad4">
            <saml2:SubjectLocality Address="103.161.98.76"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-02-25 14:04:48,246 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://mydev.flextg.com/sso/assert
2021-02-25 14:04:48,246 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://mydev.flextg.com/sso/assert
2021-02-25 14:04:48,246 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8f5d740823b30295e25b0e9dcd2d9797"
2021-02-25 14:04:48,246 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8f5d740823b30295e25b0e9dcd2d9797 and Element was [saml2p:Response: null]
2021-02-25 14:04:48,246 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8f5d740823b30295e25b0e9dcd2d9797"
2021-02-25 14:04:48,246 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8f5d740823b30295e25b0e9dcd2d9797 and Element was [saml2p:Response: null]
2021-02-25 14:04:48,248 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-02-25 14:04:48,248 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://mydev.flextg.com/sso/assert' with encoded value 'https&#x3a;&#x2f;&#x2f;mydev.flextg.com&#x2f;sso&#x2f;assert'
2021-02-25 14:04:48,248 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-02-25 14:04:48,250 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://mydev.flextg.com/sso/assert"
    ID="_8f5d740823b30295e25b0e9dcd2d9797"
    IssueInstant="2021-02-25T14:04:48.237Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_8f5d740823b30295e25b0e9dcd2d9797">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>5Un1ulAL0MDdpNTrmWEB0qjcGagrszF1A2FRb/mmGy8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>kwPv6LwZ4aW9YlBYt+ja5/JueYTZZTgRqb5/rvxlSXFA5bxV4OhjCfIAcwOEClkmvt+WyPz4KHrJh4l+ba7mZudoncG1xCIcJpIVnSe6dvFkI4M4T93lpXeOFgUvtjEzojxVlVGiVk8psQDzQW0jmomtbhZ+vbpKhwBgUB3JxJrpdEpT5rG1ADWGd6RSklS3T33IQd8VD1d0uWJbJ/h14tDM2Jjsva86YNHyvvGE6XYMeTLsaMajbkbZCoXrfakycmfH1bqKMn0p7/0isULH7+HCV3ikikyv8aTcp6jAH7cpgHpita74RjeCJ8Zhbj7P48214RIH+X7htpJ9cf19xQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_ce9fdd88519d9b32facd2cc03756199d"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_80a2a58473f1efdc1dd0a198163f08da"
                    Recipient="flextgsamldev" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIF6TCCA9GgAwIBAgIUPG4sFZXAZORpoWAwSkp7vu0IUawwDQYJKoZIhvcNAQELBQAwgYMxCzAJ
BgNVBAYTAlVTMQswCQYDVQQIDAJBWjENMAsGA1UEBwwETWVzYTEPMA0GA1UECgwGRmxleHRnMQww
CgYDVQQLDANGQ1AxFjAUBgNVBAMMDW15LmZsZXh0Zy5jb20xITAfBgkqhkiG9w0BCQEWEnN1cHBv
cnRAZmxleHRnLmNvbTAeFw0yMTAyMjEwNTI0NDFaFw0yMjAyMjEwNTI0NDFaMIGDMQswCQYDVQQG
EwJVUzELMAkGA1UECAwCQVoxDTALBgNVBAcMBE1lc2ExDzANBgNVBAoMBkZsZXh0ZzEMMAoGA1UE
CwwDRkNQMRYwFAYDVQQDDA1teS5mbGV4dGcuY29tMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGZs
ZXh0Zy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC8B31D4CpLPjhL/v/QHo1x
Lj3ZKv5+Vcb5EEAd/PdBHOtzlUvYPQTHwrkcZok2iE6fBks3a/4aJWb7eAXBlFmrYjw+mXw5VNTT
K4RI9fOWEhNJbiuw49E9/52ool3Im+lVmgEDTRv+a8jCywObU6qUnhVdlhgSBOEjsfRDynrwfJkK
aVIVr3DAWS0ZtkZ1mVfcNYHcd8r5fTiaoM1ocC4UorQwZCkeT7fJU4rhJy+CQVygXxJ0LFK6L16H
ml1uK8qYF5+L8RvkiYsEFDPC4+o3x8OoqwsDny203s4Q6O2z7EzgpLxxa7Am1kMFJRopDJ5Dbemp
z+OVtGgmdlkMG/XG/zx3W66u9ipKhgoyBXm7NSfHzrJ1px9XBatC1h2z0AijnV6ICTJe4Fbfn8Qv
Xz1rDwdV7DDj96VPYr0qgOBIaPKxamy3MXMUec0W5ysVZpxatWW8TmRyDqvawpLQzLvbpQOqx+nE
iiR6YIQL9vrF6fUmkgXEf28JiV2y4wSnCQgQC5i/HuKIiBt9/170ogNRJNNd49JwjqeENE3Ib8ne
O0hG7Q+TraAompQ+FeDp5vzZ4Zq4M+LPRlb/VcUkIwIy5/E8FRqbhMyG1oOjT2sd23zXxKtjGTdM
K2OPumJY9zw+iniNihCaSVNQVRI92XFLEZvGj22C5Y84EpDrikghbQIDAQABo1MwUTAdBgNVHQ4E
FgQUR31X5fJV9DyYC9ejfAWDYKY5fbQwHwYDVR0jBBgwFoAUR31X5fJV9DyYC9ejfAWDYKY5fbQw
DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAevymonukophI+n2JNTeV7XU9i3mQ
Rw1fdERsgwUZMnxg0u72tHiszlSCNrzvTVPCk/j3r4n7ez26cK0iaRPx9e5BlGutb48i6BpG0AIP
kAnWfjmgSSqQJudHNlA1NWEsjzuWm+nJkf3gaA9wA9CYTnRWHShdVkEt2NJ4FG5Lr0UXfRkEsiCT
959q0qi7CQXE66MCehxoMZhP8emXRb/ciMNXNYFQKIF+oPNiJwbs1LfTgBJJp812InPKKiJDbIPV
mC98n4Vi3h/rbSbb1irK/Pe9y0u21fmieyUaKGJ72mnK+cRW9JEcdVW49UdWDvUFQps+FSKElDWo
c+IW1Cdjgai+DK7wh6yvu7Q04urxaKC+wIMnxXTaZMX96CQUx1PX8K6RRHp66Bz5q8lls9mbZKID
qX8+mri1h+GJM5B6e78tKGWX8Ekr35Q0ag8yMljNQgOU+XpGG54ItCqgjUa64CIGZhRQ3Sn+BPd7
AvH03URumdPjO9IB3Yku0eAPw/siAiEFmKFr7JZPNrYBGUraIsvzhk2wkZ1JFbD/EjbhKsVSlNFg
5smM06VYfx0m44tndYKVm7Uhf1kD/7xcPN4hoJ3dRJe1dTtf5AYt9qj3GNkW28UmnGVhS+WnTXZi
8qoLfGECQQf1PrdYdp56QSH4ZIk/c5MHFe9a3EXX7gqhOrY=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>DGJXHoubtIE2sK7QtSghjRgbLjZqskM2BGHN1f5PJivqF8m1H0ae7SENzVuVp6WBbUVJoLxZqKul46f+GIZSRGlqqrgLyKDwU5c43ESk+axNCZdH3Yw+5mhnCTquhkMVC6jJIgGpTx44axEyh5uihM6TRH7ls/Yp960sP6MpUA6xQkRfC/EmYz57lWUN+IVBogrPx52eFGR8mzZHdZuR3WiDxNd/ZjeJM3e3ywEvPuDOKwQsJqSv+Nf9LtIxD6v1T+/zX+QoIiLTNL3Poa7l8PUfEqf7fxMBDDaRGEekBs2KI4DouJFEAuC49U6/KSedQaZOMioMIV7YX1faNdPZ2ejl0lk8WySuC5yMH/ceSH4nwuTkU7TPcxENvO59hZKnucfv/D6AmIw+L0eatGO08faoET/y0CcIeLQaeRunN7KxWpW3TuM7DQVDmj5wIigC0LRYuz0lN8AHB+vkw02pNzpoFTVK6F/b0FY5SwYkhf16UOLyQii3zjr8FHljkqkzXmFZl4Vb8U3HNQkOLWFSm1l9GHC43z6LsMUVvgKaCneQlwOCxykFXBld5FFZLsYkbH5z6Jzo5JhQjkeYo1BW4m3QetyZb8GtqnWVVWwxFQeR85iMJ+3k0pXXFeB5CatORUaRtfWXck0cZuLI0yvi+WgbJ0/e8tP3EQpIkmQ1JGw=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>8W58IJoEniKlqNg7WvyM3gS977V86Dh/wcV3D6stAxfM6jBPhujzONxO4MFqpcs0O8wJeIqiMPk8+zd48ea84kJ/9DZWVpioZwEdTLPv6BvPXArdx96h8gv79rNukdiK7dePbcMK/6rdpfqanqvgZV12jx6M3z9ppnlGhO8nz754ZfHOx4HE/ckU32VQP0WLYyfSQC8M/jXYK2Gz3N5LmJZ7pN+MN6ZQZIRwKi/TnysZghTa4Z2Po5/trAF/C7YYdSGHhKR3GcJtx3d9WFvgh2YhtGCgq61O+fhQqOKqRyBNMpBHS25MczorPmrtmBTZzZ4F+pePHNNyNiBdy6oswZrO07BYRwzaG+9abDRf4Umso67Xz+xLFnr2LNsCzn2ysxIZx1FZe6S/lZDnS8YZr9ZV6q6HvUmtHiNvZN9OeUMCd+unDcRxXydWIkeg++tosdRlgQRnnYroqhYrGUkOlENJqTSm23IXc4cOyfvWF5KzJNJcXfHeZDQMMq+vDQcXzVaI0gGN82QopmSrCUJaOp/HVLn4uERVDvMHbEMLF855swjM60ojxZvZFbX3LbusVo5dJkZqQEnY5FTOR+D7frvbhd/Q0l9UaBK67i6tiVv602acQF75Or6fqCfdQsr/FxL6biyj2R6cFDCrBHzovyEgwp8d93kZJOm6leKmK26MIGfqmL/JT9AVQvhxN5BO+AuJIYroHWmPePFtiouPFNSjQnjEk4ejE9b78lwJqeDX/QDVAWZlezn3cvtX+z09GPLFJ8vFqD/iRAEPfVTELVlJxGayXHbZFRvdZXGkfMp8v8ar4ia1zDaIonttxlpUAQC1bZ+AE9yWZUFW1XG2aIlLZyfu99gerK0oywrKrSmWovTVvG56t6fOswDxTMX8it0sWVnZBW/SnG9z1hyCkoLR0r7nQVAJKIiejW6J5SKvzx0ob5PVkC7zKV7GgJhz6Xhoyo9keyubbPa+2NEEdJsJ4deoRUMtgOfL0MsLZqOrvUaGLQ+JZU9QPwQFDlJjnr3s0yu447rnpsZHF+yq3R4XSDfJXiBGVpspcJKdb3vFhiOzbMfRPtma8rk/yCe3PgEsGQP6EQzWAKs+Sp4n5hjy1VRfhqqsnHj1KQ7hdGf3kl6r3gpJtvkPWzB7U5QfvGp01/SDFbq1+G/K1SDNjXxFXq6fV7/aao0l1moTU7zA+6r282XBgzIJ4W4UrpUi6gUFcDOzxktd60HI06V6qjiQcDBPwxBG4UuwuqkwEgmmhNBG1kzd0Z7/2Vx+HvzUrA3S3VRKNPTH2Yyq/MydoGn1nY2oyPSIhDdG2kMYx8ZSOZJOnfkP1NV1po4z+9WxrNL8sg8P4vkvnxQORKw3bLUouuOR+epwVfTxI0+cCPkNrB65/BHYIfNzA2wyE+EmzJiwvCbQY5pmws4gt9Y/ii/11k+fnoZov8E8kGZOp6FiaNivFc64oPc4g7jFUkFs/U8j1uCYp/dtmhingcS62fZ1yCn0eX0t7PqU/fJVnm/Ukco+8+N58WB1fJIev357GzHC1y7K8tQSn4H1SFBRAXdoxSSSEcnaf2dx8C5E9wzhZ0WimnHR//eYbu0FI+6iupemeL8/qRE6ZaEnOIFilnM63eY6RqpV8YukN8NCYNn4vE0JEJFlkNYW9u/qXfns18M7CNy81y8UvHqQigyglv1vfu8Cl7lu+/yjY/QSUzW8gxfKmhhuf2EQ3i/X44a5Ugl2SR0SQQyzlUDWkVYOnL3rWbVGHEMx075lFmJoR4HE8WTjxUpLdD6r1E9ctKAlg3AWqFnSgXBonOOknLQyHyUjW+DPOVfZukcd74ESfOBlaXf65oFxaraHpyhGj6e6NrK1udgtDNjp1tdPo1vOG5FLOr1lTo/oOt/1Jkjlo9+Yl0qJa1Pr1NAj/If4zNFfe7vMfHBIAtC7RCGsyeZMPPIzCGfx/eHAWVEiBs2WJDJ9aHl1jL335Hed0RDi7jIPDfFjJ+5sFj/DKqmO8rbcAOUTAM8uQeksnOXubCKaVP+bN1A5bDNGSGptYYQRKQ1wD4xYyzDNz67d05KD1l8IT8jEz1+v1u8BfoFo7IwKXTwqG8x9t6lobcu4XGv9TEGDl3srKSOWUMNqT7HQMLYgnK3H05pCdw3jQ4yD++lRQ3fJ830CHPimA9TtIPv18wEA58OdYfzzsYyJ9FEP/xtPbITjpT6wU1vT2BnTQj1E2Z2qv1bUeETeqS61sZA9WDUTSNFHa9m4/txPhndjkzFvhDyAj8H/T3KPZi5o67T0GLnS8vnBzXUmpBIcsyl7hLSbbd4p9ClJhdgvKkgDXriJaUF5vpVMyNB44xxv+4Ll97UkWb71f9owaWQfWyYr3YO9I6lTuUi1bQHvOJbnS2z24FwhEzF3ySujy0qSp7H7XmS0wHHUEThg0btSzW+eV9mJCCaqP2wn/BwdvY+qs8/5ccgFZFYVwwi4vcjiLxV32oXuu0p9UFGT9Sf6K2ZOqTXAh2NTZSDhjNjSyBsn4DBrBMSeivu99OGGhuFaULSk0XbK5Q/6TIhMb5xcdR1mH4yJ0NBeLA4MHSUE6zLoA3qH5FFPvBwtJsXODYq9xKtlWUQzbrFzgTWOu8b+Y+xMT8B9doWUBQmiGYE3DcHrUByvUxwmUztgmcJT3gmA8oqdXUpG4b7JqpOTRklfUqafxur/1zxalfHVTnCrVmepF8+WK8r5N3h4YJYdd+HEAXKDk3070V+HmEkMQkC4A0u8y4/C4NYhE6ZMXBTNMO9O/htm+03EmKpXBKfq+I4V0IgTcOiox+4oYMk3ILS4WRYdxnby1ITEF/FoiXCOfWdEFWlfHRCKJ/+4WGkxlfbh6BAUeQmuwBEjKb+vPtvGqu0/DaZfmohlq9XiNVGBw1vlom//kJ5L0kSKre8vJfRREw0tAoKkftJgjUdFRY/z0GZw0ohvKwDG5ztPJdfpRW6XJ7usQg2AYEw9SR0vUNYbhX+B+YbO8NFjHGj7vRI/FBXS0c4XJWsjmouErktN2fKPNohFt2gsX0sP/3fGpkLo+ebkIvV9fyRBeuFP/qBpDT08pgW20rhOHT7gT29x0JJNyiCvJTQ9bi371Rl9P8+FfioNM8hNxBnrSq3oB1vfrXwoqgEMCyqvsJgfP5jGtDpyxd1cFMZ0AVcv+gMruDRNjWpq6P5FLWiKvUr6Uja5j465zEl6SOslWbnhDznVP6xqkT3EuT1JLyZe+eH0ZxhSqkDulpgGFuTS3tmxci5HvBGQt2Jdx5PzRWasYDGkqmHateBxwT43ey2NYP36d6nuAAkxHfj5yop6SmAyrMlj3eJ1hg0cG9RYiLXH22AbW5ki5Pftn4wprVlEplNy1I0J21SKVsThaN3Wos0Ai0l7MNc/Gv66cW5k2aeg8S4t9S9LMbcEha6xLDH+6QrkxGrykM1E7eWxfgMUW+VARgvYrDgU4dmcT52V93IaKdmo451LW74pjuwIP6Zss5YKR6PnTEN8jcMPkukBo/3ZT/jr2xedFC5kgBAMY0O/reDt0Aqb9cCVPkw4/20SRmwf12L+N+cWSy0nr17rYDYoEN7Cs77uJAb0gyaArynPWSMUkvHiX0eKsA8ftWp5mY8Lv+yKMmKXjo3OstvAnm3J7LEx+7i/gc7kJrTi+T36FZFe8XXYpnuVeobjtITaKhYtblNIdLKoYKvONfMQk3nGR+YO7FYHMS87Bxku7qhUMKoun5ZOwRW7Jkp7/EchbUyy029zUPSUhTcJ3vjxyWtvHZ6qe4RuVzmMvTgv42tLoQsoQSlbI9zoKfGGzPuO7hvkJheninoWxiTZOncxL6ZRR0xd6X18gZvuN6mN92s/hJswXiJRTKG4jlA1HLHaw0bn7HJJnO+kOV9P/b3YPsHKXoO9XtlEA89zOqZxq1KKNjSBkMHsnneWG9xhGdMdqLBXBjAi3/qtbe3JUsXuaUrl4Rg1ljajRaPwTphSy1A4BCFK9hAuZVTyxHRWnWxcSeH5eSeyC2wb+FBFihxlWLnjwroWxyQgWLEIXoGDeA1jvM/SAC/sXhAFrHHIAtHCTpKJrHQ/Yn/B3uk0HHR2TPP7phM9OGnPaTFOeQC3Z9IrOAuTM9UZC908mt9PnXlCHM1lyG6Lr9a6IDkVdm+dkle/60Ay04el7JxzKEjK+ssEvh1uqns2AO2FpdIhPwhx9qA1A9eI39BadWwFeSAL5/Ha1OUPWkg7/LauTg/cwiKW1bvP6bGM3nIBZg6lDqvBH8ssMM+mHpZmJXpm8X60PXgr/uSfFHsyod1x1rTeDvaPFnAfR1rccvWOlVW3TagCA472NE0rymw08AMsgNYLtBfUwnbOO6ATDYHxqx/JQaQ55zHgBBhrwlKU1+osLEo2IZip0A2SmFRMJaGJKMgxWvpdOhH+MwTCLdmxV/Hxv3K5A+OY7fEc1rkca+pakWbrJP0xV+SbnKAhdb+a59uGRRNQnJd1dNBWSwgEmb7vbWrrJ1mbcAEzshAaxxuEci7XKsIKvbWaX8Tx+hzCiCph21lUzYKh7hUWoPGZlN50Yhj5/tl3wgRK+zqdK+jOLjBr+YoBmfPUQwRETCpTB812jRftxYObjCjhRP7y6h4g6+BNhZ3XmugbPpe8JDL40ZkzNrPGt36LTnIPNyR0GbFoXnJ6AlNgg61oYXcIi75+XBpIu0QYlb4k6WuE5w5in2Y7DITuTtRGrjnE0AWkh0jmqUy7LiaZBj0CeGaHii0NwlpZPRu6NXA63/SdCMVYULeyY4RcDiF3O5MLrUqATwRXfxiEqhUqyG8Az+PZI2PpXecWXI6AZAxVrWFdFLMRThSorME8iwS5juxnL1F9KzVMacLeazmMqwyH2fZ9tM/qeej5KrC3IMBWJKn+qtW1wBSkhlTDnJQyCVjWbD20/3SzVIbEHaWAy85qrIkAi++aUqEUDgJyZUsDmQW4iBFs+5YByZfSxfuqpOwEzIM=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-02-25 14:04:48,250 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-02-25 14:04:48,250 - INFO [Shibboleth-Audit.SSO:?] - 20210225T140448Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_4d8dae45-baec-4dc3-ab4b-20ce78a7149b|flextgsamldev|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8f5d740823b30295e25b0e9dcd2d9797|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxH2tK4NcjnKPF1nlI/atJtFRF81aN6KsXvlKuZCdjWjgWZxwmox7nmu+r2x2TA4FcsqSfuFxQOt37E/0n+QDibZSkWEm8zAR98P1KXSeFbdY=|_dfac4f397354c32dd6771389307ca19e|
2021-02-25 14:04:49,300 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-02-25 14:04:49,301 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns" IsPassive="false"
            IssueInstant="2021-02-25T14:04:48.593Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>4MOSvd+cUTBOTJclV6kdC04j9Yo=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>MpyP9d2HGs86VTihJEDNdpW9zgQcoQA4eCNr5znbs8It3YMGi1585LjXD+lmqTDkA2SZUr4g8fTHeAMNz4TBP3Hl2pbZDXriR63aENM0ZHOrf30Hc0SMsOZVbn4cJoqPPq2u1dfOai6UzUsuKV2TKDa6oxdDioUThAAnoK0+bbc=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-02-25 14:04:49,301 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:04:49,301 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:04:49,301 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:04:49,301 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:04:49,301 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:04:49,301 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:04:49,301 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:04:49,301 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-02-25 14:04:49,302 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-02-25 14:04:49,302 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns', issue instant '2021-02-25T14:04:48.593Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:04:49,302 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-02-25 14:04:49,303 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-02-25 14:04:49,303 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-02-25 14:04:49,303 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-02-25 14:04:49,303 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-02-25 14:04:49,303 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-02-25 14:04:49,303 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-02-25 14:04:49,303 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns"
2021-02-25 14:04:49,303 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns and Element was [saml2p:AuthnRequest: null]
2021-02-25 14:04:49,303 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns"
2021-02-25 14:04:49,303 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns and Element was [saml2p:AuthnRequest: null]
2021-02-25 14:04:49,303 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns"
2021-02-25 14:04:49,303 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-02-25 14:04:49,303 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-02-25 14:04:49,303 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2021-02-25 14:04:49,303 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:04:49,303 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:04:49,303 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:04:49,303 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:04:49,303 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-02-25 14:04:49,303 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-02-25 14:04:49,303 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-02-25 14:04:49,303 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-02-25 14:04:49,303 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:04:49,304 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:04:49,304 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:04:49,304 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:04:49,304 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-02-25 14:04:49,304 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-02-25 14:04:49,304 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:04:49,304 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:04:49,304 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:04:49,304 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:04:49,304 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:04:49,304 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:04:49,304 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:04:49,304 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:04:49,304 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:04:49,304 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:04:49,304 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-02-25 14:04:49,304 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-02-25 14:04:49,304 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:04:49,304 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:04:49,304 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-02-25 14:04:49,313 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:04:49,313 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-02-25 14:04:49,313 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-02-25 14:04:49,313 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:04:49.313Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:04:49,313 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:04:49,314 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:04:49,314 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-02-25 14:04:49,314 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:04:49,314 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:04:49,314 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-02-25 14:04:49,314 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-02-25 14:04:49,314 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:04:49,314 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-02-25 14:04:49,314 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-02-25 14:04:49,314 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-02-25 14:04:49,314 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-02-25 14:04:49,314 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@430460170::identifier=rick, context=org.apache.velocity.VelocityContext@2dc31be]
2021-02-25 14:04:49,315 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@430460170::identifier=rick, context=org.apache.velocity.VelocityContext@2dc31be]
2021-02-25 14:04:49,316 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-02-25 14:04:49,316 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-02-25 14:04:49,316 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-02-25 14:04:49,316 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-02-25 14:04:49,316 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-02-25 14:04:49,316 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-02-25 14:04:49,316 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-02-25 14:04:49,317 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 27b29d26c0c66094cdbdce0a4c57249fa85705404f7247585c6f27ed5c85ed81 for principal rick
2021-02-25 14:04:49,317 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 27b29d26c0c66094cdbdce0a4c57249fa85705404f7247585c6f27ed5c85ed81
2021-02-25 14:04:49,317 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-02-25 14:04:49,318 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2021-02-25 14:04:49,318 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-02-25 14:04:49,318 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-02-25 14:04:49,318 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-02-25 14:04:49,318 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-02-25 14:04:49,318 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-02-25 14:04:49,318 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-02-25 14:04:49,318 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-02-25 14:04:49,318 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-02-25 14:04:49,318 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-02-25 14:04:49,318 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-02-25 14:04:49,319 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-02-25 14:04:49,320 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-02-25 14:04:49,320 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _082dea678a82a5a52e381f471c69d2df
2021-02-25 14:04:49,320 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _082dea678a82a5a52e381f471c69d2df to Response _f271477b235f122bbcea53c3cf5a2e53
2021-02-25 14:04:49,320 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _082dea678a82a5a52e381f471c69d2df
2021-02-25 14:04:49,320 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-02-25 14:04:49,320 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-02-25 14:04:49,320 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-02-25 14:04:49,320 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-02-25 14:04:49,320 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-02-25 14:04:49,320 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-02-25 14:04:49,320 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-02-25 14:04:49,320 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-02-25 14:04:49,320 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-02-25 14:04:49,320 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxoKQ0YP43OIfYUmqpFs6PjOlN1SLK65mB/VCp3nuSKHtUMJK7vqShL7ZX5EKss1gaRsOXa60H/wNsSNP1rKLyxmbdEr8HjcV/8omaNfIW4fbE6z7mECi94l0u2IJY8Y7IpNnAXUKxcm7z0RJj with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-02-25 14:04:49,321 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-02-25 14:04:49,322 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-02-25 14:04:49,322 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _082dea678a82a5a52e381f471c69d2df
2021-02-25 14:04:49,322 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _082dea678a82a5a52e381f471c69d2df did not already contain Conditions, one was added
2021-02-25 14:04:49,322 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-02-25 14:04:49,322 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-02-25T14:09:49.318Z, to Assertion _082dea678a82a5a52e381f471c69d2df
2021-02-25 14:04:49,322 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _082dea678a82a5a52e381f471c69d2df already contained Conditions, nothing was done
2021-02-25 14:04:49,322 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-02-25 14:04:49,322 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _082dea678a82a5a52e381f471c69d2df already contained Conditions, nothing was done
2021-02-25 14:04:49,322 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-02-25 14:04:49,322 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-02-25 14:04:49,322 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _082dea678a82a5a52e381f471c69d2df
2021-02-25 14:04:49,323 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _082dea678a82a5a52e381f471c69d2df did not already contain Advice, one was added
2021-02-25 14:04:49,323 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 27b29d26c0c66094cdbdce0a4c57249fa85705404f7247585c6f27ed5c85ed81
2021-02-25 14:04:49,323 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 27b29d26c0c66094cdbdce0a4c57249fa85705404f7247585c6f27ed5c85ed81
2021-02-25 14:04:49,323 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:04:49,323 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxoKQ0YP43OIfYUmqpFs6PjOlN1SLK65mB/VCp3nuSKHtUMJK7vqShL7ZX5EKss1gaRsOXa60H/wNsSNP1rKLyxmbdEr8HjcV/8omaNfIW4fbE6z7mECi94l0u2IJY8Y7IpNnAXUKxcm7z0RJj
2021-02-25 14:04:49,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-02-25 14:04:49,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-02-25 14:04:49,324 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_082dea678a82a5a52e381f471c69d2df"
2021-02-25 14:04:49,324 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _082dea678a82a5a52e381f471c69d2df and Element was [saml2:Assertion: null]
2021-02-25 14:04:49,324 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_082dea678a82a5a52e381f471c69d2df"
2021-02-25 14:04:49,324 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _082dea678a82a5a52e381f471c69d2df and Element was [saml2:Assertion: null]
2021-02-25 14:04:49,326 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_f271477b235f122bbcea53c3cf5a2e53"
    InResponseTo="_0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns"
    IssueInstant="2021-02-25T14:04:49.318Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_082dea678a82a5a52e381f471c69d2df"
        IssueInstant="2021-02-25T14:04:49.318Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_082dea678a82a5a52e381f471c69d2df">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>WJPcXrjleb7JPQ9o37cUM43+N21Sa1DWlyHlPOlF97A=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>qLSY+fwJRPakkxLPE03MbdVgVB/WY/auVOe37caMQbgt+zG5yKj+OPROycSvi6zvlQvyTR7gN0IxLznrQ9qiSrifu73pt6SoUYNXaU0SlssyUTeYe2vQUPbVyxgRPDrkdlARIPKk2kwR6jnGtbyhv09Nc3QrFyVVpOu0vCyzajdc3EsYMeUrK3wk4wH63BQdcG31GrG9hndtGcSHjBKdy8dkRSIzh73WQpcZHfBCciH6NeMF0VZC6boR+Rchkiri4ZV1WsS54eRBe0fSihwdTe+IRYxvYkoujkAx3AhMDLExdos3NWjqXyGxTGsdO1lhGqS9Ik4vSLSvF1DWPo0SEA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxoKQ0YP43OIfYUmqpFs6PjOlN1SLK65mB/VCp3nuSKHtUMJK7vqShL7ZX5EKss1gaRsOXa60H/wNsSNP1rKLyxmbdEr8HjcV/8omaNfIW4fbE6z7mECi94l0u2IJY8Y7IpNnAXUKxcm7z0RJj</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns"
                    NotOnOrAfter="2021-02-25T14:09:49.321Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-02-25T14:04:49.318Z" NotOnOrAfter="2021-02-25T14:09:49.318Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">i+MOxShBWYrrioZyJThE5jnIzr5W7pQL6YWe82EnFlI=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-02-25T14:04:49.316Z" SessionIndex="_d7f93c3671e31627398123471605da35">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-02-25 14:04:49,327 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-02-25 14:04:49,327 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-02-25 14:04:49,327 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f271477b235f122bbcea53c3cf5a2e53"
2021-02-25 14:04:49,327 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f271477b235f122bbcea53c3cf5a2e53 and Element was [saml2p:Response: null]
2021-02-25 14:04:49,327 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f271477b235f122bbcea53c3cf5a2e53"
2021-02-25 14:04:49,327 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f271477b235f122bbcea53c3cf5a2e53 and Element was [saml2p:Response: null]
2021-02-25 14:04:49,329 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-02-25 14:04:49,330 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">i+MOxShBWYrrioZyJThE5jnIzr5W7pQL6YWe82EnFlI=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_f271477b235f122bbcea53c3cf5a2e53"
            InResponseTo="_0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns"
            IssueInstant="2021-02-25T14:04:49.318Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_f271477b235f122bbcea53c3cf5a2e53">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>tZCW0TuuBFPJfCfZjpFOxEMs6VhG0BipnYHBsHWvvv8=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>pod8KRm3Tj9sgMPiM6cZ0JKWrrXC8IU3w4Zmg3SbX0hvndOA4ZKjhjrdODH82Ww7a7ukC4nyqcgPnGSTdikRXVKgsBjL1WKv5GxCgDPBivuU5HyM8DADWg0JOkeNta7S35EfNRWEda67TnSdmwCVYT2wRv3DOjwK0PKzjW5P7FHci87x52Cw1t0XyJVo7aJmY2Jc7MvETzu9/Iro+AoQLxStcU6r8rqj/yY5o/TYV7/PMbbo5QU5KsKAuV/gG4xqF8vc7rwGZlpQrKz8b/GC0kcawpBN4xFuqODAjdWo5ma5M7q68WtNdUYEedEQyB4a6zKNX5XzC4YXatTADX7zAA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_4ad35d30b627345c3db99b8081bc9d1e"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_deaac52da1b3603ce6d391b1c245d8be"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>byRHngcVK2OhoF15vihAAtaXO7QHIO58Qmm/vgp7pzZv08qP/YWpTfSdOHaZLYoKAHGsWDgUY9Kfh/4r0qRcMmSu7SlA1qhRecxYzR5JSAyR9A5Q25krFCHmq2bd5lJ0appaZih4PguUDKnSD8xEysNjT/YHWWUOxxRp3O9OMsY=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>arvY9ynFzk45+dprH4dmtYpQv8C/MIwcKQzJwXyhSF4lcahwVbhNNn/6ei8ckNxq0nSXUs6x298aKLi5u3ViMt3ozEKSZIbvTMCtFGnfdy4AJD4i6XqWRYcZ0kaDgRDNzfh6WL2FyEeJx7UhJM3Pg317XRDXkoCMtFb925DkHuGLcycud+HUZAqgqS46pfrxemvin31iNIPaJYebxE8Dzj6fL83ThH4n4OcM6nMG9HbekJywBGCEw7qdlOUWZNI3I5ME6TIPhYKvZeU1INnvIU01KM2RqL0KItmTK6iFbXTLrl1UyGZ42MOim7pQnY1befpz7TF363uBusNbQQICUTg2JzhjLOoCXwYI/VN4Zk9OzhxrR0CDa1N9cwxo5ngQgGMS1FQnsykp5n5Ve9Z6lUeZLivYp49KjHZvD984VHzM+T1LhhlytPFRShnS/VX/3zfNWOhAjiywb1SDGkfzAB+SJwm4l7vKQX9tQQgP1UufmIdz4DF0G0A5fTCKox3G8EpNdUyFyXwsKkcLvo3hyxmKhaY73r+mnc2bDMOUZOJk85oIJV1dbHT4MyIZrmw9sw8bqgvjtFbMAILG+y+Xg6KimA4+I7371Rse4AH8OnWH7xWI4DqZKUD1CVbvJU45PqrXid7xjGTbmeHG57l5srsiPxVi3hEVPilEH9iSWSiB2wbdhmRWgoEDOQuGS5QUS0g2WnOLq94QghEQZEODzkbhJ0i+JQV2Fe3wydxM20KB97p34khElvpTcvrw6PeU1979qi3tSFmWsPMXITZ+MZoVpHGS2DE326qvcYg3OkkHFMpIYlKMXGB3rqWSUEYJFYK0K8N6rGOhpp9xLOc4So7I1d9su+YoNDP56g4MZqUrCutDCmDkpjoUaaMXXZcP8KZr8YDc0a7W25XqRphYkezBUq76BeSEiF9q0uC/o8cUfGQVgTPXxKuz6UlRRriGAeW2Na8+CaWvafZ/fQNyrBgtdWlY1X5HfuissqYFrt6DMFvtQ6EW7df8hiIRYCtBMvPsN1LnlHWskE28nj2akjNDB6xE5NheDREuQsthLU8xUQrbztSTL7YBuXbWqI03Q36wD/DhTpzCgE0liHNW/xdvzHApZz5sGw73P9ADY0ugRyKkIECME991ouJIs77MbS/WCpEJCQ7Mvyj/dy0zBRJ90V8fzX9hpVIJeKVw9JF7WqfhaTR/oiZ2zw4HMKk7X5tgXoPMJ8JzVU443ytPVMUMuJZwq33A+DOKlsrE6MKuIvZIKTIYFsgjfSPJmg6Ql4/44dv0BjRMnvnpCeYJRTuYqiMcqO0YOTqC53xznjKR3yWhJiOrN44HdVROB7v6gxOmQdq6jCqgQsrK4Ls7i2dABnV4qWC7ZJWjJJqIVqVQNp3/CURh8AsLyI4S1zJ37UqRGcUXheCI0RZ0v8WvFE07um9K3O6Vxqq5sG24TRmaNvvjFgcmcDQwVaOEBzmQzFfkWbHDlNXYnOdPInCmeNTdjKsBoPc3PpgSt9d5CODiTJWnQES1e2ptyWpE8qfPJdjADjYrfRiu095juXxN21ProX2d0P6id05iFzlaez9PvO2L4xQW5oD0482V/X/gDsvikcSlkVWCIkF2Sqi3QXt7szZCgZ7vyEGuxXlif+mTvbYDI/kPpFrViS/Mp84U6JvrURnDKPefZnu2OXdaGx4PClyFSc+mtOrlRehFps6xo6tJyHI8cCflHqUZV3dqFxnpGwB7SMS+mgegutYk8N/s2gTeS0Q2a6Plm0VdR0czjQK1JQxRDTFMjYoKS7+lZDZesB3X8r6/3Xn4Y7lkOL/957rbBrUj/TKRYZGWBszGZNrRyFHyDG8CEQ9dagA863L84c8xuWLEqxa6txLJGxJiqtw2bOHZwT4LrGgzb0MCVTMIvM64EFshuynvwjLSxZHsXXkurolnNUB+KkmF1I2uFnzr08gTikekuujxXbU3u0IlOdXro7ypKVIlcaijicK0N91MAJZ3ZaeAqAjEHEvWJXIOTZlWm0XKKH5NSOLH9NjHQpmB7XqK7Ib5O0Zf066fXwu+6ugciT/1nD7clpVo9HrGTQgIeZyU/i7k++XVLCar+d8E3rMjsarveNyCJlim6V/fN16eJbDFf+e1YGtE9ydpxWWSxa90sw84zFKLYPUdXx5nmnPZcOPRs8HNUuaVNcGSU6Ngf3JJ6EtxdzLXaAdD47yQV5GuC08hLTZ9cCZzkPF1mHgMoVHZNW9N3hj93dnOmHuYCnu27O4rTpeDB5A48zVnRXl9vqprQGrWwKdMmYR6tf6J9xqz/Gsy7vKieeS1/ksEd3MyBeH29pinY8Doj+Tq+53fTTSZw1eZDEEss090gn1GktD7cAgFFON9bGxGWLQ4BX2aVjYc3hwnzyZr3k2Ayw92Rf08CHb9gQortPao8nxAoxCv5axo4cHaIsBy6DGrm6qVT3l3evipkDD4hRQmNarh1gk4MtyzOVKRWuiR1ISrrZBH16+YaH8+Jj1klGIO8a4sUuJodUha11NUbcwqOvo64HtIk4+llx6jzostJrxkF745JPebcNajE0SI+1kqGRXoihq/U/0aEvIKverrPEVt3rXDS/JMf+4B1fdulLtPTFMH2aAmrmHjsq/CWjgRFDbL05kqR7g91LlKGi+SUSoHgBha4TCATURp9hLnhc4HGIDprgYx8y4x+yJ9LzSkJEnKNpy9M9q7EaY3Oa8godxOr61muXG2sCb43yEkCBlhZNoq5L0e23/f4bC6uTT4guGV5LHK9EZ6PbVhYviIVfYgGl9NgXZ3I10sQBBsb3z+zhgzRgFBiHwJqKCS2g7D6YxxYwplZs08fD48n+4VyIhkSxmzfLHzVkXFgCplNzRnLPR2igoF/BbEH0RT2W983watFUdcezuOeulAa8FdTPoBEyOC0ety+tvqgpRmPaF5PPe14uysJWeXydYeSaSO9cTWWmPrqNR1Qpi2blEIX+o8naNuL34xkZ8XKxpZIuUGDgBE0pzifqbE2yCeMRp4Aw0hQf942zhONCtUp0UvganPS8OZAn+POyBkPOoMevfEU6IyAdKXQBNKqdZnw94kvZlFrs6DV7TGDowuAkIsrLeSL0K1d+L8mK7U/r3E74KXozONINtk+vklcSLFvvQfxvvca9eyyXQt1lDb4K5L+tzeWWd5QD8w90YSP1N+d8cd+xw60K2NLr0xkLYcqkedX4mGaePCU0OB/wG0IcfLeZr3zltnGijbBBHUz2OBqkc6M4nAX3jubqL01Ma1QTk6vN2GXeEMNoX0xGV5w5EkmLBvIfg06/bvdkRezAwWh5b29x++0hkN4Nk/rIEXrFovSTNIwm9YQFxwDGt9O0YBW1dS5iSLtskqoVnim30Vz3dwfwZ7SErjmB8BYkUFJ7/Nb2bWN9N+sBYuFXX97C6jlErQ7mHMs+q++ndJFH42+gnCJm6F+21tMsAgzHdrLPWfp7X8VqT49droPlLxtwKWJ9q+8Oz5d3Aff74bvw9MUlUtb9DeCqKAdlln+DFnJQ/Xs8sl3OIETikq6cAppsU4Ul0AQM3F1JwqyQNArEgS+UEXJQrx/n/GdF3mjIM6FDR343zB2hoPR8m6stTD/GBcXMofYZF3z4WTptNh+rZ9WEOY2ujydB9Bijf7az7eWE6ruYZFF69cnXLaN92NqGNYKV6Bq+2DrR3vKJBeaG3h8CjnPKyzwezk/uORBWktNiSSd+wSpz33nFQWyaW4B3asE6XCMWHACLHCx61j5juXWyIR8ZOOCgDPehaavxfA4Ta+CW0qe/dgov0ZhzUKBEUh+/WrJGVuAfo6cqjMnIDAlRPGHfBaVHFS4nt8kqNGuvQZ8wZw/rKAeB/NT1iQEuIpMGnbb5p7HlXH4zpfThb1Ba45cWGfgCFBxYdkoBvnp1j3pt3kv5sH1bYqVnvDnr+GVERZV/ZOCs9nQpEwIP61YOT8ho5LCybCsmjW/IZy16UplyhvN08Lrh+fKDgRhKsE+qrWghXj2B4Usg6dRykeIf018qjSgpiMfhQnW2J1N4l5DjerLk6FuTl/v74t544B2IZDgwA3OpZMQahGR06gdN2ClOd08jJCs1FmM4rYKkY2s0AKX1MNktkRNmC9W3HJYxFKf9kkg33zH50eqXTRql5kMNZLAuQ4wha28xeKdMhXxPj6Ql1kPQRkUGgm6HNHT4K/O+EY8W1hFKMHApZjI526I42emoBK8gox8lLy9Tsgw3T1gwTAQpSdhCsyIwmjFdU2Ift/rkueT6SzeDnTQDPmYmHdHu7omGLQSnRnetr0dxRrQ+cjRxCXl+m4fyNWyaaSw3nGvZ+cte8JIUOFHfiSOsjWoPlY55FyfVdHkg/uHOS+PAtmWKkba32lPbMRU9Ok/a2gUjjDE8esqTc5WnMhEnjETRdeV29o5/tgSiOsiDmVMFciBTylacgVjyOhWSeUOiwUbO/XakB1ZnZm4gPxqpiUkcMHjbfKg8zTIQzIgE1o8dn6dwv3brUfh7jcX8S68225oqf5HYKuU3GlUVDkkjdbvfKGTIji4QkITTaaBkCoeEDisiNjp3b8QchFu2NEbzvo1KPRwFLYN0KqzNkvrvDxVmx+33sKeUJmH2rIRJApszODZMmmz7Rn75f46EPK9xs+slavPI2ll1sCQ9VPKds0HClPRSki+vK/DmSmE3VviC852XjQRVQkst/BDpPT01Lka8SFswYJ9Iq5gT694s/bPdyLnMmBiq5X/U8H70E4OiAlApTAKC/dTLOhbNU/q8BKDsPrurou3i31UN/QlSG9YdnZWLV2dBZ18jgAJvK1/2sUxb2nPSIjV2Xs8uGJYJf2R7Br/R3yWuhGAjV3XFxwHKc0v19QoB9lu4/2fNTRVJsYopjgn6KIkZF7JOK6zDdgsYgpoRen29HxrcijOhEP8I7G6vER6v0E98azHTFwAbhHwiInwY8tYbI6JZUuaryanZGYu+owrzvmpLeB3Jg95R02v7q6xMqqjKZOjOwlDUyv/7weSwF6EQ1Yd547hfrDyq+QywcR1pbatKd/no8O5u0vrVs5j6RLkxlAyuLORILFeEU8swgYqKhrjIKsaKa2eilPIp8bqY7Ok9+tc2Am4Y9O6zEpDxlQuPoPz4HbsqBf7fiqYR3pKo3KzVP138AveO4H81EsQD8DDLYpJte7dqoNnEyhAm58RxOyPKBwgkan7on+UB7yNSam1FskXMjZHGVW8iW5JeXg2kFoZj4zf9Yw5XACkZS1jLkIVkypnvbD1QvHYrK9nvbnkUdoyjzVGX7Bb9d3GHt4m73vKS+Z29poR/ZAtao16w+FH1zlKJiyiVD6g8ZHdzS8FdTALzpjmk1HadMLzi2Z+M9Pg/reMbvxr4Qbj8EgHJkhk8w5BYoL4a61K/vi/xWI7KaFGc0secAI/i3ZNnb2VRGF22+ttUE6SMEe7fNbzSyWUS03tuNM4MWSMN7NpYtxgCfJa/e3k8cm4LbpiLBH0SMP6/b0VuFi6Jhh/LQ88OIkKrSn1iS2E07j1jx2w+YtLnhTa+hrLzp9D/5n9GKzSYfSaxoibsPEaHIj4WZ4wZAM+CWkgbWd6r+JABhKgNI5MlRVklj6JCJUy3bLDtCf7svCQ/a1jRlbXbkJqbuAhJoGmJ9PzgV2K/U7P7/3BsbmtIkSL1bUw81cLamqnp7ohMLKQM9ckrFcjG69qSWyQKwKLkK9lyb7YDMTDrsJjP9zPEnnOsxie8jFvsrftB16wsJf8IEAiGprCspQM9+ZRH+V95yDtmGGQiivk+d/CQvW2Fa02+WYA5hlTChExxoBfawgfxfXBBtgEilsApaJNH50774DFZ9m3zwQbGkBh4viMGxioFTV0Ae30Obo795J242xN4gSX+pVgdbaZRrUHHr/GtMZ8he+IZ4dDXp0SBPisO0tiSNLVB/ggwPYxqfUOHUH1rlTOtVd9rdqZZHt0LiR/zXi2+R7hg4+Lrv3dD9miJCJcf1IT73SfuVDLOTqYFIa7wtY5qKwRKFt1T43Tb3I9FvrbjgXSBPpfRS7qVVuWZZo2d9gF1iSX0DKFzimp55l2typ9BsuRIppxupQFnzUypHrjEWss+Pw8CskhZ/YwMnxn7vufznlOUE3N5NVtvOJiydj8HBB1vIQHfXImoeEXFsi/pkRYFcCDhHkb+mhyN5ebXJWL9Kbx6Oiopm6Tg8DfOuWTR2HZpnLP+W7whmnZIvx2ZDYX25AChYunwUGxuLaFAwIPxuM8gPuoVz2MA/KJmDdLJDdNdxGKW6Xi4lzo6yrN5APgevarTg4VEF3EzDKxjLFhMqZHO03iVwsy7ArtffxwanDjxkDQYeHxp1Ygx7sC/r0+X+oZiz8ASk77dMP4nJqPvXKt41Lo0SdflMBpcAlCA/q4goXE3LInX0QIEwrlbxGlGzgrJ/qkgf51PTNw2QLVTWSsgv3GxUTnz+vBGJbkdZNMXIhQuhtKXSGWgdQPmilCmSzCsLLbwGuVa7cLVXzRJ+dReN4wntRSTPv646hIDOqJku9ktXoONnNf3XkbnnU2XmQ2rt/Wixlfcoe5+wA0yL9SdVG7ysDFFmmE0K7DxEkPfVIcF4MkmuNfEy7hlr3XOV/Djc5XcyFKWKCAOxF8cTgiMhhDumejzsK1x3eiYjrs9x3i8Xf4hGZEsEIO0eQvN/nKFWyx9i+4zCw8HysNc718GpzurS4ybOO8XvSnyHLJOU7ZCxnlmPKfvAyTCd0qJLDg0YoS8vAlBn6nNw476ACSjUG1drkeLuCMR++s3nVLKsX+aFQUtBBiQou7+9h9ZxZY0lCRcLOG1HVE41x4NLcnhlsSvIVs3KjVJHWzlS0twI3YhajrRm7ikhXKtKL8YS8fRLycHIFdBLepIdT/I89HwtONx/1+m/ycdzFw4q7YxFfYDXR1+n9/hyeRIhzIax1tmb8u+KPWoT41kFiHYRmqUw13Z/l9X3kk8oL4L6f92iHYe8ibIoSis1zrK4h27L4Oe0NfqL5VHWSTAKkAuutC7liS15IMN2AY0BG0Q/dnHlgx1+SQ+kx0LRFxUaZStZ5gmzEK0NhJiztnisd4USZi0P3rXkNIdwyGAQhNdANrAiebodnUn7H4Nqerc85HsQrZYcJ1/YkY0muCjvcaUvKX7dLQCwlsmbu3FyFqFZC2dkpIoNRNk/gXsiU90cjX7tqvvQ011TlHH4ghPez6n/M2z1f4A1rXs3dLdHrPPTmPysNNijPOG4ZckQvYlTxEXptP3Ra1jn0u54AqrrdyJrmqK0PYwHC6TEp9DFAiuBE0MhGnobbk6hCQ78Lk4JtJ/JZ/2Q2E9AHK+zEq4xc8MXQg6r6oZ40oSMYPpHArIWu2vQ9rrsOh9s0VH1p+bYbbCxQUh+Qx7pxmeYYytUBk2wFtIZEqC/vxdEkfgaUqqjFAYwFDPWCwWDly/Nwgrbr0GaM4wrhGrF0Ks+aM2E1EJQV8NFkkK9T3xIXzozOIBAqEDKPyZXfIKeX81fdFRb1+bhD6zrX1nxdZUyrhy7TWkSxjqWERqpl8NrzseaJl7/h0MEbx6L94cewwz7i7uMgWQXreC3LP+V/hGOi3l+cn5rakFJEk1yN8qAXO+l0cL8ybsszcUVFaCZpiHjuV+Xk7wn9+EnS3RYtojLGL4wRRq83JBNGeYJjVUfYbijZmqVGR9T7kXk46mX8LFSEuKW1VdE1enC7MeSxZTN8uo9iP+zhl3Nw7VcVmVOvWWlTX+4yp50+UqUd5FK+ObEmY1c79R2DfmRSf0dxq4VT0YIY+tBPw6JO+qCPO3jqxea/BXuWV9FqVNBovhHMvR+9Q0zqH+WKYOuE178vTM/xDoxZRyYi2tLwjIyAlwL21ZxMrLi12bSwhG32k6GQv5R2aUe2QEqj8v+NYEzzITMBfezwkPb/N2g6Z9me/zaKWZWRIiSDDLxFssvarhYJr4L6x74XUIlVOtffx33y7QniIaTnBqWMbl5Tqv7oCkiB7voKEw729fcngOkb1m4bF56kGg6z3flj3UOoFyt0gTZTSsPUwXUcxH2DXpcezpnwJc7pZRL4GEj2DnRnY+JmebRDCJ2KR2SIZAKs1vkR8oHnLp+sr1Nvp8z7TOYBTK9yElnZMPG0TGT+R9yndx7+0O723sD24wD14TB0KqU5AyMN/YqKSSc0ulOAJ0E+RdfVb+krgtYfGNAw+RX4vM/phY6IUJzDijTx/fwHVP8ih9Ow5/AbDmCM8wXZQTEA1VldrmF+2xgHAsjqHsNma3Dcho6BPKc3FgrMqLUgWuaGSDguUoBNLuttSsPCour5eVvCQ/rkjErrFf9+CSbc2623JsIJNoFWSSynFFhKQjXszjEJp9Jvrp4dPoSmGpHYtxNDsKgJDFNbMNboFPhdP780wFqN04oO8eiV5LrPtJN9F/BW0u7Vrh295pbKxLzZmkqz38UeaS9Ik7qKHXg3jw2RsbfER5TkaaAmPOxmSEFuv1rQeH7LvMEvu9BsdKk99SoEZLkuV4IpVkybZnSLloWs8/Xg7G21eQSU89fHd9uCsnXwB4R/YNuhQro/lk245yQXysEiB0qGw8M/X5XuH91OLfwfAJluwQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-02-25 14:04:49,331 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-02-25 14:04:49,331 - INFO [Shibboleth-Audit.SSO:?] - 20210225T140449Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_0bpg2og6kac6lj5i9ds5g8g9fxqp6l6p3tns|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_f271477b235f122bbcea53c3cf5a2e53|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxoKQ0YP43OIfYUmqpFs6PjOlN1SLK65mB/VCp3nuSKHtUMJK7vqShL7ZX5EKss1gaRsOXa60H/wNsSNP1rKLyxmbdEr8HjcV/8omaNfIW4fbE6z7mECi94l0u2IJY8Y7IpNnAXUKxcm7z0RJj|_082dea678a82a5a52e381f471c69d2df|
2021-02-25 14:04:51,453 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-02-25 14:04:51,453 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-02-25 14:04:51,454 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-ch.o13bb.otc.t-systems.com, acsURL=null, relayState=null, time=2021-02-25T14:04:51.453Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_2c18e83b-1458-429c-9eda-715c3774f50a"
    IssueInstant="2021-02-25T14:04:51.453Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-02-25 14:04:51,454 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-02-25 14:04:51,454 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:04:51,454 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:04:51,454 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:04:51,454 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:04:51,454 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:04:51,454 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:04:51,454 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:04:51,454 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-02-25 14:04:51,455 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:04:51,455 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:04:51,455 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-02-25 14:04:51,455 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_2c18e83b-1458-429c-9eda-715c3774f50a', issue instant '2021-02-25T14:04:51.453Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-02-25 14:04:51,455 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-02-25 14:04:51,455 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-02-25 14:04:51,455 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:04:51,455 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:04:51,456 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:04:51,456 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:04:51,456 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:04:51,456 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:04:51,456 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:04:51,456 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:04:51,456 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:04:51,456 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-02-25 14:04:51,456 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:04:51,456 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:04:51,456 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:04:51,456 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:04:51,456 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:04:51,457 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:04:51,457 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:04:51,457 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:04:51,457 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:04:51,457 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:04:51,457 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-02-25 14:04:51,457 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-02-25 14:04:51,457 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:04:51,457 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:04:51,457 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-02-25 14:04:51,457 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:04:51,458 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:04:51.458Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:04:51,458 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:04:51,458 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:04:51,458 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-02-25 14:04:51,459 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:04:51,459 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:04:51,459 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:04:51,459 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:04:51,459 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-02-25 14:04:51,459 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-02-25 14:04:51,459 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-02-25 14:04:51,634 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2021-02-25 14:04:51,634 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-02-25 14:04:51,634 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-02-25 14:04:51,985 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-02-25 14:04:51,985 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-02-25 14:04:51,985 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-02-25 14:04:51,985 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@153575666::identifier=rick, context=org.apache.velocity.VelocityContext@6039dd2]
2021-02-25 14:04:51,986 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@153575666::identifier=rick, context=org.apache.velocity.VelocityContext@6039dd2]
2021-02-25 14:04:51,989 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-02-25 14:04:51,989 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-02-25 14:04:51,989 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-02-25 14:04:51,989 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-02-25 14:04:51,989 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-02-25 14:04:51,989 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-02-25 14:04:51,989 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-02-25 14:04:51,989 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 431dca904283e9e610c650446ef7bd46668220c1632313bf75c72b71ec4cb932 for principal rick
2021-02-25 14:04:51,990 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-02-25 14:04:51,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2021-02-25 14:04:51,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-02-25 14:04:51,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-02-25 14:04:51,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-02-25 14:04:51,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-02-25 14:04:51,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-02-25 14:04:51,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-02-25 14:04:51,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-02-25 14:04:51,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-02-25 14:04:51,990 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@34257cbd'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-02-25 14:04:51,991 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210225T140451Z|https://iam.eu-ch.o13bb.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-02-25 14:04:51,991 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-02-25 14:04:52,166 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2021-02-25 14:04:52,166 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-02-25 14:04:52,166 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-02-25 14:04:52,166 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-02-25 14:04:52,166 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-02-25 14:04:52,166 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-02-25 14:04:52,344 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-02-25 14:04:52,344 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-02-25 14:04:52,345 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210225T140452Z|https://iam.eu-ch.o13bb.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-02-25 14:04:52,345 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:04:52,345 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-02-25 14:04:52,345 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-02-25 14:04:52,345 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-02-25 14:04:52,345 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-ch.o13bb.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1645797892345}'
2021-02-25 14:04:52,345 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:04:52,345 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-02-25 14:04:52,345 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:04:52,345 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-02-25 14:04:52,345 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-ch.o13bb.otc.t-systems.com]' as '["rick:https://iam.eu-ch.o13bb.otc.t-systems.com"]'
2021-02-25 14:04:52,345 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@34257cbd'
2021-02-25 14:04:52,345 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:04:52,345 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-02-25 14:04:52,346 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-02-25 14:04:52,346 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-02-25 14:04:52,346 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-02-25 14:04:52,347 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-02-25 14:04:52,347 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _90d69ada209728ccae68ca7d1b130559
2021-02-25 14:04:52,347 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _90d69ada209728ccae68ca7d1b130559 to Response _16a133a6706edcb5624485852204259c
2021-02-25 14:04:52,347 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _90d69ada209728ccae68ca7d1b130559
2021-02-25 14:04:52,347 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-02-25 14:04:52,347 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-02-25 14:04:52,347 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-02-25 14:04:52,347 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-02-25 14:04:52,347 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-02-25 14:04:52,347 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-02-25 14:04:52,347 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-02-25 14:04:52,347 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-02-25 14:04:52,347 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-02-25 14:04:52,347 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-02-25 14:04:52,348 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-02-25 14:04:52,348 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxMD/azu5feYcsa0zy5V1fM4F2IffhAYCYmXcPKRyoxICNHsLB5Dweb3JXDD5SC/hHKyocT+mJGoJBAVDjD1C9EP8WmIwW7AQR2DftR7bsbuMBTWm4tmISX8VCeX3VzxVA7EOhOjtVvfTMmO82 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _90d69ada209728ccae68ca7d1b130559
2021-02-25 14:04:52,348 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _90d69ada209728ccae68ca7d1b130559 did not already contain Conditions, one was added
2021-02-25 14:04:52,349 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-02-25 14:04:52,349 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-02-25T14:09:52.345Z, to Assertion _90d69ada209728ccae68ca7d1b130559
2021-02-25 14:04:52,349 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _90d69ada209728ccae68ca7d1b130559 already contained Conditions, nothing was done
2021-02-25 14:04:52,349 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-02-25 14:04:52,349 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _90d69ada209728ccae68ca7d1b130559 already contained Conditions, nothing was done
2021-02-25 14:04:52,349 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-02-25 14:04:52,349 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-02-25 14:04:52,349 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _90d69ada209728ccae68ca7d1b130559
2021-02-25 14:04:52,350 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 431dca904283e9e610c650446ef7bd46668220c1632313bf75c72b71ec4cb932
2021-02-25 14:04:52,350 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 431dca904283e9e610c650446ef7bd46668220c1632313bf75c72b71ec4cb932
2021-02-25 14:04:52,350 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:04:52,350 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxMD/azu5feYcsa0zy5V1fM4F2IffhAYCYmXcPKRyoxICNHsLB5Dweb3JXDD5SC/hHKyocT+mJGoJBAVDjD1C9EP8WmIwW7AQR2DftR7bsbuMBTWm4tmISX8VCeX3VzxVA7EOhOjtVvfTMmO82
2021-02-25 14:04:52,350 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-02-25 14:04:52,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-02-25 14:04:52,351 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_90d69ada209728ccae68ca7d1b130559"
2021-02-25 14:04:52,351 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _90d69ada209728ccae68ca7d1b130559 and Element was [saml2:Assertion: null]
2021-02-25 14:04:52,351 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_90d69ada209728ccae68ca7d1b130559"
2021-02-25 14:04:52,351 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _90d69ada209728ccae68ca7d1b130559 and Element was [saml2:Assertion: null]
2021-02-25 14:04:52,362 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_16a133a6706edcb5624485852204259c"
    IssueInstant="2021-02-25T14:04:52.345Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_90d69ada209728ccae68ca7d1b130559"
        IssueInstant="2021-02-25T14:04:52.345Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_90d69ada209728ccae68ca7d1b130559">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>LSJoVqqmEdqg8AYfqqkpFgK40s82tUTgRfM5PpkMo10=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>sTwlrnbFow/6Rh0oBF3hBqhvIJG48MY8V9YRw8jacPp9086+rM+xY/4RlrZQz4N2MXArZDTNnSZZy6hXwwUTQ/MiGM54Gxr1pPjnPp3pq3W6/2rOX0rEB33dM1GkcGL5UbGol9d8qFyLKXg/SyedacSG11AeEaQO6oZp4hxNuZ8Xx/g6cz6VagVzIj8r4aKC3PPj9fiVEagOHMYPWb9XMy+9b8ZcA7/kUuU/aLbebwa6JthQk41kJFT9yLyOy3VQLhDqxxD7pXl6sOpBBg0Qx5lSRB/01OtTmDkEkkr6YtLGYyNAoBZmqbLfHrhCvkjMYy/K++j1CBuIKlUoilgx4w==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxMD/azu5feYcsa0zy5V1fM4F2IffhAYCYmXcPKRyoxICNHsLB5Dweb3JXDD5SC/hHKyocT+mJGoJBAVDjD1C9EP8WmIwW7AQR2DftR7bsbuMBTWm4tmISX8VCeX3VzxVA7EOhOjtVvfTMmO82</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-02-25T14:09:52.348Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-02-25T14:04:52.345Z" NotOnOrAfter="2021-02-25T14:09:52.345Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-02-25T14:04:51.989Z" SessionIndex="_337fa4109edb1a183157af4880b43645">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-02-25 14:04:52,363 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-02-25 14:04:52,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-02-25 14:04:52,364 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_16a133a6706edcb5624485852204259c"
2021-02-25 14:04:52,364 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _16a133a6706edcb5624485852204259c and Element was [saml2p:Response: null]
2021-02-25 14:04:52,364 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_16a133a6706edcb5624485852204259c"
2021-02-25 14:04:52,364 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _16a133a6706edcb5624485852204259c and Element was [saml2p:Response: null]
2021-02-25 14:04:52,366 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-02-25 14:04:52,366 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-ch.o13bb.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-02-25 14:04:52,366 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-02-25 14:04:52,367 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_16a133a6706edcb5624485852204259c"
    IssueInstant="2021-02-25T14:04:52.345Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_16a133a6706edcb5624485852204259c">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>49nySuDogs8mN71+1X2f08xuxu6VSM1uFZUU/35ni9Q=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>fB/Ffhv7kEHNLkCT2sgieoT9/xWTGIElCWN8+Z76AiWMkB8qgg1LNH2bLnzx/gxGf5Ite9WNAfYjm5pdvD209RRUQnZ3YhXl89Nr88SqUf6GbSpdm29wHIsxRqVqrwkoXAKUx2dDi1gX3xjoeBNbnc6kfLA+UrOYEykj9EOXhJKguMAv0koWqYaQJa3ldaEEol96zUHSxB7TgsLTgWDvBdnO0K1CVp02m+1H16ev7gID6Rx63CyDb1PZ/AFHrwx4ffykAjx3xxBmkJimBR0wwNi5lTIF+aluRA6pMcYZnoQZ4DVRRD0sgPtQJFLr4xaBNo3314UuoKyp1GPaSt5fZw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_fed8c5deba77a9b17539528fe30965be"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_ccc06e5026ef959ee5fb8e57c2119c63"
                    Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>VTGFdMP56Cc5XFRXkWrO+mK/ZlHMshArE5w5F3QiPlDZEs6IYiSSjYQGMYcrfEQ57Sw9dOY8AxTcqfro01MQv9FVipocP4YM6t8v9bqzKx1zxkCQYUYSrgmkvBesvryq7aXyWePWr9t8lht7CGQXP87HhppMJvzDey/E5eVYwfA=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>4L6ALHMEnQEGMxjVIrGbsBr3oXlv2skrY8VxxmCgJ+F4ERCdx6AJk7j0BBm6FjQZpGjjji191FZtau0OHlNVKdqhACOV9dco2Qjc6NmWswxvqNtBLUCT0r9CevOahWT4HChHAIyg3QCSIR0T+MrWmw0VjRlzSoOkmb2733muzBxxBraQsbQBA+XDkPAQKUGPc6IwK4St+tpnmbY9U0VC/6Na7QmfM48t4CqD6kaiRWia8OnKSLLbLd3uQs4zBsoMGwq+jrDOkBPPivB1ONHFbfQZ9tLZ1YfWUklw1Vpi+WnWA985btkH4zDVarisVYSfHuZJr1N9E9Ss9Cn/qyzMwnp4dMJKCavqEQGu53VpmhxtME7laBXs6pq4Tkjz7mHzop1ZVpDlsaoMXm9xhs/687iqZLdECOFOc7Rlx3b39EDf+n7qF2lwwrLvAJbOMbn0X0+GzJgBDFroONNqg+d02jS445aOEwfj8tZRUzDhmlwPveNqid9nd5UlO5TXDPvmg3nUzoYLJyn8McjpbfYGyWVTeMPZw5s/vT6FJtmalsGc/wwAWOg2i6bDCZz+HfOXvXfCrWZT4J0UAHo3fUqSp2Mzqs6NjT8vs+xOUN0RUFQh+73EtZEhFRMeEwvAFBJXFAkJv5uvuXIaUEMTytFsiupPuWhVTdDuFR/JwEvk4cCAHQMM+C6fIT7k24/2oyoQY4SASeZjghdLAnsiUpN+vJw9LDY9fQH2PBNJBVqKEMa3IzHQ42Gbu2RzatsqLVcgADO2H+h3lttN/rseu+lWjRtaRyTR2YgQSReJuKGDpxFhbUnSmGEF+qH0wCATGJ+CrEMZDU3RbDyTsa7bKTGfb/jDAajUAzLAYqg9lzOzyE+qiDF5AQgYVVJM14r064dNPdhR+Uie9e3+xR1Wm2y9dml9NLiMoMxogQNRdys5mQwnpWqRqixg2cVR4cgZ8w7SX1rus9tJniw4IdtU+dqhwwYWZDfbOCHX4N3QVYjAcPHtsY0FoEhQya979BCRpTt5xXTUGKFc0l2JCBNy4cu8N8Mj3hRdklM+AftZEPm4ZXHvWdz4o4lomno8Tv8gVq6nQ5K7Gjp7Efzj7bzGptj3puZGYZBnwqKwDKTEmmqiwWh+WbeBYbjt+P5mtic8Khb9BkHAdTEyMb1BypCO+VQfW+a+5GwiWwOp3fKABtbjR+kZsWlG7exMdk429Rmm94NH+sg5NwcnK1W0oUTxFFatV5Sj5J9hSXj3qISxX7dUnjRiHwGu1tM6jRcG24cz2l7WLtaJ2cHeq3rlkVtxxJfqzOLMdrALzRKTxCRma97Rq0bKUqlvWrZzVijwiYOMjoOst7E+PpOKYOK3saLdEkgQNLshBhVbx8VaByCt+qN5Xg/CmyZhFJAFtq3tQcG/SvSURdUrvb33IkGkoR+B8eLGUN6XZ/jat44A3OpAYYMkUE4IcPy2s+t1sQAU6EDP5ZW1lwNETrZU4o3H49qe840YcY/MiVv3+C7aQwYnxSfQimvi+W9yVSCwJf1Qn3U+Tqh6ApnAC2Puz1qnSB0AP+4w0olGOMZI4mnNMSwtaUP8MgUrXjA/6AroanqL53dW5EF6Gwpu43A4RH46kjcJxbccMkZ4H3CMdsA0I8Yw3KZbm7o21nhT7hL4hOt1tUymZl6sFSgK1joRV33JSM9bkwxCUh0HKw3qW6CMx3BSXWXCxQFkxvpSHdRTdgKiQs0tYlEiiD9YFMifF0WmBbOIJ6+uKr1o3AUav4S+YeKeo+ntC/OfKEFq5u+kzJJnpkpIFRQrbERftF3WmmyihFl/8YQi4g27nOJoLCqaf1IgdulAYXzac5LkN49MQ0lQz2iyDTunvTiWcVcNfZFY4k4gs2462DmilmEt5bVJS8WnMAn/bQaFEmkWZDs7uPjfvWoSYrBCGPD5fH+OYFYi8x+AIC/M2zUj3K6f5q+zTDGBVIxRnO6Oxl/pQ0VXzGaYChAsDm0MEUQFB33Sc7oUNYn5YMsPOjuHq24uJYVujPbcnSQFivrVGP+sRcXsNyHowWPqX187B4cS8PDIXUXfVagMjNpLIYAgeP1c+AdTHOxRGbbMVW4WaPAP3aMQ345BiuAyQPdO27ErgSrDB+pdQDBporX0NntgTGCIHXShWimMWFIdThB6U+TEOzj6TLBkVyLceNF1rNika9z05PbwKA5BeEs7qyIvNNiK+R3tr8jrDV4tSk1u8b9pXToy3OXwEI7IdNidWqKChqY0+0Goz/1iRoX3JgNb5Jonzk0FTCjfKrC7tUDnX9CRjndP/lNhLYzdFB1EPkt8Y9fjELKUytkWfjUdgVTpCD+YplQ7Y2hHHH9Di1i2Ni0hp+jSWRSpdiW2vXOaD0rxDLByJTqCm66GMVCEHfNLirJhc/8R9/pWiPMbRbMFQ/J+O4VmeWVH5GZItsCu/V8OHIOR9TJDd3yU72USDFnY8cZfWZGvEio5eWyC83hCHW/ndLp5fyaxrnMBpzVNKLnhf3dOFmxVZJPRGS0yMhbNV/coRpt3pHJzoiBNxhMVGeH0HxiyzirH7DcU9HdRkrhab7uUw9FxzNNRHnoPeZaUjeebgfiQclvsrgy94k6Peq4LyDUEozdBXPSuByPCAzFBvVzNWmdti5UWRIflfCgyw7PxpBnH888J3U1e/QOR1X0mo0JUE/xEsk/y/uk3NMh1S5AkBzeHK4VAKNlbRZs5tLTl8POnHxFI8zKBljIyniYQEuB4c5HuSepxKm4NMhlKRaWn2W1LrV3fmey7iNAZCx5J57W2UcLJoHvNy2KistL4sN4UqW+3bfJJtyiDJQEgdQ5LsrEzFyrlXUwwHTZjxip0JdFYGVZMMoeQi0D8rIt3ZmtdEE1NoNqBecYcMRy18wdhCFMxYQ/OZlDGcoUrKAG0LCSS8sNAbATPLOFAPtOnkrcdGuhjA8qEpzJ4qyHZN52mArSBv4A1E3d/8l27rQNrTrJHgU7cJ40JXXe78MT1dbYw8gcDBfl9GVpXmLS/8rhNHjxfht4kpiReXGuqvwu46tD7T4A6TroHTPdLLv+z5U+fyn9xXZjwJtnpANbjTQyxcpMj0ZdWJVi5X1jTW6yelhRGW5chEKY2xzg9btGmrsdAvpBvKD9+Z8Fw6ZM0wMXJ7r3roS/KF6lxQu/uLXBVPCCoXhl9e+oeroVTI+aj7T2Ez1hXsuPpxoT7Yne9hguOjmQkisbc7jCY3BKjk+z5EfC2txRwVjQ+x8r4bLzi8tnxhVJQae+bKwU1odQglv4quVxYwXJZAUH/yJMtE/0KUPzCo8yw3LJEm7gPaOq74GImM5GlD+hks7yaFBDa/W+n7wC71/ZHt6E2yB75dVJFhEd+Q+Enjvl1d6gfu9kwe6WfT3ny+cQhbXQSV5YkNA0AA9CX14YoR1jvQLtjhT0TjPaBq3TPqWhh1zKBZn8WOu+Uow9qspVu7fh5UrduD46kpaKolKk2TQfNi9PLvXBJBMkMG2lLZfExkSQzwLrqCmc932MRAZUa12ydeUzWRKUYXUpEbFinuTN0lh9OFs6aLRGULcUrXLvUbORb35e1ywYsmcbtekhL69ft0bvD1BxK2csWywtgnd4XH/uQC1IDufaH5LCdaf2i1hDea/b909D8lvXn9FRYKAVIUrSVnU+LOqKKbTlK/wnSVv8GT+WVfXnEwI6IqB2MJOniT8KGWG5UCqpmPj0AdCtow76HW9clWJWt9+pfK0MzvIiaxRzT6+TQsXBIFOp7xseGmjNQNQfzFcwd1o6P9NqtYDAwvZIx1vFF4tDfaU4xdlVQYO2ezxZIyQ9fDF97PHqPeztKSMA/0UUpLSb4cqpCiClG2cLE2juIAkxsbor+akKS+5Dyma3uX18QVLbWk49DeD022TEvbipGhks42mS/f1dK77h2LC8jy0HcjYxPqrUFPoFaViJN2lQTan519e1g0ZQxhzMTUFukWbDqCWfwpALOtzgTL1Czcw97036b9m0cBiDJPGi7+11x561nXMrF1Og87/sN60JWCfJvdWk18wp4vXAdnVI89AZt4nGOrPWyp+wybKLDYZbDs5b1zSe+ZxTznhbEDtbJFAZPeAob5tF3SuxyZPbkgLaK8CNYTof8x/vvhz+uix+F2iQ++aTlHZOrjSUJzjow77qu1rAHRfVBbT/1EJYMyKPlE+ZxhBdAoB/X9u5oo7u6XzWLPGlj54KKnZJMRZV6iGw9sugFZwBdmW/6CjwIlQVbXYX7QShjZ+Nk0E/Ii3zVyE0BQJvq/q7/uQ8E/YXmq0MYgGNj3X64Wy6ulKYuJQ7CP1Q0h/stoMPPUPt7Eyoo/xfFG0TA+rta2z5ub84V8bD+Y6/FYwT+o+lsLMC+fo92MKiI0x3aI0Pxtt8NTyec5UXb0Ob9dGavmkPbXLZ1L0JXWIhFwoSbZ3W5NgjHhg3hMPMLfD34mljwHr4lNnMlmmE0AzEIlTTK1iVkytbHgv1HPxBkSI8Wq2CPs2pfi1re1KoM52TfHwEuX/TO1Q6u2hTS/liza/bN/yj3LdIpCZu0EUkuxjs6uoY5cMZseSjbbT9dYwRP98YE/4D2HF8l7BDuAtq4R/I9+sI9ECwPsXKxhdjlTXUDGWELXRI64ay4mqVUvtkNnNZH3h1Jay9zHVyq5hX3FQSj4z8Ktoecf6lHj5YfwQzUmVK0sg/YxpBFVlyMpnCwwAuINeymBg+M7PzupDUAkKZLBeA9XdkzaOtyeZIqGm5QmW4JLfrJiWBZQ7W5Do7Yb+elx/FR1OdfyP1lBqlosnYhyjJPw1Xyk6PW2QbNnD1ebhaAA1yp7/5WnecVVRG6KMFZ/F/kMSml5htOEkHbVJ0nMuG7HdfD9ujWV74vEi4jDHzijr7FgUnJKOYNhP40Eu9c5x3KE3pM5vgnfXLxOhnQZjnpr2BXmNwa9f7zvG7dJhJdu14T48Z9E0KCt9r17Iem4NBQONqmI0puHw+rHK42icBgpAIF92T1RNcouVvt4gAIYmrBCpnaX41oIh59kH9BTdvv8CjmMnUY1tg1LCpMOSTOSHF2Oh/QTfujYEeeTdRVr2zn+QyOhmYzG+KSJeOFVuUKduHMes9fLP7Hs+WsdUYEa0QHjfyU5RxgQH3dc9YEVziXH/s9rJbRocIGRCm9oWSGPsLus67w5b8YGe1ODKdYz3lgoc03KC9fZo/4RcIJ3HiMKB58PVglelgArYdcsXB/M0LaZF9phwoCz/1SH+9oolbT+PcDCakPxBuLEPZnd7196W0XJDNOR28zwrFNJHt/dvJrWduPQ2VCsRaAG0hzn63zPOD6SJWyqbdoMcF+q9i2rlmlhBMNlWpTxMfdhTjxaBppei370dGT8bUSprLUfCW6twNc/smRgwVoSF67viBKfptACmV5I4GU5VOqUhU1NAHPn8Qlma99QkUMPh+ivmVcUhMpAh3eBQGGjOycL4q/YYxTvaVtiSDgggqHHBBeQmhCOHvFX08GSalvIH/UMg1xZ4JTTHdOxtrMuwilqJRfdQwOPwqRB5QRErCVoZ02RIt/U4nIwb7c1KvDTbCAGts6hZ68kd2ocZLvujT0KQXoafY3cIKBGh4dptJrRI0J1RMc9fjJo42b2JwEbmcZJgpu+kke4hPTyQZI/u6PkjmYBCCX2XwbrNbkCTyh5rxrRHOUW+SpGqZ0bgb9hAXSstvvoxnZjweOkQSe831LcoAn2l9RKMm826QaXbru1PSx8UMWaFpehHADVXXK8+ikXZT4GtsQPjFZ/iv+uyCyU+jfWSt8VqYfDzfhhX2CxE+hGgNhyUF64I1+WRZc7l9Q2n8AzYRfyzF4kKRioDU11tXG9laHXZLP5mtfdY3NYsIynuKXQ+vVJp0rTOV+hIIvyn+W4Fv+sXg32eXWLZnqbemsBycpPbWT+rQdsxZ3wnG/F7lO0dZI6tqbxCvA0mWwPCLCsCmZuD02ZzyVQBGRp7xJ8mtLzKqw3L/wOe9gFVzJ6PhTqlTp7/2e1gqkRqWwjmR3NS1uzEQtUVW6oPYRJf+oPEPaIDQPMhH+WFupzX0ary7oiW1KVBeg4H0P/td+o5XZqg/fKbfJIRWXtr/OUt7UekSW36tu8iGK7VmGFCYmNJFBcX7KfgBmhVyC70XAzxY9vvVv8NvVfG5PRjKunM8SO1GjQd2kot9wGKKin+q2tcOzl9ocmVsB6FNKe1AZFAoOYQnJeHXjoe0yLu9LTqvxhiUO6u9zzqQeqVk5zPzLuQakhI3zrS7LMnIj1T06yN9zekBZ24ilDvgY0qsYseuEDUcDF2veocHaQ1NbufVTST333olnwlyYvGzoaGbQJ5Qbxx4fHYrrTb+o30fjnRHgrNRfHyB6GP80E5WvZ2q7mFj0+wIqwJjEGrCEAbQo16dvhP1hM2M1Y62N218wdosz6nIe0LHNEmtF7rOQ+2sb0IcylyNOQpcXRN19vsfwY05LgDMQVuzhOT4hMhVISrvr7qw883wNa85gLfZkweuaBp6D/FXdR+a/Kpgo98qhVSjhkdV+YQ75fe4tx/SoBqbElNBBcr20+53Hgv60nTfCwHkjU4lTSU0iAONjSheKc18wa0D1Ca+GuyxTDWm0HxLxNdtXrLgBmBFfF1I9q8OxVbu58RwE6FlHj2GgR3yK9NhMML2a6l5Azwl0yoNgPeyb2Hxr/DotaxTMNYYkEwMVL1bWF/iizV1w2rh103lFxeknEV5KyS4BHjW26qKVBwfQwit2GjuuAtCCIKxnYp2xNXr0hDn3SxYRStIbD9mq8bdhJ4okyy9j0hljuRQuak0bMgEGjt47rcQJlLOh82LeKDNDPHevp/IsZ+Msh/JIfjMSeBJrvNwobZVB4zrKgFf6O8OtfTd5ptytEH7TBMrt40F1ff+ZKNT5gCpUHiNkP+f7WwiKSxSfoD/3ps1rf70AJnpV1cq48eNPtaEt3jMLjc8+6rgg98ZJZLO7EZTAvhvtIm44P5t+BVgF8y3dDMln4PukUOBjHiFOG9oQtIqoxnic8MVPQtyzxB9Hjdp61ZnEqkTyId+QBxpqDejCizRI+yoU9zSdFV/The9zGLcR3AkENBR1DdecJiV8HzT8M97YnWJYSePrPE31DDKujk6/uNgin8E/Or7zoslyOLd04QfAzLLzS6MFVp97jTtY3qz8Dh41sF7FajmSmE5N4ysjuiUap6G2Y5gk8yCak6o2+xKtpTSloZIM3FDz+jyP8YxgiWP2+Lpq0W3WgpZKO2FuStnzGRUq4Jt8A28hXrvl2W4SgfvE9AjOstUy8AENQrfzsAnv6ByIDblmbO9vzSTWBWSa9QKe7kYvtW6ZnzGhA+5sIxtKnM8xIJYjs+FP5oBGuVwkOBMhPMEYnmtEgqLQnvLAlALbNo67zj16ZLk1s5CjoPL03DbZHA46xyr4Q8qxKom7XSgWkYX0sXLDT/Ml52o3NC4uHD4n8L2sZ/n84qsa57rj4lhrvlpWuNeOxP6FIULOE6Ke9gU8Zk9t1DtHYqUL0yUrWOlnhcL+T43wMLunYrGTk0S6wcNPPbCvdPWD8Pu6PMj3JLhF5a0ra0jL+k3sPzQd9kis69fFAqWyEDIMI2yX4DTLUo9p8XskTk3hoxRiLxnXVlrScPKaB33NBPJTVdYHCiF6tDbDqk931Iue8dWhlDmK2AZ99L5S3xelKD4BkcUwiUCrqhit92f72hFL9/WfvU1g9aE65NBFC4V3RRT12fX/XDR9zrJtmTUJUYDa+IKEvcs/caLlETMuOEPJXdU/Amk/8JY/OwfGF4lea6BZf1110PWPC6sghAAIQSJWlTtCK7XFsftDHV3d/h/Y5oCtfxs8rxPM1fqLbd3iWmQVWFr7ZFh6H/aPd75r+8LdOYpndymUxJ/0cWuG2Zz2mxaP6ugF5te8vf7mzxFZeFhPBIitegQSwxJoTBVGJaEVYtwkf75VikZ1e58B1gUpBCh5AY17aczVxpqp27/9EsJ09Ajb2A2KT99UIDgpTC8sLT8W/BG+0HNKXwoQqBZ+gOgPG0udlXCLRrdBkddtBWgMdr+icdpnjtx/nA39VODRxxT0NAOzONtGuV49D7I6adDVfA4T+slJFHQEMUxnY6pgfruxgXEfkqEevnPNWnSIGvt5/NdMmDUOTMEg2wS9aIaz/3AHIoB5nln68eaS1x7f4QHd8eABgB5BKQClWY/T9KUg/X1gyehATYpGvwnjVvZuBCCJQtypgCdXNYNhXzgPTLo7gO31Fcg2CvU7ItznEaGm42Mlmx/RdUhxo5xRYLl8hrw8KFFsdszq2z3yDuw8ntk=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-02-25 14:04:52,367 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-02-25 14:04:52,367 - INFO [Shibboleth-Audit.SSO:?] - 20210225T140452Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_2c18e83b-1458-429c-9eda-715c3774f50a|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_16a133a6706edcb5624485852204259c|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxMD/azu5feYcsa0zy5V1fM4F2IffhAYCYmXcPKRyoxICNHsLB5Dweb3JXDD5SC/hHKyocT+mJGoJBAVDjD1C9EP8WmIwW7AQR2DftR7bsbuMBTWm4tmISX8VCeX3VzxVA7EOhOjtVvfTMmO82|_90d69ada209728ccae68ca7d1b130559|
2021-02-25 14:05:59,953 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: StateProperties=eyJUSUQiOiIzNWY3N2FkMS0yNzM1LTRhYjktOTE2Yy0yNDlmMjNiZDdmNTQifQ
2021-02-25 14:05:59,954 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-02-25 14:05:59,954 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-02-25 14:05:59,954 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7/samlp/sso/assertionconsumer"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_94f38da8-048c-49a6-98bb-af9be46f8eda"
    IsPassive="false" IssueInstant="2021-02-25T14:05:59.6140098Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7</saml:Issuer>
</samlp:AuthnRequest>

2021-02-25 14:05:59,961 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7' from origin source
2021-02-25 14:05:59,961 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:05:59,961 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:05:59,961 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:05:59,961 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:05:59,961 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:05:59,961 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:05:59,961 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:05:59,961 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7
2021-02-25 14:05:59,962 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:05:59,962 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:05:59,962 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-02-25 14:05:59,962 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-02-25 14:05:59,962 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-02-25 14:05:59,962 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_94f38da8-048c-49a6-98bb-af9be46f8eda', issue instant '2021-02-25T14:05:59.614Z', entityID 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7'
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=xVNNb5wwFPwryHcweFk%2brN2VdhNFjZQqq4X20MvK2I%2fELdjUz6Tpvy%2bQNE0ue%2b2Bg2fe4Jl58gZF3w18P%2fpHc4KfI6APnvvOIJ%2bJLRmd4VagRm5ED8i95NX%2b8x1nUcwFIjivrSHB7fWWnMu0XRVKFGGcFjJMS5GFZdE0oWjLBtKsLUAJEnwFh5NmS6ZfTELEEW4NemH8BMUsCWMWsnWdpDxe83UZZUkax2XxjQTXkzlthF%2fUj94PyCmdbfqJiLSiWg10cLbVHdDZJaMnUNqB9LSq7klwY52EJeqWtKJDmO8%2fTjH0E7whR2e9lbY7aKO0ebhcQfMyhPxTXR%2fD431Vk2D%2ft5Yra3DswVXgnrSEL6e7f7a%2fKyE7hc1zw2Q0fZ190CaStv%2fIWNNr6Sza1i%2fkgV2dk%2f25diP6GzfZ%2bWXdj4NAOJdZKgqm8qJsZJutkhXkM8DWeZLLPMnWTMg8hnwpbKCIlr7tT74aJe9WP1wOPry2RHabeZove3Rzw73wl6UzolXYLqMcjNf%2bN9n992I29F2Q3cvp48PY%2fQE%3d&RelayState=StateProperties%3deyJUSUQiOiIzNWY3N2FkMS0yNzM1LTRhYjktOTE2Yy0yNDlmMjNiZDdmNTQifQ&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256&Signature=fER1ikhuzRD3fUgAoWPq8qdfXGW29GjoKdVZV8qInQoGLSAH7H7r0VdA%2bgJl2qiO8ryfEtB7nuUOcp2UfEXiU9qwmNxaLyP1%2bbLOZQzT5GxpYcIrXDO7Ts3btNdCpg6MiwpXjrtSxHOuxHS7y1kADnGM51wPJJFkm%2b7MOqhNrU9hWExTBtbVFXtdZdQkbp7rle6LCqscbZdj5ZHVALri7JnAzUCnYfaGEqZZAKvStUWYMZbmbIHU1xyHl7sWCUoVZfA0iVQSY4UICStjUEblz5PceKhS5GlSn4uuFF3n3jppaYeMfyGV%2fqLO3FGDMeioaDGAZqybYggugzHD%2bfT%2bXH8IaJNTz0a0BsSBWz5AuHnn5zngank8gBATzpCxTRBAtswU055hNXHcGezoFrSTh9TfCMbTrgl1gyc%2bD%2bEXVnW91vC4QYlauWcQJSUFgUWEPk31dPzbALF8FbIA5QUub%2bHQiDsr5Ni%2f2RG%2boJK6Aj23lmbGWh55LU22phaAtFKf8Vg9vCoPOM%2f8M3iSTK1m0IdUzkJEnfFtGXzaw7lCs9s9g1KNsGjxc0xq9IRWl%2fax%2bi2RpywXHoKAiOSgrgXUKZosbSYiFEgI0pNBpCL7CetA5rEkU7Rv7AyFStd7D5eN2qdq5%2bqQF5neO%2btuRMwOP7xnQsPiD5%2br2YapU1WMcdw%3d
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=xVNNb5wwFPwryHcweFk%2brN2VdhNFjZQqq4X20MvK2I%2fELdjUz6Tpvy%2bQNE0ue%2b2Bg2fe4Jl58gZF3w18P%2fpHc4KfI6APnvvOIJ%2bJLRmd4VagRm5ED8i95NX%2b8x1nUcwFIjivrSHB7fWWnMu0XRVKFGGcFjJMS5GFZdE0oWjLBtKsLUAJEnwFh5NmS6ZfTELEEW4NemH8BMUsCWMWsnWdpDxe83UZZUkax2XxjQTXkzlthF%2fUj94PyCmdbfqJiLSiWg10cLbVHdDZJaMnUNqB9LSq7klwY52EJeqWtKJDmO8%2fTjH0E7whR2e9lbY7aKO0ebhcQfMyhPxTXR%2fD431Vk2D%2ft5Yra3DswVXgnrSEL6e7f7a%2fKyE7hc1zw2Q0fZ190CaStv%2fIWNNr6Sza1i%2fkgV2dk%2f25diP6GzfZ%2bWXdj4NAOJdZKgqm8qJsZJutkhXkM8DWeZLLPMnWTMg8hnwpbKCIlr7tT74aJe9WP1wOPry2RHabeZove3Rzw73wl6UzolXYLqMcjNf%2bN9n992I29F2Q3cvp48PY%2fQE%3d&RelayState=StateProperties%3deyJUSUQiOiIzNWY3N2FkMS0yNzM1LTRhYjktOTE2Yy0yNDlmMjNiZDdmNTQifQ&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:05:59,963 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:05:59,964 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:05:59,964 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:05:59,964 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:05:59,964 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:05:59,964 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:05:59,964 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7/samlp/sso/assertionconsumer using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-02-25 14:05:59,964 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:05:59,964 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:05:59,964 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:05:59,964 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:05:59,964 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:05:59,965 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:05:59,965 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:05:59,965 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:05:59,965 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:05:59,965 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:05:59,965 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7
2021-02-25 14:05:59,965 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-02-25 14:05:59,965 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-02-25 14:05:59,965 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-02-25 14:05:59,965 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-02-25 14:05:59,969 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:05:59,970 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:05:59.970Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:05:59,970 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:05:59,970 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:05:59,970 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-02-25 14:05:59,971 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:05:59,971 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:05:59,971 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:05:59,971 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:05:59,971 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-02-25 14:05:59,971 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-02-25 14:05:59,971 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-02-25 14:06:00,057 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'jdacldsbxb2c.b2clogin.com'
2021-02-25 14:06:00,057 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-02-25 14:06:00,057 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-02-25 14:06:03,166 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-02-25 14:06:03,167 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-02-25 14:06:03,167 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@391824838::identifier=rick, context=org.apache.velocity.VelocityContext@509efb7e]
2021-02-25 14:06:03,168 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@391824838::identifier=rick, context=org.apache.velocity.VelocityContext@509efb7e]
2021-02-25 14:06:03,170 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-02-25 14:06:03,170 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-02-25 14:06:03,170 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-02-25 14:06:03,170 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-02-25 14:06:03,171 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-02-25 14:06:03,171 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-02-25 14:06:03,171 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-02-25 14:06:03,171 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 2d8f41a6639fd3f4fc42021f33ede593e2d689f74bdbb1ebd95b084f8e28c639 for principal rick
2021-02-25 14:06:03,171 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 2d8f41a6639fd3f4fc42021f33ede593e2d689f74bdbb1ebd95b084f8e28c639
2021-02-25 14:06:03,171 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-02-25 14:06:03,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2021-02-25 14:06:03,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-02-25 14:06:03,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-02-25 14:06:03,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-02-25 14:06:03,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-02-25 14:06:03,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-02-25 14:06:03,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-02-25 14:06:03,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-02-25 14:06:03,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-02-25 14:06:03,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-02-25 14:06:03,172 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:06:03,173 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-02-25 14:06:03,173 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@281ac5a7'
2021-02-25 14:06:03,173 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:06:03,173 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7'
2021-02-25 14:06:03,173 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7'
2021-02-25 14:06:03,173 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7'
2021-02-25 14:06:03,173 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:06:03,173 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:06:03,173 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:06:03,174 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-02-25 14:06:03,174 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-02-25 14:06:03,258 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'jdacldsbxb2c.b2clogin.com'
2021-02-25 14:06:03,258 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-02-25 14:06:03,258 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-02-25 14:06:03,258 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-02-25 14:06:03,258 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-02-25 14:06:03,258 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-02-25 14:06:04,512 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-02-25 14:06:04,512 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-02-25 14:06:04,513 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210225T140604Z|https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-02-25 14:06:04,513 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:06:04,513 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7'
2021-02-25 14:06:04,513 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-02-25 14:06:04,513 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-02-25 14:06:04,513 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1645797964513}'
2021-02-25 14:06:04,513 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:06:04,513 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-02-25 14:06:04,513 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:06:04,513 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7'
2021-02-25 14:06:04,513 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7]' as '["rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7"]'
2021-02-25 14:06:04,513 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@281ac5a7'
2021-02-25 14:06:04,513 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:06:04,513 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-02-25 14:06:04,514 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-02-25 14:06:04,514 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-02-25 14:06:04,514 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _fef7e51744db411c67efbb1b3175e4a3
2021-02-25 14:06:04,514 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _fef7e51744db411c67efbb1b3175e4a3 to Response _3d5c8ac59dc5b26a46c7f1a3fdb04abb
2021-02-25 14:06:04,514 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _fef7e51744db411c67efbb1b3175e4a3
2021-02-25 14:06:04,515 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-02-25 14:06:04,515 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-02-25 14:06:04,515 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-02-25 14:06:04,515 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-02-25 14:06:04,515 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-02-25 14:06:04,515 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-02-25 14:06:04,515 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-02-25 14:06:04,515 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-02-25 14:06:04,515 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-02-25 14:06:04,515 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:persistent]
2021-02-25 14:06:04,516 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-02-25 14:06:04,516 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:persistent]
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2021-02-25 14:06:04,516 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2021-02-25 14:06:04,516 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID SFNN7LYC7EBK57K7473YMX5JJEOXQZBJ with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 40.87.18.23
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _94f38da8-048c-49a6-98bb-af9be46f8eda
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7/samlp/sso/assertionconsumer
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _fef7e51744db411c67efbb1b3175e4a3
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _fef7e51744db411c67efbb1b3175e4a3 did not already contain Conditions, one was added
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-02-25T14:11:04.513Z, to Assertion _fef7e51744db411c67efbb1b3175e4a3
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _fef7e51744db411c67efbb1b3175e4a3 already contained Conditions, nothing was done
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _fef7e51744db411c67efbb1b3175e4a3 already contained Conditions, nothing was done
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7 as an Audience of the AudienceRestriction
2021-02-25 14:06:04,516 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _fef7e51744db411c67efbb1b3175e4a3
2021-02-25 14:06:04,517 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7 to existing session 2d8f41a6639fd3f4fc42021f33ede593e2d689f74bdbb1ebd95b084f8e28c639
2021-02-25 14:06:04,517 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7 in session 2d8f41a6639fd3f4fc42021f33ede593e2d689f74bdbb1ebd95b084f8e28c639
2021-02-25 14:06:04,517 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:06:04,517 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7 and key SFNN7LYC7EBK57K7473YMX5JJEOXQZBJ
2021-02-25 14:06:04,517 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-02-25 14:06:04,518 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-02-25 14:06:04,518 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fef7e51744db411c67efbb1b3175e4a3"
2021-02-25 14:06:04,518 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fef7e51744db411c67efbb1b3175e4a3 and Element was [saml2:Assertion: null]
2021-02-25 14:06:04,518 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fef7e51744db411c67efbb1b3175e4a3"
2021-02-25 14:06:04,518 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fef7e51744db411c67efbb1b3175e4a3 and Element was [saml2:Assertion: null]
2021-02-25 14:06:04,520 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2021-02-25 14:06:04,521 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7/samlp/sso/assertionconsumer
2021-02-25 14:06:04,521 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7/samlp/sso/assertionconsumer
2021-02-25 14:06:04,521 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3d5c8ac59dc5b26a46c7f1a3fdb04abb"
2021-02-25 14:06:04,521 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3d5c8ac59dc5b26a46c7f1a3fdb04abb and Element was [saml2p:Response: null]
2021-02-25 14:06:04,521 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3d5c8ac59dc5b26a46c7f1a3fdb04abb"
2021-02-25 14:06:04,521 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3d5c8ac59dc5b26a46c7f1a3fdb04abb and Element was [saml2p:Response: null]
2021-02-25 14:06:04,523 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-02-25 14:06:04,523 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7/samlp/sso/assertionconsumer' with encoded value 'https&#x3a;&#x2f;&#x2f;jdacldsbxb2c.b2clogin.com&#x2f;jdacldsbxb2c.onmicrosoft.com&#x2f;B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7&#x2f;samlp&#x2f;sso&#x2f;assertionconsumer'
2021-02-25 14:06:04,523 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-02-25 14:06:04,524 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'StateProperties=eyJUSUQiOiIzNWY3N2FkMS0yNzM1LTRhYjktOTE2Yy0yNDlmMjNiZDdmNTQifQ', encoded as 'StateProperties&#x3d;eyJUSUQiOiIzNWY3N2FkMS0yNzM1LTRhYjktOTE2Yy0yNDlmMjNiZDdmNTQifQ'
2021-02-25 14:06:04,525 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7/samlp/sso/assertionconsumer"
    ID="_3d5c8ac59dc5b26a46c7f1a3fdb04abb"
    InResponseTo="_94f38da8-048c-49a6-98bb-af9be46f8eda"
    IssueInstant="2021-02-25T14:06:04.513Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_3d5c8ac59dc5b26a46c7f1a3fdb04abb">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>oHKW88jN1GSFW4QDxAeddaV58bc1TxYNt/g0ijKL/ng=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>r2Vm4GgM6B5uxgKntKu0key88Wzi8fmu7GpxIxO7h2pqK5PSu/fw6T25gL/vuadqGmbBzwgznq+PHn97xdbnBq4YPKaYXT+e6dS3/w2KE9YypR9VjRoHE+MljvPGpSy068CA1nEEJNdzmufjwzZSUMsppq6hpV/LYawveFxpJDkipd9lCJqD0YK3PTyWnnBWX69y98c3OrQLVsflAqMK9bDh6OChTKRLnuPbt3W9th7YVoSLWW8tmsZrOWQpMkFV3f/HGiNNFeK6grsFBesjyPyrnntdzNXBJ0K9GgXHwGybynuFE8cKBnepDPvNLy45yMG/uynz3ZXP5Ey/X1HJ7w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_fef7e51744db411c67efbb1b3175e4a3"
        IssueInstant="2021-02-25T14:06:04.513Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_fef7e51744db411c67efbb1b3175e4a3">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>FRMqpF6yUnN4Bk/Zp2kPegXZioyExLY0CoJr/8fwfQM=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>q7gxd4OdglwRF/vdLifiYymSIkmzQmIvihig70j5O978saLgei9III/Vcwx5iMvGMUQmXQTr+mjuJfraX+vZBg4gRAOFKnXjoYT2o+6fheSTHBqC39bG6V0t9eb0H29QO/EL0WQS7jqqxPFlYYe0J7hSp+Czt0ydHLgeEZMDMlBtQ9GNKq9E6MSllvs4HX6DOTWm6Bp5OZZgTYTYoHrQVsIxSkbqBoZJ5UGTmfEFxBuHoD6U/qe/unOl7F/fvttaGAjfneLHhDFsgmX4J6u9zmryd3ty7zrrDd4Q+2TxD/S21qzCOi8+/B0r1mEiXSd+vkTrr/odJGBwYebZzuJk5w==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">SFNN7LYC7EBK57K7473YMX5JJEOXQZBJ</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="40.87.18.23"
                    InResponseTo="_94f38da8-048c-49a6-98bb-af9be46f8eda"
                    NotOnOrAfter="2021-02-25T14:11:04.516Z" Recipient="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7/samlp/sso/assertionconsumer"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-02-25T14:06:04.513Z" NotOnOrAfter="2021-02-25T14:11:04.513Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-02-25T14:06:03.170Z" SessionIndex="_1019656c7496bb6134230e475a9062cc">
            <saml2:SubjectLocality Address="40.87.18.23"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-02-25 14:06:04,525 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-02-25 14:06:04,525 - INFO [Shibboleth-Audit.SSO:?] - 20210225T140604Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_94f38da8-048c-49a6-98bb-af9be46f8eda|https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_964a82d789bcf6313e74a8225717c71652ac70e7|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_3d5c8ac59dc5b26a46c7f1a3fdb04abb|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|SFNN7LYC7EBK57K7473YMX5JJEOXQZBJ|_fef7e51744db411c67efbb1b3175e4a3|
2021-02-25 14:06:48,424 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2021-02-25 14:06:48,424 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-02-25 14:06:48,424 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-02-25 14:06:48,424 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://ce.wbrm.tim.it:48087/login/saml2/sso/wbrm"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="ARQ62f34e9-338e-4f27-a76d-eef1a193d025"
    IsPassive="false" IssueInstant="2021-02-25T14:06:47.655Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm</saml2:Issuer>
</saml2p:AuthnRequest>

2021-02-25 14:06:48,430 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm' from origin source
2021-02-25 14:06:48,430 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:06:48,430 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:06:48,430 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:06:48,430 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:06:48,430 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:06:48,430 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:06:48,430 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:06:48,430 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm
2021-02-25 14:06:48,430 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:06:48,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:06:48,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-02-25 14:06:48,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-02-25 14:06:48,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-02-25 14:06:48,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQ62f34e9-338e-4f27-a76d-eef1a193d025', issue instant '2021-02-25T14:06:47.655Z', entityID 'http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm'
2021-02-25 14:06:48,431 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm' does not require AuthnRequests to be signed
2021-02-25 14:06:48,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-02-25 14:06:48,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:06:48,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:06:48,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:06:48,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:06:48,431 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:06:48,432 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://ce.wbrm.tim.it:48087/login/saml2/sso/wbrm using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:06:48,432 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:06:48,432 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:06:48,432 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm
2021-02-25 14:06:48,432 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-02-25 14:06:48,432 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:06:48,432 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:06:48,432 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-02-25 14:06:48,436 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:06:48,436 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:06:48.436Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:06:48,436 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:06:48,437 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:06:48,437 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 7a2888c527d4fd5f9bd62ab3358e5fc26065c1697e01de457df0b7a6a980abd1
2021-02-25 14:06:48,437 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 7a2888c527d4fd5f9bd62ab3358e5fc26065c1697e01de457df0b7a6a980abd1 to 2021-02-25T15:06:48.437Z
2021-02-25 14:06:48,437 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 7a2888c527d4fd5f9bd62ab3358e5fc26065c1697e01de457df0b7a6a980abd1
2021-02-25 14:06:48,437 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-02-25 14:06:48,437 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:06:48,437 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:06:48,437 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:06:48,437 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:06:48,437 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-02-25 14:06:48,437 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'morty'
2021-02-25 14:06:48,437 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-02-25 14:06:48,438 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 7a2888c527d4fd5f9bd62ab3358e5fc26065c1697e01de457df0b7a6a980abd1
2021-02-25 14:06:48,438 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-02-25 14:06:48,439 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6babd403'
2021-02-25 14:06:48,440 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:06:48,440 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm'
2021-02-25 14:06:48,440 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@6a7c1d0c' with context 'intercept/attribute-release' and key 'morty:http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm'
2021-02-25 14:06:48,440 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'morty:http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1645795535673' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-02-25 14:06:48,440 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:06:48,440 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2021-02-25 14:06:48,440 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2021-02-25 14:06:48,440 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-02-25 14:06:48,440 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-02-25 14:06:48,440 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6babd403'
2021-02-25 14:06:48,440 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:06:48,441 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-02-25 14:06:48,441 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-02-25 14:06:48,442 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-02-25 14:06:48,442 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _3022addb128c54e3ee7b5951d75ea74d
2021-02-25 14:06:48,442 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _3022addb128c54e3ee7b5951d75ea74d to Response _35032e8af55408b8eb94e3ddc4c3991e
2021-02-25 14:06:48,442 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _3022addb128c54e3ee7b5951d75ea74d
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2021-02-25 14:06:48,443 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-02-25 14:06:48,443 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-02-25 14:06:48,443 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-02-25 14:06:48,443 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-02-25 14:06:48,443 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-02-25 14:06:48,443 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:06:48,443 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxyK5/A4t8ZmiyMoTlUuKxyst7DCI6cwQGi1ohLSQP0ut+GiBVZTV++APj7+bUXq2t4R7m7m8Bkr6stmSSPtDxcQdDz01e3XSjArHpFc+bqXB61v0jEUOM/r0R5deM7q9rXTLuahIThddSeiH0ptQBu6gtbwckShUT0VsPJOzS1HLRbw== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 77.238.192.90
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQ62f34e9-338e-4f27-a76d-eef1a193d025
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://ce.wbrm.tim.it:48087/login/saml2/sso/wbrm
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _3022addb128c54e3ee7b5951d75ea74d
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _3022addb128c54e3ee7b5951d75ea74d did not already contain Conditions, one was added
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-02-25T14:11:48.441Z, to Assertion _3022addb128c54e3ee7b5951d75ea74d
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _3022addb128c54e3ee7b5951d75ea74d already contained Conditions, nothing was done
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _3022addb128c54e3ee7b5951d75ea74d already contained Conditions, nothing was done
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm as an Audience of the AudienceRestriction
2021-02-25 14:06:48,444 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _3022addb128c54e3ee7b5951d75ea74d
2021-02-25 14:06:48,445 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm to existing session 7a2888c527d4fd5f9bd62ab3358e5fc26065c1697e01de457df0b7a6a980abd1
2021-02-25 14:06:48,445 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm in session 7a2888c527d4fd5f9bd62ab3358e5fc26065c1697e01de457df0b7a6a980abd1
2021-02-25 14:06:48,445 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:06:48,445 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm in session 7a2888c527d4fd5f9bd62ab3358e5fc26065c1697e01de457df0b7a6a980abd1
2021-02-25 14:06:48,445 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:06:48,445 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 7a2888c527d4fd5f9bd62ab3358e5fc26065c1697e01de457df0b7a6a980abd1: replaced old SPSession for service http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm
2021-02-25 14:06:48,445 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm and key AAdzZWNyZXQxTyhx28cqybo8ZIMzB01TuCnzZNwo7sjFNXoWn4PfE+KYXYwrxGK/D8RqcdbhhRbxpcY/W27YCLNXILoV8ye7rFp2LiH/jjMs3X0A52OXw1ZIq/Le5KslN3fRtTvZcEl1mXbQYvoxPmxQuJ77O1EPyD8MKCbZOm7Zho1MeoV1/yF6XQ==
2021-02-25 14:06:48,445 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm and key AAdzZWNyZXQxyK5/A4t8ZmiyMoTlUuKxyst7DCI6cwQGi1ohLSQP0ut+GiBVZTV++APj7+bUXq2t4R7m7m8Bkr6stmSSPtDxcQdDz01e3XSjArHpFc+bqXB61v0jEUOM/r0R5deM7q9rXTLuahIThddSeiH0ptQBu6gtbwckShUT0VsPJOzS1HLRbw==
2021-02-25 14:06:48,445 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm was replaced
2021-02-25 14:06:48,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-02-25 14:06:48,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-02-25 14:06:48,446 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-02-25 14:06:48,446 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_35032e8af55408b8eb94e3ddc4c3991e"
    InResponseTo="ARQ62f34e9-338e-4f27-a76d-eef1a193d025"
    IssueInstant="2021-02-25T14:06:48.441Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_3022addb128c54e3ee7b5951d75ea74d"
        IssueInstant="2021-02-25T14:06:48.441Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxyK5/A4t8ZmiyMoTlUuKxyst7DCI6cwQGi1ohLSQP0ut+GiBVZTV++APj7+bUXq2t4R7m7m8Bkr6stmSSPtDxcQdDz01e3XSjArHpFc+bqXB61v0jEUOM/r0R5deM7q9rXTLuahIThddSeiH0ptQBu6gtbwckShUT0VsPJOzS1HLRbw==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="77.238.192.90"
                    InResponseTo="ARQ62f34e9-338e-4f27-a76d-eef1a193d025"
                    NotOnOrAfter="2021-02-25T14:11:48.444Z" Recipient="http://ce.wbrm.tim.it:48087/login/saml2/sso/wbrm"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-02-25T14:06:48.441Z" NotOnOrAfter="2021-02-25T14:11:48.441Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-02-25T13:25:25.778Z" SessionIndex="_6bcf5e91f06d73a66e4a6503af29bb2e">
            <saml2:SubjectLocality Address="77.238.192.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-02-25 14:06:48,448 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://ce.wbrm.tim.it:48087/login/saml2/sso/wbrm
2021-02-25 14:06:48,448 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://ce.wbrm.tim.it:48087/login/saml2/sso/wbrm
2021-02-25 14:06:48,448 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_35032e8af55408b8eb94e3ddc4c3991e"
2021-02-25 14:06:48,448 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _35032e8af55408b8eb94e3ddc4c3991e and Element was [saml2p:Response: null]
2021-02-25 14:06:48,448 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_35032e8af55408b8eb94e3ddc4c3991e"
2021-02-25 14:06:48,448 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _35032e8af55408b8eb94e3ddc4c3991e and Element was [saml2p:Response: null]
2021-02-25 14:06:48,450 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-02-25 14:06:48,450 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://ce.wbrm.tim.it:48087/login/saml2/sso/wbrm' with encoded value 'http&#x3a;&#x2f;&#x2f;ce.wbrm.tim.it&#x3a;48087&#x2f;login&#x2f;saml2&#x2f;sso&#x2f;wbrm'
2021-02-25 14:06:48,450 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-02-25 14:06:48,451 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://ce.wbrm.tim.it:48087/login/saml2/sso/wbrm"
    ID="_35032e8af55408b8eb94e3ddc4c3991e"
    InResponseTo="ARQ62f34e9-338e-4f27-a76d-eef1a193d025"
    IssueInstant="2021-02-25T14:06:48.441Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_35032e8af55408b8eb94e3ddc4c3991e">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>myZVfs73HBQrXR/uMqKBRNI8/PNKHrQWJNoAX0a9kbY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>irdB3kMxCyquyR1C3aqDwdgHP6t2nMq6nSNNxXiEqRJJ9IOuHnOTQZDiSEgW8o6EuY09wWdmKxdp79xzzduXcCTRmAHqrNneAxLvdrj2kF9vBkqJm3mmsTe92QSN8maWkfUCEl4ap2+jW+/Y8JUDzGjQL7bbOvm8yHEVe2e85OCOSIiFMgNnST77yQdwKsAjzVtpLYruN0MbD22kbIZdnQ/BKcUR3NwbaUoi+Z7kVtxlhgrUkWuqth+lpBKrASUEJZZIhQ03As/Bfkkl9HFDme/xfwsCwQACVVNxtWleN9QEMbJiwyCUKgn6F9/0X1LViRHIlt1DHH0ydBJLG5nm1A==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_b10232a42e05eba6e3ac0000b6b6c820"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_beab1887d4c8ea432c5d76ad4b234f57"
                    Recipient="http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICgTCCAeoCCQCuVzyqFgMSyDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMCVVMxEzARBgNV
BAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsGA1UECgwUU3ByaW5nIFNlY3Vy
aXR5IFNBTUwxCzAJBgNVBAsMAnNwMSAwHgYDVQQDDBdzcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDAe
Fw0xODA1MTQxNDMwNDRaFw0yODA1MTExNDMwNDRaMIGEMQswCQYDVQQGEwJVUzETMBEGA1UECAwK
V2FzaGluZ3RvbjESMBAGA1UEBwwJVmFuY291dmVyMR0wGwYDVQQKDBRTcHJpbmcgU2VjdXJpdHkg
U0FNTDELMAkGA1UECwwCc3AxIDAeBgNVBAMMF3NwLnNwcmluZy5zZWN1cml0eS5zYW1sMIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRu7/EI0BlNzMEBFVAcbx+lLosvzIWU+01dGTY8gBdhMQN
YKZ92lMceo2CuVJ66cUURPym3i7nGGzoSnAxAre+0YIM+U0razrWtAUE735bkcqELZkOTZLelaoO
ztmWqRbe5OuEmpewH7cx+kNgcVjdctOGy3Q6x+I4qakY/9qhBQIDAQABMA0GCSqGSIb3DQEBCwUA
A4GBAAeViTvHOyQopWEiXOfI2Z9eukwrSknDwq/zscR0YxwwqDBMt/QdAODfSwAfnciiYLkmEjlo
zWRtOeN+qK7UFgP1bRl5qksrYX5S0z2iGJh0GvonLUt3e20Ssfl5tTEDDnAEUMLfBkyaxEHDRZ/n
bTJ7VTeZOSyRoVn5XHhpuJ0B</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>sXsYQ+YNNATZi09jPKdAPQhdIME2gOMnkgP3F5qCCwnOFVeUJVuqQ6P7Cvf6prhnQM++749c9LVWmT2oig/teAq+hklt5Q3DrH9d3IyPFmiSZUcME4LTEdefmu+y9Do29f3GlT0rZj1mBuwYsP1U+YaO9EYE9coNYJ+h/FYTd+g=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>JrU+AL44PPD4FSl12Qs85cax9+1fiySm87WUdZY9WxaQkIiONnIQ2EdxKmAZfIWzN7VXSnZe2pnc24mNxydDrmd35dLaenP1a1Yw5gO2JYy2FJIsaP+t8cAZuoU8+d8M9673eUSTpZB7btkAXVHQKTf+RvOKtd8Pdy3obUVp70EfapsvU+KAaDpuaNxJPRpA1e6BEv+OjFX8w3dvMqDYjQQItngiVkO4JjOnoK5uuMR87JBh1Zh0/B6l+LlbpmWNjZ3ZQjB51Xb/itkxOAJ0fw3n7owOlKsmeawYTEgwVL1gFMJwt42WHhgmtBnB+eeY7CsWunLWKj/b+PPAI/mYLbAlJO181+2OOok5CcjejketIKX9W290ZYMJBP18GH6ze9tep6tBwsgDU1lnn1cnsBsdaR4Ib4skIhPSemKSCZ6EaK4CdncvUZtIvm5BCLWWIuOFh8pXrFBKMMnkCuxabQnaFBY6D1f46nNWlhUEfOyQApan0mXfoO/fOKn5Cja2ILQsZtF2VtrpUnPgv6/BNfXgQuFHfpQ82LNelyzCGJb9aTITnxKHUKDM9K03ReBTskE6r+AGmHpaYtXme/VE+zeSeoj7HVy0SAJg4Hkb90mBgVDRUNm/zFqlrGlSXfhjuEoN/TzE2kzB5iMqOWuFQ0kGnRBckTrUqgVZ7vqoqOiYeGDAWUsbfyVVEqdPKu05TQAfTntCVSJbFR8auHbVX/OWTxm83PZGRwpnfllvp7+pf0NUWujuzBboLBMIIqCi4Wbdkf8RCCXYFed5+hcAmXcghfSTpsvzvgK2rg51zmBV5nGJ5q5yr/k0Yf1EzGP3Q1PVEIHxJjFaM3Uk4MEc8JQ7Ogl8V300M18/m5Uu6ufmtE4wp5MluiWeRaRX4NJVPZQ1AgQJ7trQut+9XYqAy0QcIIyetA73QGUV6kzH0C9cqwOUBfmca7BYv05DOTvf84c4RF4uRKPIVD3eb+bdyKxu6YIvyjklAVfTId5u9b5aak3Touq3S3QjlnOLEoC/blqiQstd50ivBblrxLpJFXZrsLIhyDAcSkU0BV6f12fuguo4QKOwEkbd1RvEz8860mCohC4HQc/M7917FNjfMXABUxib5exijALuSjnMLPapM26zycAH4kUcauYm9mCkCktlJTRvCFVPO6CGB7NL3YrAVKKo4DnOqms05BrW/xSujFlPU9e1ZD1ALMAEQzdvUhafgYEN2DMbPZmJET6rVmGekeMHQEeBxNWGrbfzZxRCtybBDZ2OmS6s9jHv2NkNSjp0/WiUN0UXGgaFydcfegKBQjSnp3PoIMD768EMVVOOm5YnqJ8BCF86vOCVifp8nkSnz98O5oN83BdkpocNk0pLFU+kzfYya/Etl8oe66IdA0CT7LUqmW8Amj7AQ8ZcefSV8tM1oSfQDKyqwfQobBzb2Kw6oIDogJbP4x4GQ5Lk8oObXPM9lXF1407pjqcxv+yCKFKnpIHWpFMKuoVSHV7ta0f6R2mTj92yXhqTiXoL+kWOl3shC85+L9BLk8fZ4R9GXa/iwqgx3fG8r2gQZC8HYRGcUwj96qUCb0///Iyn/Xv6wY/sM08Jc0vik/WxO+TWwzEtNJI4ZMnAd1QTBjnV995BiX2MluhXLUdGm0/Fl3jpIVWTe4jmPAkKoMOCJ+Aws9Rrt7P0Kt/xz5jQfZv43O95QACLjMDeeSV0chnnNsdOa2I3Z8RFreYqZ08/vb0aHBiFvV05I/LB/5g3KZCA7hpThD5UO2k5Ya0p4u6Vu9MVry1Rsrvn3dIdnVKH7HSMOvFOdhClkcg/fNqtuVmmJcsYN6BWC3REy3MtoLt5QzgZw7TzRW2TPMIS8S2taDN+15kf70KLzlBKTnjMatrgryl1qmmNMPrGt6M94MwJ2oaTNDrlwt/ja3gHHbEre8j2zmHUA7V0eDm5D5tOi/Gupbgo5A59Lrd6/wVD/Dxsu7nmqT0F7jCWOxd2kWsVtJF5D0TJ0v0jaO0vDEz1cY4QSQRhxBe9JN5kKNXJGHp4pb4SSch47PimOEQTBe9OLpqLH/aqEjHUZb2T29Nb1SsON1JjhFiCpil0dYp+uNZh0htqTblWLh+FU2RXJeR/srv44Sz7bw1xtQGLdCDNiDo95SQ6U7lnZlP8hQdc8j/d+IaOAmmg9wREaBNbYKVRRwFlmIT5tFqZXZFnYJiAyN/b10F/8x5G/EANoh/US5ND6nA0J0jV0A3Ti6usnbBw+fa7nSTLKoJTtij/Z0vE8MM0i3MheATfy0UCyai6W6zc5jT1oDYiXkwfIT81O2IjYSM1wnBtOTrE3ZMjow5rtoYOt+Eakfld4uzMpWSJ25+akIS8UbJtpC5LQtdjOQyiAcbQTKSh99xfQZPb6yHM2b/1Z3pgwWY/3GtCfQWtvz1jAmyLJVuCuQP2F2RS3QZfeD5Q6IrBeNPn3swmStYeVYekpqALe2dW1fAF0EiCpSTLt+TwRdNA9WJiCwQsBB3mD8h/rjtvGSfAb8ssAVdX83PWa4V6OWFYGJVpGxmzzWuOeJly5dMx9JPOg97SeySjde2OMmXv6cYRsmMDkKjbGUlrB15+BNYSqBEGT0BXFlGpYW4K1ezA/O/RmnOlITbffCiSmvHJASBqVV1dcoXDSJYU9yGbPlhCue6Jnhssfm5SvK/IVroKiBvoteEPn9azG90pY8zqdKmp4c8u+QQk6ZVaoGEy44rWnq73FijCXb6TZBWL2zRIs5Do9/QU+U5luuLPCsQbgimkNY5AeRWJR2FkGWwTm1DXE/akHsj2ffmFqp4BDRv8HhT4HUAF5clhKraxEYngDh1LpfM1+ceMMs6wD6sOyEQNGG2ryN7EoR02Q4PAusPRisGTFlstp2IstTsYYrF0CbCnhd3+p6at8H+uy8F3PCmoKSV9k8YROEbwX5R788RB7t54JMQnM/XYdcnf0UJV79CCWH50sI8n1f1ONbwqRPR5fB5TNk1qqfkkHxZ0z7KnS6B1vSQ3rN2tHv2ES9RsTLc3DX7WuQBmphGiDzPBV7fuHiDx6YeTcUSpZKRZgQBW7k3NiDFjbo54V1iB3h6AKgly72h3gPLWIXq/eKdBJ2zt+zFPOcFUF8/u1MDKaErB4NA0pLxmVPMeZLNzrZ5wJIcsEKnXsadQlIYgKcaQl7FZi0TgzYed38y+3Oxw8QPMs973uWvpGQzOIsZQSJP8vDLZyCsyxadXnrp+sRID4fGkKlj+lAdqZp7Ct1JhyaJ7L1ZBgWoWHpMAT13lgQvgbGJ8r9fxS8A3Xzv5GRvf/ihYlIdkKdfmZtCcPmqORD3UNwUQwyM8OaRyzH3kbhWO5LnuaQ1EbjClDZaQETTfv28z6Ll4DPoSG/qq1W0fzXSVsLKy9k3UdxaRLYWzxUTlOlwT4ijLaxzelJzp0dWIqJ4qZZC2sJD+IuvopYLNcgPqFjAyXSpFaIu579a8bN3hgF1oCl9rNvwHKhIKYlTjBhxvS2i1RvAQL6OBgP7ZMlbrmKYFx6E3Ey/ASSLkMs5gogCZteh8cKQqgQCyYwc3oh+S1oxv1AQdoN0F8IBow3Axo9h56QwErjVZatyqBBNp0hsN3Vu/RfLp3o0JHx70SP6rGCBqIqHGX1D5FwLnLro2M9NWhnUpM/DPjosdDfGY9T9SqkniqKThgqNS5uOyPAAktD8foifP+UuyH8Z+HPXokMh1qgUVCzpvBPxCJZRwRGcG0x453vv6XeTCC/Cy61GkWt89kvnrCD8UEwZOonhHxlGFNKv17c3+qNUXZhkYlwsfN1Z2EiA9mjBi/ETuzfXrN2d6yPCNhsZlqE1mAjq3mypjpNayRTt3CWIos7m+0yvnZkTrBHbFHqAVAndDpN/obtOPBfFtkPZQxaEmgR+81t5S6yzhBlaBIxnIfIFvPwl7lVYxJ7XAfmh0v/isknvwNHPqJShz+5HATwu4rY0K7sb446GA/su0cosXPLQZ/fgXbNL+cp16UMrHHdV5NOTitXOUx6DuZ/JtOzY4XO5rdCraVQ1C1fTR93XUPjzB+jN98OEfo88ypqs4Xv6UBKELlt9F3iPb2iwPtJHFAAU8kgncFqO36M9uDLnrnXc+hNj99QihrzI7G2dca+vaxwrtPzGvDQl4ZkGGDoDro/vwTSyz7S1L0Uuy9xFpv2eRl9K59AtNVjeIvXyRYZh85pmjic0vjIxN6+fl5ab3BDhRhkQi77L5J7e1h9IuB1o/IOAGimQIxUEV+os2C6jFgabKPAMU1sxk/Xjhcx6lLGC0gmNYyb28VhmXnB2/CejZaFLGty+IFLYAELB303K8aATGtgDv1m9606C/qKWQReza/vsiZtDzSsFzsE+npzgvvKK92C7fhJBpAmPVZOFmXGU981jb0CQBx7hrFW7wnYKgr4mEl4avpweFOyD7yypiNvwFfgEX9mzV9rS5pW1LL70GJcwTo5nN8eWZlf/0Xjdwm20sBYK2VBiv1EL7R9ghbeo12xULJkQtbokSvCv9C+lqyzaIBnUUWkXBNhZTgURsWL1zg7FKY4E1EgSfbSdfHTrLdzp9gf1PuuoWqzG8Dfp1FaGBE5p45er9oWP7Ru07oUZ2lTH+pFhSTgbgmjd6RALbl8tphFjp+R1zmC8BJCEL6B5chlPAw3JAJMxyO8gJjYl3917XZDXCan2y2aWbsMY8sSKlROBq0vKXdPKEFEThcGvk40cqCeWFneTYw03P+ySfyaaTBfXOxgZUZUL4/XyGPOt0gLV+6ZdnY3FiWyb7SVHswCt8u4uE+GyymH4CcvCyBfhWuhqxNrNU6MZXwkxS+q0iWJ7HV0xT/FaI6Fhd8gCMPF7LUQXdYoI9SCgnN5CX3l90Jb42MGiIT9APJ7PFD9TRu2doov6CcmKPYLnIAMe1NqzDBpyPknPrAoiNSkwJbzxXtg92U8AlhRdkvWYXljQ2GM9Zfh13G9KS0e2YVTgF43XYjbInYW3MTNI0t7SmDCopnHHP78WXF2b2hL4s0JTqB6NURMCD/SusOqVZ2BXTsEqLqT55LW0j2IlGqYXXXS5lSNLFleGV3oxBQ3mDQkRffHrJkPGXRLToquh35KSpzvjKNzWEJhNmoQhVB1rEOa9vpxPjhK3XsuB+iuqTtsLBecAlDdtL+yzXodx0EfQgzm9gj/6RW0Do45fziWPKae/mk5+/o7fN3dqGDowWBErAVmeYzUnrX3dFs2qYU801HCYyF7l+DcYoSOZwqBdb0GrK0GtVvEsnRGTlk+K+0ZN6nHObx1ItW9Vgq6iISxsXRUWr5HE=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-02-25 14:06:48,451 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-02-25 14:06:48,451 - INFO [Shibboleth-Audit.SSO:?] - 20210225T140648Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|ARQ62f34e9-338e-4f27-a76d-eef1a193d025|http://ce.wbrm.tim.it:48087/saml2/service-provider-metadata/wbrm|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_35032e8af55408b8eb94e3ddc4c3991e|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxyK5/A4t8ZmiyMoTlUuKxyst7DCI6cwQGi1ohLSQP0ut+GiBVZTV++APj7+bUXq2t4R7m7m8Bkr6stmSSPtDxcQdDz01e3XSjArHpFc+bqXB61v0jEUOM/r0R5deM7q9rXTLuahIThddSeiH0ptQBu6gtbwckShUT0VsPJOzS1HLRbw==|_3022addb128c54e3ee7b5951d75ea74d|
2021-02-25 14:08:35,637 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:f9b683dfe656ec636ef66a1b5e4d5d3662dfde7dffd9381b89009d3903dfc6f3
2021-02-25 14:08:35,637 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-02-25 14:08:35,637 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-02-25 14:08:35,637 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://samltest.id/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_b07931cd49e4f29089251c4b9a0177ca"
    IssueInstant="2021-02-25T14:08:35Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-02-25 14:08:35,644 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://samltest.id/saml/sp' from origin source
2021-02-25 14:08:35,645 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:08:35,645 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:08:35,645 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:08:35,645 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:08:35,645 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:08:35,645 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:08:35,645 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:08:35,645 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://samltest.id/saml/sp
2021-02-25 14:08:35,645 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:35,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:08:35,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-02-25 14:08:35,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-02-25 14:08:35,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-02-25 14:08:35,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_b07931cd49e4f29089251c4b9a0177ca', issue instant '2021-02-25T14:08:35.000Z', entityID 'https://samltest.id/saml/sp'
2021-02-25 14:08:35,646 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://samltest.id/saml/sp' does not require AuthnRequests to be signed
2021-02-25 14:08:35,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-02-25 14:08:35,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:08:35,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:08:35,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:08:35,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:08:35,646 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:35,646 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:08:35,647 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:08:35,647 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:08:35,647 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:08:35,647 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://samltest.id/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-02-25 14:08:35,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:08:35,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:08:35,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:08:35,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:08:35,647 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:08:35,647 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-02-25 14:08:35,647 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-02-25 14:08:35,647 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-02-25 14:08:35,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:08:35,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:08:35,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:08:35,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:08:35,647 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://samltest.id/saml/sp
2021-02-25 14:08:35,647 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-02-25 14:08:35,647 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-02-25 14:08:35,648 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-02-25 14:08:35,648 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-02-25 14:08:35,651 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:08:35,652 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:08:35.652Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:08:35,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:08:35,652 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:08:35,652 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-02-25 14:08:35,652 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:08:35,652 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:08:35,652 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:35,653 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:08:35,653 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-02-25 14:08:35,653 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-02-25 14:08:35,653 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-02-25 14:08:35,850 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'SAMLtest SP'
2021-02-25 14:08:35,850 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning logo from UIInfo, (225 x 90) : https://samltest.id/saml/logo.png
2021-02-25 14:08:35,850 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Acceptable Scheme 'https', returning value 'https://samltest.id/saml/logo.png'
2021-02-25 14:08:47,266 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-02-25 14:08:47,267 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_fzte07qqjx48lgamti0bpi05up2rk8cbljim" IsPassive="false"
            IssueInstant="2021-02-25T14:08:46.607Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-nl.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_fzte07qqjx48lgamti0bpi05up2rk8cbljim">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>rghcCM5sMZYuBp5CwnwZcEvgw3o=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>bItQVNlHmjca9ZwcE3ZqI1yMQ/zcrfhxyPjIuP76MTZqIJYpT0wiuFxQfOaQszWY88byMwFw81UR1Vhy+6VbiUDh0NFMN/x5v3NQE9Z6kW4/eYHSSt3EYRUu+dV25JdkAB40str556i1TgkNO0tVG9berS7TF0SKwRruByhhKg7nw4Hge8HAgMecxyiCGg08hWK5tT/zlAgvamx8kJqf9nxZI2idyQWttmAi+cjSZP3k7U0+gVbQ0+kMJU92zM6BI5/sPHQPX2JIMvK7Nr57lOXJ+isPnNvPJ2hy3j6lesWO7gmOVhQIYqhsOHePfXAi/Gu73wI+V5B1lGtGfXCmukZNEc6UnnNxbnEWysYWRz3k/4V10lowDU/+fZgaKs7iNZn8X5bUPjVZoPnCIPdAQdPRW8kWyDrr9SmsJrWoxd4Du9VaaN3BTgmK05y2877czzKwfGp3wzgZCXb8xkonxiks5J/8mdM3bZerDdwTnAIFZGwQynX+dTAYle2Z/zUHDRWxSf6xwJI2OeCvWPzD7DwTDDEBqRV87njkniLSU3HTXc94WF3OJBwkQ4BPv2NdRTsUDL/QmtbMNk1IR0Z2J2JLM7dVdBgm9coiKHKR53YDxf5h8rRukmO1jDcp5oQ5yqZ5llFvzI2HMo8pdvVAYpUqBVUC1F2jlADfypvSwMQ=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-nl.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-02-25 14:08:47,273 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-nl.otc.t-systems.com' from origin source
2021-02-25 14:08:47,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:08:47,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:08:47,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:08:47,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:08:47,273 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:08:47,273 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:08:47,273 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:08:47,273 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-nl.otc.t-systems.com
2021-02-25 14:08:47,274 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-02-25 14:08:47,274 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_fzte07qqjx48lgamti0bpi05up2rk8cbljim', issue instant '2021-02-25T14:08:46.607Z', entityID 'https://iam.eu-nl.otc.t-systems.com'
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-nl.otc.t-systems.com' does not require AuthnRequests to be signed
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-nl.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-nl.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:08:47,274 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-02-25 14:08:47,274 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2021-02-25 14:08:47,274 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2021-02-25 14:08:47,274 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-02-25 14:08:47,274 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2021-02-25 14:08:47,275 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-02-25 14:08:47,275 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-02-25 14:08:47,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fzte07qqjx48lgamti0bpi05up2rk8cbljim"
2021-02-25 14:08:47,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fzte07qqjx48lgamti0bpi05up2rk8cbljim and Element was [saml2p:AuthnRequest: null]
2021-02-25 14:08:47,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fzte07qqjx48lgamti0bpi05up2rk8cbljim"
2021-02-25 14:08:47,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fzte07qqjx48lgamti0bpi05up2rk8cbljim and Element was [saml2p:AuthnRequest: null]
2021-02-25 14:08:47,275 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_fzte07qqjx48lgamti0bpi05up2rk8cbljim"
2021-02-25 14:08:47,275 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-02-25 14:08:47,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-02-25 14:08:47,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-nl.otc.t-systems.com
2021-02-25 14:08:47,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:08:47,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:08:47,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:08:47,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:08:47,275 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-02-25 14:08:47,275 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-02-25 14:08:47,276 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-02-25 14:08:47,276 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-02-25 14:08:47,276 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:08:47,276 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:08:47,276 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:08:47,276 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:08:47,276 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-02-25 14:08:47,276 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-02-25 14:08:47,276 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:08:47,276 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:08:47,276 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:08:47,276 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:08:47,276 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:08:47,276 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:08:47,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:08:47,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:08:47,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:08:47,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:08:47,277 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-nl.otc.t-systems.com
2021-02-25 14:08:47,277 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-02-25 14:08:47,277 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:08:47,277 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:08:47,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-02-25 14:08:47,280 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:08:47,281 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-02-25 14:08:47,281 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-02-25 14:08:47,281 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:08:47.281Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:08:47,281 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:08:47,281 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:08:47,281 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-02-25 14:08:47,282 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:08:47,282 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:08:47,282 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-02-25 14:08:47,282 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-02-25 14:08:47,282 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:08:47,282 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-02-25 14:08:47,282 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-02-25 14:08:47,282 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-02-25 14:08:47,282 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-02-25 14:08:47,282 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1693415971::identifier=rick, context=org.apache.velocity.VelocityContext@6ea39027]
2021-02-25 14:08:47,283 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1693415971::identifier=rick, context=org.apache.velocity.VelocityContext@6ea39027]
2021-02-25 14:08:47,284 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-02-25 14:08:47,284 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-02-25 14:08:47,284 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-02-25 14:08:47,284 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-02-25 14:08:47,284 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-02-25 14:08:47,284 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-02-25 14:08:47,284 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-02-25 14:08:47,284 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session bf4d837ef060d0228d60761a36633821dcffc2ea6ce487fef8a0a716eda689ea for principal rick
2021-02-25 14:08:47,284 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session bf4d837ef060d0228d60761a36633821dcffc2ea6ce487fef8a0a716eda689ea
2021-02-25 14:08:47,285 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-02-25 14:08:47,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2021-02-25 14:08:47,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-02-25 14:08:47,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-02-25 14:08:47,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-02-25 14:08:47,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-02-25 14:08:47,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-02-25 14:08:47,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-02-25 14:08:47,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-02-25 14:08:47,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-02-25 14:08:47,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-02-25 14:08:47,287 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-02-25 14:08:47,287 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-02-25 14:08:47,288 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-02-25 14:08:47,288 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d1ef30bf0626f8da44ab080472194b0b
2021-02-25 14:08:47,288 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d1ef30bf0626f8da44ab080472194b0b to Response _64dfdc5438a0b5d90e89c11e2e0b04ca
2021-02-25 14:08:47,288 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d1ef30bf0626f8da44ab080472194b0b
2021-02-25 14:08:47,289 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-02-25 14:08:47,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-02-25 14:08:47,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-02-25 14:08:47,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-02-25 14:08:47,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-02-25 14:08:47,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-02-25 14:08:47,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-02-25 14:08:47,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-02-25 14:08:47,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-02-25 14:08:47,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxakb0HoJsSkR3ZIDS+hgbM26eLTqRhJVUzYtSwjtZVWILQXkDBgzIfceqasDICfYMbGtrMNJpXGePYLt6gdfWql2pNYnVcPVqAGUtK387UavD4XwpxmaR0rY9ABSitAoK/y0vXNuh with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _fzte07qqjx48lgamti0bpi05up2rk8cbljim
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d1ef30bf0626f8da44ab080472194b0b
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d1ef30bf0626f8da44ab080472194b0b did not already contain Conditions, one was added
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-02-25T14:13:47.287Z, to Assertion _d1ef30bf0626f8da44ab080472194b0b
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d1ef30bf0626f8da44ab080472194b0b already contained Conditions, nothing was done
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d1ef30bf0626f8da44ab080472194b0b already contained Conditions, nothing was done
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-nl.otc.t-systems.com as an Audience of the AudienceRestriction
2021-02-25 14:08:47,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d1ef30bf0626f8da44ab080472194b0b
2021-02-25 14:08:47,291 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _d1ef30bf0626f8da44ab080472194b0b did not already contain Advice, one was added
2021-02-25 14:08:47,291 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-nl.otc.t-systems.com to existing session bf4d837ef060d0228d60761a36633821dcffc2ea6ce487fef8a0a716eda689ea
2021-02-25 14:08:47,291 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-nl.otc.t-systems.com in session bf4d837ef060d0228d60761a36633821dcffc2ea6ce487fef8a0a716eda689ea
2021-02-25 14:08:47,291 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:08:47,292 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-nl.otc.t-systems.com and key AAdzZWNyZXQxakb0HoJsSkR3ZIDS+hgbM26eLTqRhJVUzYtSwjtZVWILQXkDBgzIfceqasDICfYMbGtrMNJpXGePYLt6gdfWql2pNYnVcPVqAGUtK387UavD4XwpxmaR0rY9ABSitAoK/y0vXNuh
2021-02-25 14:08:47,292 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-02-25 14:08:47,292 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-02-25 14:08:47,293 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d1ef30bf0626f8da44ab080472194b0b"
2021-02-25 14:08:47,293 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d1ef30bf0626f8da44ab080472194b0b and Element was [saml2:Assertion: null]
2021-02-25 14:08:47,293 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d1ef30bf0626f8da44ab080472194b0b"
2021-02-25 14:08:47,293 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d1ef30bf0626f8da44ab080472194b0b and Element was [saml2:Assertion: null]
2021-02-25 14:08:47,295 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_64dfdc5438a0b5d90e89c11e2e0b04ca"
    InResponseTo="_fzte07qqjx48lgamti0bpi05up2rk8cbljim"
    IssueInstant="2021-02-25T14:08:47.287Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d1ef30bf0626f8da44ab080472194b0b"
        IssueInstant="2021-02-25T14:08:47.287Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_d1ef30bf0626f8da44ab080472194b0b">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>48mgvg+q5V87KLxHAAMrc6K4HRdMUBVovqoktOAkcKY=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>LJlnjuWR73hU0UWEgh5/DARW7FhJ7Gu0OuCINyqbfEcRPQ+362hCPzOkjgEtrgRx+drHWNW6HLwNqFypqx/e6uqKphugivv7xQBF/yEDxw2X3ck5BikpA6g63I4fgDfLi++nsBwKDLDh3jCAOxE8Qnk/j8OWbsKjZT7C/6d3dhCbDaPQxX/GVpQdvXWJyszzSxj6YqTTGVDJ0yy1yz9iMdrAkgeizW0mdlrPumW0H7ER+qOOnkG4ionefR4PJMbg8t5PmqV1T+EAZMzAfxjhdpBdfP4B+yoHjFhZPgdNnbusc4+qRn6x8bDahyshaVDpHsocNBF0MybOytWgd1davQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-nl.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxakb0HoJsSkR3ZIDS+hgbM26eLTqRhJVUzYtSwjtZVWILQXkDBgzIfceqasDICfYMbGtrMNJpXGePYLt6gdfWql2pNYnVcPVqAGUtK387UavD4XwpxmaR0rY9ABSitAoK/y0vXNuh</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_fzte07qqjx48lgamti0bpi05up2rk8cbljim"
                    NotOnOrAfter="2021-02-25T14:13:47.290Z" Recipient="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-02-25T14:08:47.287Z" NotOnOrAfter="2021-02-25T14:13:47.287Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-nl.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">dDrOMmbU9Bim2AY9zLamCVjGsdSi5OLTIhV8JkLv9B0=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-02-25T14:08:47.284Z" SessionIndex="_245782bcbcb22ea05dc7675d700b0748">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-02-25 14:08:47,297 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-02-25 14:08:47,297 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-02-25 14:08:47,297 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_64dfdc5438a0b5d90e89c11e2e0b04ca"
2021-02-25 14:08:47,297 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _64dfdc5438a0b5d90e89c11e2e0b04ca and Element was [saml2p:Response: null]
2021-02-25 14:08:47,297 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_64dfdc5438a0b5d90e89c11e2e0b04ca"
2021-02-25 14:08:47,297 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _64dfdc5438a0b5d90e89c11e2e0b04ca and Element was [saml2p:Response: null]
2021-02-25 14:08:47,300 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-02-25 14:08:47,301 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">dDrOMmbU9Bim2AY9zLamCVjGsdSi5OLTIhV8JkLv9B0=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_64dfdc5438a0b5d90e89c11e2e0b04ca"
            InResponseTo="_fzte07qqjx48lgamti0bpi05up2rk8cbljim"
            IssueInstant="2021-02-25T14:08:47.287Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_64dfdc5438a0b5d90e89c11e2e0b04ca">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>wPqWtEQ8rTriGxrS7vA+DNFu0hf7HKMjaaRQwEeU2Og=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>mZgA/Rxo7c3aMMXpNCQR3CEjYu4oEWXjbaH6dAZpXNlEyo5M4Z7F+qkYfcDqt4rA/BzYPmheuC4jGSqcyX+U63WzzHtzSKbN7e/O3H46CiuzI8QvxM8n6c/fd86m+0fWw11CSiagb7X5aGjNb+SyfZsvzcmmLLVbRAFSdsdya0mJ8XkcVn2mWd4d8wjVznDx3PSDSfSAAhMkW4m9zt1F85kSgiTbEY62BEPwINhkBSjhjwB66kvEuj5ReBPrflX6ctX4CW9VUxjnnnjcZq1remIeJS54WyaKtFVKKlPNaReLYW04Pw87tZsB7kcvwItMBRkKeX0rSkmYStxlrkOoKQ==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_ff6c846069785cec2b9b053022bb6fed"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_9f4b9586a31a4d510e9833af897eedc1"
                            Recipient="https://iam.eu-nl.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>SELxdwV09CfIkt0vVtQLlzq/fgC0pc4TNpI0zdxK9Ipfp9Ng3ByaoQrUlkXMMLjGoQShiXQo8u9NsLICxwsR4J1hF1LWxkzms3fNp41KXZ5pXyffxdWGhn6GkQFgdIBbAL3CrHuNO1tCXgjqtX8xjrkwXx/9Bur+4ob+SiLZyG5mWy7wxrOV/RdNXu+S3ezNYkrBAjPpgMnk2vNerQUWW023N6T7wpBd1Kisulluh1YVIyPLJGHGIeMNxkR6mJmUWAsbpXC8ls5/TBjDv+Y4OigtR7rlg/VZchI2x/5aqDm91SSbjcTVWW8tqdEdbvZFnJaxL27nfR51cAFSc5J02h0Endij0qLiu29M5fzragkaOa0Rk3WFSvHeJ3nsuMAiQJKQYiq9C7VlFHxFnYB1CcQCWmRzhgQyt2JBHmuTfdjhzBUNCXcjqHzAXTWK8PFtwnD1/k8KpbakeDJZoOYU4YT5IDVUJB/Ay2Pd7SZC8UB7z7aiPNTsdQAmvyXh6cy9pGdacu+bI/ZOT9OaT0TeT30iZUjCl8SmNR2+J3Znr7mbDppJMYOzwGNJgJAD9RawF4aPptURb3wkOKiYEuA/Xwl5QpteEo+cl0oYH67Ms4GNN5/uRC+I0iCmY6EfUKQb/RVQYYBLZqynXAGoazXCObP8FzyGE4woX7ziQLYR+dA=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>bd6l7lTr8fLPbw9mGt4UDGD6sSN9GmZZ1Gc5fWWEcafCwD6VXpvIsHLsOfk28lwOcNB7/QpamGSY7vYuAfKbMr4spwbgv/O0FfM0eXbsfpz3kQ/HESu5fJrUMdwwf4lOgv7SedP+CyB8jHIUGna4QbQN1F6u2msbcXxJDbVNMEFygHjAyImCmzCMv1APVFLwjDUTSLBCSO1feZ3j4/zfFzMFsJ9aLYxFUQaf1JJ+xjYZUPb9nt7e0ly+JHPkHxPgO0lJuwp7QJG7B19iweUb2GB9UwEnTEdW82RXrH0a15mq19HlURCkXnR38z4zP/CmwuH37sEIwcZEzqv2ckh7GKCVBsUPRi3Ag5gqgtqBXBfq4JAmkCndZDTN+O0xrVNEsMKwFkQTuhIjzLVLK0+zUaTsRUlZqwDZhx/4e4CmeZnGwl2q/p1M27oUah6VMAjJHxshxunPRsURWa/RmFDZIj+VyXwfVpt79CtD6RqW54PSLJnDu8pQmLrZIlUMFLfTblEdRwOkdbTGALyimr9aZgROrrrcq1gnDb8Bce4dieNcJCcwx4dgnURbArIgTKlKqCtsbGsGEipQBeTlmfEr5dTBZwmhQzgwDb1/8i8UySLJCL5sp3aH4T9j/vijIVNZC4aLxs00irjIwcUjPenr8Gc+SytFXUwIezEZa2Z13nKgRrdmOomMd1o3z+UEdPWoEKaik+yWghYcRq+ujBfANHZc+W6DZdwYUFc//iEvFRCQnvvZwiijJWRghlPMqtAq3KxayUZ/0TrK8w5MzFx6E2Y8fzMgKJRggkS2yPPfg0oGWwjGOSTaY9x/c5Km3nGpJXOoM30f1styu+ga6fUgzSIBJyB8hqpZGxArgvnCufYMfYABDLVNl/Gz41wW6ikCyV93B3ih/kyUbNaJUEWec1gVIphev0wqoB2vHiePQGKuPeafHOPckOLAuakcPuOIckeUpTH5/5LqIFiwNDBe2h2t++rlt19PtujFVZ0tfj3JsNtYEXOxg1nOKts8HCrXH2SC0rEbVWxlj/VsRo9BHZOXZ33gLQ8/jaUFvnbfCFsVDAxv6NF3k0ISkZRxleT+WdDVSLNSFt/mmA3QfMA24NBN3q8+FxGKHuM84KTHfqQJXhoH5EwKKyBj4NS/eXKMRlFOy3bk1JohHYjvMY78Ojffd1pJgMTcMLMxf9SOvlhOPgm002Hgae6CB33j+R+/NeQ/jWEZItyLhLvIsq1gB6OYiFV/MR1xhdPvBgovM+hZJXvfcohtuQpqVphEnkqzUcm1p2yLiRDrxMAZARO4D/xUk8bidr7iukDdeDZSwYsgmymCF26NpTYNsATseoD9oHYEt258sn3Fw6DXe1ZwS1wDJ3VaELKkVbVfJnfLKmt5LUJTqsDQFRchcowWIUz7ZMfgCi20J34APE7vw7p3mk5KXtV+/EAlxRynnc9BhOpQAdgNMe5CETMCKrNgW9g76+lh+fBZZBopkoN6jCT1Nrllb0YVTenk0uid9YA2d0N06ySmhQLXJl7T4l9b4RBUTMTVLhFjUP0sfuvJuORPRWmGB9+sH5V2bo1cnChmBKkQUTkVjUXbypNF30jQG/N5UvbVFWGk1HUwYbg1jpUOdtNbzuk6f2BbKWae2Jv4pjaL7wQzxVkoBJO73x9eoGIYTANs2i8pW3Ew+xbEMQnGxq/yAlxOsmOCapG58wUTtSrWh2flVpcNnbBrYpL4E0avpR3ygcuO5wKvmEa34dgQ5+9b4ZqSw5WZnKW0xCWg6VuzwH0wDs1eFKzL8UsgPqaDI7ng5Dca32BpIk7MVOyQM/RbP3UrjUM0ODhg1b/pkAJ749i+e+sNka10N0fh2kFjXfZvsAHWgaerRusYNSjo32g1hO9plcML5LVj80egC8jdnvZxJhOCHZrMc4Ah6I2tutxRRoC3S+T9T5JGwfA3icNyPwC+AXzvqsgkyV0I0YylPKNq30dD749nAPWdQ52G6a8iliSiUOHHWSkBAPnN/IbZZSlw9fiMP4dTBe+j+gIHL5e/AfAZTb4ZJXgUPadbISkFEe0GZ0GRaIzf7GtaTZJyoPjUjcd6gkTx8iXWJjOSynZVx4512AgizjyaXCvun6enDe3jXqR83FjIXdznB+roajxyQkZa1gIvFgy9JvnY3YN8RuHxBz0v1quaXJ/BMB4f8yVchlJsJAhxBf/QlcJef62Ob8xt/HkGApkCiVrA9sBPoe9Xk5TPAtb1AxQD2f5oHYfFNLln+sl4qyrFMpoKMJQXrTJUayQifx4SFXJEuu4BoQsu0QFb5jUBXFEdZiUljFCazYk8O8hai6iL4YR5B3N1rKLuzhWByEOpLK1p9FuZX/QzK/bKQjIahedGBcl2yqKk3ashPxpXjzJX3GztDGfzsiqvxqMx9kXebAEyRDwzzQBnQ3702S6QanyfPvoqKaf2nvo+yfQDTl+JSRcUYD/kZ8G8v6vkA7+UebHt5fyekw7Z2SX/PXcaEOW4btHQl9P8aiL9VYySk/jw7gCqh1NN3JM0m4B8p+I1SwqPbVDTcHVw6cSsR0qViSJGNnkEhBtilaQYScpeZ1kUSBqOr6ln6CHAAjM/IIVxlFCSRHAXegpOf9v3UWRjpW4PwSyAVqVr1jgawV4gyeFAIlE1ofvXalJAC7Ke1N5KvIBhNLIqHsejAwywLFFkIXbuabcvTNzV712x8naMTi25FvAiZb4yHiV57DzRunuPMwOvNy04l6qO5ao5bzVugfgEM1Jl5fhB0ikXyTcF6Q6104xCqKQQODXVIsNCJqpcXhFCaaToZt+KY580CHUBArk1XxAY7gQfi7Q8SGwss4y+SD0w0ASuSYU2kWOp3njTm+NMJwuvO/vEYgMPee4DcuWtir/K3yPo6Iq/oxowA1z+2+3EmbmsHHmrqVs6vPi78wJ8r6560haUrdY4Z/+xuH6KW2pL7hBAOx1eYFFDHsMiVojdW+NR3FETLY0VbV2SxxxMA7sVID3vWUF13ey0MINr57rKAV9HF/Bay8JwJR6gxz0g5Tpq46Ch2/gQGaJvyoc9ho4WwwvBxD7iQkmSzyehTxxPlU2hnMjVKw7dNSiwvw3uW+2M500OsE4lnHnz0W3BlX17i8cs2qb9HVWAC/mABTScjf09gLUh/23KzHvoRYKcAzJ2HtHvzKTguPVKmATu9i4pePUF2/0MIn8s3/F8TiRlsWaP0A/r8XdA8G1bKhQpgPWvofctXONnUdvXfmuwjRXGRFQ0MlFklBQ7hcZtsPkNdg3f6+Xu/wUZOEWCbmE15hqBJXJgsJXcC0bQP6XLYIvOggV7VFZ3XxCfyyEQdxJUcz82fuL+Be890WKpCGcvSUzU42V4hcgIgIwX2o8bXphYIUr9pYH8aPeJ0TqG7ZY+WIgI12IQlutA8mh1AkmZu0ktCD2GjSsbipYRRhsRjXEgOsRWln9VtOGuhpl/Od5kC6eM91gqn7ZPkiDq6j5mSZ72Qqk4h44Wtu4cnqAi3iXl65vlzVwJZpgj4HhnIO9isI4X4X6kt4Zc/8RU6EKeyDpL/PStsRGexS7WXZJxrsl4Kw4tqRi6ANOMW7ddc1NcJkoGskEzKqcxlydpZEt8IA5PYG5Mle+b41y915xclcvvEIph7F6E8xsDRkEH2CYtlFygDxquemSUMrZ5HnSY0E3hZGlVDdrHpUIsnLLeGlZUkqB1I9U6sGtpWYIm1Qe417gz1hja214LHx5GDmY0buZSSupPWJDt85cOgA48ovmCmplmUVbzyka0mYR2Jax8eC5jWSiOlARe+wZ0x3NU3Q9HUE/U4oCoq42Qt8Eo9w5zpZEmZDfDudfYN74/lo3vl6M9lxd6oRrZZj65LnkUGJbpquyWxsT1wWbU2BCdukfmAWs5AQK4TvnI1yFAw+TqHuSPKbdyWM9OxlwR2X7ePhqo8Q5Ox/+7EU/8ojD7BUiBTPPOGNzVrofLty4xQj7MqoQ7xJuj5Oj80+i50stmbD5tXH1z5Ob3XqU09nUjzCiWhV0d1m5Mvsr0LdlNCxFL0nml5Q1f8PJZUFQUhLFMxIiFgq3pUKHYJyKKbb4PjLXMI/QLb8zcLcfk9eHRppVadK5luc7LlEXubBRDgIuaOSLZ3+PxKUXO4xSii5YL8vqMBAYlIUc3h9tXtFbnJni727VNAuI8TOtjQLkFhm2A9zwDYvFPHs0N5p5CdNoPlEZvDDHPktoFoflQcx1ppPqOZz/rDHjGdseDKHrUddPEAkIxzpnjmbt183/dQ1xdNDQ0kGLquA+0j8nZ1sPH0cdlbVb0pWcry76gSl7sMP9i+vDG4m46nT048IvWWHgyEQ+qzMIgvxlYO5rq4I2cLY5BagNUxcQEDrSqRNb3x7cv9rUqTpgIhalg+qVNGMtDBhqv0+jjjYv/FA4xQkfTeTkPYaHrST/iEry12MMbAw42tPD8jblKCpC5O3guClTVZjoovmr+0AKBYoQBf9SYEnjCbiN4MwkdBFZFAIIS5HtzePxa9qI6I3MMYDn9wTNQ3eAiXfx2tqtheLMRnPzPUedrszdOZhJgepF6Sl7nznQKqNltwAvcisXFyevj0zVaL74fra9hEc6HubMwr2IuIG5ASsucvu5V1IMSGZt2WAlqd5TsGcl0eZW8VxX2hBsG1DtssHhlyYJ2vf2yWPie7ZFodk1qT+80j8zIIwTyXJG46iIkhYvDCHTJHsf18BVFw2/EQpH657y+aZ1pgszaOUm/QFS9h5MK/sk2D/Ho4yowq7eHRviE6w6CjJNWPu3pW7FVHrl/x1ZSQm5p+f6/zN3jYSw6Ub6CYW8pH7s3v5/q8OgObNCnc1Mmq3m0bxU7Vc6/dZ6DG8Vt7uBXJOS/v4CTLzajBpDOGZ3Mxqao+wLgbs1v0pkjtbvDdU1DRmq1LOjOndYMNlO7y7519Zkj9MzUeHZvkk7JuSKY/MpFSssOW9KCfBE8mGkmqxXVRb17MtdI3Ja71iMZRjuzi0vIGUOITkkk7GuQ7RTXYPJkUDM3Jd4pr3cmCyyE6fN5HhEuCqQlF32NsZFpQNLMBO3RpotjYaTY+nm9Nzn0zZDw4z6NPSex7hZtHIVLCxweI+fx0G0L3O3uC9BdZQs/vHMhaNdMxrFIGVTiwuiDkUmx6LbBL4zeLLskj/rBRELBDK9JI/Tx0Ec4QkCFeb5AfXQfXhQ6MhZYexyiim6oWh6ZP9HYN4DmQm3fByPtCAIXHWnDzpn97AQXtXUWf08Z5WVl86tzH6tbHBMU3hJ6MboCkSuBm8EochxNOd08KYuh3jH2i40WQHUtdoLxVAbDXLgjKpKNSp4S3lKSlmA3iqqYfXYoAiBAWJB+eTPGy67j3E+q21gGNc4lqyxGWG9iM3xxWWTOK0laEuQS3kbS2e8b758hp/Qb+qAyxM+dpBf+8SVly3Z1DNc5Lut513Ly/z4ruEfgPHHybbDu1XfnKeUpBSjs/e2gH9pAi4HnA+mXjeuA0rNwCCub4u0jt6pomgY2I40jx/G3dWh1wmc9vnO3bbplps/ZxQWbgeqdSS45LiDFusBzhZHNbxA79vV1BWdQHoZiwTyxRSd//kvPDxswc/wYGDvoVJN/hAlQaLwKcunp5MxUbRJV4fvhF776SXJ9A9aymrIFymKeTvT81rmx7K7prAOEUbeuBIefXxB/UhQ9xk5gFJkVtIP7n5lWUO9eEz8r4qVQPV/Ht46kMYhFFj5kzucU6jQoAOOKf25/ZfBQfzceFMb8w4c9OpgNPSStWBFMH7vBk/FZKNIiNKJc6fskC79B7XtfzKYuo2/qLkzDDWwFZf6zujIC1EyjREv8MapjrrsUj1Cs06/ewkojqXKu2399iqSBFB3xeoLOsrRBHjnL5iRQUO+TDFzyZjQV9KwCkxpxw8xS6sATk4fBUtfZoUcfrIfpxu3coM+eaCgkN7O098fg2/ZTfxyH0W1qAtRAbkeJPJP7mb6Hkh7fq5YEl6NUBbZeur8mSNElFjbskW0COfxISXLFI1YjwO17dghbze2ZZq9JqR8udTsEoEicMp8E3s3J+ljkrs2k3+z+ZA/x/b2q96UqOAPg7P1uRjxR+Q4Mo+WlqSGzZQIfWTeZGsI5/LV5eYoNk8vFRSDumm7kfs6d43XPs0sihyrHkoX7prYl9qzPT5bjmLBFHHbRLxYPfo2oa4MWN4yt+51wG9buCTh1pFKNEKNn30/1sNaEq5FsrBBXN3B8TJ56l3vMLqz7+6+DhRkQsXbmirx3INJv/v9mGuwQixwoe8Wd363JgJ2beuVJTP4Xvy4t1/o8EVsoWIkK4c0CMCsYXSyb8XC6eLocAcovMZ0uVeZLlI0bMOorP0/+SRIoK9hcHfDh+c1kje1tG2WFn2j0gJW3RYRcd/TwSRMWU76U6eMgqcnS1pl8mei4dRaxO/7YrMLkKy9I414ns16A6TgOniGye3sYN2U4SJ8AKkxiDj+9ZgbReeetMGQ1tgnmnes5FDoJjgyQWG26yLUqbyifSdfiRLT6b4A0RAYJPNJuVwIApsqip33MrTjgW47G1Ni91FjZLZwEh2KIzAFyoJzAfJL5gPFDKzEHLq0mHnxM2J0nKOGcRPfka1inkB69+GQyCxLQ0Im5CRhzn2ebo2KDQTtU6uFRBozfET4CLvCDi3/bYLzNdsPXe22oyoN8uq2ObTLW8THu/utlZ9juJk3xOScHC1Kj1YuL/5mqN0vEH0XIqgpc8sVp1ZSj/kELysLaUkJ8nYIuDOSql8H5bQBwwveqHh32t32dDPPIzd9yl6fNJ4FkmJY+JXUYpw42lkYu21VFZyERGEVBm4kRo+Yi4mZKI1rGbNCT8ErT7fym5l9MAUHANnEXz8GNZd7JZ+pkWN40SKqjjG+NSxY2h9HBY2hPyQHHRCSVD2hRPTl4LQeL2I8jKs69SOoozffm5qPH2JgWnTEXfoy9PdOOEAbbb5xY9aCZyDgIkt6XijiUn80oeqE8IBh5X6N6JNKeSiDvQmddmtV3Eg0v+CbTeS3UZTW18BaMAh0TF4yzi7EyQ96oSl+KH9Jtw0pVz2t2PGkCJ8ehgf3TbgpczHbVIx3StS9VuvXrj8WgUBm/BxAfYfAgziXB90CJACejYBfFNrLNMPUrjN9W+u+wcTZgh1o9TmbAJsdDzAf+NT2Wx6YEPbOH2Bm2SLUYCZA9SbMfePvcyNnsm0Lz5KiXiI8xsio/hvYm2z6/WLbD4HCLp/ZJoLBSEyVZSp/UMAfbFAgeXQjqJqyk/td8N7byeqPW5KGQ921EOeGaAOjzeeOLPKxxdQWOpv7qBvR6laUbbmeh9p50BGqA6WSRTOqbe7+ineuvd1pPlekrP9JDb1dUoVFVRugLf7LrAOmDnBqrcIfC340w6E92Up1Ptkgm+hB0p0UES5fmCCxScTq+9z5/2nizsDcAeNbetqXhRGBZTevb9p3QJdxQh2EoYPulloWH+Hwdn5aQ9YhdYWqzbCHDmtjvSHmmXCV1MXgkzCLpW91ik5lzpwKOKY61fUpOfw27ZV96BVL+KdayIri+/4Mou9cEWPY3MbnVY+2oqDbOjD7qQZMGhAPHyW7VWw7NU0MDPc6f3W03sMNyifQz6tb0m4uqILq6VfzE0avVAbAzMKPPw5rXwXbk1cEGg8DP0EbR50poKaoqXEGqihilgWoddYUdsbGcRSx0CzsBjiXp82Tl3pkf4I4X1IvHXdLZvcjNxaYnGfBE0K8oWlvaQCVwssooEn7wyCyruRmdpl+ErGG046uyzlWJAQhOArVjZi5ps4mxVt4jshYB6Z7gZnryqWd0FdvLzC/3x6/Ms+/a5SALgNP87hkzJkVy1LrwJrYX7bm2QnhIEzhYWBzvvOEZID/Itx5jMFb0jCF5lZEN+/qqLQsYVizSKQblPBVyjawnMoKislgw3iG+fq/OVenR+NQHF0BI/o4m4edidDhR0NfwYyc6xd1i9u+nXzzVHdGHxXWxip7zA7pkg9SxEVrd+7wS6DezbCXlwuivPQ3r8cePByfuQLQE8PE/a8M98fZ5Jc2FOaR3DlatvwYCuDV5I/By0m3jWAtUv9PF60QM2cqnVgkFN6r8NSohZKeQZiFQwRVlMIkuI2W7ZJryPnWt9sXLk8bOql5JMw7rh678fRAHCgZ0eVJN1YPB7rAwd4pJb9Afjqg32Gzp1lSdsenZMOIP38395C0EcuK2NhpwY8gVwkTEm/nKju5Skww+1CPC7+lxsrP8eTvaXvHHeLWpmBrwFzAruXj1+OBbC3gTqhrHwtomPqTqbXE3eeNrs1pcbvmhRCbazUJfOl97y6fgWMa4AofPh7vfqS7/rsmx0uGXAPrVC5dY60RTIa8pMlsNdNbMeMFCBEMj8VTRcDKt3WyWMzEV/4mVcV8wsyvmBZMU8AX6J23O1nuJHZsI6grkilsnQtYUaZcf9eTc1kDUKlEZfTXMuyo1HkrY5yvbQk8oDPzcO7ECfF9YJC+yPH2B54tB3FBV/UGC8kD+YcFAQY1huyR4U4DGeJBnfE7wzbnj/e9nnhkppulNO8rjfmuNy5GUjng=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-02-25 14:08:47,301 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-02-25 14:08:47,301 - INFO [Shibboleth-Audit.SSO:?] - 20210225T140847Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_fzte07qqjx48lgamti0bpi05up2rk8cbljim|https://iam.eu-nl.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_64dfdc5438a0b5d90e89c11e2e0b04ca|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxakb0HoJsSkR3ZIDS+hgbM26eLTqRhJVUzYtSwjtZVWILQXkDBgzIfceqasDICfYMbGtrMNJpXGePYLt6gdfWql2pNYnVcPVqAGUtK387UavD4XwpxmaR0rY9ABSitAoK/y0vXNuh|_d1ef30bf0626f8da44ab080472194b0b|
2021-02-25 14:08:47,302 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-02-25 14:08:47,302 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:?] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: Shibboleth Authentication Request message did not contain the providerId query parameter.
	at net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder.getEntityId(BaseIdPInitiatedSSORequestMessageDecoder.java:128)
2021-02-25 14:08:47,302 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: UnableToDecode
2021-02-25 14:08:47,302 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-02-25 14:08:49,286 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-02-25 14:08:49,286 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-02-25 14:08:49,286 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-nl.otc.t-systems.com, acsURL=null, relayState=null, time=2021-02-25T14:08:49.286Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_eae5ea88-2045-47ea-b426-772051b502c0"
    IssueInstant="2021-02-25T14:08:49.286Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-nl.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-02-25 14:08:49,286 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-02-25 14:08:49,287 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:08:49,287 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:08:49,287 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:08:49,287 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:08:49,287 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:08:49,287 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:08:49,287 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:08:49,287 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-nl.otc.t-systems.com
2021-02-25 14:08:49,288 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:49,288 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:08:49,288 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-02-25 14:08:49,288 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_eae5ea88-2045-47ea-b426-772051b502c0', issue instant '2021-02-25T14:08:49.286Z', entityID 'https://iam.eu-nl.otc.t-systems.com'
2021-02-25 14:08:49,288 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-nl.otc.t-systems.com' does not require AuthnRequests to be signed
2021-02-25 14:08:49,288 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-02-25 14:08:49,289 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:08:49,289 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:08:49,289 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:08:49,289 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:08:49,289 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:49,289 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:08:49,289 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:08:49,289 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:08:49,289 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:08:49,289 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-02-25 14:08:49,289 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:08:49,289 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:08:49,289 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:08:49,289 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:08:49,290 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:08:49,290 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:08:49,290 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:08:49,290 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:08:49,290 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:08:49,290 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:08:49,290 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-nl.otc.t-systems.com
2021-02-25 14:08:49,290 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-02-25 14:08:49,290 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:08:49,290 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:08:49,290 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-02-25 14:08:49,303 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:08:49,304 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:08:49.304Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:08:49,304 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:08:49,304 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:08:49,304 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-02-25 14:08:49,305 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:08:49,305 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:08:49,305 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:49,305 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:08:49,305 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-02-25 14:08:49,305 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-02-25 14:08:49,305 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-02-25 14:08:49,483 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-nl.otc.t-systems.com'
2021-02-25 14:08:49,483 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-02-25 14:08:49,483 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-02-25 14:08:49,837 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-02-25 14:08:49,837 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-02-25 14:08:49,837 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-02-25 14:08:49,837 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@277457280::identifier=rick, context=org.apache.velocity.VelocityContext@39c71d8b]
2021-02-25 14:08:49,837 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@277457280::identifier=rick, context=org.apache.velocity.VelocityContext@39c71d8b]
2021-02-25 14:08:49,839 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-02-25 14:08:49,839 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-02-25 14:08:49,839 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-02-25 14:08:49,839 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-02-25 14:08:49,839 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-02-25 14:08:49,839 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-02-25 14:08:49,839 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-02-25 14:08:49,839 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 40f4171fe4552f057b24d75b4a30f42b771a234ce7c5980622835748a3f44edb for principal rick
2021-02-25 14:08:49,840 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@77cc263b'
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:08:49,841 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-02-25 14:08:49,841 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210225T140849Z|https://iam.eu-nl.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2021-02-25 14:08:49,842 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:08:49,842 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-02-25 14:08:49,842 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:08:49,842 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:08:49,842 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:08:49,842 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-02-25 14:08:49,842 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-02-25 14:08:49,842 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-02-25 14:08:50,018 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-nl.otc.t-systems.com'
2021-02-25 14:08:50,018 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-02-25 14:08:50,018 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-02-25 14:08:50,018 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-02-25 14:08:50,018 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-02-25 14:08:50,018 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-02-25 14:08:50,035 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-02-25 14:08:50,035 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-02-25 14:08:50,035 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=flextgsamldev, acsURL=null, relayState=null, time=2021-02-25T14:08:50.035Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_6599b4f6-db54-4590-902f-012223a211f9"
    IssueInstant="2021-02-25T14:08:50.035Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">flextgsamldev</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-02-25 14:08:50,035 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-02-25 14:08:50,036 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'flextgsamldev' from origin source
2021-02-25 14:08:50,036 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-02-25 14:08:50,036 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-02-25 14:08:50,036 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-02-25 14:08:50,036 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-02-25 14:08:50,036 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-02-25 14:08:50,036 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-02-25 14:08:50,036 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-02-25 14:08:50,036 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer flextgsamldev
2021-02-25 14:08:50,036 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:50,037 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-02-25 14:08:50,037 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-02-25 14:08:50,037 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_6599b4f6-db54-4590-902f-012223a211f9', issue instant '2021-02-25T14:08:50.035Z', entityID 'flextgsamldev'
2021-02-25 14:08:50,037 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'flextgsamldev' does not require AuthnRequests to be signed
2021-02-25 14:08:50,037 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-02-25 14:08:50,037 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-02-25 14:08:50,037 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-02-25 14:08:50,037 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-02-25 14:08:50,037 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-02-25 14:08:50,037 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:50,038 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-02-25 14:08:50,038 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-02-25 14:08:50,038 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-02-25 14:08:50,038 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-02-25 14:08:50,038 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://mydev.flextg.com/sso/assert using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-02-25 14:08:50,038 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-02-25 14:08:50,038 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-02-25 14:08:50,038 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-02-25 14:08:50,038 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-02-25 14:08:50,038 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-02-25 14:08:50,038 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-02-25 14:08:50,038 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-02-25 14:08:50,038 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-02-25 14:08:50,038 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-02-25 14:08:50,038 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-02-25 14:08:50,038 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: flextgsamldev
2021-02-25 14:08:50,038 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-02-25 14:08:50,039 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:08:50,039 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-02-25 14:08:50,039 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-02-25 14:08:50,039 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-02-25 14:08:50,040 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-02-25T14:08:50.040Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-02-25 14:08:50,040 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-02-25 14:08:50,040 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-02-25 14:08:50,040 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:08:50,040 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e to 2021-02-25T15:08:50.040Z
2021-02-25 14:08:50,040 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:08:50,040 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-02-25 14:08:50,041 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-02-25 14:08:50,041 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-02-25 14:08:50,041 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:50,041 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-02-25 14:08:50,041 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-02-25 14:08:50,041 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-02-25 14:08:50,041 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-02-25 14:08:50,041 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:08:50,041 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-02-25 14:08:50,042 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@165e1a8d'
2021-02-25 14:08:50,043 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:08:50,043 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:flextgsamldev'
2021-02-25 14:08:50,043 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@a9a25ca' with context 'intercept/attribute-release' and key 'rick:flextgsamldev'
2021-02-25 14:08:50,043 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:flextgsamldev' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1645797636700' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-02-25 14:08:50,043 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:08:50,043 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:08:50,043 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-02-25 14:08:50,043 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-02-25 14:08:50,043 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-02-25 14:08:50,043 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@165e1a8d'
2021-02-25 14:08:50,043 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:50,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-02-25 14:08:50,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-02-25 14:08:50,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-02-25 14:08:50,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-02-25 14:08:50,045 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-02-25 14:08:50,045 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _20d07416f309c7161ea828424805bbcc
2021-02-25 14:08:50,045 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _20d07416f309c7161ea828424805bbcc to Response _b6533b53fc32b07a7af39cd8a28701fd
2021-02-25 14:08:50,045 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _20d07416f309c7161ea828424805bbcc
2021-02-25 14:08:50,046 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-02-25 14:08:50,046 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-02-25 14:08:50,046 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-02-25 14:08:50,046 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-02-25 14:08:50,046 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-02-25 14:08:50,046 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-02-25 14:08:50,046 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-02-25 14:08:50,046 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-02-25 14:08:50,046 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-02-25 14:08:50,046 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-02-25 14:08:50,047 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-02-25 14:08:50,047 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxDW45MMjjXTDawQhl3ZuE5ShEPVi77UJco9gbutRwDpu/QXNes1rNl79fL6rebhCcAORj2yDsOPDQmJhi+YgKxsvRN3zI81Ricq46cLiS/64= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 103.161.98.76
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://mydev.flextg.com/sso/assert
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _20d07416f309c7161ea828424805bbcc
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _20d07416f309c7161ea828424805bbcc did not already contain Conditions, one was added
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-02-25T14:13:50.044Z, to Assertion _20d07416f309c7161ea828424805bbcc
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _20d07416f309c7161ea828424805bbcc already contained Conditions, nothing was done
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _20d07416f309c7161ea828424805bbcc already contained Conditions, nothing was done
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding flextgsamldev as an Audience of the AudienceRestriction
2021-02-25 14:08:50,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _20d07416f309c7161ea828424805bbcc
2021-02-25 14:08:50,048 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party flextgsamldev to existing session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:08:50,048 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service flextgsamldev in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:08:50,048 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:08:50,049 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service flextgsamldev in session 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e
2021-02-25 14:08:50,049 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:08:50,049 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 941d7e6543c73bc873b1260ceaf8b3d7ee656cdf5541eb5dc2f3d66ad338f26e: replaced old SPSession for service flextgsamldev
2021-02-25 14:08:50,049 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID flextgsamldev and key AAdzZWNyZXQxH2tK4NcjnKPF1nlI/atJtFRF81aN6KsXvlKuZCdjWjgWZxwmox7nmu+r2x2TA4FcsqSfuFxQOt37E/0n+QDibZSkWEm8zAR98P1KXSeFbdY=
2021-02-25 14:08:50,049 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID flextgsamldev and key AAdzZWNyZXQxDW45MMjjXTDawQhl3ZuE5ShEPVi77UJco9gbutRwDpu/QXNes1rNl79fL6rebhCcAORj2yDsOPDQmJhi+YgKxsvRN3zI81Ricq46cLiS/64=
2021-02-25 14:08:50,049 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party flextgsamldev was replaced
2021-02-25 14:08:50,049 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-02-25 14:08:50,049 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-02-25 14:08:50,049 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-02-25 14:08:50,050 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_b6533b53fc32b07a7af39cd8a28701fd"
    IssueInstant="2021-02-25T14:08:50.044Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_20d07416f309c7161ea828424805bbcc"
        IssueInstant="2021-02-25T14:08:50.044Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="flextgsamldev" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxDW45MMjjXTDawQhl3ZuE5ShEPVi77UJco9gbutRwDpu/QXNes1rNl79fL6rebhCcAORj2yDsOPDQmJhi+YgKxsvRN3zI81Ricq46cLiS/64=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="103.161.98.76"
                    NotOnOrAfter="2021-02-25T14:13:50.047Z" Recipient="https://mydev.flextg.com/sso/assert"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-02-25T14:08:50.044Z" NotOnOrAfter="2021-02-25T14:13:50.044Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>flextgsamldev</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-02-25T13:45:04.399Z" SessionIndex="_b63b305aaebde35a0102d5c8b6446fbe">
            <saml2:SubjectLocality Address="103.161.98.76"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-02-25 14:08:50,052 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://mydev.flextg.com/sso/assert
2021-02-25 14:08:50,052 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://mydev.flextg.com/sso/assert
2021-02-25 14:08:50,052 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b6533b53fc32b07a7af39cd8a28701fd"
2021-02-25 14:08:50,052 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b6533b53fc32b07a7af39cd8a28701fd and Element was [saml2p:Response: null]
2021-02-25 14:08:50,052 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b6533b53fc32b07a7af39cd8a28701fd"
2021-02-25 14:08:50,052 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b6533b53fc32b07a7af39cd8a28701fd and Element was [saml2p:Response: null]
2021-02-25 14:08:50,054 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-02-25 14:08:50,054 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://mydev.flextg.com/sso/assert' with encoded value 'https&#x3a;&#x2f;&#x2f;mydev.flextg.com&#x2f;sso&#x2f;assert'
2021-02-25 14:08:50,054 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-02-25 14:08:50,056 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://mydev.flextg.com/sso/assert"
    ID="_b6533b53fc32b07a7af39cd8a28701fd"
    IssueInstant="2021-02-25T14:08:50.044Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_b6533b53fc32b07a7af39cd8a28701fd">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>3dG0JxGMrcWHJjrHes7c3Q13aCSjthsKanQdQObfNL8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>kepKaV9ILIMP7m1+zSSLXNDdJ7CGASNdnNbHxTXCn9lMLCKxIchZSb7WnRG1lp+RVAPhI/hHsEcahyC2ujvoUun3927xAg5eiuZQNO9msZ2ddirW2b/Cx49xie609r8pDYy4zX3tAY4KH/CtAkzpdK+EnA+VllZI4HXZVo0myK/XJ7s9bIQiRZsRGOWCEMi0ifXWKL7XjQt8oh78y9quY27XFuV1KPt10u+X8fRryFB6rzYrphcJJuJCEWJe8Y2gDwrtVD1+6HTwCEChnwVBuRRdZKFsSIGTNE4+QgspfAK7zaWRQjAWZSPDo5VCj3vuO8zqZNjVnAjfGhXC71eMVg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_2ee423608604ce7a4977e42add31cdfd"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_ff23e3b8e0d425f24519c09e4ddf9417"
                    Recipient="flextgsamldev" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIF6TCCA9GgAwIBAgIUPG4sFZXAZORpoWAwSkp7vu0IUawwDQYJKoZIhvcNAQELBQAwgYMxCzAJ
BgNVBAYTAlVTMQswCQYDVQQIDAJBWjENMAsGA1UEBwwETWVzYTEPMA0GA1UECgwGRmxleHRnMQww
CgYDVQQLDANGQ1AxFjAUBgNVBAMMDW15LmZsZXh0Zy5jb20xITAfBgkqhkiG9w0BCQEWEnN1cHBv
cnRAZmxleHRnLmNvbTAeFw0yMTAyMjEwNTI0NDFaFw0yMjAyMjEwNTI0NDFaMIGDMQswCQYDVQQG
EwJVUzELMAkGA1UECAwCQVoxDTALBgNVBAcMBE1lc2ExDzANBgNVBAoMBkZsZXh0ZzEMMAoGA1UE
CwwDRkNQMRYwFAYDVQQDDA1teS5mbGV4dGcuY29tMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGZs
ZXh0Zy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC8B31D4CpLPjhL/v/QHo1x
Lj3ZKv5+Vcb5EEAd/PdBHOtzlUvYPQTHwrkcZok2iE6fBks3a/4aJWb7eAXBlFmrYjw+mXw5VNTT
K4RI9fOWEhNJbiuw49E9/52ool3Im+lVmgEDTRv+a8jCywObU6qUnhVdlhgSBOEjsfRDynrwfJkK
aVIVr3DAWS0ZtkZ1mVfcNYHcd8r5fTiaoM1ocC4UorQwZCkeT7fJU4rhJy+CQVygXxJ0LFK6L16H
ml1uK8qYF5+L8RvkiYsEFDPC4+o3x8OoqwsDny203s4Q6O2z7EzgpLxxa7Am1kMFJRopDJ5Dbemp
z+OVtGgmdlkMG/XG/zx3W66u9ipKhgoyBXm7NSfHzrJ1px9XBatC1h2z0AijnV6ICTJe4Fbfn8Qv
Xz1rDwdV7DDj96VPYr0qgOBIaPKxamy3MXMUec0W5ysVZpxatWW8TmRyDqvawpLQzLvbpQOqx+nE
iiR6YIQL9vrF6fUmkgXEf28JiV2y4wSnCQgQC5i/HuKIiBt9/170ogNRJNNd49JwjqeENE3Ib8ne
O0hG7Q+TraAompQ+FeDp5vzZ4Zq4M+LPRlb/VcUkIwIy5/E8FRqbhMyG1oOjT2sd23zXxKtjGTdM
K2OPumJY9zw+iniNihCaSVNQVRI92XFLEZvGj22C5Y84EpDrikghbQIDAQABo1MwUTAdBgNVHQ4E
FgQUR31X5fJV9DyYC9ejfAWDYKY5fbQwHwYDVR0jBBgwFoAUR31X5fJV9DyYC9ejfAWDYKY5fbQw
DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAevymonukophI+n2JNTeV7XU9i3mQ
Rw1fdERsgwUZMnxg0u72tHiszlSCNrzvTVPCk/j3r4n7ez26cK0iaRPx9e5BlGutb48i6BpG0AIP
kAnWfjmgSSqQJudHNlA1NWEsjzuWm+nJkf3gaA9wA9CYTnRWHShdVkEt2NJ4FG5Lr0UXfRkEsiCT
959q0qi7CQXE66MCehxoMZhP8emXRb/ciMNXNYFQKIF+oPNiJwbs1LfTgBJJp812InPKKiJDbIPV
mC98n4Vi3h/rbSbb1irK/Pe9y0u21fmieyUaKGJ72mnK+cRW9JEcdVW49UdWDvUFQps+FSKElDWo
c+IW1Cdjgai+DK7wh6yvu7Q04urxaKC+wIMnxXTaZMX96CQUx1PX8K6RRHp66Bz5q8lls9mbZKID
qX8+mri1h+GJM5B6e78tKGWX8Ekr35Q0ag8yMljNQgOU+XpGG54ItCqgjUa64CIGZhRQ3Sn+BPd7
AvH03URumdPjO9IB3Yku0eAPw/siAiEFmKFr7JZPNrYBGUraIsvzhk2wkZ1JFbD/EjbhKsVSlNFg
5smM06VYfx0m44tndYKVm7Uhf1kD/7xcPN4hoJ3dRJe1dTtf5AYt9qj3GNkW28UmnGVhS+WnTXZi
8qoLfGECQQf1PrdYdp56QSH4ZIk/c5MHFe9a3EXX7gqhOrY=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Nh3ISTrRLEkVHPJMLkbrgzdFkWCJVegnDNv+tw0LHoIuI/Uf85lTeWO60rNKNZ2gdjzAQCAJr5wk8n4SmUgFvMEl9FKX7oMeuXkwk7v+cAnBOJ/5mXNVTpDyFrKQZtQXaER5tgU/D0jmEq+Y6pJr7wQxFKha6RNdADHkkVJosjB0vgYPP7cFiPdgpVzdgUw8gevYCkH21KTUoRHTnmHOck4w210qJ2kCZ8BVjVNiIkzda9WkYQc61UlcGPXkOZdj6nsX3KmbLG/Z0fkDvytcbZpiXpjSoXmFIB4op3cRs7xFebmrO12+3Jbj2tZpC3Icit2aMS5p3jM8WlhDvIsgercN3wvjBQ5JdYIyTEPodlTc1U+HmNmmRSRaHwmaieZSzm/fZji9a8f0OtjOlhRYS194HNqpNnmTTdoHUjmL1RoVzEbs3j89z7p93u5Deu8y78eh61h7oXc7XGh+v+V5bUsaxvC5327vV3H/pU7VSjpQDGmmDAfX3xnXYh02/o9R5jTea11bIjsilQOLPxuLSJYhYEYW7nzBOeWoq6JSyAAS+KoP8y+nuY/FfEhUYaKrQc6klx5DobqMIzHFZV8JonEcbUc2idflR/XEwz1DNaey3S0kCvjKWeyZEtWNKaTHbJQa5S31zWyzeiygudb7iMe5Q4iu+xT4SFYV8EkLyxI=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>DQ4P8BzUdkAAE9xkDjAiMSrdsLkLOHrULtvuXn9GcFQk8KI1oS5YuVxKu/3VC6NpXX1FgkqII5S4adcvH/fDXkwBoYWcZsYi/g2/Ea3B3283gYVZcBJL/f831cF7zplnjNa0yFjy+uhlXa1Iz21TAC5ZZCnDS1JEhX0eWmkhYYZ+WKZb2VpHf6wWqj9zWEHR9jyZkd/Vk6ChILoqa2pSX+WFSXQZ7FS2FoB3lu0iv33odYTypGEIYU4XVdt2orEZvUg7pf1EX6CZmXz+WAHJM+SronxO66epJBelsmhEuchnc+FPl+e3qLk6zZ1lP0q6DiUnTqS/UpWCP39ntP4vjpw9sQBWk1S4RhVdrQtmTUuZ+Bk3gvAgZROPIOOm0sce7eJianZy0c+q9UAF6qUCoGHBYRRpBr3GAEw1/HdBePdI343qMrm/BC0DZRVH3GRxcCga7ssPvI3YJnhi5YC5Dx5DJ38Tt5WzmHPwppt49CVvO50ogW2upGmS1y6OEdStSYplW24VJ5TtRg5OrXZygrzRNKSrhR+8lgS9YkFJjnALoWRv6CLaA5bTiANMtFcFPXCRB38eXEWSSZ6Iky0RPQvuoAsP8m3wUnmlQxicM/RdvP99vIlWVQVtXlikcuA/nSYKy/eLgDtUUPVERye8+cpwRk/kl2VacT2J2icerWqKzgvxw+oTwbu4jkgcJhFjEajClgqJNQZ48/6VQRt+GPRXj6peAcZ7Wv9gtYRM8DMswIdH811t+mc5++QWYwJFJRa9INZh95/BmXcHmvl8DTmEcH1Dc2CZ9uI6XeVPfhW5X2oZ5tLf+99axYiiX69scxhrqivLJJOSJhTC5MW+niOMs3N9db9VM8ckv1eyieaAd5lUsR6I45tzVnXL8QhZpbchvt3vEDPiX0us7Wa3cVfDlSE55NWY200zM0vxO5Jt58JKemrr8oYDd07flPrbLFsdC0geRGsyzXbQxJKDVgHOPHjdviZCkqMz1PivShT0DbWXH/T7oWF1maEHDPdKjnnH3rwD417eDWVZ3p1xVmhXYG22sxMOQ6kQ4GEwJadfhTrH3o3AJ8FNvJ/fprW9Z8HzGnNGDMum4f+5kkXUSRyu1KLfD2XCJ9mHpgkuxO3T9aPex6tjC/WA5RHYvXKPokE6uU77bs9+vygYW7Q+Rj3zEY3D5GaIG69fFuxbawJdeHjsRIsLXb6L0UyqKb03EtcYNM+vD4YnaN1xX8KBbuyelDnDqNiENAovMFEhmKA/A7HML5x+POUApLfCrjb7SWwu0T6xlS4ZarQepvEb8yJtplBjwpp6IjpKHnZeFPCBfTxFbpQzo2B+OqMPNMoIpTX7Z1ie3xv2g2VGb8EsOolib0Y7haXWWhPna5ncXf3EXnDCufFHMAfTtojDWhOLXErZoTtaXsHwwMI7sD/x9zM3DnK5XsZ0xR3gB02oTbooyPhsvrhtHVhdwVb8Z2LEYV+9UuWVJjMoDMuapc9wt0YuwFeevMoQyRKnsN5B1YJR8YB7Pzv/zdbUTFuIXCEuvg17foqeiI/T9hRZdqShBGUtGIpLaY+IOwjefDJ3cVoylpmJtWESsx0N+k2+/nJzFQlZxS+GqaBhBcr4AdVBODMNVMETJIM03g/Abpji/DGn9IkGiJZJk1ErdD3hDJllqUo/DIRT2hP/Ln9FHOYEh60IYv26ZKidbcvQvr/pEPym4EZpGEcgSBpws+iBRhSYzFvGZYl/gMrjuPKYZVhx3L/kQWZGcYXaCaus1y6VQvf/+Z9Z+s2c3OCXhxplQgpH3Yn9SYJfGtGGWll26qMt3fH54x3QpIfiHdOMi8wKxLzY3PetJokDMLVgeSFKjBYULVukFkTTEBpxKYr8dIuujONiQhjnhHxGCx3EXTTPdRO75UAFARMSXhmAfqrcQ9hatbklM+XDDA+7VNCUr4ikiLVbTTQBMKQRHwhG62qFfMRO9YIXfDbAeC/Nyf6f7khydgOvdEk24ekY2XnkBWF3RvWtlcl6yvIu5aPN5xPKBN/DShPIf6muYf70HsiW7Z8yCYeTIccsgOdSGiqBFFnr5jm1SSksQeHKU4OAeHon/2VI6D3nUUIXwn7uSseKRdv4O+t//5VoflEvfsToDzzGG5hbaU1MuZaJNWLOk91Qq9iUbumTjbdeTyjSbWrxGamspc8xSwODH5CHFTWMwrvb7L1GjdJwIsmY197ZIyxCgLwNp6eMfIijsMFdfi2e5AvHU7ncHWdV093At2CXfHVwbtrBSobHNEjOy7X5dYSCwn0m5/4gVSXyP5/nNAZfNOTV/OSXz1C1QYmqH2vQiYXZ7/JS2gaga588LD6pRCVJe0L422rL/aYtduDGGC1MNS0K2bi/C+eYxTJLmudBznSmqjDZBqwVy4d4cauga3LG8DBZgpY6Zzm3ET+g0plSMWJnbI4t2Vw8bk3EYas7IWNj/nRtx2xn5VlTxPslyKo8uE0E5jcEOgb8Ku6uJDbX8ZWrj+XolhQO9c32a7OdYZvLbGQnGCsISA+0HZn/HictgVZckIlHRJLdf6MlO+Gtke5XrMoNryEv8BaoOhxHHBbh79bP6e/X0DnB7RCwcMDx9+VmUZAuuZmIUAlktqdWu0jHaFPuEAIc9FhbS/HD8qmpZjXSX7YzNK/goVtlVE5H31C/4AJcu9JBOE6mjGBGna44OGAoN+GRMxeMvJuSY5bWgJANBnAOITNx/HzxQDksREr07zlQmUr2WH3T/mB6V9VZzNX2VZk323dBSR4/VhJ9g+8D4lu3b3C3DqdOWOLGkH67rb5OJ2Ao7Xhm8qF8arD9V093OdggWkHLayKEmBAPTMU6Jcl/fH4MCUaX3AVrIY0xWv8Oilh3UaL2DYKs2HU1jtDjrSM0OBGvv94HFlJi35OpbzXAE4owkX2ysGG2JgNGBKO3s8eP0iiPBFVK++M8zihMO4YYeTMUNZ/SuxCldxStt+eMO9Feyo/4H29RhFR8BDjPELMEREbwJ9sA6/zuZWQmlYRYbNr36zg//YKTiSJLecNfxfWhvDiokuCmU1xrNP8gVxkrWnrU1OhhHhsbaTc0H2pTr54aChSLfuv/sVDH/iLV8wRSou2V410CUJcoP+s3m16x2oovuVJeDo8U9OHLY7D+Pnse7AMnKG95ccI14Wg2NUzC4MJsVOk1m1ZqubtJ+jQ44p30ct6QwxDy8IISl10eSJQX3yVAN8BnDOV8FPbuvF+CKc4s9v4Tj48ijvh2ue4TqvyaV7rlNeVtHIBpyfAwUp7sVVDOUCC1vCec7Jp0EeFj52AOUKuVAa3lqjAs2eHWWwbb+ewyVlyr87walUTtUS2/wIjr1cbPZzMaYstKxcezBudWvoLpcKRKaLMNc7n7xF49eCCdO6xSj9eYHIAMqRnmJP6Q0+GMaRgN38+8+Y0G6pJSqT8IhxkIwHVoUbFKLr5eQD34gg9hBEuYK6yTE5Hdz8GXluFtYXpczrO2XBypFYt/oXcX1Ms8HRiDsC5xkLYcV8cbUJxO7FoPt7kqU+q/MeKqzGUfZDWtHHS7CxIpolYOqfPlr+FZV8N8Z3PqJf14+/plqSKBPU7OqD5lQ8dS6I8MX1rXNb8wbfQDjzE4CMwrhy4eX6RZHRo2n2YY7Qd3NjP/SmdFVTXrEjk08rfPezA8AJzjKHoCqOYVcN7iRGzCaGtMu31y5HrGg6LeZ0u7lQ1d7gwQRct8dbRKJCWrNyzepl2jVru3iM9RJuk5cH7/XbQiYlhf0E54Od2j+ceW8J31ZjxIFfCtIkpJDr2LL8Q3XQqjgNcIdgNuaeS+ND+60WxBWKxIu20e0CRsktlPnHuyk4sckp1PAdh9b0ON8WjwKta0wq8pPf5fpWrWOPgq7afl5e6emFksXukq+m8wSicgwmcF1eaxf8x8fp78DD5s9GvB0J/H7X+8LRn36nRXEwOD8kblAni8B/oYFnMzQsHv/iHOdX/k4jTKUk2Inw5Qc1v7ULSQ6htWiNVx7NHBRgzrCp2FFhxG1GKLVB0yatYGBLjVAeVQG4EoH1WlJ4p1D9OTb7h53XoYVVqq1oJEhu2a/OvW3oky8StwRZ8fcHzwMD90BvZ03MVqXp8TSBOKXNIvpQ3uhliaG8ibqvl7Z+DudtUmqmJ/elBjkXg5KW529ViTgJLn7B7NPHecLawMiEvUj2gsy/GpEALVV8L6BA3FihsAY7w0GAn8lFuDoEzrCUyPhMAgkhKluN6CvbelOCN3U6Y06gOzFoAnJiEVDZYrJrB8eOPRQ1a57l/f1W9rY6iqIKzNkzkmlsHouwUYQRpLJDUkmsihqqakwilkMH4jGXLwveZDnPNsumsbwX7ojQE25Rda1UL2gp4hWunbQ/vBeNzJJXBngWY45URemnyKNuKPd6tjdxkVYl/vy/m5VNR8n28x7+cViWZjzCAhgWbqNrX7rDG22sUvDFNxXtTvnqMC2uq41nQIfSPnKXE0eg5ZtcbRSUR95+7369ix6UNvwv9OC3IAqEONuHOBmbU+n2Ehr+7WA38OTaCKEfPAiPdnA7/1G8t0XFg42O7u/0LKH8VD9kgCM17RguFk+SIgS5rrhAsJF94JRFKoKxMYqkOEJ36FA2s0vPAHSs3N0I99a4cIh/NV9RwKtXbmY9DsRMsQKfvR3GOsAvYweZAvN7w72Mp7aDw/UkbL5OWWlr324Zn2lTs+sUbVRHvRfnOJH38TqWOQs6D7X6HXF6ZexDyZnKz6BUm//7H5uezRqRmXEga4GjQHoGd99sSBTrBOPXWIcInf+WQNZJ7uwlMdwNXZX1kYNPoV/Zz1tcfcrr6Na9FY0qMSo0un4iayJOoTz4K2cvMY1+JqmNx90JpJU4l4/rR3opRvGMxcio8XZgEA52JyEkFuNR6cYilaFwPsv3gAweD1B2FElP7hmBsE2S/li/0ZLQs3VhR7Ygf1rJrEqDsiIn+J4LofbX53x4s/cKM=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-02-25 14:08:50,056 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-02-25 14:08:50,056 - INFO [Shibboleth-Audit.SSO:?] - 20210225T140850Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_6599b4f6-db54-4590-902f-012223a211f9|flextgsamldev|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b6533b53fc32b07a7af39cd8a28701fd|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxDW45MMjjXTDawQhl3ZuE5ShEPVi77UJco9gbutRwDpu/QXNes1rNl79fL6rebhCcAORj2yDsOPDQmJhi+YgKxsvRN3zI81Ricq46cLiS/64=|_20d07416f309c7161ea828424805bbcc|
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-02-25 14:08:50,199 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210225T140850Z|https://iam.eu-nl.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-nl.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1645798130199}'
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-nl.otc.t-systems.com]' as '["rick:https://iam.eu-nl.otc.t-systems.com"]'
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@77cc263b'
2021-02-25 14:08:50,199 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-02-25 14:08:50,200 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-02-25 14:08:50,200 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-02-25 14:08:50,200 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-02-25 14:08:50,200 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-02-25 14:08:50,201 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-02-25 14:08:50,201 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2c466f4f27c349de4b28d09748576e66
2021-02-25 14:08:50,201 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2c466f4f27c349de4b28d09748576e66 to Response _7ac12aad3c6f2a56c7069cdb6e829496
2021-02-25 14:08:50,201 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2c466f4f27c349de4b28d09748576e66
2021-02-25 14:08:50,201 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-02-25 14:08:50,201 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-02-25 14:08:50,201 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-02-25 14:08:50,202 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-02-25 14:08:50,202 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-02-25 14:08:50,202 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-02-25 14:08:50,202 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-02-25 14:08:50,202 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-02-25 14:08:50,202 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-02-25 14:08:50,202 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-02-25 14:08:50,202 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-02-25 14:08:50,202 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxSHglkg74NCodJhYJTkxS1Rwutf0wLBF0orJnd/p2EDRYPPyIM5D0kRa5O1HPvKlzJ2V3QOQsGONch6PxobYx/oRCpEX+703aQLap8VQAMZfuEBUrlxPCdvWhNgo4vdpDngVur4oQ with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-02-25 14:08:50,202 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-02-25 14:08:50,203 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-02-25 14:08:50,203 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2c466f4f27c349de4b28d09748576e66
2021-02-25 14:08:50,203 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2c466f4f27c349de4b28d09748576e66 did not already contain Conditions, one was added
2021-02-25 14:08:50,203 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-02-25 14:08:50,203 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-02-25T14:13:50.200Z, to Assertion _2c466f4f27c349de4b28d09748576e66
2021-02-25 14:08:50,203 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2c466f4f27c349de4b28d09748576e66 already contained Conditions, nothing was done
2021-02-25 14:08:50,203 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-02-25 14:08:50,203 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2c466f4f27c349de4b28d09748576e66 already contained Conditions, nothing was done
2021-02-25 14:08:50,203 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-02-25 14:08:50,203 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-nl.otc.t-systems.com as an Audience of the AudienceRestriction
2021-02-25 14:08:50,203 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2c466f4f27c349de4b28d09748576e66
2021-02-25 14:08:50,203 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-nl.otc.t-systems.com to existing session 40f4171fe4552f057b24d75b4a30f42b771a234ce7c5980622835748a3f44edb
2021-02-25 14:08:50,203 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-nl.otc.t-systems.com in session 40f4171fe4552f057b24d75b4a30f42b771a234ce7c5980622835748a3f44edb
2021-02-25 14:08:50,203 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-02-25 14:08:50,204 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-nl.otc.t-systems.com and key AAdzZWNyZXQxSHglkg74NCodJhYJTkxS1Rwutf0wLBF0orJnd/p2EDRYPPyIM5D0kRa5O1HPvKlzJ2V3QOQsGONch6PxobYx/oRCpEX+703aQLap8VQAMZfuEBUrlxPCdvWhNgo4vdpDngVur4oQ
2021-02-25 14:08:50,204 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-02-25 14:08:50,204 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-02-25 14:08:50,204 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2c466f4f27c349de4b28d09748576e66"
2021-02-25 14:08:50,205 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2c466f4f27c349de4b28d09748576e66 and Element was [saml2:Assertion: null]
2021-02-25 14:08:50,205 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2c466f4f27c349de4b28d09748576e66"
2021-02-25 14:08:50,205 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2c466f4f27c349de4b28d09748576e66 and Element was [saml2:Assertion: null]
2021-02-25 14:08:50,213 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_7ac12aad3c6f2a56c7069cdb6e829496"
    IssueInstant="2021-02-25T14:08:50.200Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2c466f4f27c349de4b28d09748576e66"
        IssueInstant="2021-02-25T14:08:50.200Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_2c466f4f27c349de4b28d09748576e66">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>XROvE47NEXsMiD47k2+/uWNi8t3CQeMiqyqhdwFh+co=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>gVNhDykkBbzYM4nX55S+89MCGIwEKIYUo8D1iXlQL8scQZAZLitg+L9hCbEmO21FFd3h08aLZNbreFzXhSzrGwg3JMRJhGaMvSFkmxz7MimExrUHCmiGVtRzogkXcBo0uHIqO4O6kDwJVZpDtvq5iT3WHHDA366V1zgsFzt+YrymGCHCskunjm5NsyQATGDEkNSpJ8mTsEzX444CcFNHmlyTsDCf1+vPwKs+NxD7FESxkh7DP3La54YJRR5A4JE3OLm18/DIwi+MD0LR12/e/AJtr01Bg9E3m7OQQOlW8HmfaLuFDfdw5zyQrjD2VUfmM7XGt3qc5LuHahXz2f0Vgg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-nl.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxSHglkg74NCodJhYJTkxS1Rwutf0wLBF0orJnd/p2EDRYPPyIM5D0kRa5O1HPvKlzJ2V3QOQsGONch6PxobYx/oRCpEX+703aQLap8VQAMZfuEBUrlxPCdvWhNgo4vdpDngVur4oQ</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-02-25T14:13:50.202Z" Recipient="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-02-25T14:08:50.200Z" NotOnOrAfter="2021-02-25T14:13:50.200Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-nl.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-02-25T14:08:49.839Z" SessionIndex="_bad3a34f892f2390c9789927f793cd8c">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-02-25 14:08:50,215 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-02-25 14:08:50,215 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-02-25 14:08:50,215 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7ac12aad3c6f2a56c7069cdb6e829496"
2021-02-25 14:08:50,215 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7ac12aad3c6f2a56c7069cdb6e829496 and Element was [saml2p:Response: null]
2021-02-25 14:08:50,215 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7ac12aad3c6f2a56c7069cdb6e829496"
2021-02-25 14:08:50,215 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7ac12aad3c6f2a56c7069cdb6e829496 and Element was [saml2p:Response: null]
2021-02-25 14:08:50,217 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-02-25 14:08:50,217 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-nl.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-02-25 14:08:50,217 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-02-25 14:08:50,218 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_7ac12aad3c6f2a56c7069cdb6e829496"
    IssueInstant="2021-02-25T14:08:50.200Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_7ac12aad3c6f2a56c7069cdb6e829496">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>cPqgfmbS0ZJyS+Q3PCyKzgyMFG51f2lXMa86oESHAE0=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>HJMpF7/tX9hu2AlL/RmrXd11XgqWH3COAbgHJ+q7upH9YKh9EwoF4Dv8nWIuvi8cF0p8fQCxKXghydsXOx/Ror6Qf+hz4cHf02y0mkJDcREgepd/9tVSzZmvt6hnxBK7RNwXOJ77HNkXh+yfAKJrjuBMajwqbbHMta06pjtawH5vTObP27vuaqxqbtgObeaJwOrk+IJfJm5/qmXucE5uI5xSIPOnsJaRVRe+PenL/ePBq3nISyDpELf/J93EHZzBxQh/n6taJ1uqr4W89yVtfOpdYnj+wAx4ZgHSTyqJUJ0GW3NmV6PL+V/beZkhCRLt5mW30VttyscwbkuPrbf2zw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_b292a726093836c263ae9cd57e6a9385"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_204b8ac8d9f0d69fcc76ce921b0b044b"
                    Recipient="https://iam.eu-nl.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>PAeVbjw8K9kWfQqYZhqzsy2tWwRH4NC8TW6/VlaU5Qmzy8ohUk4aP3cD+ZjLKmTFVZBiOcCdrVMLIV/d2I23QFIffUXfJJ+AJO3UCFXEQChIC2ZCRzWCNnyJvrDuib7bQ2PBQwGWFBcQ7WU66BTULtDQTj5ajxRhjwbx08maVn8EzGWN8MWRVbkZTTqvuQ4yb/NdIUnbgZumKcCnAEC/EYN9iX5y2ccUHN3Y9LuxZIstMvisbBux7XjS0PEfqq7+qQ8zCSwjEM/O0fxldp7s+csJrkNGQOVma3gqKptsGfWaUIL7j5c2d44qVGjGDq/MwAkAjD9S3Yem3wtI5mTK+f8L9FUajacLF6Wb/rDpzcSH01h24qatc2jq7+q5DtPgmX2o13HLrl8IrjTpIEvF3htklv9ghvkvTS/VdvyURphnLuxPv0ukBKuvPlfibu7TxcpOvYYTAVG6M2yPaqdZD5q56abDx3SYEAr9wGa3vK0X44ll5aB3wQTf4u0Qv93oXW3EHN+1oIfcHYvj4wA1O8gkwvvrucfVIwdu9auhkS74MmvJA0RbtNZOH9zAfEN8C6Avr47VKEVIdVoDMNjsPuMSOaH8sobh7/257e16JBqW4DzlPMXiJR687Smth9Oi6WmWCDNswukfDpEb5kNU4vu4xPUmEtKscCq230SEqsQ=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>/az5O/3BMUI11Rn/2DQ2J6iDHhtR8OlsD1AhqD/3I8ubltYMorRnuFFZn2dAny1o9dIPE80pFLREZNuJeOEudJBfHPNYMJzhCV/bzSZZttoxGiPlNNqBXzA/7NuBHZxh548rIoqxBirUKCceLno+VVf25DPHwOm0KYg8xE0TZyMyu4jCbbbSmIC45hl1uI1eINRE/JxjELBRiFxH+5MTeWG7iuQHlsTWUKQet/2Om443xuctbhqD55PdpTOPFirZWykeCaFSdFkU4Bgt0CNaYJCsBZBXhdJOARlXqJPNmTLsAf98Et05QFOpcuzsBeVXYB64OfUPzVr7ajKnm79wmZ+dijw1AkOra7ZI5sWoCEBl7ILTMEwKZMfR1k+MCzxq+GGknly+/JKMvGtLuo88ZUsiJg9g7dsxNqnNhPCbWC/nusWktFODdtgIMye6u8t9kLqdTKlykOkNdobsQt/J5XKxXIMx8b+EluWED2v6Yd29NPck/nxX1UTPTgz/XqVWpUVYlitJJW+XhWEfcCBq4/s9rC5tu+baCQRFrfl8APHJL7VCNofUqj9nAj/D7Ryl/TT/68HIaPJpO2/C9uhhYBdfy1mHbpbEsDuSAeD9GQMphRVsQo2R13qfdzaXfsLb5F4/JIpt4SoNJ7z/2SWysJ/vKinEtK5TPKtUeQuFW18PJTmrKNsMk/GkA0FmhhtOQGRhM6Hyxazhu1UyQekB/nQpHbpGBAWYL3o9MkFJlV+I8aE0hb0LyANZfH8NvVjaGZ3DgzVPrGvi0aBsvK2fJh+7eTy5C8cfG4kz/ntLtzUi7cofyi2eK737gn3QtGu6kYt/toha2BzbWNMJmxCqmhCJxQdfNRCbfoH8G7Qap4qXblmqOPpwmaoSh6m7ymqHn/BUK/C09GZj3Lf871Wzh6yp2AnRQTkDChO6Xg3RU14XSn3cyg7ms1nYi7gktYMbsR4I10SbKem/tG8X983fzjVJCyCceH6bkOCHFQ4iWmGw6c2QGzwjbUbYbozoPxGfKpj2pSyobkGkXbdsKvzE5S/PNsl5fPuzj6XuhG9ONveLkSzuzELVMARUO3gx9zZI1DgR89me7pI4aRBqQPBekUN0aPtskHqFJ1ioTDTymeqNyYBwMlJ8f20NNi89hlaNwaOK9TutMcfvQlA9j58nUjBqQbEEsLl5BjivqTI3mEQbtxQBXVCCWBsO0f/UtAtCJnOdFOTaONY/M1HEYlEYwMhoGYEH0qBOkHWF0fxH9CIWPn/t+CLPhGxD6XHW4Mw5hbTeYRixWawl/F0Ji8UzfWfaS/7jt/JRPQHbKp7+86ika92W+dcdieGMuJKGkb0wXi4lA0qYEDtVgESiMHjwqt6DpiH8H+X8pzcfGUVkLlSxDPAFk/qJzmS7Hl+ox4hkouRA6VcGdUjjiVwyh3ysena3osmZWHYIT4BA9yBXiZ+Mr+u5qQj4P2l6WgwLEVYyYblbPXKAgR841tJIvUh2cdg2znp3z0eYrLjhdJegHHWfjMq7lM32uzsEfwDJSY+E3P5Zgjb5KObF54NtHAPxmLMyer7lVv0gsPnTAMPas0/B+37u7/1lCsIjnel2RckYCVYcX7hCutLFkmKbqmPM5wpt5ymMDXjZbzw3gb6AcN0tpVLNVqOUJAgdsHd9o9aUlpXuGjJ/E+/BDvCnfrhgMTiR3EeQ2a6uQ0pgUuwsn8hc4Qftm5wz+TAHG6p2CkhWm70J7NuaPP6BeRESwSuVKYOTe0NJ9B7Fr1XsxvY+sSbCkevELTO/GZAMOwbIc6QN9+FSxuQ3QfkrXOpQAUoxjTGQWpq0Z873GlN0u0jC4mONARl4R+O+I2plPqqE2iwIeXimEkoNUb6ZMHZtggW8+EgeJSv8OWf3a5sezAFcPZmZRKa3FMcIMqRogFElmqpoB1LoRS7g/CBmEhgJR7Lo/6aLSyxtsgFSUHQmSOwhX8K092Bj5DdkG5yJ4rXwtRsNiA5FKkN7AQrkvCs3vDzvcJbjVtP93cYO/u+lL/EyF08HACZ30RI9PDbRiuEqhNHw52GQmU4ftlAk9hR9WuU+OhTQKSZY4iiPqZCGIyz/XnmUYxQtJzUpOyCwbehxxBpZctgsZ7fyQ6Gt5eLJ8l1m8lHl/74bCE3lWQSqQcpfV6oXF8hFcTT+hVkdXbdZx63hkESkaKiyLhyrwsC1AHZ7fPOt3RNKKicZz1VWUY6MqNjLI51mq6pZl6e35Nq3JQaieaJpqcxWyxbBZdsB42/59wAl0mBXlUtSKNd1NOg253KfyJD5qF5h5kGrScHgEfdQA7v/QK4+u+xyD6+mAg93MeZMXIugLHyLzErVcrX7jM1dNjMB/zx+LGMgMg3bkQuwp0utJgd5GD4VpxuSr2PZl7IAm71pG+3lbWXz2m6mEsMdSOsVu086n2z9pGD84khKtJtM7c38KCyJjRI6rFW/oo0TiRELCUUuUhJ+z6QNdHAvzrVLnDCMMom4YO4qnWa8x9VJL9Cce45Uq9z3wJ0bEwHoApQRrd6KCslrjPUnYZyazQjZT+1Z09sfAkxHtKswDruaU7ZLEx8taZQRX+fq7w9B339tAPyIJFV48bupd/AFnZsXHziWn9jW4H67O2thBODshD9WsQgVDouMrjpdb+3cy6rWmj/R/6iEqOxAJ0sSMv+uxwCuxiqn+wFtL69CQRtvfMochmHVVXDoeAbeRPA9a2AbkOzLmtBY1tjgarDPMc9TOyQ7JQwVDu0Vgpoq2uS/GkcBQSqx0INmIRWeG6iUgoXvx3jGZbc0MmADZZukkYNCmTi1efYfesteWvoE7C8DWKJv19KHHq1gxk2v22C9cZPFDqCdyVAs6Dr7XTGG5B1AroyV0JTEZDAeoVQaPrvqsoZbXjqUbgiTYliTE/crLwP7X/QeCIkrMuid+cCo7xehQbpS6neB6zmkHS/61WggYcuKGzj89i94BclTYYEkfFDtZiSSkatxhcLjFRdtNXhBM/E2fKxKSukrr/tCDOjC9LjCddH+jEGNEkP77a1FMJore86H7dGRoyTGVUUu8WZ8xK8bSlQF0g8OWN49Z5DpLqZbG5vWPw6fNa7N7kqSZBNi2s7L6jdpixkc/RC9NXr5h1QlpQKukj3WiRWM+nOdmBHwu0i6Xrq+DH/Vc6IvUBh3oZe4Ds43B5ZZ0MgVRN0dv4woxzj0onPl2/irZf+DoHY/8YbDqHwfruqdSjHG19VovK96o80+cVKj1OvOcIuonW3rwCXFPJdMvCf3UtdEO6VZik3ynkqzDZh3X2vaIRNq53J5/FoXw9ItXIei2JXDQvq2i16pqbx6nSRJhBsRGFSyd/h2aAWPHiX2yxxKAp7wLi1886XkECH8+E68WXX0gmnr6d0NjqoMesaWag/drXVwJdGibwnuGL+nnR7+k3jj9MnCEvx8qYVlR8OT36Oygj3owRqqDhX3oLWx7qOHd3xu/zReedepBpF6mdmCSkJJz0YIi/jF0FtZhId0iEXxfulhY8UJwy6qWUPbYFw0C4eAO2HHqt27owyd0PBUmjdUo/0Oy7KBEbEPDAL7v85vtFTm2FQSzDaGMMyPATj21VJzHAHNFRic5Dsyk/SjNPWX5gXWgcMEE7mPbtfDtdRbv0lN6onb6q4GyF397XPq2G2Fqs4l1HVOqLB3Gdspva+GcWdIuijKFLAyzKqiADNDqV446QwYSmNfmAZ8LR4xMl659SbgOOwH3X7clmoAOo7sSSbTFwJa8KrvO9UpTqiF10XhmcPl+7HCOC44EkCqwhOhHKMhYQM8Va658K7AIjwBX4pyEXiEHSIJh21PBqLUPwNweqlEcrdSureONNIpuNIbGBL9XGyAoo2nnv/BuzegTK+zZzPc7XSFZgfJPVGAyVHYHQ925RZ05n1DdtlLor0UPtBdG1KE3vJT2BUzWE1+LNAGEG8oep6IdkJ57jByyDhiq92k9z74i05Boz5ue84srMfbec5eXlaqVm8Y4hdwgfXigc9uLB/PjvtW9k9YrCdrBhhzTan/YwwR5ea6vAwJZgGsk4VOvltRvWB28SA3eJjXJ5UdQFykN1i1oLnhn5A+Qz5gQZey4JwqMxgEvUTqZgHSWMzHMwJMncFCgITrDUyEKVU+slev5gT4QlFZ82Znt9cJiOrZ0zp+Nhs5pzEsP1qw8c7DOyuTxdM2Eem+OlsSk/BqdBP+HQQPDLLdZgIQBh8wYbJkdDornA+7JRn+fVbSdyvjcR28FPyeHQ2glraySkZVT9PjXjJfmVOPRowK6hpwO/QVRk4p5YdCH6WWe8zs9qLZIH1ocPFrGUWrvOPIwv8nN2M73vstqSrU+OiGbDIeXerv+iyzkPK7iBbp8/U5osorVUlExvUzLfgx2o5N0yJDcyAKRamstdKmVEmZLwrlWGalCRYAF5PsFAKPEHAb1j0AHCGx30mmRSsiexa3ZZmOqVtz2CkT4ZbZ9hLqkXdjxFCDNetLEk0A6hf7fpTBr61zpMu2EiwgrL1MtrovvQWw2wvKVr71bKgYFg1llpjbYuI4KrPat0txvTXLgedTbn33kYHGHb591GmpCz1OGKiYarfCHRPAruOt2i2ZzuUCk32je8jN4t+pDUsdu96siOJpaGxlB7jCrD/hLk46XosQ4P+bRPwOZ2xwF/lFqQ3BpwKnnRe6P96BvqpqYXs/RdfHfTpPdJi6dx0I2xTmyrbcLSkDkrkdJuiFJh4UcQN6LGuSFkw29jm8xFlRRq8rhGK1sQHg3rxpNeiMHNdviBBVPL0w6JoKbZK9M4ie8RIstXqDey/mxM/bXv5x7dnujto0Jc6P4eHV20BYQgeq4cpd+Uo6beYvSEWBEivdGs1C4rZxNL78esfdR/Yk4dQCvyPS1+kMiDeCo7ijyLtCIPcRSw2IPNEHqJzgqlh5xM1F7wQ0ZQMQyVYFMFlFlovO/QJA3VbcIKG6VFXiOc79at9aOvxcR0Rx8SG9L8Qe1eSmxGnZQdR+PogWHfqtqdJR5EiAgYITM1fIAYdXE9ECk5tF/wx19+Bvw79zA+CC2fw6YjVDxdGw0pTZs+AAHX+1gTvXxI+4oiujCUktnPiDvGCYEmEVVeFzqiLXN7lt+QHi6SUhqO0N3VrERZlwf8SGZLstzJthcUxEGb6MIOVqt4IoPrIj843So/gnyI0fQ91NpwMc9Vq3DlOvGNKT+s+ugy9M2HPVNLxTbwsfuk5ptuJ4LCegjBUyEczPa4hB0giF+BBncD2hzmI7UIinuqr7FHrdMfLtm50oXq0cW1TvrSV8GYcfQ4XAGoUQFSS00UZmWgGQkMXX5Y6hrPwurMn7fmS9EeWZHyytYm746TtGhXY4mcpo7MkbirtDanZ/+CKtrloK6Yk6s5R5lfXia0vbjI0pV+FFqF91ZosCFUTgHTB4kdjIfHn/iLLoO1Nl+34tvZKf/mQEdI9ugjQPMtkSk51LA1PVCz5uxJtjiC6gW/xVUjlMvTIK88lmwy4yFZzuPYz6dTfujV8T/4LQLXZK1bT5+FRorGTRVCUsxF9IKRs6+fRI9InByvu6DRJDE216efnz14Zjwdk1BiEOH27dq1ky02UD8SbnyQ8pgyTCSwJIDX7zRC+HYcRuZUc9QfClo+mw2Jkf64qF07FO0IvneEuH2LfEnf4iLJ7v6tSTbCOG7gA7LktYsd51nf0BhLXJeo1gL3b/rLQq0BttyyxNwJ2bMqW6EgTlPbccRDIsatQswM9+1WN1CBoMrjK6HGgsSa3nsMatgbHvDx46KOBj7bC/xfE4oHtMhNYBCTnNzO78xRwbcj11kZOGSCMMUgQKm9t5EKyvAlYi86pdEYEUctf65HPms0+mt8f/8O/zxbNcyMgIhenYS30ZyPmntsAbeUItf45WqI7A4zkFfHIQzYOsbOtFIhNiRVieIqD9yyYGOQdGJFRZdXxDcXxbOZSWhbUT1HKTIrV82uCaUQARcFymaYFoFDRbLen2blkNc8welF03FYwtHFIQOLZDMWB2XRklJQiasZq370Xs1gUnKk2Ujmxqvxx6dVbJeeMY0c0+bfsE7/ytUaxB6MksOceCxq0RwuZP5EhuJLQgkWesaC94oQQAUimgG5ma8I6lfb96TegfN5C+kbzMaBgy1NqOhT0h5QW1lQKEanQN2uLacFvaTF0plHYZHNkq/2y3HipD5ix1s3Xdj4C5xpCqrQjgbmO3gAA0ym/rA3Rmldt+MRlbazxwVHzCNWbD8M4q1wksbmSvY78pb6Ld+ghPZA2bE7JIa8TFLqkVkYwgN18B5qZ+gbcEc6U6yIH6P2kgNP9uXdl326VYUnjPLyVihjgyAp7GG/UsSj2HNKdjXIp62/h8LoUbNRaK/QC3z3DeOWAcPI0s3F+VbrN7tZ3t+8Hpt5VT6fP7w4wuoNOVMRnb9Eah9ihi9qtIEr3DEDxAfLKHDngkDGXVpjhwdTYKWprg1auDBW/wPPJmRr8zldDIC9WWHO9TBn5/KqP42/KYuBY+EkgkyrJIwgQp1JJuF4cJIwBofJUI2wVKN/2ACSbF+hpLiRxkJgjjxr5iNO5uGgyj8LrTczVxK8wstpzwY5p+Sc1dfbtDcYHNCvCUrtHZUIjQ8Y1INeSGdmTFVAgnky19f6Dm2WV7CCI31asPkY4xs7u3kEiS5Wde51xgRcyILj1MFmGHdMvVWZ0Erf8SwDs54QsFfStiVZ0+4wH6ed7Mw8dXUMghg73QtEqSUmi/yU4YddWP+e0dghkdzUGboyEUWRTuYtT2By9Kiw8MbiENnJT6Vb99mOmax/UtxnPuaRynv6MOyzwnJ6iBHr2mEBikWzrg5lPylcKArewruGctUNY7RJkuZH1WIIBGw/bO74LB8pFHLfvbgSHoCoMbVQfSe/GNSBX4OfS73B7At7U/iXX508JhZREgKAlhvkUp7Yp0DDq5+L3vj5KochLQ0GwijRXIBTN+DE+ooa1SJ3o+qI7nq9ngrr7Sqi+CrI9s9dMpLxyWY1LA4WaLEH+MHoA7abgZTTyf9YGoLnkh4XFdFNZswRSFCZlA7FZjYBl+S7P7ZuoQdHC4TaPvEQFkDGMmE0EC3ZEQf3do111Nq6M/iYYll85lzkpBrHt0p0FFZR6aKx5PK5L4WPo8vU/w+7oS3K4OfniY2HKgnp9y9bpkF9V25twlNQEDX1M1tbHN6EaQ8tzh3kEH5pLCWVqPpuZq924keRObUtG9JwaPob/oaKLo3WoL+2IbDxYiIl8gaNzbXYZITiqRbGyUliF9MSYd454HrnpZF+/MSgN2Fc0hPnsTjElpsIvqDvyG61tDQMtURiYay/HNjK7p8ha3ek7CeADzY61Y5s0JVFWH8Mo9n+N839qIgUdNFqYWIp1b5zZXV/qUb9k60pfN/wcj+RqiRCr5880EhvUdc2h1i1wlUtb2gxEhh1YrHegq0gE2vKuGgebVDy59cYHlLARlaalwegM6gmNt2o0qUQrWwsBJmWFARFnV+aq2tfFBkncrN4vwcuie7eHU7RzBcAh3gbDM7KAkYZK1dCL9/5haPHvTrkTCk/UICV3fOW02eTIsa2bUxIvhLDHb8Zz+4joHXFP/FTr0TfvJzwABbSCaxrnl3Zt7HQ418gd3X0vqTe66xUYznMZw0QuFoAmJ8Oj0sqp3LbGazviwrIyi/nC7IICpv+DXHRQ7jppDgt4sz6OkonB1eh4Ifi4a0TUIgSaIK9HviWZhkgEelvePkXIBExURxGp0c+YB/3njmiS3EUrFAWN7IbeQi5npi40qnEK2cBT4OG2OMErgI0FtiwXWgxjDsLzgMspyI3mSjL+CXENopo9NyWJS313eEz9/s3SSOyhn3LbiuIuk1ZZy251+TYT2Fg9zb9SQGAo5y6buJQLLD2jo12gUUGYJJClcFdkO1AyD9zaswG76n+3mmGhVbVAxmupOW9ffFXxhI9ryMr3+toWSk3e68iiv6pKFWmkWYOOdZ1wpt77Bwf0hd/EyFZ0pfRC8ue/9phjHoPKRl1Aaarbl5KfmaV173cnKNPQ0vt1y9XJdNJJyt87NivNLiOjpwBbxoWnUibLfiMmxMA+i4H+xnWq2OtPmKLUOCxBOY3gwS+lHM69NbyVFa7iQ52DOF9YleTxopbLc/gbefFR0myqJSCNHW3iXenxasHGM7p6t2b/1KrxF6Hn7cHVijLiHSyJZb1X6Bst5hq56uS2GrwBTn0gh1tHElNc6gd4JgiTYIw5qBCLdts5CrS4FcxmjdMx2uI1g7l8jmOyijHfXx0MM7hH9Wg==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-02-25 14:08:50,218 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-02-25 14:08:50,218 - INFO [Shibboleth-Audit.SSO:?] - 20210225T140850Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_eae5ea88-2045-47ea-b426-772051b502c0|https://iam.eu-nl.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_7ac12aad3c6f2a56c7069cdb6e829496|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxSHglkg74NCodJhYJTkxS1Rwutf0wLBF0orJnd/p2EDRYPPyIM5D0kRa5O1HPvKlzJ2V3QOQsGONch6PxobYx/oRCpEX+703aQLap8VQAMZfuEBUrlxPCdvWhNgo4vdpDngVur4oQ|_2c466f4f27c349de4b28d09748576e66|