2020-07-08 14:00:13,927 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: j6tJW4pkNGKhpeesWbUG5kDxpYgMMk8_rSJ5ReuXx8WSY5jqI4gYl8Hb
2020-07-08 14:00:13,927 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:00:13,927 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:00:13,927 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-8ca434576f6af0351260ac0e2fa5dee774811f06"
    IssueInstant="2020-07-08T14:00:13.817Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:00:13,934 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:00:13,934 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:00:13,934 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:00:13,934 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:00:13,934 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:00:13,934 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:00:13,935 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:00:13,935 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:00:13,935 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:00:13,935 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:13,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:00:13,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:00:13,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:00:13,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:00:13,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-8ca434576f6af0351260ac0e2fa5dee774811f06', issue instant '2020-07-08T14:00:13.817Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:00:13,936 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:00:13,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:00:13,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:00:13,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:00:13,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:00:13,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:00:13,937 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:13,937 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:00:13,937 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:00:13,937 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:00:13,937 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:00:13,937 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:00:13,937 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:00:13,937 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:00:13,937 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:00:13,937 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:00:13,937 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:00:13,938 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:00:13,938 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:00:13,938 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:00:13,938 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:00:13,938 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:00:13,938 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:00:13,938 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:00:13,938 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:00:13,938 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:00:13,938 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:00:13,942 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:00:13,943 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:00:13.943Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:00:13,943 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:00:13,943 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:00:13,943 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:00:13,943 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:00:13,943 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:00:13,944 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:00:13,944 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:00:13,944 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:13,944 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:00:13,944 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:00:13,944 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:00:13,944 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:00:18,752 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: Ds_xgYeXYID0De5CPOtzLfryYLP2Oj13iFQ2ToeOIfaPCSGRF0F4KVnP
2020-07-08 14:00:18,752 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:00:18,752 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:00:18,753 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-922d1ad9d3c889f3b4f6db635f32624f544501b7"
    IssueInstant="2020-07-08T14:00:18.56Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:00:18,753 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:00:18,753 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:00:18,753 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:00:18,753 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:00:18,753 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:00:18,753 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:00:18,753 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:00:18,753 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:00:18,754 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:18,754 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:00:18,754 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:00:18,754 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:00:18,754 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:00:18,754 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-922d1ad9d3c889f3b4f6db635f32624f544501b7', issue instant '2020-07-08T14:00:18.560Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:00:18,755 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:00:18,755 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:00:18,755 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:00:18,755 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:00:18,755 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:00:18,755 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:00:18,755 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:18,755 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:00:18,756 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:00:18,756 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:00:18,756 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:00:18,756 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:00:18,756 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:00:18,756 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:00:18,756 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:00:18,756 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:00:18,756 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:00:18,756 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:00:18,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:00:18,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:00:18,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:00:18,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:00:18,757 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:00:18,757 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-07-08 14:00:18,757 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:00:18,757 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:00:18,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:00:18,758 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:00:18,758 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:00:18.758Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:00:18,759 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:00:18,759 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:00:18,759 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:00:18,759 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:00:18,759 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:00:18,759 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:00:18,759 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:00:18,759 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:18,759 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:00:18,759 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:00:18,759 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:00:18,760 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:00:25,830 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-18-iKMhL2s5eumOn7B93yN1fvBRYrEGINwx
2020-07-08 14:00:25,830 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-07-08 14:00:25,830 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-07-08 14:00:25,831 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://integ.tvld.tech/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf"
    IsPassive="false" IssueInstant="2020-07-08T14:00:24.222Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>rU5zLfIbGjnuoygy/zKkqe/mytX01OSTdcy0TXIhcR4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Yn7pit9V9vbHcnq8c8i6cERKDUdP6iYMbuRfTykiz8KQfN7ZrqpaGD8K88LSlTwlY9IHn/1qFOUT
NhmcfB5xcc+458Ul4ya/2tXf8xCalqAT4i4xHHENsj0/lbk0RBsHze7DyUOQ6czNEZxtXvWWzZJa
pcBaNmFUBzxB7uxh9boP0fgc1fWk2h0TLCN/ZZfZFY1sUnPHER3BXjmCvMuF1qAKMWikL1+ZHsLb
sze7Ece/O57LzInwdiRLa8rUu9RJavWMQ0YBC9Z2HhFlOGnq513fHoqOpcWBjpwjiKX50xq2XCIP
a+bjV7jrqR0M/McJuqZjK7jmiolq77OpRtZZ3g==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDiTCCAnGgAwIBAgIESC4WgjANBgkqhkiG9w0BAQ0FADB1MQswCQYDVQQGEwJGcjEXMBUGA1UE
CBMOSGF1dHMtZGUtU2VpbmUxGTAXBgNVBAcTEExldmFsbG9pcy1QZXJyZXQxEjAQBgNVBAoTCVRy
YXZlbGRvbzEeMBwGA1UEAxMVU0FNTCBFbmNyeXB0aW9uIEludGVnMB4XDTE5MDMwMTE2MjI0NloX
DTI5MDIyNjE2MjI0NlowdTELMAkGA1UEBhMCRnIxFzAVBgNVBAgTDkhhdXRzLWRlLVNlaW5lMRkw
FwYDVQQHExBMZXZhbGxvaXMtUGVycmV0MRIwEAYDVQQKEwlUcmF2ZWxkb28xHjAcBgNVBAMTFVNB
TUwgRW5jcnlwdGlvbiBJbnRlZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLBIhWF
edEb2mGo9CymthhP0YXK0/4Az3oajMWamIvQ4sX8/AzjMEjO5sQ6Wk/Tky9x+y2AOp/fzmOi0de7
ccHIVMuPOUZZPEDrRedP8MYXrehfcJxNUiCXQqhulXOgtxcJsd2KIIoKx7nre578wKtUmK6fsb+w
vbdKO8LnfaN9nJHyVx9+qVBwEkdz4OGLJQjl6vRR8zbs2HJTpfNxlFo0cF3Ei2PqAkUMBYN1ySW4
vjUTbQtVI+Ebm8dqICakx3fhryuAgmRDQajZdY4BFHUpb5X3via4f3qjAk8//J9In7fzp2vl6hDz
gHJGRa5CB5D9/n+DGTmqMFg2TpqQQFsCAwEAAaMhMB8wHQYDVR0OBBYEFFahUsDEEEVvTSdvA8h6
gRIhi7JbMA0GCSqGSIb3DQEBDQUAA4IBAQCQbzzK5t8LfTsMzT6kNIfmWDLB6CslmcoaZJbKmOdK
5a7E5JgHVKDkq2MeCcRjjRrtwKPriU4MyuYq7eAzBOyn+lm2nPUsFfHN1XNglODnvP6gXKtvI+uC
8keFX+KzRrXIR68lzJn7qy7AzpXe8f+tAi5aoKeOI8CXX4LO5p8C/h+QlDThhP0V2rZAThdk0J4g
Hdgy1D8TRWCG6Yx3p42pA021gXkM29KN6Vk6jiVj2C+q3ZMkWIVPwJiOlqPRn0d8mMMxkrHGI7EY
t3apJIzDSqkdT3+rM8mE+ykbCrBakbhsHpzEOlhHiCilVSTO85f7CZZesy2OTMJN1KUomljc</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-07-08 14:00:25,836 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-07-08 14:00:25,836 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:00:25,836 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:00:25,836 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:00:25,836 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:00:25,836 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:00:25,836 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:00:25,836 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:00:25,836 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool
2020-07-08 14:00:25,837 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:25,837 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:00:25,837 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-07-08 14:00:25,837 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-07-08 14:00:25,837 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:00:25,838 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf', issue instant '2020-07-08T14:00:24.222Z', entityID 'https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool'
2020-07-08 14:00:25,838 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-07-08 14:00:25,838 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-07-08 14:00:25,838 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:00:25,838 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-07-08 14:00:25,838 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-07-08 14:00:25,838 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:00:25,838 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:00:25,838 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:00:25,838 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:00:25,838 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:00:25,838 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-07-08 14:00:25,838 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-07-08 14:00:25,838 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-07-08 14:00:25,838 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 20545842905824812689381899750531271744651037823732619901313312144286198596069581321782651666609190997148587267830435446421094240597420689228809149235202404309774067892490498206296707398266746467809211586961712832727717026609094526804614791158160126745327368187326446264388473207358901161241112504553127128270245610809766949486787164626664385983206883024362947150917506930493329595657466064141501210795103614369684123482221089835901107776146037486220646337251421491235473754798924837376566298004853087250967798652056464961275720693707865224725227089175461883718150692209451824629641374908486370358280160811272402649179
  public exponent: 65537
2020-07-08 14:00:25,839 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-07-08 14:00:25,839 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-07-08 14:00:25,839 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf"
2020-07-08 14:00:25,839 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf and Element was [saml2p:AuthnRequest: null]
2020-07-08 14:00:25,839 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf"
2020-07-08 14:00:25,839 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf and Element was [saml2p:AuthnRequest: null]
2020-07-08 14:00:25,839 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf"
2020-07-08 14:00:25,839 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-07-08 14:00:25,839 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:00:25,839 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool
2020-07-08 14:00:25,839 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:00:25,839 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:00:25,839 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:00:25,839 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:00:25,839 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:25,839 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:00:25,840 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:00:25,840 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:00:25,840 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:00:25,840 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://integ.tvld.tech/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:00:25,840 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:00:25,840 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:00:25,840 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:00:25,840 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:00:25,840 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:00:25,840 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-07-08 14:00:25,840 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:00:25,840 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:00:25,840 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:00:25,840 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:00:25,840 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:00:25,840 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool
2020-07-08 14:00:25,840 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:00:25,841 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:00:25,841 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:00:25,841 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:00:25,844 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:00:25,845 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:00:25.845Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:00:25,845 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:00:25,845 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:00:25,845 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:00:25,846 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:00:25,846 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:00:25,846 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:25,846 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:00:25,846 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:00:25,846 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:00:25,846 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:00:26,042 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'integ.tvld.tech'
2020-07-08 14:00:26,042 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-07-08 14:00:26,042 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-07-08 14:00:28,798 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-07-08 14:00:28,798 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-07-08 14:00:28,798 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@692447645::identifier=rick, context=org.apache.velocity.VelocityContext@5ade8b97]
2020-07-08 14:00:28,799 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@692447645::identifier=rick, context=org.apache.velocity.VelocityContext@5ade8b97]
2020-07-08 14:00:28,800 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-07-08 14:00:28,800 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-07-08 14:00:28,800 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-07-08 14:00:28,801 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-07-08 14:00:28,801 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-07-08 14:00:28,801 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-07-08 14:00:28,801 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-07-08 14:00:28,801 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 19b6e0f233a8d0fe2809301ac55837da09a48f39abb2cd4d337aa3d4351a3736 for principal rick
2020-07-08 14:00:28,801 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 19b6e0f233a8d0fe2809301ac55837da09a48f39abb2cd4d337aa3d4351a3736
2020-07-08 14:00:28,802 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-07-08 14:00:28,804 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-07-08 14:00:28,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-07-08 14:00:28,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-07-08 14:00:28,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-07-08 14:00:28,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-07-08 14:00:28,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-07-08 14:00:28,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-07-08 14:00:28,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-07-08 14:00:28,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-07-08 14:00:28,805 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:28,805 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-07-08 14:00:28,805 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7cf0903b'
2020-07-08 14:00:28,806 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-07-08 14:00:28,806 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool'
2020-07-08 14:00:28,806 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@79cd2af5' with context 'intercept/attribute-release' and key 'rick:https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool'
2020-07-08 14:00:28,806 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1624724482543' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-07-08 14:00:28,806 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-07-08 14:00:28,806 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-07-08 14:00:28,806 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-07-08 14:00:28,806 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-07-08 14:00:28,806 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-07-08 14:00:28,806 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7cf0903b'
2020-07-08 14:00:28,806 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:28,807 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-07-08 14:00:28,807 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-07-08 14:00:28,810 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-07-08 14:00:28,810 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _19b2129b0b34c20816556ab2af5364f0
2020-07-08 14:00:28,810 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _19b2129b0b34c20816556ab2af5364f0 to Response _d6d45ea33f1fcd5ec9e1059d24e1031e
2020-07-08 14:00:28,810 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _19b2129b0b34c20816556ab2af5364f0
2020-07-08 14:00:28,811 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-07-08 14:00:28,811 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-07-08 14:00:28,811 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-07-08 14:00:28,811 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-07-08 14:00:28,811 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-07-08 14:00:28,811 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-07-08 14:00:28,811 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-07-08 14:00:28,811 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-07-08 14:00:28,811 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-07-08 14:00:28,812 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-07-08 14:00:28,812 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-07-08 14:00:28,812 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-07-08 14:00:28,814 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-07-08 14:00:28,814 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxuZenwY2vSdPe0661BtC0tjQ3gu6Zb3qhNgbYIAcrBPAliJFGRVK33ZYHyLOO4Yyo6+CQQeFHjAz2KpsEfz9k9+AIhMs0IuHokXB2u7gTobXJ8k8KRBM+S1U6WHI1WwUSYx9+rXSOGWgj+1QcgmgSEZ9QGMwsSM8= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://integ.tvld.tech/cas/login?client_name=SHOP_DEMO-demoPool
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-07-08 14:00:28,814 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-07-08 14:00:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-07-08 14:00:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _19b2129b0b34c20816556ab2af5364f0
2020-07-08 14:00:28,815 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _19b2129b0b34c20816556ab2af5364f0 did not already contain Conditions, one was added
2020-07-08 14:00:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-07-08 14:00:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-07-08T14:05:28.807Z, to Assertion _19b2129b0b34c20816556ab2af5364f0
2020-07-08 14:00:28,815 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _19b2129b0b34c20816556ab2af5364f0 already contained Conditions, nothing was done
2020-07-08 14:00:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-07-08 14:00:28,815 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _19b2129b0b34c20816556ab2af5364f0 already contained Conditions, nothing was done
2020-07-08 14:00:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-07-08 14:00:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-07-08 14:00:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _19b2129b0b34c20816556ab2af5364f0
2020-07-08 14:00:28,817 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool to existing session 19b6e0f233a8d0fe2809301ac55837da09a48f39abb2cd4d337aa3d4351a3736
2020-07-08 14:00:28,817 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool in session 19b6e0f233a8d0fe2809301ac55837da09a48f39abb2cd4d337aa3d4351a3736
2020-07-08 14:00:28,817 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-07-08 14:00:28,817 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxuZenwY2vSdPe0661BtC0tjQ3gu6Zb3qhNgbYIAcrBPAliJFGRVK33ZYHyLOO4Yyo6+CQQeFHjAz2KpsEfz9k9+AIhMs0IuHokXB2u7gTobXJ8k8KRBM+S1U6WHI1WwUSYx9+rXSOGWgj+1QcgmgSEZ9QGMwsSM8=
2020-07-08 14:00:28,817 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-07-08 14:00:28,817 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-07-08 14:00:28,818 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_19b2129b0b34c20816556ab2af5364f0"
2020-07-08 14:00:28,818 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _19b2129b0b34c20816556ab2af5364f0 and Element was [saml2:Assertion: null]
2020-07-08 14:00:28,818 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_19b2129b0b34c20816556ab2af5364f0"
2020-07-08 14:00:28,818 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _19b2129b0b34c20816556ab2af5364f0 and Element was [saml2:Assertion: null]
2020-07-08 14:00:28,824 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_d6d45ea33f1fcd5ec9e1059d24e1031e"
    InResponseTo="_qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf"
    IssueInstant="2020-07-08T14:00:28.807Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_19b2129b0b34c20816556ab2af5364f0"
        IssueInstant="2020-07-08T14:00:28.807Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_19b2129b0b34c20816556ab2af5364f0">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>9sj339BkWAO+LU5yFTMizFa+/dhQOoezOiUVfX3zi3iXh+y8zbntNBvigViqy3xKfp6EWn/Dh9H0cYGXAfrzdQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>JIOQHwIu0Jg11ugsrN5WlB1R4KQnFzYsUBV+Iwzq6731UaSwxX1hOQwQXSu6WRGpBa9683D2W3SS7jadqUQgBnkOeHNlkb0tlL3aiBGhnyuNA/o9xbdvTDwv/et1IJzyHlZho0dX0EmvFwEqljEiP0ZCN+6B+wnPsJWyA02rRwtQ0HZsnUE8gebRPU4RIG0Wpw0yZQPkIfuuGMmuFWt282XdUUUxUHS6a3njvbGc0MOrVx5b/pl1H96HOGnJ0wBOeWRdEM8TtamKl3b5K9PyMW3Y2x3YHvgCeATltfAoARSObbAXOd83OI2R46HZq443RQKcv7i3DljaoI9e5KDv7g==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxuZenwY2vSdPe0661BtC0tjQ3gu6Zb3qhNgbYIAcrBPAliJFGRVK33ZYHyLOO4Yyo6+CQQeFHjAz2KpsEfz9k9+AIhMs0IuHokXB2u7gTobXJ8k8KRBM+S1U6WHI1WwUSYx9+rXSOGWgj+1QcgmgSEZ9QGMwsSM8=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf"
                    NotOnOrAfter="2020-07-08T14:05:28.814Z" Recipient="https://integ.tvld.tech/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-07-08T14:00:28.807Z" NotOnOrAfter="2020-07-08T14:05:28.807Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-07-08T14:00:28.800Z" SessionIndex="_b0fe08fe71d03e01aa0755ea94fba1b1">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-07-08 14:00:28,826 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://integ.tvld.tech/cas/login?client_name=SHOP_DEMO-demoPool
2020-07-08 14:00:28,826 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://integ.tvld.tech/cas/login?client_name=SHOP_DEMO-demoPool
2020-07-08 14:00:28,826 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d6d45ea33f1fcd5ec9e1059d24e1031e"
2020-07-08 14:00:28,826 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d6d45ea33f1fcd5ec9e1059d24e1031e and Element was [saml2p:Response: null]
2020-07-08 14:00:28,826 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d6d45ea33f1fcd5ec9e1059d24e1031e"
2020-07-08 14:00:28,826 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d6d45ea33f1fcd5ec9e1059d24e1031e and Element was [saml2p:Response: null]
2020-07-08 14:00:28,828 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-07-08 14:00:28,828 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://integ.tvld.tech/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;integ.tvld.tech&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-07-08 14:00:28,828 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-07-08 14:00:28,828 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-18-iKMhL2s5eumOn7B93yN1fvBRYrEGINwx', encoded as 'TST-18-iKMhL2s5eumOn7B93yN1fvBRYrEGINwx'
2020-07-08 14:00:28,830 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://integ.tvld.tech/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_d6d45ea33f1fcd5ec9e1059d24e1031e"
    InResponseTo="_qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf"
    IssueInstant="2020-07-08T14:00:28.807Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_d6d45ea33f1fcd5ec9e1059d24e1031e">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>HA1JX5T/mKTH+yloSv+SW4/DYD+KxTL5I8Rp9FgVQGY4oI/YQUylC8O0BlKlTgfN1Xr46QK/vahp7dbAzBFrfg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>VJU8SPOeYeYps95xxZyCLEycEQFG1DcVJrgvvnLC1sAXBu/vALIJ/9T0sLQmnO3IzEGrAdaPWdTvhani2cPBuuhlA3Fcn1aL8OYhMpixdSGx91EQQZEIsmlK/9O3vKXKxu6fULNqxHvi++cTYY7cRJDTAzXolgrjER/Prjx3721dFbO0rqJA88MgzGvyyqKLTI2BgFgsqrrtGCuGBGJ+5PsRMMPL3oxfmiYdmsKER1NK7U4DsfJD64Iq+IhodC3KS0swAR4sJys23+ytt48nMQQe5KCp8pK7CJsM4EZVyxhv0dRJorY+p5FPXrkzx/tBe9TGFc25ppOHnTbpcRJTug==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_94d2c2fe2759e19fe937229a08c85d51"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_b2e6c259249d1a1fdf8fa1ed404983bf"
                    Recipient="https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDiTCCAnGgAwIBAgIESC4WgjANBgkqhkiG9w0BAQ0FADB1MQswCQYDVQQGEwJGcjEXMBUGA1UE
CBMOSGF1dHMtZGUtU2VpbmUxGTAXBgNVBAcTEExldmFsbG9pcy1QZXJyZXQxEjAQBgNVBAoTCVRy
YXZlbGRvbzEeMBwGA1UEAxMVU0FNTCBFbmNyeXB0aW9uIEludGVnMB4XDTE5MDMwMTE2MjI0NloX
DTI5MDIyNjE2MjI0NlowdTELMAkGA1UEBhMCRnIxFzAVBgNVBAgTDkhhdXRzLWRlLVNlaW5lMRkw
FwYDVQQHExBMZXZhbGxvaXMtUGVycmV0MRIwEAYDVQQKEwlUcmF2ZWxkb28xHjAcBgNVBAMTFVNB
TUwgRW5jcnlwdGlvbiBJbnRlZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKLBIhWF
edEb2mGo9CymthhP0YXK0/4Az3oajMWamIvQ4sX8/AzjMEjO5sQ6Wk/Tky9x+y2AOp/fzmOi0de7
ccHIVMuPOUZZPEDrRedP8MYXrehfcJxNUiCXQqhulXOgtxcJsd2KIIoKx7nre578wKtUmK6fsb+w
vbdKO8LnfaN9nJHyVx9+qVBwEkdz4OGLJQjl6vRR8zbs2HJTpfNxlFo0cF3Ei2PqAkUMBYN1ySW4
vjUTbQtVI+Ebm8dqICakx3fhryuAgmRDQajZdY4BFHUpb5X3via4f3qjAk8//J9In7fzp2vl6hDz
gHJGRa5CB5D9/n+DGTmqMFg2TpqQQFsCAwEAAaMhMB8wHQYDVR0OBBYEFFahUsDEEEVvTSdvA8h6
gRIhi7JbMA0GCSqGSIb3DQEBDQUAA4IBAQCQbzzK5t8LfTsMzT6kNIfmWDLB6CslmcoaZJbKmOdK
5a7E5JgHVKDkq2MeCcRjjRrtwKPriU4MyuYq7eAzBOyn+lm2nPUsFfHN1XNglODnvP6gXKtvI+uC
8keFX+KzRrXIR68lzJn7qy7AzpXe8f+tAi5aoKeOI8CXX4LO5p8C/h+QlDThhP0V2rZAThdk0J4g
Hdgy1D8TRWCG6Yx3p42pA021gXkM29KN6Vk6jiVj2C+q3ZMkWIVPwJiOlqPRn0d8mMMxkrHGI7EY
t3apJIzDSqkdT3+rM8mE+ykbCrBakbhsHpzEOlhHiCilVSTO85f7CZZesy2OTMJN1KUomljc</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ldfTm+018dUp8fzB0Nq0EaTpcCsaeX5emka8zN7CuZdnIujRVTZyW6oKJfehzK6SEaxpKh/l1YxdGIViJZkp/VF6X69B2/H1NOeb5kQ4bTvrwBw5AnRJY6ZRv4E+WBqfkq8mlL6PVrAwbHjhCEZkb3Ha0Xsmr5+uFcpnxGvL9TcE6pJrADRn34BJb0Z6+U4Oi21kCa0nV0D8tFgIMmUfrK3y0xe6OFY3XVk2IzLdj8hTO54eMVSMZzmfXP80UVq5p6+u/UKE5tOVN7ppDRWB+1EL4KLxKhlSBbmmFT04XLjqGeXVesl86SGwdxJzwIN6LthxLbK/nHi8vFkxt6hRkg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>TiMuWjAxCWj56HQR6RvzIVHGcKoaGYBbgl3t8S8sbS5jo1D+lonVyUqP5RrTreR3Ms1LFaUCeTeX5Xm1aAB96An5NluwubjuGOe+eNJr44AQ+cK7joTqcVdy7mOJAz+OrfMunfEfc/0Xfmm0+vMb9yyYBJbo31+VgWCfdv6c3OO4UTT8EL4WkrspBPpvjspNUXVTbiONhAdu6cDIca0d87OfS7y2UQA7gEW9toE4b1RgJ0O0/gSrolkmCVKaudQJHz1EXd0FiEHBnir3TfocnhWnWacmzRHwFCfU9uBWWV5qFHgBHX6zvrR7YD8jl4yDww6LInJVH/x5bLlxlreAqFHpMnPt0aNEOOt6b3C1uAzw743aS4FpuNnqabx5HYkILBepsbHh+b2VhLAwa2gORqA1GIWP0ohqTeM66jngywuodoxUoSV69H3EUt9HZT+/YW3xtV3spIMeFllnKfWsikLnEWSDil1mgoCUXjAYoYYqws86Y+LOE5/u/Nb/yUUs1tHYn2xVslXobjXCClAAlm5imRxslPRAMdXjvF+C+mftlvcHG7bE6pjFDGY8OoRxZHydaE/O6/yb67aMJk8KrJzFcOIhjrtTSRty+EPjK1L305Zo2zIdamjXcVZz2geJWLbxlO+oxnTDETJ56SlNzmtfnOxuqugFcq5uXpsTJ3q6SLKWDvBsApdjRa8Bk4ixGW6k/fvl33QThSjc7kolwUFQkNB200iDwqtxc8/dtrmmP8yMDKl0un3ImHYpmkrDgQSB0JBinYsVdE8B/U6RLTaHOBvYOe4smgG0AGKToVBR9i5Zfq6VvJ60tYxCtADD+INYvUbQiYpL3H3+fBEWw0DYr+e/YT+A8nUPWx9XZoh6D5e2Be8gZiQicfHYb65zPeMD+WFbiVxoxztC7mgZPZQvmyzPPNeoDF/+Z9ROg39orI5HBkkWcNJhSdQTu0xun+18Z7zvGUyioTfvisznJeVyzrdNQqH0uoGNU23IGkBHGH2zA0o5icRfwVtVwdqpE49qWFIYsemSNa0EW2wZmIEMSyUR3F2IY0F4TVbLmcC1atd2pPrLcTJsxQrDxB/p4RErokbOOZJrbCv6+SEmVZswz4w/lKWoqv0lGNNUOIZXZEiSzCi0cMVDa44/kD0xP3IEFqGYpmlz6+TwpX/g0YBQIWFkOTFtgSq9W2UJbhgtIZEUlh52oi+PIbi/eu0WawXK5SL5DAXxxcZKF1l8u80Du+lfvIGvjTVG+tdMXucrl+HE2vt5pJeNoSX4MunAwFlf6HqLYkRye59/Ibbv/mF+4DefMDXwMSwo2SNuTDZ8PAxoDjQMPOxlqf1fGLzp/AkeHX8AD4TAbTwm+e2BE3FpxErnYfF1G4QvDN71DqMRV84zrdMhqkcR9ETyPO9/pdUmFSqnYrf01Lj0e2U+Rdw0LEejCeRDsbuRFHbYvQzJI7C1Xm6tJjGL9zbLbuib07zyBibc4Vtp2TwXN602oNHiXqy7xBTawarJhZUewVbdXxo3lmfgh21oPMUf0lE0oz07zX95Kh56ZVINppArEI9xJFPFmHTLNAhOKPS/MOT6vxKXvmaQDDzy+Dw0H9P5X74MFZQEKeBfLzUtS1ggla9uG0v/ElAfMURFHEs5jf/lafGCOqxRB3TBEu4jvyAhOimF/9QNNLjdPbE5jZAWR9DgeSMdhgOlSK3cSwkeyy16Vd11Ztj+VNj8MJTtLdfttlReB8UbMAsvjISEwyXvwTr88zvAjWCrcSr2QQaHoFz3fKlFGUH0u03+btqYSqYIolH+8L9uJLd0sgdsMBShmtNm53Eb1twUuaB9badTE/nzV8YDo5xhFaIv2Z/tYFYlfasZOuoy2CelmyZoKeeXtI4Bi8f7WJzG2qjqgDPpSS/6V9r6B/2tsB4ie/2tZc7MPiB9bziKGfFgaB14VnmL/HO5kx+zojrE/qeTaJyBUgj/8QzU0oP5yN6ct72NYhZTCIQYIS9X9bALAcoKiOEub0N4YkaOJSzkJegr6R6dFbuc9tgglOfN9JRxuFit07b8y9nkOtvpRjQRR1FYfW2XLtE01XaqMI/WgxR7BamGPZNMlDc9uNFtZQeFP5VdS/6RO86uuIbz7woXozZKjrdNaJimxwIFrPWG3VyE9t34vVNw7q72ZduGifAEHR99d0B9nym5e5LIiTs3WdMmUHGRoi1z6ypJcYlu4IszmrvOf1x7zIKVTst0L2x0VxEw6M1ainAPK+WGG6TULFz3osVpUPBAQUmR1h5o8hHPE0zLv8DusMyEwCTSR27Vjh9uGY1Hfln3nmYU5Z4sLJaZudcP9Z8nHf5dWRNBZKITAuD/ou8eA5PGcjW7UtlRy9FXIPJrzqUJiOs5UBMw/t8/zMsTF5fx23U2OizHlD/C0nsOkdE1SQ4ntoaHMQYqK7gNFoSy4MtArXNuiTvf1Tg7eH6KMepHPPHZKZfenLXFZ14bVG9fuSufVE2M99n5GTvXqgG/z2A4zFDuTSGPDg5T0bTxl4nAUErg6lki5OXqAi+OGdLq/NpLqD2B5bMfJxMAIVuQtdGWDWbPIJzXc+ZORkn/7PM2RuFNHxYwIU1DtNPL23dT43PpNlXoJmEwTNzXcN9NrhncGBfDDg9owwi2sA33GJ0t/BgHe0rhFj/iSBA1lEn7CQjs+XJZdJyikcOiDp4zQeD1jNJ2KwzXML1yqSNW468sZ1HDdctjvq9GYx8gFT+FJzhpEPnqn+X4sfUdcRHpknFBj92vXfZmcr4S4OjQ9bTu5bHy+xk+luNnd93xchupB7JoVcMIWBMlOvWdbzfS7A5UBeYiJpNwQPp3dzFAJSCPMPUkyQwJx7+pfWw/Wtx+81+1YzU9CCSQv8RS+DF/4plRmuNC1rGNIafLx9QFFBhTmhS4pOE/6xxEzbHF4Khhqzmxcnn4IQTKwmAOUaPunhrawL8BWs21TJz1F4RYytCoijvZQ3/bcNOUWK8vggcKx18FY585ruk1kc4NRsd2AXXX1ZDzb4GKLijbSpPODqEe+iyyLeXlbd0JeTNhKkgf4cH50MS5NIjnhYSRCHuYGK2t78wW4H+N7xtVaTq1GT+T8NLIaujPv1quXmeLUwqnJmDAiOg2d4z62BbFU6/umbL9MTwdLB9+z5aBS0lBurUbTCSwDBoQr9tApd700zX0NR+Iv3XR8ERgXxGmJATtIat/3nPHKAMSzS/u5SatrmX4ViFkRkMYM/HNZZ4Sb/abx2RIp0j0n8Vcsb8Iw33cjPGwZdpsVAW9lONsL7aV764t3JzsghBcbsWo6bivenLWo7UJFha/cLoFjceI72uD8w397fVRsyItdJYqqJbb2jXyW5BQFQcFnp763fiHGIVEypDgiI5o8NdhlIPzwgOqP+PpbbMJLVXKetajerrtYIBpJzU9bw9yINpLx0uERTBpGwIfIPBk8ii7FCkAuVxiMbIuDqn7ZC/fulra0b2yHpVDBPdcW5JoTliHYerMk7D79MsqiC3mvD2ZutJjH+d64MzevnHzA9Un5nm5Q5jw6KvODGAONWVM4hHC+uDzQBLp3S6nzdSa/BVp7HgRIytbbkZdZp1c3PmtGFMH3RBHitCRDbzKRDTxBCle+XPfjRzesnr8LOpZSvIEjnpJ0T65aMFy6RUXBgThLfxQvxuYnVYH89buwWQVpDWLVYdgQBbH/9OpxlMZGSedYjI3wP81FGuemPxIKrUWShU9Ja1zh+D/BnPcAEbDWBwFi/YYJ0iPkpOhQ+eyWw/6pAG/bH3cfAR1XXWBYpE3sPwgcjfCtB0utZAHU095U15anueU4KhUO9J27NGOKmfi02lfgGr1epzgHYL1pDkFDiSr11qqT4X6TI9urkN71uKWpyfNff84DpJKLeNfmSR08DvkooSy9AMQKjoyJym6QgGfd6n7DRyPuf8u1EHdhwUaBMdc4PUM1C/geridE4k8BgU//2F98yFNR/ycGolqo/NhWHsviovpTGGS0GwWrJoxPG2f6CKqy3deZ4/rvp/i0WB1HOZUd6VyZQYRE2wxGSkljxpOVUgXhBi5yWV+Iru9hQaHTvJ+z7/Njazin5GnzibffsLZGpZuiTHiqc6667LnWrLRMHgo7EMdVHYlZXn65xaYjt+Or2cgcCn2wT4zh6ZXvJQZGVXVInauecCcKWuQNAN4YwEWaJe/sKxrxrM7kCFYeetQgf0dzWKaCcc/0B08pJFmCAK0IYdPWUmg/YOfAV7LN1yExvugvj/1CQkZzWSFW3P2fFqy5Kgqp3xc7g4qm4PV0/cs4VcVxlD1k0xFD5clJoM/HeavJR+rGuwUdtVJYZKZo46EGTWBcEIxd+GhIhJfbmQrPbT1bV6gfsEnAmEEyCh0RiQTPeWYpWAxkWHdN5gcXk3G6TQLmb3Qdy7vcpD7UFLCHwP+yuSQFI18BZf4k6dI2lNbOLghStteQ8qreZGKtc6uZza78DG4aduiw9O39RsWBke63vlkuf7iDdqgS/69sHDLgpbcqGvxlPd2P4BqliROQ30P8ZHNNP8/zSndm0tFuc2parxYnwewYkjqbMB2Y+Nh0ggEgMkrJkoUcgunVe2pSQlXEcsVFpDAUoe8MxfC4BC5BdpjSeBxjDns/Sempnn7fUGCWhH0kSYsAWLU4YZP3zaspLP1uN5GCZVHQsg8zE52/tqZqEN3jRZ0rd61r83VucYnuT6dlrYC9Fy/fM9x26+DQi27kYKTELLYf8uTLBpShCTdfFWORPloizrJT7tpe5wTqb5H+2y2bW1XU3YLzdzhGcivwnzMkLLVH5EiPk58MfBSGtFZmUvjEImse0MdTMgehmAlbBrZzeNjlDJ72aIYG4baXYr8HSslwzkrb7GwMGPdIniCVAa6WWDuG6J4/qXEefTJGYS2zWCFZVK8sygiw3RAAH1xU2dXXgo+caguX7El1UHeXg+MhByx0gBC2/3Af84WG/0EzKiT3eD8JDx7RZugG9zv+qS79MgZweC4nNYn6gvq9zvRd0/gZkMT1d0JrShQUA7pQbCJJAelCdjE+4ama9HVSGcqDkvgsy24WVn4KAvQW1+dBBP431JaOcZvD+G/1uOvWrFp1yGRKul9EoKmOWUGlECUc9yOyeoVuoDoZ/C+BAIuFFpwy8baYXm8jDs8Oi5lN2ZzRqfJho+rjsqXpnMlZVJHFWApGt/j1Y14tVvYcrguN+lK+Sxhkk+Hkvw9URHzGyhjHTXrL4Ar6qbKv27GSohCR/lfni1QVZTB+J6DIrr+69WI5Un0lKdKgBm9cRN59+dpDS7W2uGa7xaPYAaUx59IdhDixDvycnWpzpr93Zdhm0krVRZlYMJqtmYa+e+t2tWU5+CVppw5S+4bRTpoBnmzEVnK3ksbyGExrSwiInaeb3Pjy0AvSECaVWa5GuJK38pjUmbrR/jXdCkJk22tNLhKBcxdVj3K6LAd8bkNAAymADus8aTuOVfhtCPoxAHoHtQTElQTA/oGvbHQAMCLnd9L7Hlw44V7yfDvbhB816+9Q6tcvAlDXvuI2w7cPmOA+RbQR2ubxZ6lJ8QBw7I87F31diHsqpyp+RjAHVe6c6xVor03PD3iEA+s+KFIfescu2CBlm+YjTpggaNu9urP6QyzZXsgi+Owl6cM79sdEmGmhYOhMyu3V6Ve2SXoYHyO0Pqg5vNWlxUv/QTVch0eiVOtuKS2h4qYAr3to0I8jgbfgG6Koaj6Pm+NcccAQyZ81JhZPOU6PLEW0Rxj4T0kpgFo3B9fIdkYrHFX1+vSTXBQS+pfLw2/cnSl6lFPePTADN2/73k5ULqmRm6nYdBLW0gU8duwje4NCeZ++OegBrOvGC4nOwWtKtibiELh3rU0/rC/XCNa2gD8BoNA/2lLajhwsUXpVUxbgKjrSQSyoRif4MRHgOLOlH+9uO7oDz/FtnTVXPmRUzB6OZPg7bBdKBH5Ax/LAL56hCaxT/EKtFWzU6wf1SP3a3+F9QIkhrGRQ1MtlyCSjdTwM+jIKEKhd6U07QAtMDc3B3ogFsfEmLja568SB7bNH1jQ66C3xA0SftYu2HkQkjg6mgedPyPmPkVongpuRaPCCh+jymLWzvpGGqCwPe4Lq+mdezZGViI0t6cOejPRskpTwkzsXCvURAXoZS0mFEo6TPm+EtDhBqQk23HKGV8m9rs7sIRBqx7nYch1N7pEfbqt5783G53gGl6QNCK4u+//vSO72sX5ZQ13MoO4DrvCYerwbFk5wLCtovwVWW6LxG2uAR4B8GIkRdr6m8syH34s4TgByGqYWDNwMb5VXncez49Dq4cdskKPJCnaVPIUr7sOIGMIXBn2kjcLBaAlckGmaw0nxW0vjrW2ymNajsGLLjUoSEuH+DCSFvTRWjZP891bq/LOv329E9pWKWEUtJQaezuQ7PsSApurBjDdV5QlxO8SNGpw6br3neluBbn00STAWDM1qmDw5cQacJmt5kgvfBy53ZQrJ0M8Sl4VFhnO/ivldt7HRDh8iYn/Y8qGhdAFWL1Omy/wQ6bkPBnhTTc+u/PbuDDeS2u23c4RVb9N9AluQJJNJ9Z5Iabwn6wf83JzM+MyTT3ms9XTTZgSy2wnkHRPvAmumxGGuocN8aQ8xY1Pk1da0bqk4BGY48eSBGo1J9ziFy33A33oEexLMKolvr/NoizGaVpNOjVbIfKWDoYXnju6Li5yfaZWK2pA5N50StFBTOXs6OGKVk7njL/kIsJtCTc2fATWum59s/BkJcIUlVc28LiKLgF8Aqqi5kNiGFgC7DpnlqEPvgCobrdDR6uN554Dl0L/6jVc/zSGBJGoELC0OZRPnsNdB370figgn0VQwu3QHmC7wFo1wlYTMNojffXnRoEmifArB3P4ZpbUiV3MLhjcGJFn4MwX+O53ULTg09slOMaNN7ROM10m69Y2/LyCN2ZlkNVDfBtJ2JaN9bJ6DXHighRgVQS++TzpnCiKDg57x3dGcKKDGCXqOzMNJg/ECiEPwWVG/NqfjvRfPOMRpM8caL+oisb8jM5kiAVUZS8N9Fua1dfOcg/C/Zx8pnf2NvkNZUv90cXsoGRsbMFHPOIt8r4teYy610dUFRZjWpPSbXM592jK4o3qJe5nYlDBgc82kG7Xat5y3MimCMjkrs3dywVFwJNUEExJMz0NauxohwaieNCnLyWqKNV+mScLLzTJ3PHrtGTRqP1JU45RXtWuyyISE+LhIwvIpcUw7UjKXBek7HmQpd/Kd57c2o3aKAkkmoCqZU8e1CO1szEaWJtcfs/zJebIO9CnrnODeSgSIMAKo9IrvVYU3DDuss5Ke3v7UTdJHgVaBcmy6mBtKBy6K0wQLExlrbFXgLAClBoWBc6YbnNbzIUn/3Tb9jHdOavhU08taAxQw1Eet553BPJPNaC8VgXnQIYynKk05LZE+RCchETmn9FMiMs3hGCDdvwe1CWB6RVgFWMtxWWLqCph9I+etOC//UUXvVA/IPPjE/3FYnstr94iJIzq5dJT2c25UHs7PEAPOpygb4VO1P2AiB1+Lqv0dUs3XSY/aDVYGaaDlInkZ2mM6pRP0kBTB3aLCsj1wvWuglVd0ObcCVT/8nUI2s+80Pqo+3cFY+9Ni921CyZpQ45SRdPzj0hKQk/vjJWCl9mqRFdGtE+ph052UXb4Xi9G+j+rCwL5KykYqwsljzCbYS0ZRrJpjdhsxNAfeHB0MbRcAuf9jjlpxLkqjkmTEzF5v/bQhWx0n49Kzc9wMVoz+FMmPfY57mz3ZQ43usGSTycXDTYlos6U13r+ecV5TSrZOPcmel8gZ3uAD2YT/n07rhR/tYPWyaQLpdguqTnmBhmkd76dskqH2DwlQ4+/bqwsCr+yBpzmXk3FLivioVGYZwGYFWjdAY1anauffZQLU3ixrl+NjtDE47pR7TPdVVMXDzNibY+dIweDcmGw4qz9osMdllrjVpowiarRMHtG5UwSnEOMuSrqn/hOUoVxfskTcNfGf3jNt/q7oyUb2fRgEu8qgt4xjjUPPk4auhv9rA09ZArzwYC+YZ4W2vAXpRMoidtb8sDdPLjBeeU15k+KCOtPSHFycm37yuZfOVn24PPT3q7Yfe7bwnd41/UOPjAiSFLvSRBEixyCvRQi</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-07-08 14:00:28,830 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-07-08 14:00:28,830 - INFO [Shibboleth-Audit.SSO:?] - 20200708T140028Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_qfgrumpkkj2xjgagdqkndztp67vnknwoyfejnlf|https://integ.tvld.tech/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_d6d45ea33f1fcd5ec9e1059d24e1031e|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxuZenwY2vSdPe0661BtC0tjQ3gu6Zb3qhNgbYIAcrBPAliJFGRVK33ZYHyLOO4Yyo6+CQQeFHjAz2KpsEfz9k9+AIhMs0IuHokXB2u7gTobXJ8k8KRBM+S1U6WHI1WwUSYx9+rXSOGWgj+1QcgmgSEZ9QGMwsSM8=|_19b2129b0b34c20816556ab2af5364f0|
2020-07-08 14:00:43,930 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: kdYcArBcEBnSB4pAfrrxyiBdxNwB4mlUVJ-7Yuyo9s6ddvAW_k_Fp9Hn
2020-07-08 14:00:43,930 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:00:43,930 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:00:43,931 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-1bc771b7824eca30feb3c3449119b976e00e913e"
    IssueInstant="2020-07-08T14:00:43.819Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:00:43,936 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:00:43,936 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:00:43,936 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:00:43,936 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:00:43,936 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:00:43,936 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:00:43,936 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:00:43,936 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:00:43,936 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:00:43,937 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:43,937 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:00:43,937 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:00:43,937 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:00:43,937 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:00:43,937 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-1bc771b7824eca30feb3c3449119b976e00e913e', issue instant '2020-07-08T14:00:43.819Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:00:43,938 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:00:43,938 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:00:43,938 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:00:43,938 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:00:43,938 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:00:43,938 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:00:43,939 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:43,939 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:00:43,939 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:00:43,939 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:00:43,939 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:00:43,939 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:00:43,939 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:00:43,939 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:00:43,939 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:00:43,939 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:00:43,939 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:00:43,940 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:00:43,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:00:43,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:00:43,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:00:43,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:00:43,940 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:00:43,940 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:00:43,940 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:00:43,940 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:00:43,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:00:43,944 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:00:43,945 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:00:43.945Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:00:43,945 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:00:43,945 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:00:43,945 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:00:43,945 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:00:43,945 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:00:43,946 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:00:43,946 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:00:43,946 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:00:43,946 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:00:43,946 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:00:43,946 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:00:43,946 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:01:13,964 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: lHFGcLRYkRUEjfSrPhglvOXs18FbNDKgba2LPmHZ4d_k9Dr5s4nbTNeD
2020-07-08 14:01:13,964 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:01:13,965 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:01:13,965 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-3e4eea357eeda2d6bdc1c62265ce1f59547bb5a1"
    IssueInstant="2020-07-08T14:01:13.851Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:01:13,971 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:01:13,971 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:01:13,971 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:01:13,971 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:01:13,971 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:01:13,971 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:01:13,971 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:01:13,971 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:01:13,971 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:01:13,972 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:01:13,972 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:01:13,972 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:01:13,972 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:01:13,972 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:01:13,972 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-3e4eea357eeda2d6bdc1c62265ce1f59547bb5a1', issue instant '2020-07-08T14:01:13.851Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:01:13,973 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:01:13,973 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:01:13,973 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:01:13,973 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:01:13,973 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:01:13,973 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:01:13,973 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:01:13,974 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:01:13,974 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:01:13,974 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:01:13,974 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:01:13,974 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:01:13,974 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:01:13,974 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:01:13,974 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:01:13,974 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:01:13,974 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:01:13,974 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:01:13,975 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:01:13,975 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:01:13,975 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:01:13,975 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:01:13,975 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:01:13,975 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:01:13,975 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:01:13,975 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:01:13,975 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:01:13,978 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:01:13,979 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:01:13.979Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:01:13,979 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:01:13,979 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:01:13,979 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:01:13,979 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:01:13,979 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:01:13,980 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:01:13,980 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:01:13,980 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:01:13,980 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:01:13,980 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:01:13,980 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:01:13,980 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:01:43,927 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: IbVpcLTtoRisJo6_lxIo9mr7vFRTv-GnnhN8klu8mimVS3RnF4KtmnA6
2020-07-08 14:01:43,927 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:01:43,927 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:01:43,927 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-fed929ca512421823b60ed97d585093483d49968"
    IssueInstant="2020-07-08T14:01:43.817Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:01:43,934 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:01:43,934 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:01:43,934 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:01:43,934 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:01:43,934 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:01:43,934 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:01:43,935 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:01:43,935 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:01:43,935 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:01:43,936 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:01:43,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:01:43,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:01:43,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:01:43,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:01:43,936 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-fed929ca512421823b60ed97d585093483d49968', issue instant '2020-07-08T14:01:43.817Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:01:43,937 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:01:43,937 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:01:43,938 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:01:43,938 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:01:43,938 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:01:43,938 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:01:43,938 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:01:43,938 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:01:43,938 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:01:43,938 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:01:43,938 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:01:43,938 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:01:43,938 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:01:43,938 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:01:43,938 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:01:43,938 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:01:43,939 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:01:43,939 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:01:43,939 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:01:43,939 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:01:43,939 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:01:43,939 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:01:43,939 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:01:43,939 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:01:43,939 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:01:43,939 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:01:43,939 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:01:43,944 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:01:43,944 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:01:43.944Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:01:43,945 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:01:43,945 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:01:43,945 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:01:43,945 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:01:43,945 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:01:43,945 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:01:43,945 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:01:43,945 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:01:43,945 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:01:43,947 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:01:43,947 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:01:43,947 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:02:14,645 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: JbhxHZbHrZwD8j1qtHUEa-dV8qL7fIFSwQLCcb3OMB2wqfSncA8cBZHP
2020-07-08 14:02:14,645 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:02:14,645 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:02:14,645 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-6cf9e67367fed5847c3ccdff9970dfce467b6340"
    IssueInstant="2020-07-08T14:02:13.827Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:02:14,650 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:02:14,650 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:02:14,650 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:02:14,650 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:02:14,650 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:02:14,650 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:02:14,650 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:02:14,650 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:02:14,650 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:02:14,651 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:02:14,651 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:02:14,651 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:02:14,651 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:02:14,651 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:02:14,651 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-6cf9e67367fed5847c3ccdff9970dfce467b6340', issue instant '2020-07-08T14:02:13.827Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:02:14,651 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:02:14,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:02:14,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:02:14,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:02:14,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:02:14,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:02:14,652 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:02:14,652 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:02:14,652 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:02:14,652 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:02:14,652 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:02:14,652 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:02:14,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:02:14,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:02:14,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:02:14,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:02:14,653 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:02:14,653 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:02:14,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:02:14,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:02:14,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:02:14,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:02:14,653 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:02:14,653 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:02:14,653 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:02:14,653 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:02:14,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:02:14,666 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:02:14,667 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:02:14.667Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:02:14,667 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:02:14,667 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:02:14,667 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:02:14,667 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:02:14,667 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:02:14,668 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:02:14,668 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:02:14,668 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:02:14,668 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:02:14,668 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:02:14,668 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:02:14,668 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:02:22,149 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://127.0.0.1:9090
2020-07-08 14:02:22,149 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:02:22,149 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:02:22,150 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://127.0.0.1:9090/saml2/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="ONELOGIN_cd0a21972c9fdb4e116f693fd89d86cd16ce0e8f"
    IssueInstant="2020-07-08T13:35:05Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="SP test" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://127.0.0.1:9090/metadata/</saml:Issuer>
    <samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
    <samlp:RequestedAuthnContext Comparison="exact">
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-07-08 14:02:22,157 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://127.0.0.1:9090/metadata/' from origin source
2020-07-08 14:02:22,157 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:02:22,157 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:02:22,157 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:02:22,157 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:02:22,157 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:02:22,157 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:02:22,157 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:02:22,157 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://127.0.0.1:9090/metadata/
2020-07-08 14:02:22,158 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:02:22,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:02:22,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:02:22,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:02:22,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:02:22,159 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ONELOGIN_cd0a21972c9fdb4e116f693fd89d86cd16ce0e8f', issue instant '2020-07-08T13:35:05.000Z', entityID 'http://127.0.0.1:9090/metadata/'
2020-07-08 14:02:22,159 - WARN [org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler:?] - Message Handler:  Message was expired: message time was '2020-07-08T13:35:05.000Z', message expired at: '2020-07-08T13:41:05.000Z', current time: '2020-07-08T14:02:22.159Z'
2020-07-08 14:02:22,161 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: MessageExpired
2020-07-08 14:02:22,161 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-07-08 14:02:26,065 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://127.0.0.1:9090
2020-07-08 14:02:26,065 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:02:26,065 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:02:26,065 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://127.0.0.1:9090/saml2/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="ONELOGIN_cd0a21972c9fdb4e116f693fd89d86cd16ce0e8f"
    IssueInstant="2020-07-08T13:35:05Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="SP test" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://127.0.0.1:9090/metadata/</saml:Issuer>
    <samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
    <samlp:RequestedAuthnContext Comparison="exact">
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-07-08 14:02:26,066 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:02:26,066 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:02:26,066 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:02:26,066 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:02:26,066 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:02:26,066 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:02:26,066 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:02:26,066 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://127.0.0.1:9090/metadata/
2020-07-08 14:02:26,067 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:02:26,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:02:26,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:02:26,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:02:26,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:02:26,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ONELOGIN_cd0a21972c9fdb4e116f693fd89d86cd16ce0e8f', issue instant '2020-07-08T13:35:05.000Z', entityID 'http://127.0.0.1:9090/metadata/'
2020-07-08 14:02:26,068 - WARN [org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler:152] - Message Handler:  Message was expired: message time was '2020-07-08T13:35:05.000Z', message expired at: '2020-07-08T13:41:05.000Z', current time: '2020-07-08T14:02:26.068Z'
2020-07-08 14:02:26,068 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: MessageExpired
2020-07-08 14:02:26,069 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-07-08 14:02:34,950 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://127.0.0.1:9090
2020-07-08 14:02:34,950 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:02:34,950 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:02:34,950 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://127.0.0.1:9090/saml2/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="ONELOGIN_1ccefbc4a5032670f73af72c212ba8c64410104b"
    IssueInstant="2020-07-08T08:39:21Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="SP test" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://127.0.0.1:9090/metadata/</saml:Issuer>
    <samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
    <samlp:RequestedAuthnContext Comparison="exact">
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-07-08 14:02:34,955 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:02:34,959 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:02:34,959 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:02:34,959 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:02:34,959 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:02:34,959 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:02:34,959 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:02:34,959 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://127.0.0.1:9090/metadata/
2020-07-08 14:02:34,960 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:02:34,960 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:02:34,960 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:02:34,960 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:02:34,960 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:02:34,960 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ONELOGIN_1ccefbc4a5032670f73af72c212ba8c64410104b', issue instant '2020-07-08T08:39:21.000Z', entityID 'http://127.0.0.1:9090/metadata/'
2020-07-08 14:02:34,961 - WARN [org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler:?] - Message Handler:  Message was expired: message time was '2020-07-08T08:39:21.000Z', message expired at: '2020-07-08T08:45:21.000Z', current time: '2020-07-08T14:02:34.961Z'
2020-07-08 14:02:34,961 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageExpired
2020-07-08 14:02:34,962 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-07-08 14:02:43,916 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: UtZPaT9qa-5aVeuC_7oJInXKhMqrPTRWB8hSFbPeGnA_ritW80BVh4_Z
2020-07-08 14:02:43,916 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:02:43,916 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:02:43,916 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-2c786e8eea53c044a002e12c139c6a702c8f038a"
    IssueInstant="2020-07-08T14:02:43.807Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:02:43,921 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:02:43,921 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:02:43,921 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:02:43,921 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:02:43,921 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:02:43,921 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:02:43,921 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:02:43,921 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:02:43,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:02:43,922 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:02:43,923 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:02:43,923 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:02:43,923 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:02:43,923 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:02:43,923 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-2c786e8eea53c044a002e12c139c6a702c8f038a', issue instant '2020-07-08T14:02:43.807Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:02:43,924 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:02:43,924 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:02:43,924 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:02:43,924 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:02:43,924 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:02:43,924 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:02:43,924 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:02:43,924 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:02:43,925 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:02:43,925 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:02:43,925 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:02:43,925 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:02:43,925 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:02:43,925 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:02:43,925 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:02:43,925 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:02:43,925 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:02:43,926 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:02:43,926 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:02:43,926 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:02:43,926 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:02:43,926 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:02:43,926 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:02:43,926 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:02:43,926 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:02:43,926 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:02:43,926 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:02:43,929 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:02:43,929 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:02:43.929Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:02:43,931 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:02:43,931 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:02:43,931 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:02:43,931 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:02:43,931 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:02:43,931 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:02:43,931 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:02:43,931 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:02:43,932 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:02:43,932 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:02:43,932 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:02:43,932 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:02:57,455 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2020-07-08 14:02:57,455 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-07-08 14:02:57,455 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-07-08 14:02:57,456 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<AuthnRequest
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_b56b1f9072ffa08aafca6e3f844f2b8f6e4ec1fa3f"
    IssueInstant="2020-07-08T14:02:56Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://kpluss-abnahme-dmz-s1-nsd.neusta.de</saml:Issuer>
</AuthnRequest>

2020-07-08 14:02:57,460 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://kpluss-abnahme-dmz-s1-nsd.neusta.de' from origin source
2020-07-08 14:02:57,460 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:02:57,460 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:02:57,460 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:02:57,460 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:02:57,460 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:02:57,461 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:02:57,461 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:02:57,461 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://kpluss-abnahme-dmz-s1-nsd.neusta.de
2020-07-08 14:02:57,461 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:02:57,462 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:02:57,462 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-07-08 14:02:57,462 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-07-08 14:02:57,462 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:02:57,462 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_b56b1f9072ffa08aafca6e3f844f2b8f6e4ec1fa3f', issue instant '2020-07-08T14:02:56.000Z', entityID 'https://kpluss-abnahme-dmz-s1-nsd.neusta.de'
2020-07-08 14:02:57,462 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://kpluss-abnahme-dmz-s1-nsd.neusta.de' does not require AuthnRequests to be signed
2020-07-08 14:02:57,462 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:02:57,462 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:02:57,462 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:02:57,462 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:02:57,462 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:02:57,463 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:02:57,463 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:02:57,463 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:02:57,463 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:02:57,463 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:02:57,463 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://kpluss-abnahme-dmz-s1-nsd.neusta.de/saml/login_check using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:02:57,463 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:02:57,463 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:02:57,463 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:02:57,463 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:02:57,463 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:02:57,464 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:02:57,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:02:57,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:02:57,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:02:57,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:02:57,464 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://kpluss-abnahme-dmz-s1-nsd.neusta.de
2020-07-08 14:02:57,464 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:02:57,464 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:02:57,464 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:02:57,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:02:57,467 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:02:57,469 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:02:57.469Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:02:57,469 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:02:57,469 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:02:57,469 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID eccd0952e854b72907a971d1fcc4eca9a663177d2ac5e12a77960ea6f663dd6e
2020-07-08 14:02:57,469 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID eccd0952e854b72907a971d1fcc4eca9a663177d2ac5e12a77960ea6f663dd6e
2020-07-08 14:02:57,469 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:02:57,469 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:02:57,469 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:02:57,469 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:02:57,469 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:02:57,469 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:02:57,469 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:02:57,470 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:02:57,674 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'kpluss-abnahme-dmz-s1-nsd.neusta.de'
2020-07-08 14:02:57,675 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-07-08 14:02:57,675 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-07-08 14:03:03,057 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-07-08 14:03:03,058 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-07-08 14:03:03,058 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@471808400::identifier=rick, context=org.apache.velocity.VelocityContext@26828bd0]
2020-07-08 14:03:03,065 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@471808400::identifier=rick, context=org.apache.velocity.VelocityContext@26828bd0]
2020-07-08 14:03:03,068 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-07-08 14:03:03,068 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-07-08 14:03:03,068 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-07-08 14:03:03,068 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-07-08 14:03:03,068 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-07-08 14:03:03,068 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-07-08 14:03:03,068 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-07-08 14:03:03,068 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session ccbf69cfdee326baf5f04072c4ad3007604ac270afae9f714f8b1ff4d227a203 for principal rick
2020-07-08 14:03:03,068 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session ccbf69cfdee326baf5f04072c4ad3007604ac270afae9f714f8b1ff4d227a203
2020-07-08 14:03:03,069 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-07-08 14:03:03,070 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-07-08 14:03:03,070 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-07-08 14:03:03,070 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-07-08 14:03:03,070 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-07-08 14:03:03,070 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-07-08 14:03:03,070 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-07-08 14:03:03,070 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-07-08 14:03:03,070 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-07-08 14:03:03,070 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-07-08 14:03:03,070 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:03:03,070 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-07-08 14:03:03,071 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@29e500a3'
2020-07-08 14:03:03,071 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-07-08 14:03:03,071 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://kpluss-abnahme-dmz-s1-nsd.neusta.de'
2020-07-08 14:03:03,071 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@3a0ba524' with context 'intercept/attribute-release' and key 'rick:https://kpluss-abnahme-dmz-s1-nsd.neusta.de'
2020-07-08 14:03:03,072 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://kpluss-abnahme-dmz-s1-nsd.neusta.de' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1624439899478' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-07-08 14:03:03,072 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-07-08 14:03:03,072 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-07-08 14:03:03,072 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-07-08 14:03:03,072 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-07-08 14:03:03,072 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-07-08 14:03:03,072 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@29e500a3'
2020-07-08 14:03:03,072 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:03:03,073 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-07-08 14:03:03,074 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-07-08 14:03:03,075 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-07-08 14:03:03,075 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _b71588cba452414bcff0048b76278004
2020-07-08 14:03:03,075 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _b71588cba452414bcff0048b76278004 to Response _3664886c703a5ca7deaebd4c1b5c04be
2020-07-08 14:03:03,075 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _b71588cba452414bcff0048b76278004
2020-07-08 14:03:03,076 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-07-08 14:03:03,076 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-07-08 14:03:03,076 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-07-08 14:03:03,076 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-07-08 14:03:03,076 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-07-08 14:03:03,076 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-07-08 14:03:03,076 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-07-08 14:03:03,076 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-07-08 14:03:03,076 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-07-08 14:03:03,078 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-07-08 14:03:03,078 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-07-08 14:03:03,078 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-07-08 14:03:03,079 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-07-08 14:03:03,079 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxXQWXdQtNC/jRUZx9HbEFJfAIBswkbMqyEHmVLgIdPEz+VOrKoAPT9f9lEXWlbOI89R862bhezL+fKJyjiJah1wAtl2LOw0jN9HQkFG7dlVf8Oq5/N1M045t9L6ZLhiy6uBLLvYMB1bXSowYSWQ4= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _b56b1f9072ffa08aafca6e3f844f2b8f6e4ec1fa3f
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://kpluss-abnahme-dmz-s1-nsd.neusta.de/saml/login_check
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _b71588cba452414bcff0048b76278004
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _b71588cba452414bcff0048b76278004 did not already contain Conditions, one was added
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-07-08T14:08:03.073Z, to Assertion _b71588cba452414bcff0048b76278004
2020-07-08 14:03:03,079 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _b71588cba452414bcff0048b76278004 already contained Conditions, nothing was done
2020-07-08 14:03:03,080 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-07-08 14:03:03,080 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _b71588cba452414bcff0048b76278004 already contained Conditions, nothing was done
2020-07-08 14:03:03,080 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-07-08 14:03:03,080 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://kpluss-abnahme-dmz-s1-nsd.neusta.de as an Audience of the AudienceRestriction
2020-07-08 14:03:03,080 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _b71588cba452414bcff0048b76278004
2020-07-08 14:03:03,081 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://kpluss-abnahme-dmz-s1-nsd.neusta.de to existing session ccbf69cfdee326baf5f04072c4ad3007604ac270afae9f714f8b1ff4d227a203
2020-07-08 14:03:03,081 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://kpluss-abnahme-dmz-s1-nsd.neusta.de in session ccbf69cfdee326baf5f04072c4ad3007604ac270afae9f714f8b1ff4d227a203
2020-07-08 14:03:03,081 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-07-08 14:03:03,082 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://kpluss-abnahme-dmz-s1-nsd.neusta.de and key AAdzZWNyZXQxXQWXdQtNC/jRUZx9HbEFJfAIBswkbMqyEHmVLgIdPEz+VOrKoAPT9f9lEXWlbOI89R862bhezL+fKJyjiJah1wAtl2LOw0jN9HQkFG7dlVf8Oq5/N1M045t9L6ZLhiy6uBLLvYMB1bXSowYSWQ4=
2020-07-08 14:03:03,082 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-07-08 14:03:03,082 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-07-08 14:03:03,083 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b71588cba452414bcff0048b76278004"
2020-07-08 14:03:03,083 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b71588cba452414bcff0048b76278004 and Element was [saml2:Assertion: null]
2020-07-08 14:03:03,083 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b71588cba452414bcff0048b76278004"
2020-07-08 14:03:03,083 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b71588cba452414bcff0048b76278004 and Element was [saml2:Assertion: null]
2020-07-08 14:03:03,086 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_3664886c703a5ca7deaebd4c1b5c04be"
    InResponseTo="_b56b1f9072ffa08aafca6e3f844f2b8f6e4ec1fa3f"
    IssueInstant="2020-07-08T14:03:03.073Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_b71588cba452414bcff0048b76278004"
        IssueInstant="2020-07-08T14:03:03.073Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_b71588cba452414bcff0048b76278004">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>HunLSA0VtKSFZvXTP8y/L26B7IUrKT7y0DG+O63D654=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>nO2F0ODrcKj9fTFhFEX13gsMkUfLcxMcbZDcSC3j8noMaaZYjU6/4yhQdYlQ0zrauynANS3dPB39TK616N/P7w5G3K3fF4hiGVYZplqclvpmEy8KGw8KTsVz3GmASaViGq2Fqe+A49PcKVvHggUSMswq4Cr7bgNOpeBtkoJu+LWwK+rCDbxFMj3Sek/brQq/pxPab4uNWIK8UIcp876bms6fjGfYHgk2R5ggBPPSzxw3lQ21scT/JSAv9BhIJMHIsjroBwGu/sOD5SLZUjCHe8Qsu7k9VOPlQECsagMxj4HjvYlo69AMpZnR7Rznbpo6Ok9sUHqHoMyPDtnXP4GPRQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://kpluss-abnahme-dmz-s1-nsd.neusta.de" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxXQWXdQtNC/jRUZx9HbEFJfAIBswkbMqyEHmVLgIdPEz+VOrKoAPT9f9lEXWlbOI89R862bhezL+fKJyjiJah1wAtl2LOw0jN9HQkFG7dlVf8Oq5/N1M045t9L6ZLhiy6uBLLvYMB1bXSowYSWQ4=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="_b56b1f9072ffa08aafca6e3f844f2b8f6e4ec1fa3f"
                    NotOnOrAfter="2020-07-08T14:08:03.079Z" Recipient="https://kpluss-abnahme-dmz-s1-nsd.neusta.de/saml/login_check"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-07-08T14:03:03.073Z" NotOnOrAfter="2020-07-08T14:08:03.073Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://kpluss-abnahme-dmz-s1-nsd.neusta.de</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-07-08T14:03:03.068Z" SessionIndex="_d5e22e2de4b09019dd02b41a38d2df4a">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-07-08 14:03:03,088 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://kpluss-abnahme-dmz-s1-nsd.neusta.de/saml/login_check
2020-07-08 14:03:03,088 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://kpluss-abnahme-dmz-s1-nsd.neusta.de/saml/login_check
2020-07-08 14:03:03,088 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3664886c703a5ca7deaebd4c1b5c04be"
2020-07-08 14:03:03,088 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3664886c703a5ca7deaebd4c1b5c04be and Element was [saml2p:Response: null]
2020-07-08 14:03:03,088 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3664886c703a5ca7deaebd4c1b5c04be"
2020-07-08 14:03:03,088 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3664886c703a5ca7deaebd4c1b5c04be and Element was [saml2p:Response: null]
2020-07-08 14:03:03,091 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-07-08 14:03:03,091 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://kpluss-abnahme-dmz-s1-nsd.neusta.de/saml/login_check' with encoded value 'https&#x3a;&#x2f;&#x2f;kpluss-abnahme-dmz-s1-nsd.neusta.de&#x2f;saml&#x2f;login_check'
2020-07-08 14:03:03,091 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-07-08 14:03:03,093 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://kpluss-abnahme-dmz-s1-nsd.neusta.de/saml/login_check"
    ID="_3664886c703a5ca7deaebd4c1b5c04be"
    InResponseTo="_b56b1f9072ffa08aafca6e3f844f2b8f6e4ec1fa3f"
    IssueInstant="2020-07-08T14:03:03.073Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_3664886c703a5ca7deaebd4c1b5c04be">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>LswpJMLYfKTV+JxMo7kxl0E5ESXnCRFyMjOVoffPZZg=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>fBuRIITNtdOuasLpeL+HB17UkDdH4lx6FS83LIedQ1N6NgjiG1wT7m+fQ/pUAQvVvsj9PcNN0AmLmL2x0EoP18SX2RKPhJMH47OrWXtt+esUcD6m1uJW4QFRlMGcxwVXJSP3b55I7PUHkXbkkdCqCBbfOQCmAgXgQujO5TU/gPsKUWJT35OsfFwbZFVKdbfTPJfjoxjrwjzU9IcCMmIxkuI/rOu8TVBYpnTGvD8jugBI1QTprT1aHgK55qqVPvg4jGkstQvdiRXxlw25Pd8/DYD1pXtqVydvmIPtg45d93cE8isMBMrW5AYhwELZiEEccoJbozk7NQpnqstZ/hl9Hw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_3612014b14fc073c54b047d14f924803"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_90eb8a5b064f6d3921866852d3ad8620"
                    Recipient="https://kpluss-abnahme-dmz-s1-nsd.neusta.de" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDyjCCArKgAwIBAgIJANZLMiMszO+tMA0GCSqGSIb3DQEBBQUAMEwxCzAJBgNVBAYTAlJTMREw
DwYDVQQIEwhCZWxncmFkZTESMBAGA1UEChMJTGlnaHRTQU1MMRYwFAYDVQQDEw1saWdodHNhbWwu
Y29tMB4XDTE1MDkxMzE4MzU0NloXDTI1MDkxMDE4MzU0NlowTDELMAkGA1UEBhMCUlMxETAPBgNV
BAgTCEJlbGdyYWRlMRIwEAYDVQQKEwlMaWdodFNBTUwxFjAUBgNVBAMTDWxpZ2h0c2FtbC5jb20w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7pUKOPMyE2oScHLPGJFTepK9j1H03e/s/
WnONw8ZwYBaBIYIQuX6uE8jFPdD0uQSaYpOw5h5Tgq6xBV7m2kPO53hs8gEGWRbCdCtxi9EMJwIO
Yr+isG0N+DvV9KybJf6tqcM50PiFjVNtfx8IubMpAKCbquaqdLaHH0rgP1hbgnGm5YZkyEK4s8xu
LUDS6qL7N7a/ez2Zk45u3L3qFcuncPI5BTnJg6fqlypDhCDOBI5Ljw10HmgZHPIXzOhEPVV+rX2i
HhF4V9vzEoeIUABYXQVNRRNHpPdVsK6iTTkyvbrGJ/tv3oFZhNOSL0Kuy+Q9nlE9fEFqyUydJ67v
sXqZAgMBAAGjga4wgaswHQYDVR0OBBYEFHPT6Ey1qgxMzMIt2d3OWuwzfPSUMHwGA1UdIwR1MHOA
FHPT6Ey1qgxMzMIt2d3OWuwzfPSUoVCkTjBMMQswCQYDVQQGEwJSUzERMA8GA1UECBMIQmVsZ3Jh
ZGUxEjAQBgNVBAoTCUxpZ2h0U0FNTDEWMBQGA1UEAxMNbGlnaHRzYW1sLmNvbYIJANZLMiMszO+t
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAE0HxNZpi/gSVrkhQ756AgIC25l6A4C6
xZ8iAZiBApJcVdUZytBgpzypFSd8yg7Yh5P3ftlDjYEMB/uIvBsKe6HQyUy90VrSi4aaGC/7ilj6
DTCX3jeuuH1JnU6sBxhN9IiJRY3DbMzY5KAdtK/1fYlKa6PugXruJWrB3bC1VaFWLjMytnvaEQxj
am4bsj1sF0+v6jL3RIQzdW9jJ7Udoul5fGR56A0Uhi0lqObPKI2lIK1psWXLwksdvO9NNt9Vm27Q
LlklvpYuIh086wLmbiVmO+VQxDYwPmL8NEiLSA4Po/q7n+qV7Vx/EtIKr7lwZ2Micv5Xm0sequAb
t3dnqPI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>QGaJIKe7aQEtb+2d9ZEl4pnCLtmma1BZV8+xrgsl1kdyrMoMCJHHYISe1lQ5IP+8e+IffSG5oTaHUp08n/gzGXy3+gGuouDj8SBRM1mSy216ULKeeElCb7mHTvSST6svPIfsGr0wfZPrxjmWD6J0fHuIZzwmQo7qlc8QJbex2VIcdfofku4+gXmEMQ+jWirqNOJG1crvvwus0/ZmYKUIel0S3vskO+/QeoXHSEd5eVE0DG60ZxushI+10feVipgOdk1EUg0AEte7stfeIIKo5PyeP5tiMOohZSFBpebUonK+gRTRiWe4DRhQ+TDYVZo2bbv9xD5nl8OuRb5jMFpnsQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>PfNhxqVxwUEKbauS8pKdYJiAyqxHvoJ+ree+ukZ0x5F4IgHRTQ/noLMJMMWzvTUNpuJPjusB6PCs+saFaeGok7XFBlbrqD3DvrAStNh7JkAzi44Uf5wji4mWyCcMod4q35eYtUZDVC0g+fqIe61GhOfs2MONQoi0FSX75szMHx8ApkaN/tlLnv8BN4LDWUF5hrulby0ib2ZqeQoNUcJzt+HPwwEdW5DenSoq6rm7h+WxlSwoOhl64DbRST1xXUhHcKooPZaNSsOaUYvbvqRmDyreQfyJhPqidSi/lBSWeWUcZ25lWtMobWCUHebNZF8P8orFoZnDWLQpcqT18aNyx70yAaRu0lcTK8JctOppQNQHx9+mEd7gvXoCam1S3Iv3YvrloEZ4H1QqBXB1B9EDHmk7mVYCHX7Johkzi/UpzlHHQ7lBdi87oqcN7fIDh68b4OluIKaFALscw0/WT164QQJZ46V7SWkpp2iKTG0g5c98GnhTsbP1EnSimpdBPiFNdskP2YlnHObrR86Q4cG1qWsp7tIdZ1pTNYMP+MqraBTZfO6XgKR5B6vpjvRsMrJPZoW3ylrzuWvhq2gWdHGm1+L7X10O3B40PYrCQYVoY6fHnHfFXknDidUADemuopH/t2WWkR45QrEBEAUfD5CWq39+IhhQ7/6HCftC1CULfD/jFuy9eN55J5VQAB/3fozQC6C0o0B4TK5qnDaQT9p/xmYwEiPhnmgfByTFuRXUNRK9oUm9bjQhADogzhksqO4NiTEHtLVPyIY+ZUn61A9s20DEA6dJK2v/moO41p7SUvKDfz5VLuX7aCPZMdAIvzd8kmVLujNLtQ+raLU14B7QzX7cO5XCT21Po6AZnK/gQV6iOK+Ksm9NEXnnE2SBN922Ptkz3dn6jNFeJWcE1Ju/QumLG8PkFJ5I7B2jnmoCbdl+/BJJRyoIMANxroKhBwRF9VtJcO+YhrxR3DZ3bgQuT8JWJbtDCl0/GtAQnS7L5iiwzDiy+WpsUyoc9oI7ouj0PWB+5PB2YakOUWMemO6LP7hkjr12xOEjOqzlEv+T5QBr8N9HwNg5IS8TvTVnTD51WsroHlO2+mJ6EhA42G0U1Kk/Fht1oOhy+qsVIx4cyE8sMbldI7q2UggVkk/f2IS207rkif9+vg0S202lyfTHJbOXtKoUwUHWQgwVDVVsQ3sGbF3VT2o/s0qRSU2CuGIR4/VUEd/rnw3GFjt431yqFyXeS4aGuqAhoEeFRZw6ZHcRmCbjJUxOM8A8bn3igW2abN1ZJuJ/xh7tN6qr40yLtARtDegU/6ORR0xeSZEEzlWMB89CJemZlRPshZlOyeFZv/CtPeRa4QZJy4ctgrd6sVFBOun9W8VFBqCP6t2318c7z8KGxGo02M0spDPH5P2JflN1ng9bnoTG3bd+Zo10NOnKIYy/hjMG7LzuzdcKM57gt9zil3IlLXBj+8z7ZhFFTp5lqZp72YSLKXoadH5M5V7WrSZeN8aKvY7/ysurpPbOfAybuW4+umwkxLPE6lr9UJMQQCMHHhuTCUJBt7rhggRhTiBsN9xsH5P4bqGhX8oBnvehWpppIE9j42XqJXcH46RXNao0u+6NnOlGE04uoMMqrKPwzTlkTalkEyBOHotcOmrrPmSx2Y7GC2J5BEZr0IofCLx33A/bVyVBnV5aZ+efndUcjsXlNcMe/NtxxIJX9YpANx7cvAq8TEtV5VBh37RyQA/6g7iZ3ZWm5mHSTKfHkBz+rpgNvThScgfoIVPFqcOuHMi4KmSAFvXleFnDGJvwxBDu1K1Uer509JxzfwSbGcUqNBoR0Y0Uadm9PBs/H/oXSoODpnSr3ootplubVc+/iWnGSb+zATGGfAdYCQur62yAqLaWMrAugDFmNnByqY7vq+ShBuDdzs13NMcIyRLP5t1Fg/WyGL6c1jxN0E4HkSkULKgHIhpXy7LfoQZibX7U5+FbetJAJrvrvJpGNJjuojhxVglkuDxStxmovmiYhWSjLIssU2T+/YW23vELXrad1TEuuu8viU/m4PbBE+Vt/ZWDwytLcl4DRyKeeFVcQspDOMSDHhC8tQq7ahtFu1/GIxkB+jilCjcvAv0yBWnDXPkH4XKDHYmGvaraDzPKRk79UQm/ZcYtbxpktfdt2Gr9fq5rilcpkZqNbvH5TsXn3biFyhOSWoVgwd4rptDIy+zKVG5U9dNgvpoz/Y1fEJOYcwPCr+ZUpwGqHvrXmkibJlnYJ9o/rw2rFrUNwY8CkFQgPveGwhQq4IhtRsvMZDBNmDDmszabV+78GPEeedzvWSKkS6WD6IYHkSw3G7RvNDposcHWKw26kia5Xa40/4sK4gndnNPubzyaLfVL1vUksSe1R1CRyG2mD6lr8A/fGq5hokZ+tHiIWCmpKAEfrTg8b6m6GeXy+gDQuVL+d2P+Oi5wUfgOo9JC4kOpAdCM2hrkddtSk+aRj8fMS7PKCmAoM3DuHiWEO+EPzolGCJYvq6Tsn+8/pDOO67SQnrFiUqgACPbo2jKamx5zw13wEnZdv/CvW1eaxEmRmVb6/o/2VLN677UWqHQp3XnWmFuz++7Z6P+k3PXXzHWLOnOvMxVGF5kECSs/fz9lMmf69vvZNlx50cJnO3IeMkSGGkCO5t79Sr+enill84iz9jWWYBNDGPKWMmLScABJeuFbSFpn75l/wBf5Yyo6KLenZA5VXIRKu+odPWhW/AvPf03MOxh1g7gddZz8ExL4Ub19lut23L6b+UIlN3vrI8Jty2IewatNEo14VOn8jiCV/vXSJqYrwGswJP58j0ozp43GAdnkZfYxZJKp1wdnMblf7422pMPnP/z/ZM/TVDbMm8BcfNNQR106M5KRmsAThdyJtOILbVdAd8zRO5Je39miWtja2094nhuWO2T39jbwjGL9qOg29l6/SvPGPRiaDTW9y4CZnI53Kgns/C4zDd9iq3aCZPZogivAivbpWJehR50kLPsxsIYUVM9AJRksMnVrFimMjPTVyIBPh4ClR8WoMq9sUblFPQf4Yy/FgqOOrTm3fYzKRC4shEkl0n4EnL8PWYwQ82Lr7H+d+15kSMTPSyaMLTqd7PzWi4mR6QKU8aue0MZNM0bIuyoMq6sxfHU3z8m0s0sIRjFNfnqBHCMfA50G0Uu0qvqZ70p8SnNQTBs0563RELsDxKKAYec5pOuimWoAJ8c8ccb9eg5WK5ez0EQDP5/RLHlzRPA3OScp9zrRkocZ2WIO2Qad1o7xA8/GQS/tjGkvApVLUIExuFZe5LiBIHpIYr/fPAs+Q9zqN+uIiQ9mjDQlpGzZQhRaezvncFBbeblnQubtIOrrYJJDyJeECxWp4r0ytv+9H+pZUSgoeBVRZDcx2D8R4DhoxbAgGrR0LDRT8tjQe33mkEvKsmQK4ZIJbX/ZUj5mc1njX1f8q2Xl1yj9rOwiA4aw9xiPM0Lr1j9ukYhLr4CtwTu7A30sKmTMfHT2ZLrXgagXqY0VRdRbPOW4X1w2fMAQUw9p+s5ueR6GQiQGcXRDgIg7bG1eipwD6cm+ihsNfXPAgv9eJp3N0quxYeLwr2pfqbN5YeVouJQOs+2YX5VbxsI72XwXxvJZNb1mYFAN31+h38adVDiSihmJaXP9oP4MLVi4Wm3cmojmqRtnwA3Qy5eW+hyxXLmYy4PUYHbkCzFMPFEiwA3pQYghhuJvZhWOMNrwRrtbhJFmCo3MzIp70jd796kp4fi+AcyYwTOwnnfaALULKBPAx8uM4xL0bPm3TEldNvBEBFM04T99yG4P51V3LsZyszrgVBVxFeOmw78AMWO2KKSy49fX8XNSCxiDlVJ/apNe+inUITQFDKR752apgCq9SJySGd8NIHz5eMxc8NfE76W7XByRXOzDMGk4bumFsWs2/GvSTPB+m8G2anMlEXaYMnvnO81Hyf1vztZbTjS2lULZlFLJHfjRKx1jlkBuvp7tHxqJwYaUAwU1iVzWkzYSA4NFbO3EWttW4KKgxckTwGZrm9JbgTgMAwGUkF70aXiocDD96EJCr3WjKdiNTma2RqUIn/4QBcoYxd43zIFsUg3ADe+PUHT4REtUYa2JupJ5JTmvm7iRIBXMkd0AZDWracQu21m7qUV7R6aIW5joD5VGJOBzbgfHsl3JMd+k4SUNru4Cdhy+sg3fpq2ufynDBbT/iT6PL2hp3gxboh6RfEf3vvB6ee3OSrcWvY6HZfNfaCxi/BUGAbUWvueKAn9255C5WH00VVA35GCgTSMDgxY3c6F/0K+s0Yz3BcTyp6yx6CxqpfK2s8s+U4RyI6Z0c3d0cG/ZTk2fB9vHmcxhqlm+K9M8Bs7DhiZ/dCJRebxhACnpWDWWjMeHZK09PbSDmUfqRrZw/djwr/Fda+ytocoz9A14PUOyjq3DSEFv+pTCHAYID2y0KxMW1vi77B9ankXPLpLnbWJSFG4gVumD14TNoMkaaxm1kYRgtecIgWWF6vC47Pv0oUwa/ckLpsrx7WBdrNMSnrXgzQabIzcOnJyce4/1SBzpFGKQJWtyamFwPoaMK8+0vola0QXgjWSSR6AoBe2kCnKmgY8SZH8W83vKrsC6Zs0Xfw7JnkAqQj+BGmgNmsij8sAs9upV4FH9O2+eALXE25sV/YMbkIqOS1lTiFE2d9C4+GPwVLUOnWLKQF6eAZ/waQ4gMfUI1G/bLeVKi/UbH0bJ4aFh38qtDOUwuNmWlaMmdOKOkdOqZng/iNhbRnYHVgj6t5X4Jo7+1xT7/SijLgcWxoF8Ozb7ogetbXYhEGE5ivBj1lamlYm1n0vkCFltpiDdAJtgnU45gDN0W1uTZHiZBm+vabWSEla7RhRkhzJZw0SIVFsebblEytZxXIL2RCW5Y12qhb/8ISzKuFeLcYaaqDEX6xtYEBAx0+3kereW4tFCu1cMYyKLzrOM5qnYAgDOyeqyE5VBFIwYzaiMvoSwqYhNph/NX2TBA3RyIecvvFBzRWHBsd0+NVUQRaOSUP8TQR4ZdTJvobephKKbr44Uq7puuHRFKBIVI06M3gEbdCHF/Zega5YK807IILU7F6b0lXQ8Cu7ONBDu1FVrjOuGhhPp3roD9NQ2ArBfAjFYDLAhNre/s5p0g3uF7FC/8LEmHClqpPMWGqyi+umE2S5Nf2Ih0o/yhLiqyQACrE+DrY2JazG1IH7M2b9GHkYGqDOlB8Bhj0IYYR9tdq7JfyjO0Nxt00AJdZ3upE7ipO+uI9xpHp2CVNhGf1Z6IkqGGPa+cGQCJn7RDPjAUnFvQvt7bjaU3ISasfX2IewcXjJtBmeD6RTuZY4VpILv4YRW1Dq3qbqEjSBNbW2p1L+zPdAGlKzewH72lLHq1+KsS14UAJ8qLxvnRzaAjsFUdZfwdPQ32qyAj7VFUipcKguaqRSJv2FQ89UrCofljb9ywYF7mgw/t0jFbKzC1TGywivfhJhfJgYnZM+RN5cFzS6XBuDKSzydeh9NYCepfg7ADMdUowJuKRPJMlWuZPJYCf3SvlHJWomOuY501DMZe85SvUeLGNOYocivwquqKWwzOvVdLYoGHghUCYNPr08vBkL5iWgHS5OUgCYsxuM1XDGuO11sFdRiWC3oDMlrIT6f1GGTnv/pdm4A+H3iMTnRqZPXS9S1hNqVbZj8pNbtpIEV4Wd9/0dU4yNyJphDFaDgNsH/rp6Ctt1+9FiL3sTKw2UVAn4Lw97Ex3pA0TOD2BTaX2vpvrLesBAys/wtVf1ySMyMmkJtBHB4JfOrQD2qIUXfEiI9g64ThQ6weLHQOm/3jr0QQlgHw1uW34oD48bHn5TTKCaC6Wef5VZVmJ9r5ViKkhQS/+qMLxaT7JlCDyl66nKN6g67rGnCkU2pmxRuIe83utaGDkJtvibGsDO04PBPbvSpXgavLApgFwq8RWBrsTHExJlVN7VJhYDOMZQ/7pCu7Swj/uKiYHKXehHusSKLUs6yURLh8C7xE2zTmKqwRBdaEo6CrT5j/RC64/pyelz+m+2UwZXp83x/zae3wrmOlbWdzuBy4qyV276Y4qFNoWeZITmrt8aEpuoRUYRwOlHQfLqwZJ0v+dv9xlpZXQr4i19xgHKxKKV/kjBywPjHdsawaZsTM4oo5Z22afqNqDhMa6Jt56xQFU0utvA3QSKfqNJc94EIH59K7ogVMfV52I8sP0lXdz0qhPfg2nYn6zGSGKWs11uF2I0dR1yhL/I59wOBDNpd8kn4ymYqlhaLlGrYNX1PEchKNg6a2yD31z+eXa0wELvngJtANno89KzLDAeJT7RGGyAz5GdjgO4YZ+r456NfOLNv98H4hCn+El+QMwr6NQbPIS0j6Vbv+7UgW1B9DK4FQRI0pZz48y084cE6lUpfbVQ+V/F68Ca6eI0kQFx8r3kfDDH/518WXUXUn15ZgJbKqdkmypbGF435cO0aGqM4VYh8L+NTuaYe0BJMbdnDDiPxfyV4Pq0EjvgiH1W9JBD6p5It7Wh4W0W2BOCIYeI83VXUdgOvzNyBPkD0cTBqGFcliLoRDaMuf53msTPq5N2yRRc0/WbDmrWcYtbBN9KeqOtks53uc66xG3iwbj2kjyYG+Xw+X6uX2vWhCj7NkmhB+IuTGBvHB2DE/g5AscvksIvtLihILpYzja2fh9ElbZ3z75ixPGqOFUkfM1Fbsk8ZUH/L/AwBas3g315hddZGa0K9UIO31aqkj6c/lwfR2oui/1jBruaxT4Na48O+I5zCSztI0CzR3lJkjazjfoX0KOKd5n78I+ERT/00Fr/miT02vLz6nxk8Arh0uZQ/GFiCGznjo0eI2H7eGBk6yBkvpthwCx5vsThOvTG8cGRz7PvBwlTWNMk6MWUykpCYb8KLLgiZFXeyS4hpi09v3LECOq7caIv6yYCcT3bm2HwwzXfz6tISBaiB6qOFacBJrTnDBcXEmwlTHun+oyGpSIMiqHOYoWps2wvLf7JsmWQsehJsXswk3cv1K2Efk/52AultlJUMuHkcHThDx/j7WKvoyIimel5+h0GOtYmpIDbV05Y7D1g06EhbjCbT8r2J24CqJGuecm2+s37vQTcWIvoa1r4cGXCPhlFmLIqIDCkcmMMqSqzegAK68tRz6zQi7M5pLJInb9jRAYd7E49B+KIug8eBnjYPXHXh4frMBn6+Y1wJ5VMJ2fAyyh+s6CvJ//oRu/5cyYZC5BGcmAhfCkP2B9bOd/wQCMqF+m8SLhrfuir84EfJRrgXSNzb8lfrXuS7USdGfIn+7Xe+SV+vXD4rZxN+6cVK2D9nehKdR7bfXPWillHJAwg2zMHFDt4SSnY0h6hGNdmPtoFxYTOUl8zsKdtWFopa1R4XXEn8YEiof7lWTSFZnUZg0ogCspD3tePsWpSv0hAtHL0XIHyyiZJ1LysTy7GIX96k8wwQR+3UKXO7Lh49zEOPbVAalJumj6bJvIywktmIJ5jSobv8lvVjdS0x7XF/D0CqU236Uo2lSwrMW6O7A0S3qn3smBPxtGJl9pVaaPFqTCbs756YXE8KFdMiooDT3uY0u8I9U9ogDKo2yzPpKGAcVos+NhAGrFHe/HXcib7sMnob1+CUDdS908U77RaYf0AvBNl35ezASUMc5v5nKqajzUSAc2BqTJXKCL2PCw6dzIdbPZit0i1++CL5nRLMaP0qRuDEnWm7cm1yJcOGDrM72RQ7MOutVRIN7aX6DJ+zUdsd436BSJr5NTCqSLymIIaCtKCTu0v7OLlhXjSmnoKg/6XHgv2OCvV6L0xqz6bScFJkJDhtRdbYeftmGatZFqnxZjaT7i76VL7hRthe1CIuMNhyJTT1XZNk8jrZ07OeO2O/ZNtEVJ55U8bj8UEMhg7zY+XXgJRS3WafZjV4Z/l4wF2svmA4E5Svtm3QYbBDb1ZgGt3US+hq1blO4exoIHcWTphBe3cXCemXbM/UJQbdDcq3HKwCSWJH3MHSau+qGc1cU18Hec4lzvdN86fpYlgnRgOadpu9Tm7jfjU9AJaMmjZQQBARq86AvQ==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-07-08 14:03:03,093 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-07-08 14:03:03,093 - INFO [Shibboleth-Audit.SSO:?] - 20200708T140303Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b56b1f9072ffa08aafca6e3f844f2b8f6e4ec1fa3f|https://kpluss-abnahme-dmz-s1-nsd.neusta.de|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_3664886c703a5ca7deaebd4c1b5c04be|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxXQWXdQtNC/jRUZx9HbEFJfAIBswkbMqyEHmVLgIdPEz+VOrKoAPT9f9lEXWlbOI89R862bhezL+fKJyjiJah1wAtl2LOw0jN9HQkFG7dlVf8Oq5/N1M045t9L6ZLhiy6uBLLvYMB1bXSowYSWQ4=|_b71588cba452414bcff0048b76278004|
2020-07-08 14:03:05,431 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://127.0.0.1:9090
2020-07-08 14:03:05,431 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:03:05,431 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:03:05,431 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://127.0.0.1:9090/saml2/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="ONELOGIN_1ccefbc4a5032670f73af72c212ba8c64410104b"
    IssueInstant="2020-07-08T08:39:21Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="SP test" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://127.0.0.1:9090/metadata/</saml:Issuer>
    <samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
    <samlp:RequestedAuthnContext Comparison="exact">
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-07-08 14:03:05,433 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://127.0.0.1:9090/metadata/' from origin source
2020-07-08 14:03:05,433 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:03:05,433 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:03:05,433 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:03:05,433 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:03:05,433 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:03:05,433 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:03:05,433 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:03:05,433 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://127.0.0.1:9090/metadata/
2020-07-08 14:03:05,434 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:03:05,440 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:03:05,440 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:03:05,440 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:03:05,440 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:03:05,440 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ONELOGIN_1ccefbc4a5032670f73af72c212ba8c64410104b', issue instant '2020-07-08T08:39:21.000Z', entityID 'http://127.0.0.1:9090/metadata/'
2020-07-08 14:03:05,440 - WARN [org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler:?] - Message Handler:  Message was expired: message time was '2020-07-08T08:39:21.000Z', message expired at: '2020-07-08T08:45:21.000Z', current time: '2020-07-08T14:03:05.440Z'
2020-07-08 14:03:05,441 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageExpired
2020-07-08 14:03:05,442 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-07-08 14:03:13,938 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: MwMdI4wlTeB1UdKfu74fg4YXpY5lIHpd-7N4q9dsg21VtnZXfouSdjvE
2020-07-08 14:03:13,938 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:03:13,938 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:03:13,938 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-0ac8c3134ee04b7157b69d7b0138f445b776eb66"
    IssueInstant="2020-07-08T14:03:13.825Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:03:13,943 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:03:13,943 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:03:13,943 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:03:13,943 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:03:13,943 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:03:13,943 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:03:13,943 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:03:13,943 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:03:13,943 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:03:13,944 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:03:13,944 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:03:13,944 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:03:13,944 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:03:13,944 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:03:13,944 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-0ac8c3134ee04b7157b69d7b0138f445b776eb66', issue instant '2020-07-08T14:03:13.825Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:03:13,944 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:03:13,945 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:03:13,945 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:03:13,945 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:03:13,945 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:03:13,945 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:03:13,945 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:03:13,945 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:03:13,945 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:03:13,945 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:03:13,945 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:03:13,945 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:03:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:03:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:03:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:03:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:03:13,946 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:03:13,946 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:03:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:03:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:03:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:03:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:03:13,946 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:03:13,946 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:03:13,946 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:03:13,946 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:03:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:03:13,949 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:03:13,950 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:03:13.950Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:03:13,950 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:03:13,950 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:03:13,950 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:03:13,950 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:03:13,950 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:03:13,950 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:03:13,950 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:03:13,950 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:03:13,950 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:03:13,950 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:03:13,950 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:03:13,951 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:03:43,913 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: dakN635AXrKzEPJnc4WuWmUKUt-tpXeCP7F4r341g15EDf7Ahbjgp_QT
2020-07-08 14:03:43,913 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:03:43,913 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:03:43,913 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-f9f0efb4b5662847aa2f3a47845f42be0628ce5b"
    IssueInstant="2020-07-08T14:03:43.803Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:03:43,918 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:03:43,918 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:03:43,918 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:03:43,918 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:03:43,918 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:03:43,918 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:03:43,918 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:03:43,918 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:03:43,918 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:03:43,919 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:03:43,919 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:03:43,919 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:03:43,919 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:03:43,919 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:03:43,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-f9f0efb4b5662847aa2f3a47845f42be0628ce5b', issue instant '2020-07-08T14:03:43.803Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:03:43,920 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:03:43,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:03:43,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:03:43,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:03:43,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:03:43,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:03:43,920 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:03:43,920 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:03:43,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:03:43,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:03:43,921 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:03:43,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:03:43,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:03:43,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:03:43,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:03:43,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:03:43,921 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:03:43,921 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:03:43,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:03:43,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:03:43,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:03:43,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:03:43,921 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:03:43,921 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:03:43,922 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:03:43,922 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:03:43,922 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:03:43,926 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:03:43,927 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:03:43.927Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:03:43,927 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:03:43,927 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:03:43,927 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:03:43,927 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:03:43,927 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:03:43,927 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:03:43,927 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:03:43,927 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:03:43,927 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:03:43,927 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:03:43,927 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:03:43,928 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:03:48,866 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://127.0.0.1:9090
2020-07-08 14:03:48,866 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:03:48,867 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:03:48,867 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://127.0.0.1:9090/saml2/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="ONELOGIN_1ccefbc4a5032670f73af72c212ba8c64410104b"
    IssueInstant="2020-07-08T08:39:21Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="SP test" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://127.0.0.1:9090/metadata/</saml:Issuer>
    <samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
    <samlp:RequestedAuthnContext Comparison="exact">
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-07-08 14:03:48,868 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://127.0.0.1:9090/metadata/' from origin source
2020-07-08 14:03:48,868 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:03:48,868 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:03:48,868 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:03:48,868 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:03:48,868 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:03:48,868 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:03:48,868 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:03:48,868 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://127.0.0.1:9090/metadata/
2020-07-08 14:03:48,869 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:03:48,869 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:03:48,869 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:03:48,869 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:03:48,869 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:03:48,869 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ONELOGIN_1ccefbc4a5032670f73af72c212ba8c64410104b', issue instant '2020-07-08T08:39:21.000Z', entityID 'http://127.0.0.1:9090/metadata/'
2020-07-08 14:03:48,870 - WARN [org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler:?] - Message Handler:  Message was expired: message time was '2020-07-08T08:39:21.000Z', message expired at: '2020-07-08T08:45:21.000Z', current time: '2020-07-08T14:03:48.870Z'
2020-07-08 14:03:48,870 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageExpired
2020-07-08 14:03:48,871 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-07-08 14:04:13,906 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: 26MCh81WIrh9hVOVR-RxBO2IM9k_tDmTD_GwuQhgWdGVdcMOgtrpYst1
2020-07-08 14:04:13,906 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:04:13,907 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:04:13,907 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-d99f748768faff1866f9a9039b59f86bb974ab40"
    IssueInstant="2020-07-08T14:04:13.796Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:04:13,913 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:04:13,913 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:04:13,913 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:04:13,913 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:04:13,913 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:04:13,913 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:04:13,913 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:04:13,913 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:04:13,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:04:13,913 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:04:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:04:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:04:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:04:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:04:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-d99f748768faff1866f9a9039b59f86bb974ab40', issue instant '2020-07-08T14:04:13.796Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:04:13,914 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:04:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:04:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:04:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:04:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:04:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:04:13,915 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:04:13,915 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:04:13,915 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:04:13,915 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:04:13,915 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:04:13,915 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:04:13,915 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:04:13,915 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:04:13,915 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:04:13,915 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:04:13,915 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:04:13,916 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:04:13,916 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:04:13,916 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:04:13,916 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:04:13,916 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:04:13,916 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:04:13,916 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:04:13,916 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:04:13,916 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:04:13,916 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:04:13,920 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:04:13,920 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:04:13.920Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:04:13,920 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:04:13,920 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:04:13,920 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:04:13,920 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:04:13,920 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:04:13,921 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:04:13,921 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:04:13,921 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:04:13,921 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:04:13,921 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:04:13,921 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:04:13,921 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:04:43,906 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: gCzagj3G7ESHI36kwbVZLNHkimyWlAl_mVbEZMq-n1sRDWJpp60moW4z
2020-07-08 14:04:43,906 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:04:43,907 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:04:43,907 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-db050db83642909ca8d1b617053b3a4149c48d00"
    IssueInstant="2020-07-08T14:04:43.796Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:04:43,911 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:04:43,911 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:04:43,911 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:04:43,911 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:04:43,911 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:04:43,911 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:04:43,911 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:04:43,911 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:04:43,911 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:04:43,912 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:04:43,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:04:43,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:04:43,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:04:43,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:04:43,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-db050db83642909ca8d1b617053b3a4149c48d00', issue instant '2020-07-08T14:04:43.796Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:04:43,913 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:04:43,913 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:04:43,913 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:04:43,913 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:04:43,913 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:04:43,913 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:04:43,913 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:04:43,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:04:43,914 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:04:43,914 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:04:43,914 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:04:43,914 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:04:43,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:04:43,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:04:43,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:04:43,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:04:43,914 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:04:43,914 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:04:43,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:04:43,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:04:43,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:04:43,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:04:43,914 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:04:43,914 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:04:43,914 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:04:43,914 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:04:43,915 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:04:43,918 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:04:43,918 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:04:43.918Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:04:43,918 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:04:43,919 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:04:43,919 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:04:43,919 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:04:43,919 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:04:43,919 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:04:43,919 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:04:43,919 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:04:43,919 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:04:43,919 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:04:43,919 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:04:43,919 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:04:51,649 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://127.0.0.1:9090
2020-07-08 14:04:51,649 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:04:51,649 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:04:51,650 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://127.0.0.1:9090/saml2/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="ONELOGIN_1ccefbc4a5032670f73af72c212ba8c64410104b"
    IssueInstant="2020-07-08T08:39:21Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="SP test" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://127.0.0.1:9090/metadata/</saml:Issuer>
    <samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
    <samlp:RequestedAuthnContext Comparison="exact">
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-07-08 14:04:51,654 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://127.0.0.1:9090/metadata/' from origin source
2020-07-08 14:04:51,654 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:04:51,654 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:04:51,654 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:04:51,655 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:04:51,655 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:04:51,655 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:04:51,655 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:04:51,655 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://127.0.0.1:9090/metadata/
2020-07-08 14:04:51,656 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:04:51,656 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:04:51,656 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:04:51,656 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:04:51,656 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:04:51,656 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ONELOGIN_1ccefbc4a5032670f73af72c212ba8c64410104b', issue instant '2020-07-08T08:39:21.000Z', entityID 'http://127.0.0.1:9090/metadata/'
2020-07-08 14:04:51,656 - WARN [org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler:?] - Message Handler:  Message was expired: message time was '2020-07-08T08:39:21.000Z', message expired at: '2020-07-08T08:45:21.000Z', current time: '2020-07-08T14:04:51.656Z'
2020-07-08 14:04:51,657 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageExpired
2020-07-08 14:04:51,657 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-07-08 14:05:13,901 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: TG57G5lrPZwOa4pCUuhMtO-pL7Mu6-2jmAT50vW6l6Kdjo-0Y9L0BXZe
2020-07-08 14:05:13,901 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:05:13,901 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:05:13,902 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-fb10182246f024eedfbe835812f250de2e4e361c"
    IssueInstant="2020-07-08T14:05:13.795Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:05:13,907 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:05:13,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:05:13,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:05:13,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:05:13,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:05:13,907 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:05:13,908 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:05:13,908 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:05:13,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:05:13,908 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:05:13,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:05:13,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:05:13,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:05:13,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:05:13,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-fb10182246f024eedfbe835812f250de2e4e361c', issue instant '2020-07-08T14:05:13.795Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:05:13,909 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:05:13,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:05:13,910 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:05:13,910 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:05:13,910 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:05:13,910 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:05:13,910 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:05:13,910 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:05:13,910 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:05:13,910 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:05:13,910 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:05:13,910 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:05:13,910 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:05:13,910 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:05:13,910 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:05:13,910 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:05:13,911 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:05:13,911 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:05:13,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:05:13,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:05:13,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:05:13,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:05:13,911 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:05:13,911 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:05:13,911 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:05:13,911 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:05:13,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:05:13,914 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:05:13,915 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:05:13.915Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:05:13,915 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:05:13,915 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:05:13,915 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:05:13,915 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:05:13,915 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:05:13,916 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:05:13,919 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:05:13,919 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:05:13,919 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:05:13,919 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:05:13,919 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:05:13,919 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:05:19,529 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: 53lxQq4PHEaPxic2FZOa92CFJkXMGjTxHwSBHKFfH2jvrMKW1hZSX_XW
2020-07-08 14:05:19,529 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:05:19,529 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:05:19,532 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-ed83bee6a7dac6926b4d47f8b26f335134f1bb3b"
    IssueInstant="2020-07-08T14:05:18.763Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:05:19,533 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:05:19,533 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:05:19,533 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:05:19,533 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:05:19,533 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:05:19,533 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:05:19,533 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:05:19,533 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:05:19,534 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:05:19,534 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:05:19,534 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:05:19,534 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:05:19,534 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:05:19,534 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-ed83bee6a7dac6926b4d47f8b26f335134f1bb3b', issue instant '2020-07-08T14:05:18.763Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:05:19,534 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:05:19,535 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:05:19,535 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:05:19,535 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:05:19,535 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:05:19,535 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:05:19,535 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:05:19,535 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:05:19,535 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:05:19,535 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:05:19,535 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:05:19,535 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:05:19,535 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:05:19,535 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:05:19,535 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:05:19,535 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:05:19,536 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:05:19,536 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:05:19,536 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:05:19,536 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:05:19,536 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:05:19,536 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:05:19,536 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:05:19,536 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-07-08 14:05:19,536 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:05:19,536 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:05:19,536 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:05:19,537 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:05:19,538 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:05:19.538Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:05:19,538 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:05:19,538 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:05:19,538 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:05:19,538 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:05:19,538 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:05:19,539 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:05:19,539 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:05:19,539 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:05:19,539 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:05:19,539 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:05:19,539 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:05:19,539 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:05:44,354 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: 1kJKrIc85WeFpxg93zf31MO7nd0k_fRQ8lvObgJ8x3nmNzUoroP3GDMs
2020-07-08 14:05:44,354 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:05:44,354 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:05:44,354 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-0f17242768668f6128f97b61bf595cb8f8a586b2"
    IssueInstant="2020-07-08T14:05:43.785Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:05:44,361 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:05:44,361 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:05:44,361 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:05:44,361 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:05:44,361 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:05:44,361 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:05:44,361 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:05:44,361 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:05:44,361 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:05:44,362 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:05:44,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:05:44,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:05:44,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:05:44,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:05:44,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-0f17242768668f6128f97b61bf595cb8f8a586b2', issue instant '2020-07-08T14:05:43.785Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:05:44,363 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:05:44,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:05:44,364 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:05:44,364 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:05:44,364 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:05:44,364 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:05:44,364 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:05:44,364 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:05:44,365 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:05:44,365 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:05:44,365 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:05:44,365 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:05:44,365 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:05:44,365 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:05:44,365 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:05:44,365 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:05:44,365 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:05:44,366 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:05:44,367 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:05:44,367 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:05:44,367 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:05:44,367 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:05:44,367 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:05:44,367 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:05:44,367 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:05:44,367 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:05:44,367 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:05:44,370 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:05:44,371 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:05:44.371Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:05:44,371 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:05:44,373 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:05:44,373 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:05:44,373 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:05:44,373 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:05:44,373 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:05:44,373 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:05:44,373 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:05:44,374 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:05:44,374 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:05:44,374 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:05:44,374 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:05:45,905 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1594217144_5728
2020-07-08 14:05:45,905 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:05:45,905 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:05:45,906 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://services.sheerid.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_4b08a28f617cf8ecc74b729394faa9d0"
    IssueInstant="2020-07-08T14:05:44Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://services.sheerid.com/Shibboleth/UK</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-07-08 14:05:45,907 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://services.sheerid.com/Shibboleth/UK' from origin source
2020-07-08 14:05:45,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:05:45,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:05:45,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:05:45,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:05:45,907 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:05:45,907 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:05:45,907 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-07-08 14:05:45,907 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://services.sheerid.com/Shibboleth/UK
2020-07-08 14:05:45,908 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:05:45,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:05:45,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:05:45,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:05:45,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:05:45,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_4b08a28f617cf8ecc74b729394faa9d0', issue instant '2020-07-08T14:05:44.000Z', entityID 'https://services.sheerid.com/Shibboleth/UK'
2020-07-08 14:05:45,908 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://services.sheerid.com/Shibboleth/UK' does not require AuthnRequests to be signed
2020-07-08 14:05:45,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:05:45,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:05:45,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:05:45,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:05:45,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:05:45,909 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:05:45,909 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:05:45,909 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:05:45,909 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:05:45,909 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:05:45,909 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://services.sheerid.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:05:45,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:05:45,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:05:45,909 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:05:45,910 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-07-08 14:05:45,910 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-07-08 14:05:45,910 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-07-08 14:05:45,910 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:05:45,910 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:05:45,910 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:05:45,910 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:05:45,910 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://services.sheerid.com/Shibboleth/UK
2020-07-08 14:05:45,910 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:05:45,910 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2020-07-08 14:05:45,910 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2020-07-08 14:05:45,910 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:05:45,912 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:05:45,912 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:05:45.912Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:05:45,912 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:05:45,913 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:05:45,913 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:05:45,913 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:05:45,913 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2020-07-08 14:05:45,913 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-07-08 14:05:45,913 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:05:45,913 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:05:45,913 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2020-07-08 14:05:45,913 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:05:45,913 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:05:46,188 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2020-07-08 14:05:46,188 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-07-08 14:05:46,188 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2020-07-08 14:06:13,897 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: Xl-YSlxvo_DvF8yy3nBX1TpsW8-XhIX3e7rIU1yK2_QFyn51UTko7W00
2020-07-08 14:06:13,897 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:06:13,897 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:06:13,897 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-739ac9f2971630fef3556c291d8328e3e2248eeb"
    IssueInstant="2020-07-08T14:06:13.787Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:06:13,903 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:06:13,903 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:06:13,903 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:06:13,903 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:06:13,903 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:06:13,903 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:06:13,903 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:06:13,903 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:06:13,904 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:06:13,904 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:06:13,904 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:06:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:06:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:06:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:06:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-739ac9f2971630fef3556c291d8328e3e2248eeb', issue instant '2020-07-08T14:06:13.787Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:06:13,905 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:06:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:06:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:06:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:06:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:06:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:06:13,906 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:06:13,906 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:06:13,906 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:06:13,906 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:06:13,907 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:06:13,907 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:06:13,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:06:13,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:06:13,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:06:13,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:06:13,907 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:06:13,907 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:06:13,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:06:13,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:06:13,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:06:13,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:06:13,907 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:06:13,907 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:06:13,908 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:06:13,908 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:06:13,908 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:06:13,912 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:06:13,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:06:13.913Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:06:13,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:06:13,913 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:06:13,913 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:06:13,913 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:06:13,913 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:06:13,913 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:06:13,913 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:06:13,913 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:06:13,913 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:06:13,913 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:06:13,913 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:06:13,915 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:06:43,921 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: XOqhmX2v0fWPtaIEVmSOydS2iiYL1CnnVwm9BZ1_0bGQYEOlhNywZxbc
2020-07-08 14:06:43,921 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:06:43,921 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:06:43,921 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-628c878a33935353eb74a7bcfd2960017e73e934"
    IssueInstant="2020-07-08T14:06:43.805Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:06:43,926 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:06:43,926 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:06:43,926 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:06:43,926 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:06:43,926 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:06:43,926 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:06:43,926 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:06:43,926 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:06:43,926 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:06:43,927 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:06:43,927 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:06:43,927 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:06:43,927 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:06:43,927 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:06:43,927 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-628c878a33935353eb74a7bcfd2960017e73e934', issue instant '2020-07-08T14:06:43.805Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:06:43,928 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:06:43,928 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:06:43,928 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:06:43,928 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:06:43,928 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:06:43,928 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:06:43,928 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:06:43,928 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:06:43,928 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:06:43,929 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:06:43,929 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:06:43,929 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:06:43,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:06:43,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:06:43,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:06:43,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:06:43,929 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:06:43,929 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:06:43,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:06:43,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:06:43,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:06:43,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:06:43,929 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:06:43,929 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:06:43,929 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:06:43,929 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:06:43,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:06:43,933 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:06:43,934 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:06:43.934Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:06:43,934 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:06:43,949 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:06:43,949 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:06:43,949 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:06:43,949 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:06:43,950 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:06:43,950 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:06:43,950 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:06:43,950 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:06:43,950 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:06:43,950 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:06:43,950 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:07:13,914 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: yrGx3QYLrKjGgmBWvGJPlzhy570OFrysvgwSSEIIqo83lY-oy8JSxeuc
2020-07-08 14:07:13,914 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:07:13,914 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:07:13,914 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-38f337a3c2feaad6b39e0fde4ae1166977d69516"
    IssueInstant="2020-07-08T14:07:13.801Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:07:13,919 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:07:13,919 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:07:13,919 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:07:13,919 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:07:13,919 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:07:13,919 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:07:13,920 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:07:13,920 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:07:13,920 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:07:13,920 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:07:13,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:07:13,921 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:07:13,921 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:07:13,921 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:07:13,921 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-38f337a3c2feaad6b39e0fde4ae1166977d69516', issue instant '2020-07-08T14:07:13.801Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:07:13,921 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:07:13,921 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:07:13,921 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:07:13,921 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:07:13,921 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:07:13,921 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:07:13,922 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:07:13,922 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:07:13,922 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:07:13,922 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:07:13,922 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:07:13,922 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:07:13,922 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:07:13,922 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:07:13,922 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:07:13,922 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:07:13,922 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:07:13,923 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:07:13,923 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:07:13,923 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:07:13,923 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:07:13,923 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:07:13,923 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:07:13,923 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:07:13,923 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:07:13,923 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:07:13,923 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:07:13,926 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:07:13,926 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:07:13.926Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:07:13,926 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:07:13,927 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:07:13,927 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:07:13,927 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:07:13,927 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:07:13,927 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:07:13,927 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:07:13,927 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:07:13,927 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:07:13,927 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:07:13,927 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:07:13,927 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:07:43,889 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: C9igc86406CvBZfWGnuMwfEGfa29Qyy7DpHHZafY3JFapwYTk1qNHBEN
2020-07-08 14:07:43,889 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:07:43,889 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:07:43,889 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-50fc8e755857956f9f2fe34db75ca53dbd3c2d6e"
    IssueInstant="2020-07-08T14:07:43.779Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:07:43,894 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:07:43,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:07:43,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:07:43,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:07:43,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:07:43,894 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:07:43,894 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:07:43,894 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:07:43,894 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:07:43,895 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:07:43,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:07:43,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:07:43,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:07:43,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:07:43,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-50fc8e755857956f9f2fe34db75ca53dbd3c2d6e', issue instant '2020-07-08T14:07:43.779Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:07:43,896 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:07:43,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:07:43,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:07:43,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:07:43,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:07:43,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:07:43,896 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:07:43,896 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:07:43,897 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:07:43,897 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:07:43,897 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:07:43,897 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:07:43,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:07:43,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:07:43,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:07:43,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:07:43,897 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:07:43,897 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:07:43,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:07:43,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:07:43,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:07:43,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:07:43,897 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:07:43,897 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:07:43,897 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:07:43,898 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:07:43,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:07:43,901 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:07:43,902 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:07:43.902Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:07:43,902 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:07:43,902 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:07:43,902 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:07:43,902 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:07:43,902 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:07:43,903 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:07:43,903 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:07:43,903 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:07:43,903 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:07:43,903 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:07:43,903 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:07:43,903 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:08:13,886 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: XU2FD0yPBDOuuQMlAu_MAJ8wOwTgu69MEZNlVw9yMKUI0jPNtG8opZxO
2020-07-08 14:08:13,886 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:08:13,887 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:08:13,887 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-6e737a841205d630560c0bd17f64a38534d6fdd5"
    IssueInstant="2020-07-08T14:08:13.78Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:08:13,892 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:08:13,892 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:08:13,892 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:08:13,892 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:08:13,892 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:08:13,892 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:08:13,892 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:08:13,892 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:08:13,892 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:08:13,893 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:08:13,893 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:08:13,893 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:08:13,893 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:08:13,893 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:08:13,893 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-6e737a841205d630560c0bd17f64a38534d6fdd5', issue instant '2020-07-08T14:08:13.780Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:08:13,894 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:08:13,894 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:08:13,894 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:08:13,894 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:08:13,894 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:08:13,894 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:08:13,894 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:08:13,895 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:08:13,895 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:08:13,895 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:08:13,895 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:08:13,895 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:08:13,895 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:08:13,895 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:08:13,895 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:08:13,895 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:08:13,895 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:08:13,896 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:08:13,896 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:08:13,896 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:08:13,896 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:08:13,896 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:08:13,896 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:08:13,896 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:08:13,896 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:08:13,896 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:08:13,896 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:08:13,899 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:08:13,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:08:13.900Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:08:13,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:08:13,900 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:08:13,900 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:08:13,900 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:08:13,900 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:08:13,900 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:08:13,900 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:08:13,900 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:08:13,900 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:08:13,900 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:08:13,900 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:08:13,901 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:08:43,889 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: QpmWt8O7_K4MlnK0jwcq8OdeUmRHCrTpP_BvLWltQBz1fiuGONwbXejO
2020-07-08 14:08:43,889 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:08:43,889 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:08:43,889 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-d2cc9962bad015a61b0e75b1f49a4f9d4b5591b8"
    IssueInstant="2020-07-08T14:08:43.774Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:08:43,894 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:08:43,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:08:43,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:08:43,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:08:43,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:08:43,894 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:08:43,894 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:08:43,894 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:08:43,895 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:08:43,898 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:08:43,898 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:08:43,898 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:08:43,898 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:08:43,898 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:08:43,898 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-d2cc9962bad015a61b0e75b1f49a4f9d4b5591b8', issue instant '2020-07-08T14:08:43.774Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:08:43,898 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:08:43,898 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:08:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:08:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:08:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:08:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:08:43,899 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:08:43,899 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:08:43,899 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:08:43,899 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:08:43,899 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:08:43,899 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:08:43,899 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:08:43,899 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:08:43,899 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:08:43,899 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:08:43,899 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:08:43,900 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:08:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:08:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:08:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:08:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:08:43,900 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:08:43,900 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:08:43,900 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:08:43,900 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:08:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:08:43,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:08:43,909 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:08:43.909Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:08:43,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:08:43,912 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:08:43,912 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:08:43,912 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:08:43,912 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:08:43,912 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:08:43,912 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:08:43,912 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:08:43,912 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:08:43,912 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:08:43,912 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:08:43,913 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:09:13,890 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: q8lQjfYTXVCqo6yvmiY309yBBlE_2kQBd4FI6NnRPBCgg65luKvDU7EQ
2020-07-08 14:09:13,890 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:09:13,890 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:09:13,890 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-f21b920e1808eedcbcd94524267fd671c3133b40"
    IssueInstant="2020-07-08T14:09:13.781Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:09:13,895 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:09:13,895 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:09:13,895 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:09:13,895 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:09:13,895 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:09:13,895 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:09:13,895 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:09:13,895 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:09:13,895 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:09:13,895 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:09:13,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:09:13,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:09:13,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:09:13,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:09:13,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-f21b920e1808eedcbcd94524267fd671c3133b40', issue instant '2020-07-08T14:09:13.781Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:09:13,896 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:09:13,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:09:13,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:09:13,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:09:13,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:09:13,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:09:13,897 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:09:13,897 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:09:13,897 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:09:13,897 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:09:13,897 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:09:13,897 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:09:13,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:09:13,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:09:13,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:09:13,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:09:13,897 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:09:13,898 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:09:13,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:09:13,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:09:13,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:09:13,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:09:13,898 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:09:13,898 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:09:13,898 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:09:13,898 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:09:13,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:09:13,902 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:09:13,902 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:09:13.902Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:09:13,903 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:09:13,903 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:09:13,903 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:09:13,903 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:09:13,903 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:09:13,903 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:09:13,903 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:09:13,903 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:09:13,903 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:09:13,903 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:09:13,903 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:09:13,903 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:09:44,095 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: s5lKYzC29QHekWfQOvWBuKrWssQSQyL2KjtkssZyGVT6m2ZX95Uj5Roe
2020-07-08 14:09:44,095 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:09:44,095 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:09:44,096 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-02ecdc484c22ace9092fb7fe07833e513a7ccc82"
    IssueInstant="2020-07-08T14:09:43.78Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:09:44,101 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:09:44,101 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:09:44,101 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:09:44,101 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:09:44,101 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:09:44,101 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:09:44,101 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:09:44,101 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:09:44,101 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:09:44,102 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:09:44,102 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:09:44,102 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:09:44,102 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:09:44,102 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:09:44,102 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-02ecdc484c22ace9092fb7fe07833e513a7ccc82', issue instant '2020-07-08T14:09:43.780Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:09:44,103 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:09:44,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:09:44,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:09:44,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:09:44,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:09:44,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:09:44,103 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:09:44,104 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:09:44,104 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:09:44,104 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:09:44,104 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:09:44,105 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:09:44,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:09:44,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:09:44,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:09:44,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:09:44,105 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:09:44,105 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:09:44,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:09:44,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:09:44,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:09:44,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:09:44,105 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:09:44,105 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:09:44,105 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:09:44,105 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:09:44,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:09:44,112 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:09:44,112 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:09:44.112Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:09:44,112 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:09:44,113 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:09:44,113 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:09:44,113 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:09:44,113 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:09:44,113 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:09:44,113 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:09:44,113 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:09:44,113 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:09:44,113 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:09:44,113 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:09:44,113 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:10:13,890 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: kruUEM0VQY9n-Jhb7eLGrtvDXqFpTfl3KVf5FBvl5xZ1qChpBwPmbFDJ
2020-07-08 14:10:13,890 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:10:13,891 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:10:13,891 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-eadb33780217344b3b8025dc1999d1ad0a075fbb"
    IssueInstant="2020-07-08T14:10:13.78Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:10:13,905 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:10:13,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:10:13,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:10:13,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:10:13,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:10:13,907 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:10:13,907 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:10:13,907 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:10:13,907 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:10:13,909 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:10:13,911 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:10:13,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:10:13,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:10:13,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:10:13,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-eadb33780217344b3b8025dc1999d1ad0a075fbb', issue instant '2020-07-08T14:10:13.780Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:10:13,913 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:10:13,913 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:10:13,913 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:10:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:10:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:10:13,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:10:13,914 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:10:13,915 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:10:13,916 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:10:13,916 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:10:13,916 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:10:13,916 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:10:13,916 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:10:13,916 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:10:13,916 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:10:13,916 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:10:13,916 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:10:13,921 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:10:13,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:10:13,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:10:13,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:10:13,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:10:13,921 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:10:13,921 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:10:13,921 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:10:13,921 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:10:13,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:10:13,926 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:10:13,934 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:10:13.934Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:10:13,934 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:10:13,934 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:10:13,934 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:10:13,934 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:10:13,934 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:10:13,935 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:10:13,935 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:10:13,935 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:10:13,935 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:10:13,935 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:10:13,935 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:10:13,935 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:10:19,468 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: mfOQ0b1pNwKRoBkKr2DLD1O48e3o7mpoz6-8uFCGV_2n2qjybm_OUcN5
2020-07-08 14:10:19,468 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:10:19,469 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:10:19,469 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-a59a13abfd5369aacda1286b7f0254608a96958f"
    IssueInstant="2020-07-08T14:10:18.9Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:10:19,470 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:10:19,470 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:10:19,470 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:10:19,470 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:10:19,470 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:10:19,470 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:10:19,470 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:10:19,470 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:10:19,470 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:10:19,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:10:19,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:10:19,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:10:19,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:10:19,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-a59a13abfd5369aacda1286b7f0254608a96958f', issue instant '2020-07-08T14:10:18.900Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:10:19,471 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:10:19,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:10:19,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:10:19,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:10:19,472 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:10:19,472 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:10:19,472 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:10:19,472 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:10:19,472 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:10:19,472 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:10:19,472 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:10:19,472 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:10:19,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:10:19,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:10:19,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:10:19,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:10:19,472 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:10:19,473 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:10:19,473 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:10:19,473 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:10:19,473 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:10:19,473 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:10:19,473 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:10:19,473 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-07-08 14:10:19,473 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:10:19,473 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:10:19,473 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:10:19,474 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:10:19,474 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:10:19.474Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:10:19,474 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:10:19,475 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:10:19,475 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:10:19,475 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:10:19,475 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:10:19,475 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:10:19,475 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:10:19,475 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:10:19,475 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:10:19,475 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:10:19,475 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:10:19,475 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:10:43,892 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: 4YNa6na9n9XXmH2nOtPtNNytXXiQ6bsCUiotksi2yz87lcKHRTD0jSO6
2020-07-08 14:10:43,892 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:10:43,893 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:10:43,893 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-11c2e7738407f6a0b28c3f1ad426a3aa1ce146b2"
    IssueInstant="2020-07-08T14:10:43.783Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:10:43,898 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:10:43,898 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:10:43,898 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:10:43,898 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:10:43,898 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:10:43,898 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:10:43,898 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:10:43,898 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:10:43,898 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:10:43,899 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:10:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:10:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:10:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:10:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:10:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-11c2e7738407f6a0b28c3f1ad426a3aa1ce146b2', issue instant '2020-07-08T14:10:43.783Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:10:43,900 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:10:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:10:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:10:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:10:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:10:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:10:43,900 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:10:43,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:10:43,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:10:43,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:10:43,900 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:10:43,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:10:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:10:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:10:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:10:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:10:43,902 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:10:43,902 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:10:43,902 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:10:43,902 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:10:43,902 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:10:43,902 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:10:43,902 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:10:43,902 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:10:43,902 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:10:43,902 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:10:43,902 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:10:43,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:10:43,909 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:10:43.909Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:10:43,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:10:43,909 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:10:43,909 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:10:43,909 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:10:43,909 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:10:43,909 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:10:43,909 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:10:43,909 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:10:43,909 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:10:43,909 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:10:43,909 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:10:43,910 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:11:13,900 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ntdZFgJxMo7MLUOhJBLpC64CYWcQzBuOZdZk7mPthHJs4V1Jicx6CeM7
2020-07-08 14:11:13,900 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:11:13,901 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:11:13,901 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-f54f4a473362ac282e0ab6077a6a9c4bff6077dd"
    IssueInstant="2020-07-08T14:11:13.786Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:11:13,906 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:11:13,906 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:11:13,906 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:11:13,906 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:11:13,906 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:11:13,906 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:11:13,906 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:11:13,907 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:11:13,907 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:11:13,907 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:11:13,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:11:13,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:11:13,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:11:13,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:11:13,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-f54f4a473362ac282e0ab6077a6a9c4bff6077dd', issue instant '2020-07-08T14:11:13.786Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:11:13,908 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:11:13,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:11:13,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:11:13,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:11:13,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:11:13,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:11:13,908 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:11:13,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:11:13,909 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:11:13,909 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:11:13,909 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:11:13,909 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:11:13,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:11:13,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:11:13,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:11:13,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:11:13,909 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:11:13,909 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:11:13,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:11:13,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:11:13,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:11:13,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:11:13,909 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:11:13,909 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:11:13,910 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:11:13,910 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:11:13,910 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:11:13,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:11:13,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:11:13.913Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:11:13,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:11:13,914 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:11:13,914 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:11:13,914 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:11:13,914 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:11:13,914 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:11:13,914 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:11:13,914 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:11:13,914 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:11:13,914 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:11:13,914 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:11:13,914 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:11:44,371 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: uhqmYQkuVhaucCmZIQXHUbcIwr5XwnRMXS9irXmyn8zUQBwy94c3Pi3N
2020-07-08 14:11:44,371 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:11:44,372 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:11:44,372 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-0db10fdf2537c9d3c2ec7c80a95486c4baa2c43c"
    IssueInstant="2020-07-08T14:11:43.792Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:11:44,376 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:11:44,376 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:11:44,376 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:11:44,376 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:11:44,376 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:11:44,376 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:11:44,377 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:11:44,377 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:11:44,377 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:11:44,377 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:11:44,377 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:11:44,377 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:11:44,377 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:11:44,377 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:11:44,378 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-0db10fdf2537c9d3c2ec7c80a95486c4baa2c43c', issue instant '2020-07-08T14:11:43.792Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:11:44,378 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:11:44,378 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:11:44,378 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:11:44,378 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:11:44,378 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:11:44,378 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:11:44,378 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:11:44,379 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:11:44,379 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:11:44,379 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:11:44,379 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:11:44,379 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:11:44,379 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:11:44,379 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:11:44,379 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:11:44,379 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:11:44,379 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:11:44,379 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:11:44,379 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:11:44,379 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:11:44,379 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:11:44,379 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:11:44,379 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:11:44,379 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:11:44,380 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:11:44,380 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:11:44,380 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:11:44,382 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:11:44,383 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:11:44.383Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:11:44,383 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:11:44,383 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:11:44,383 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:11:44,383 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:11:44,383 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:11:44,384 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:11:44,384 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:11:44,384 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:11:44,384 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:11:44,384 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:11:44,384 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:11:44,384 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:12:13,909 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: PRJdZA6J7mBisevtkQcueGLTvCPJTWaIemmuwU912zwwj762WAw3CrXl
2020-07-08 14:12:13,909 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:12:13,909 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:12:13,909 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-f2593452cd3596b6fe2ac281ae08168996378342"
    IssueInstant="2020-07-08T14:12:13.786Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:12:13,914 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:12:13,914 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:12:13,914 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:12:13,914 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:12:13,914 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:12:13,914 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:12:13,914 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:12:13,914 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:12:13,914 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:12:13,915 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:12:13,915 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:12:13,915 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:12:13,915 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:12:13,915 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:12:13,915 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-f2593452cd3596b6fe2ac281ae08168996378342', issue instant '2020-07-08T14:12:13.786Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:12:13,916 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:12:13,916 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:12:13,916 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:12:13,916 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:12:13,916 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:12:13,916 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:12:13,916 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:12:13,916 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:12:13,917 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:12:13,917 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:12:13,917 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:12:13,917 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:12:13,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:12:13,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:12:13,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:12:13,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:12:13,917 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:12:13,917 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:12:13,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:12:13,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:12:13,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:12:13,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:12:13,917 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:12:13,917 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:12:13,917 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:12:13,917 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:12:13,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:12:13,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:12:13,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:12:13.921Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:12:13,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:12:13,921 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:12:13,921 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:12:13,921 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:12:13,921 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:12:13,922 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:12:13,922 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:12:13,922 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:12:13,922 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:12:13,922 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:12:13,922 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:12:13,922 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:12:43,887 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: VfcC1en32mZjztWIbp0Qp9AN-w3es7YvJJMf20yEN6X3gM0lasl-Yiru
2020-07-08 14:12:43,887 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:12:43,887 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:12:43,888 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-dc52a3fcb13f15ae7bece4cd4442f966c4465349"
    IssueInstant="2020-07-08T14:12:43.778Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:12:43,896 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:12:43,899 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:12:43,899 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:12:43,899 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:12:43,899 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:12:43,899 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:12:43,899 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:12:43,899 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:12:43,899 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:12:43,900 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:12:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:12:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:12:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:12:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:12:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-dc52a3fcb13f15ae7bece4cd4442f966c4465349', issue instant '2020-07-08T14:12:43.778Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:12:43,901 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:12:43,903 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:12:43,903 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:12:43,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:12:43,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:12:43,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:12:43,906 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:12:43,906 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:12:43,907 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:12:43,907 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:12:43,907 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:12:43,907 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:12:43,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:12:43,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:12:43,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:12:43,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:12:43,908 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:12:43,909 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:12:43,912 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:12:43,912 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:12:43,912 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:12:43,912 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:12:43,912 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:12:43,912 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:12:43,913 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:12:43,913 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:12:43,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:12:43,916 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:12:43,918 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:12:43.918Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:12:43,919 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:12:43,919 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:12:43,920 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:12:43,920 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:12:43,920 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:12:43,920 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:12:43,921 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:12:43,921 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:12:43,921 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:12:43,921 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:12:43,921 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:12:43,921 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:13:13,899 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: NwX6AaxGn92EKeCtas2ClumXg2WKZ_wYcTKMYPrA8CK7ppZI8jGjZXK9
2020-07-08 14:13:13,899 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:13:13,899 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:13:13,899 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-84005e8912fe98442b72d2d0839ef312d14e1a48"
    IssueInstant="2020-07-08T14:13:13.789Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:13:13,905 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:13:13,905 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:13:13,905 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:13:13,905 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:13:13,905 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:13:13,905 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:13:13,905 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:13:13,905 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:13:13,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:13:13,906 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:13:13,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:13:13,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:13:13,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:13:13,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:13:13,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-84005e8912fe98442b72d2d0839ef312d14e1a48', issue instant '2020-07-08T14:13:13.789Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:13:13,907 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:13:13,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:13:13,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:13:13,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:13:13,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:13:13,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:13:13,908 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:13:13,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:13:13,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:13:13,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:13:13,908 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:13:13,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:13:13,908 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:13:13,908 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:13:13,908 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:13:13,908 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:13:13,909 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:13:13,909 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:13:13,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:13:13,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:13:13,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:13:13,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:13:13,909 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:13:13,909 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:13:13,910 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:13:13,910 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:13:13,910 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:13:13,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:13:13,914 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:13:13.914Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:13:13,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:13:13,914 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:13:13,914 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:13:13,914 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:13:13,914 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:13:13,914 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:13:13,914 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:13:13,915 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:13:13,915 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:13:13,915 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:13:13,915 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:13:13,915 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:13:27,315 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: operatorId=7830&acctId=100014278&validate=true
2020-07-08 14:13:27,315 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-07-08 14:13:27,315 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-07-08 14:13:27,316 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://smp.qa.jasper.com/provision/samlconfig/SSO/alias/qa2_self_serve"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="af7f78dd867i48f113hh4jdh9b76d1"
    IsPassive="false" IssueInstant="2020-07-08T14:13:11.525Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://smp.qa.jasper.com/provision/saml/metadata/alias/qa2_self_serve</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#af7f78dd867i48f113hh4jdh9b76d1">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>30ijwtXdN4TfbARtnGl7BcB60Ws=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>VG+wf0dX62Fs/Bf3Vf0HfSO5tAuedodHUxaHsZCkrRpS8a2RKlOCH4i3ctI/5ZUrE1BfSQh7WqVt+Ef4cnizgxRo9UKk1kYNhNT7u6arBjCA+oyoU91eZAWFoq4eKk8O9YKrlNzrL6VJEJBBudSy/+ukDSVz6fLv3o2gBuoVNTa7nS+wwYzGhUXRabOtO4+sbUBWTurDC6jA7/u4OLVAmQyx667htobuemfO5DJlIS08AlNGcsQD62lxqpFEyo3auLmcRQR1+56jgLGxM0a6Dzo/qv/vY6UaMPtue3+Q+0MRobPV6Zpzd6PLpFqhCTi6Mo4TdGKy22E3nPX8LyeIoQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIHtDCCBZygAwIBAgIUPEpIvAJ7BSY0NgjCfI8FQFGmeBYwDQYJKoZIhvcNAQELBQAwXjELMAkG
A1UEBhMCVVMxMDAuBgNVBAoTJ0h5ZHJhbnRJRCAoQXZhbGFuY2hlIENsb3VkIENvcnBvcmF0aW9u
KTEdMBsGA1UEAxMUSHlkcmFudElEIFNTTCBJQ0EgRzIwHhcNMTkwMjEzMTUyMTI4WhcNMjEwMjEz
MTUzMTAwWjBwMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExETAPBgNVBAcMCFNhbiBKb3NlMRww
GgYDVQQKDBNDaXNjbyBTeXN0ZW1zLCBJbmMuMSMwIQYDVQQDDBpzYW1sLnNlbGYuc2VydmUuamFz
cGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL69Y7Op6iExe0fot3FnClGR
Wr/ANgJ+GHP3Azp2DFjaI8Bp43ZMrrjv3Ner02F8vYrFsL2H3RIhBXVKcq+Dv6UKMtEbUF8AOR0C
fqnOqQrostpCmfa6fv1Zpzf52OGKqzq3ayHCLX6ncd+RNkLbr7Jrcki43nO5OB1RUVwxffwoOTl3
8SrfK5PBuQA3QuWqZCU2aAaZUsdm8xaxKgr77hsbt8PQ+LjYiMLl7aLGOHBt/rxntSxXLl9Dhqxi
Jhhyo/pg2D6uQkehtlyqTYJJzk5iM4WqH/gn2Pr/GhZ4CStlkGyqZjfGohrTmYE4cu0Fxfgil991
IlPD88l4wIxI7p8CAwEAAaOCA1YwggNSMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUmGq2LS6/p6qf
9vfWCa/Vi1f5ircwdAYIKwYBBQUHAQEEaDBmMDgGCCsGAQUFBzAChixodHRwOi8vdHJ1c3QucXVv
dmFkaXNnbG9iYWwuY29tL2h5ZHNzbGcyLmNydDAqBggrBgEFBQcwAYYeaHR0cDovL29jc3AucXVv
dmFkaXNnbG9iYWwuY29tMCUGA1UdEQQeMByCGnNhbWwuc2VsZi5zZXJ2ZS5qYXNwZXIuY29tMF4G
A1UdIARXMFUwCAYGZ4EMAQICMEkGDCsGAQQBvlgAA4cEADA5MDcGCCsGAQUFBwIBFitodHRwOi8v
d3d3Lmh5ZHJhbnRpZC5jb20vc3VwcG9ydC9yZXBvc2l0b3J5MDsGA1UdJQQ0MDIGCCsGAQUFBwMC
BggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcDATA7BgNVHR8ENDAyMDCgLqAs
hipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9oeWRzc2xnMi5jcmwwHQYDVR0OBBYEFIwY
b0URGhpGaDJcPjJeOaUDOD2tMA4GA1UdDwEB/wQEAwIFoDCCAXwGCisGAQQB1nkCBAIEggFsBIIB
aAFmAHUAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFo53v5kAAABAMARjBEAiA4
y0wr0DOk0xSaWnluASS40xD7lr4cBBOUd0DS/UdqGAIgLS3UAjxmi4BDEcsNfvZU93iXA50nNR4u
Gacw+SWQdegAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWjne/lSAAAEAwBH
MEUCIQC5bmdgSf+HCnCbo0dfaIwib68aj7JU6zsKLDOyHZCKvgIgX+SkrGwXdhdlGkQnlQbpi3SX
AjFYP5hXregLIGxM4DkAdQBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWjne/l3
AAAEAwBGMEQCIFP/t9gel7rIbbflNM01wQVvE/78syisBt2LlKEtj0NXAiAzi1sdniFDbPo1cfpk
MPdLn9ukZxWZUJhx76x2kAyI4DANBgkqhkiG9w0BAQsFAAOCAgEAdjwp8r+NFmefwhqB2upK0EQm
fL6baVqbFpGinmZrDUnhtgirL/s93i+oxOX81kHj9O7WJaQgKOxK3y0HPL26kO9CkFhgL3FwZ/FW
OK5f3K1ppSH7LG2eClWK6fg7pEKAgOY96qi2AaHKVPCawA0ye+XaoPkHlnhHjBamSoH9XkrZtlh1
nWRJDRyqyMzlwB0/1g2MrtiNWpwWAwWyDlPLDmT0VZ+mvnm9YLNaVQYEUEMRp+tjbVGRbvmwE/U1
LMqxGA0Hc5iq1DgnArAKXfj46v9bc6KrHrfrQmpqTnAPTM3dWoxfUGDMO6iEM13dPZ/N8qwQSyBl
LWCgCU8KhtKkWez7cfN83cXtgOIpJuJGvFNnFd+j+NdbOowCuNB3UsBUe5W7A0yUIcsesXgEVjQ5
C2iq71nXaVkYqPyY13WCBU7QElSaDMdW/K2/6wcTbh9AWj5k9UrazyXJGi+ZVYjYyw0WbwLKwo+R
ghbeAHTp7AeLNaAmjTPY3Vq8XuG64k4bdMNxM5fwJsoTUw6suoYCNIsN3OlgT9ck6dzUZC69sdqf
QlvI4X4TUNNJ+o5/YHXmgXpXpKFXRLiD7zLCtGM5y4yDNdKqf6IvdODNWkcISw5FfwSJfoE/O6QH
1tbhc1QOsecCkz68cg0GPWgOnlxIWr9pcgkONr+I23hIvnEzfKQ=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-07-08 14:13:27,321 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://smp.qa.jasper.com/provision/saml/metadata/alias/qa2_self_serve' from origin source
2020-07-08 14:13:27,321 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:13:27,321 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:13:27,321 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:13:27,321 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:13:27,321 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:13:27,322 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:13:27,322 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:13:27,322 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://smp.qa.jasper.com/provision/saml/metadata/alias/qa2_self_serve
2020-07-08 14:13:27,322 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'af7f78dd867i48f113hh4jdh9b76d1', issue instant '2020-07-08T14:13:11.525Z', entityID 'https://smp.qa.jasper.com/provision/saml/metadata/alias/qa2_self_serve'
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://smp.qa.jasper.com/provision/saml/metadata/alias/qa2_self_serve, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://smp.qa.jasper.com/provision/saml/metadata/alias/qa2_self_serve' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:13:27,323 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:13:27,324 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-07-08 14:13:27,324 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-07-08 14:13:27,324 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-07-08 14:13:27,324 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24078669367122245456507922986990428654639347672862710010518243575402591872701705135397482933619162553940288753340430673003579279525444700270138334745476280446067250669639842095538885909535544724168068217628824876556064458313314924063915835660158019103728136229598371114904544962139636608888001155258538898234381217120407543815124594357918971532018160193269583287742801239723740048628525942520908013788351619863812168671968593685006416836788400633988310091653928672247983191488736703297540955603070797319344611229573149738624947634948438304024962855475402727565562885023201231080761917087165701649107427722216832822943
  public exponent: 65537
2020-07-08 14:13:27,324 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-07-08 14:13:27,324 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-07-08 14:13:27,324 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#af7f78dd867i48f113hh4jdh9b76d1"
2020-07-08 14:13:27,324 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID af7f78dd867i48f113hh4jdh9b76d1 and Element was [saml2p:AuthnRequest: null]
2020-07-08 14:13:27,324 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#af7f78dd867i48f113hh4jdh9b76d1"
2020-07-08 14:13:27,324 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID af7f78dd867i48f113hh4jdh9b76d1 and Element was [saml2p:AuthnRequest: null]
2020-07-08 14:13:27,324 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#af7f78dd867i48f113hh4jdh9b76d1"
2020-07-08 14:13:27,324 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-07-08 14:13:27,324 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:13:27,324 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://smp.qa.jasper.com/provision/saml/metadata/alias/qa2_self_serve
2020-07-08 14:13:27,324 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:13:27,324 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:13:27,324 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:13:27,324 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:13:27,325 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:13:27,325 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:13:27,325 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:13:27,325 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:13:27,325 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:13:27,325 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://smp.qa.jasper.com/provision/samlconfig/SSO/alias/qa2_self_serve using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:13:27,325 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:13:27,325 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:13:27,325 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:13:27,325 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:13:27,325 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:13:27,326 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:13:27,326 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:13:27,326 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:13:27,326 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:13:27,326 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:13:27,326 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://smp.qa.jasper.com/provision/saml/metadata/alias/qa2_self_serve
2020-07-08 14:13:27,326 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:13:27,326 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:13:27,326 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:13:27,326 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:13:27,331 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:13:27,331 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:13:27.331Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:13:27,331 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:13:27,332 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:13:27,332 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:13:27,332 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:13:27,332 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:13:27,332 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:13:27,332 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:13:27,332 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:13:27,332 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:13:27,332 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:13:27,590 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'smp.qa.jasper.com'
2020-07-08 14:13:27,590 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-07-08 14:13:27,590 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-07-08 14:13:43,902 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: hv9nKrfa1_LptEEWYnJqxnAyVwcEZw6rR_nytuxzyQP9vGhCTqKCH_Ls
2020-07-08 14:13:43,902 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:13:43,902 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:13:43,902 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-36bd56a57fa5e57da99818aee462602db954266c"
    IssueInstant="2020-07-08T14:13:43.793Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:13:43,908 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:13:43,908 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:13:43,908 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:13:43,908 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:13:43,908 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:13:43,908 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:13:43,908 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:13:43,908 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:13:43,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:13:43,909 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:13:43,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:13:43,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:13:43,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:13:43,909 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:13:43,910 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-36bd56a57fa5e57da99818aee462602db954266c', issue instant '2020-07-08T14:13:43.793Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:13:43,910 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:13:43,910 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:13:43,910 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:13:43,910 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:13:43,910 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:13:43,910 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:13:43,910 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:13:43,910 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:13:43,911 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:13:43,911 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:13:43,911 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:13:43,911 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:13:43,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:13:43,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:13:43,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:13:43,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:13:43,911 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:13:43,911 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:13:43,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:13:43,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:13:43,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:13:43,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:13:43,911 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:13:43,911 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:13:43,911 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:13:43,912 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:13:43,912 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:13:43,915 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:13:43,915 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:13:43.915Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:13:43,915 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:13:43,916 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:13:43,916 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:13:43,916 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:13:43,916 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:13:43,916 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:13:43,916 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:13:43,916 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:13:43,916 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:13:43,916 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:13:43,916 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:13:43,917 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:13:58,475 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:13:58,475 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy" IsPassive="false"
            IssueInstant="2020-07-08T14:13:57.791Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>kfTqbdDmoBHhgzr9EBYBGshiOZs=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>l/AQ+b4SUExm75ILXkDaNAW1iRhJt8MEHUzzjyE1VQiCQukod263uTL6lAF+rqAOLUUqy2F1KwDhlEYrNhHKjh2dxG7/SUPg964XzC3xlgwPy3i7pAlEe9QtqVGxd6yoPRR/5/AJcfeS1ZnClxNL3Ixvlv7hwCkfOe1B+wI5eAI=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2020-07-08 14:13:58,480 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-defcs.poc.hybrid.otc-service.com' from origin source
2020-07-08 14:13:58,480 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:13:58,480 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:13:58,480 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:13:58,480 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:13:58,480 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:13:58,481 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:13:58,481 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:13:58,481 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-defcs.poc.hybrid.otc-service.com
2020-07-08 14:13:58,481 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-07-08 14:13:58,481 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-07-08 14:13:58,481 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:13:58,481 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-07-08 14:13:58,481 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-07-08 14:13:58,481 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:13:58,481 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy', issue instant '2020-07-08T14:13:57.791Z', entityID 'https://iam.eu-defcs.poc.hybrid.otc-service.com'
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-defcs.poc.hybrid.otc-service.com' does not require AuthnRequests to be signed
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-defcs.poc.hybrid.otc-service.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-defcs.poc.hybrid.otc-service.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:13:58,482 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-07-08 14:13:58,482 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-07-08 14:13:58,482 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-07-08 14:13:58,482 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2020-07-08 14:13:58,482 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-07-08 14:13:58,482 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-07-08 14:13:58,482 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy"
2020-07-08 14:13:58,482 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy and Element was [saml2p:AuthnRequest: null]
2020-07-08 14:13:58,482 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy"
2020-07-08 14:13:58,482 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy and Element was [saml2p:AuthnRequest: null]
2020-07-08 14:13:58,482 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy"
2020-07-08 14:13:58,482 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:13:58,482 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-defcs.poc.hybrid.otc-service.com
2020-07-08 14:13:58,484 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:13:58,484 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:13:58,484 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:13:58,484 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:13:58,484 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2020-07-08 14:13:58,484 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2020-07-08 14:13:58,484 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-07-08 14:13:58,484 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-07-08 14:13:58,485 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:13:58,485 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:13:58,485 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:13:58,485 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:13:58,485 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2020-07-08 14:13:58,485 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2020-07-08 14:13:58,485 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:13:58,485 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:13:58,485 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:13:58,485 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:13:58,485 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:13:58,485 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:13:58,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:13:58,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:13:58,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:13:58,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:13:58,486 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-defcs.poc.hybrid.otc-service.com
2020-07-08 14:13:58,486 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:13:58,486 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:13:58,486 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:13:58,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:13:58,489 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:13:58,489 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2020-07-08 14:13:58,489 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2020-07-08 14:13:58,490 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:13:58.490Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:13:58,490 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:13:58,490 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:13:58,490 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:13:58,490 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:13:58,490 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:13:58,490 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2020-07-08 14:13:58,490 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-07-08 14:13:58,490 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:13:58,490 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:13:58,490 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:13:58,491 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2020-07-08 14:13:58,491 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-07-08 14:13:58,491 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@392239328::identifier=rick, context=org.apache.velocity.VelocityContext@59daf5ac]
2020-07-08 14:13:58,492 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@392239328::identifier=rick, context=org.apache.velocity.VelocityContext@59daf5ac]
2020-07-08 14:13:58,493 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-07-08 14:13:58,493 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-07-08 14:13:58,493 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-07-08 14:13:58,493 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-07-08 14:13:58,493 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-07-08 14:13:58,493 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-07-08 14:13:58,493 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-07-08 14:13:58,493 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session bc1c18e261b2b2f2bacbbe05f69b6f865b886b10818342fb60c8e6a00efcb810 for principal rick
2020-07-08 14:13:58,493 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session bc1c18e261b2b2f2bacbbe05f69b6f865b886b10818342fb60c8e6a00efcb810
2020-07-08 14:13:58,495 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-07-08 14:13:58,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-07-08 14:13:58,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-07-08 14:13:58,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-07-08 14:13:58,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-07-08 14:13:58,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-07-08 14:13:58,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-07-08 14:13:58,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-07-08 14:13:58,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-07-08 14:13:58,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-07-08 14:13:58,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-07-08 14:13:58,497 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-07-08 14:13:58,498 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-07-08 14:13:58,498 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _9d5406a8218fcf3d47c7cdcc63a3ee3a
2020-07-08 14:13:58,498 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _9d5406a8218fcf3d47c7cdcc63a3ee3a to Response _24a8a8cc9ccbfdb3d34e554dedb136fe
2020-07-08 14:13:58,498 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _9d5406a8218fcf3d47c7cdcc63a3ee3a
2020-07-08 14:13:58,499 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-07-08 14:13:58,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-07-08 14:13:58,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-07-08 14:13:58,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-07-08 14:13:58,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-07-08 14:13:58,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-07-08 14:13:58,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-07-08 14:13:58,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-07-08 14:13:58,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxmaUYQv9xtnY7UeFuTicTfJrNPymyRhndKBEZXZ1Gg1eqHc+qTtnpr9dZ0P2wT6dK8cpRe6GSUUWBU1r+U/nEYqQl8BveFAE2yjlq6oLUnCEpOl0BjfI3EB/hTnQTRhHml85C2PGZx9A1XQWyP2L7+CyH with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _9d5406a8218fcf3d47c7cdcc63a3ee3a
2020-07-08 14:13:58,501 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _9d5406a8218fcf3d47c7cdcc63a3ee3a did not already contain Conditions, one was added
2020-07-08 14:13:58,502 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-07-08 14:13:58,502 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-07-08T14:18:58.496Z, to Assertion _9d5406a8218fcf3d47c7cdcc63a3ee3a
2020-07-08 14:13:58,502 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _9d5406a8218fcf3d47c7cdcc63a3ee3a already contained Conditions, nothing was done
2020-07-08 14:13:58,502 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-07-08 14:13:58,502 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _9d5406a8218fcf3d47c7cdcc63a3ee3a already contained Conditions, nothing was done
2020-07-08 14:13:58,502 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-07-08 14:13:58,502 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-defcs.poc.hybrid.otc-service.com as an Audience of the AudienceRestriction
2020-07-08 14:13:58,502 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _9d5406a8218fcf3d47c7cdcc63a3ee3a
2020-07-08 14:13:58,503 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _9d5406a8218fcf3d47c7cdcc63a3ee3a did not already contain Advice, one was added
2020-07-08 14:13:58,503 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-defcs.poc.hybrid.otc-service.com to existing session bc1c18e261b2b2f2bacbbe05f69b6f865b886b10818342fb60c8e6a00efcb810
2020-07-08 14:13:58,503 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-defcs.poc.hybrid.otc-service.com in session bc1c18e261b2b2f2bacbbe05f69b6f865b886b10818342fb60c8e6a00efcb810
2020-07-08 14:13:58,503 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-07-08 14:13:58,504 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-defcs.poc.hybrid.otc-service.com and key AAdzZWNyZXQxmaUYQv9xtnY7UeFuTicTfJrNPymyRhndKBEZXZ1Gg1eqHc+qTtnpr9dZ0P2wT6dK8cpRe6GSUUWBU1r+U/nEYqQl8BveFAE2yjlq6oLUnCEpOl0BjfI3EB/hTnQTRhHml85C2PGZx9A1XQWyP2L7+CyH
2020-07-08 14:13:58,504 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-07-08 14:13:58,505 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-07-08 14:13:58,505 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9d5406a8218fcf3d47c7cdcc63a3ee3a"
2020-07-08 14:13:58,505 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9d5406a8218fcf3d47c7cdcc63a3ee3a and Element was [saml2:Assertion: null]
2020-07-08 14:13:58,505 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9d5406a8218fcf3d47c7cdcc63a3ee3a"
2020-07-08 14:13:58,505 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9d5406a8218fcf3d47c7cdcc63a3ee3a and Element was [saml2:Assertion: null]
2020-07-08 14:13:58,507 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_24a8a8cc9ccbfdb3d34e554dedb136fe"
    InResponseTo="_pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy"
    IssueInstant="2020-07-08T14:13:58.496Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_9d5406a8218fcf3d47c7cdcc63a3ee3a"
        IssueInstant="2020-07-08T14:13:58.496Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_9d5406a8218fcf3d47c7cdcc63a3ee3a">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>oUJ98fPSsb5Os/XcwHqKgXMYflXEVYuKc3ruR+fxWi8=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>W3lK6X1L2SeUOIPCh+xwH18JAW9hhrvXy80mkiTcuKWXwkQROzTQQLWPy/CyS1j8iSW96CttSeQqpB6X6b6/LIHy6jF0l5bJpsppt7G6CNKYUJ7cU5EtvQdzmd8I3v4eAoRtaZmA7rqplCkEuzPcf0fGrWK9IMYZ6hokcUdyVO4sEUhjii2QHoxT85mVuoehbkimtgKt9yWlvEDyGdxJQGcCCM2hv8RmKGaJTKhRJoiCdmr9+MgTHvVhN8xOTuKyTvUBp9offvByrq5r3z19bUzOJjI7iiwObbyvsx1PdK/3kUW6iW+89heppu82uadmmm1dBYtljLJjKjuARPD1GQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxmaUYQv9xtnY7UeFuTicTfJrNPymyRhndKBEZXZ1Gg1eqHc+qTtnpr9dZ0P2wT6dK8cpRe6GSUUWBU1r+U/nEYqQl8BveFAE2yjlq6oLUnCEpOl0BjfI3EB/hTnQTRhHml85C2PGZx9A1XQWyP2L7+CyH</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="_pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy"
                    NotOnOrAfter="2020-07-08T14:18:58.501Z" Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-07-08T14:13:58.496Z" NotOnOrAfter="2020-07-08T14:18:58.496Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">8b0cUYlTr/IgzL/ZDPRYmMSpFvqIxpgemKldCFzeTAo=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2020-07-08T14:13:58.493Z" SessionIndex="_8cbb9b4310c11f4c2e6f5501fe692ea9">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-07-08 14:13:58,510 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-07-08 14:13:58,510 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-07-08 14:13:58,510 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_24a8a8cc9ccbfdb3d34e554dedb136fe"
2020-07-08 14:13:58,510 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _24a8a8cc9ccbfdb3d34e554dedb136fe and Element was [saml2p:Response: null]
2020-07-08 14:13:58,510 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_24a8a8cc9ccbfdb3d34e554dedb136fe"
2020-07-08 14:13:58,510 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _24a8a8cc9ccbfdb3d34e554dedb136fe and Element was [saml2p:Response: null]
2020-07-08 14:13:58,512 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2020-07-08 14:13:58,513 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">8b0cUYlTr/IgzL/ZDPRYmMSpFvqIxpgemKldCFzeTAo=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_24a8a8cc9ccbfdb3d34e554dedb136fe"
            InResponseTo="_pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy"
            IssueInstant="2020-07-08T14:13:58.496Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_24a8a8cc9ccbfdb3d34e554dedb136fe">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>/DZpUCTvsgLjld1ZezqdtJPNrUCiGkpUnvRPWaroAkI=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>bgdHUnL6wy+Vaq/yiDpLRdWtg+UbOhWybU0pgclIICVwBekV4UTwgs1rFTZzQizELdqZ44iNL07KEpfV9e05p7Zma4OFPHCOM5w/ANjTSZEwja3qhOPbyVnrjhszUukLLBj4/NpFBMDmv0jNdwOOGKC8cV1IERMDfvU3OKi6FMF6Ly4PdNrBH7OG7eXfRcciBUlmxyqtRIsqc3ARa6MwctAgXRU4a2D3rOKN6Cjm8ij6XerJuDIMasnGp2mZbkqgUVNWrsCXV4kcR1UIbXWHvSxM7qxfQ8Pl5jPcscANO1StsWAIh5eTsI2qhD3WWBw+w/DSTgtLpFhGLAB2/j4p+Q==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_40fb415cd52ba1ade79793787f8e299d"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_7bff5a383477e02973697c642e5bd01a"
                            Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>sppvsKkmiKPR7SA8b20VWzXF/9eAEJrBPmtLmtzBgxsBft7acNn7G6yya26DIlXicp8XdiulGEagHTm6k3Rbl8HkKfS0M9PoN2nOITDft89dXCadaUNTrJI32aqiVqGa/0WNpwe5qbrZ6lBfmvq40vNv9V5QXQB7gt1HJYr7vMw=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>/YaK3EQBgcN4F6iyoTGAdq1y5gwmTM8rjIo6cpLjVafaG/zepI1pL+N4iEukcIIggPpZ0BIh0+HAD3WUaW1ft8AnaK8yJ/3TOwYWswrnpt2uM2pD540aC/BRXF2g19WAHddQ2hGVpMbF0ZZib4THn5Jnt2SKj0+RPZ+c6ZaS+D8VSrDZtdTMZxJLUFwW6dv/lT7u4i8T1YheCZZsfzdcojvNfFtUyZgV1WcKAY7pjcBeU8tfAIZGbi7I9v5wp6znj+I1b096TMGBznvq18qJALt9R/m8sCl81JvdDKqE2vbJtoQ4JI64OONNHyQ00Kvmy+BAl2NgZa2k4fPAi6MpCxY1J5YkKVUgBOcorX+NbDmgf2yFOq9um26kks+NJDUo8mELrboghObQU4AmuEHfRRE4GsskVFFPUSeoyUaQfus8slQYGP6nA/R2803J5oG0xeUGIiRAZrCmfUilqPcZzTrpjt0VjcCBOkf83KstA1pVgwWhOsUgM2AIkTy62i+EOgDp7PuiaamDshVtBswgvbu4BsWPIVsEbgo4p0/N1GrKGWwR7/hnRTUIigDTvxsT52/oYz2zBb0D13IWxPGRVJI4PEKtA71+xUhSN9hVPfBSAoNNz06mmhpRrycMeP0mQ8/j/8AeH4NOCtMwScozKeggHBxJ4Bm1j8PcgksQXFTA0nfJhTPhw5byXGgvEd4aYqeyVQNRZ5XOwgBzP23fks6pItt16nDxd551wKyNVJecbEOzK6ugM7FVuMQrWQgXo0OHAQVu+BVlnlE2wdPAUa73Y9op33EB+xM39DAo/xulbFJhmvhnMzWLcUzHllddbQZg2ROMEvFh07Pi8hna85uJtYRUA2QLmjWl6Jv3Qq7S7Bf2q90tTNoP9UxopEUgDUgMqMV9Od5Sn9OJ1ulsQak+uIOnQTjGhHuJn/6aLNT/kVrhIN8DLZESvvuFWnxKzV1es9TmjWhbTCEhVNnFUq45IKhf1dexmA9d/vRUZVW4cBGa1b64DdlzDE/VjLlugojFxbG67sPLApwQZkh2bmF8mVe1ikczm/bOQ08kfEMtnahnoBjJHUAjOwUokXUskBGjQTszw2QyjqGseuBRJ1ee5THSNqckqupWwc1kznnUVMOTEIEbvAaVvscVprZsgAbbx/nqii5ae0iSxkC1K1l1oLweLndc5iXQ696xhs8CpCal5WaP8MQ653mob5RUnKvyVQBJVsZyrfXlsIIX3jsmlYGN94izoL3rHJuRPT9tRMuMiokMdmxONWfZPjfCSgebAdJNbgNB2vKAVg+rJYPQ3HvpfxNwyA2uP7eKKdDAC5gPQvxVnVQFWgP7xzRgrYqYNh2cI23f0XtPp2/A5yXF575YskguFhMI94Ou+qnrLH19mqZrdQ8mRhJZb6KxZ/b66k6GbXUmw+pVXNPDFas+bAfw+7rdzQ7h1jvOlawfIhQYGpXqo5r4m18UUAXxyG7I3XJ+nvVd4dwObK+JFsc4hf6m1PZDtH8McOywg4EFHw4yaF3BCZwFe0wDPaujuuNhM3FTV/cbW4yV9rIp2UGyDCo1xhoLKhvHAy2L0rVQeRE7zrK78U7Xzzqdly6OEfWCeF+Kjk6fZ5SMvuoRHzYum+aA47UulE+B5uhMsUsHXke4F6ex+gOduq6YKFVr5cZY9k2WDi4xuP9jaV4ORNe4BEVt3KLhnSPyCbkBMLxFxFYHrzkPHyVes8v6jJOfJFx4FvPDwX8ufknWG8cziMp5LFRJhJ0JaS2GfB/2SU/Tg23ut1Lzr1Yu1I6tpdG+5KfyQ9DGkFeOQ6KQ5RHlZ9Ydt5oEZ4raLBk41BDOiYNaRlrWTb6Pn+CDhRT8YWyLgO6L21TytIaHkqbhIX78opSronTxFPH8Dh77rGiAvXU5NgH2kHYve6rZFJzvNPy+gbYnruuDzoDtDv8tR5ZrQRbq7h4puDfFtkkhQGof1F9TJOBp6AMeWtAajd+41W+6Ft1d9HaAZd/AP79Y7ZgqLtx7FE+MGTPdhItWM2H1iI46PpzsKSX0umV+PCcZ1ZHHN9wu7ghqj/Rw4KKqsUQ8DPkYDqQTqHpVKdHKedHkSs2NJb9u3GlX4LQ2SziWdFlTkppIQuYU1NSzmGpauJs1jT6/DIvwdqloaE7oPBzmT8YyjsOOFheiempIrJTxENAzliScUV4m02EDCPXakledHME0EtGRjEqwu5ysbkVp6HE0+jNHk+Ro2w6g5jCnEU7Z4YGWxnjtKKWn3Jc2LsraE1HTMmG6mC2WJIIeuPXRHIMACY1VZTKBJK5XJEfnCnyxhEgq+fyYx60Ow/+lHWQ9E28OhfEENPfrTGBjpiogPEgySRbLuZ6/yjoBzQXFs76mLq1a3Rq2EqzopqsyOf2zVzAcogDVloFkpsoGtLDbn4J2IkxZSbRPcuPxXKxtAg2/vR/IIzAP10iPTrG3vJ4Mr/vY7dewOS0PBPPql/LnU6+7zjMQyKEuIQqjG8KrnAScqJcjQwVRbrxW9oj8zCxLO2E5RcIs9eqyKu4IAkBmHEQ1/enYNumABB2gI0VKAaonb6S8E+puoJ+6614wOjV65umT9LnCBu2/7uMIgqeG9OqJ1VnGNR8zggSd+W9PM8OaOiridJC8snDBk6ZFHtNS4pVMkkOLAeRKf6chvOSPJKoWMAwU00GfJKkNcdJFvR+95HntmmgImbGRedWLWAkQCD0JI9F8PlYY2KVNilPL/kB0vHvZHpAKRbcNYLFBLCkmfAoGqBhOdMIWI6HWRa5f/F8Mh01ShP1wpKhbUzMNV4ewcHeJ1wA/aeLXQpfuz34rhGILao1OjUqgdktC4YXSWExUeyalk7bLpXYwWM4pY9dwzvLGAGwdCNb1AxePz15r+DW7p9dcyzy9C91By9oNSIeRXLnGE+33O8mA53OIp5V5MA/eGGOr5Ug+ChCn46gMyolFBZ250PXy+F/sCJyrXaSMmq/WuoekDNvJi6FVUDGtcTXmq6JIfoh265neoQwic5vGrioNHSK91nDsl3S2Hpqe1cLpc3mE9gAyofYC14Am3yRBnLRQ+4pT1cmj+J9b32JBlvSI1w+8rNJvAH/yFp792HXTdVH8R8ODA5RCMxAPeYPaTlFEkcq6OnUFpeDxgnX1AxwkZE4XBX8FCPFvT/wdRYIPa9PB9gOUzkjXR7gYffX/jhekX9Y0PFRr4n0P2CUSr1TbajwRf2H5mFVhiJRG6Z6yGO9ZexCqOJagGXmDd2TE+XjRsC/GSgFhep+TsCNb21PpvWrfBm3SFia1nQefbjESE7iqEv8beImSq6ITG2plbDeHjgXSpwRpRaX/CwJTrYy9y2eRHnTtVhTz/hb/qPg/QBueF2wfHFr1zZBf7vtuy53GykddmF6XBsROeVc7sms6VVReY4rj07vdiBRoCD5T7KD4fod00TkuyQM6pb9OjVuKhLjyWS2DFZIbCXYzUZbzpCf41ImzsdT4TqqE4qDTrLKx+grKqAKPdk0qUu4TQj1p9cYuQ0t+nr1BioOQbWP/n3yE+AzAcf2/TlgXKDNgRbeP2xxEzqqYJTu/2/xXaPjFTe8ztWjijeE7McZBD9HmzP+bIL1Y5MIs8ugaIvXSwLdI2LpeI0FfuLxWOF4aTwP5NlOyp490u7a4+3Cbpmz7PycPouuDONoDUI9KM5xqICMyR5o65NxSpii6/mAHeruzWFJtx4PxsWpeYorOpXxZdstnb5wMTlT3ASrDsX3VccQfHls+A0D7eGSgqPlpjvkEBgLor18e9iJwwFSuhNzR7umZRQes0h4Ow6xtHgjfqY5eT+NrRUXBnntLJS10DT+NFagh4HCAmdgWpqWHp7nGkIojBneGKj1WS+KsH2xoVMB5hVjNXdTW8O66G3XKVMPsrrbFgIpCHPe1oBzti5H+Ph5Fk8KEgkWZlNI2ZFhLCl6b+3vE0GCXfpQgSfk8nkHo5dSJcdowf+DgR13gq8UOYn8W3Q6vhfAWJ3BcJ9WbOHMz4z/mvEFO6C3Fa98jPN2EN4nrD/lIkt9dDj4cFE2DmylEQmKxU7ntA7tNnioL90aFOrUu+/cToOh+79mkRUsWhvYebj2LM3+GgqglVPspuVTLp0OPdKVk65F/sN69zY7smtLuA8AuZFHHqaPYPGxbYIOWb6DH1fuBEXt3HjeS8DcGMcSD4wlpCQn0R1qpj9//Le4tRLzbsRfjsqW8BKWlFySEiYWO4yLZ7MD8dlmFc3vTKgsdSA2yQektwaQkjYsuQvjarhCdUl8XgHOK48RG5kqVFLWwDo/H1NIaM7TRxk1oIcYrPLBU4/uaVlq0htOHleg/2b3JLOwkn4Go27DMV2WZe7q/6kJAskg6ZD+85U7S/ADhuDxBUUzwk8Mrw0PxpHp1heCuG+xsc+obIXnziEdyi6SS/clbk56jh5FwDV3CsY4lKlHUTqIFEj09cujuhNHox6S3Xfl9H/SZPpQRhonGxPfTMln0C2ohsnczn7ijuu4DGKVWOSD4e0UpOF94hus86NrYIeTrOQ1EtQ2KKjgTHwstyNtG21z+aQRn4NmRS84W2n5YDKGXZXv1Pyx9D9SH6aVxPJAgizOFjujdxMAlmFdnUdt8XHiH8NnWge9CCUjFPIXpR/TwCLyn1j7jjHgG8lHhHxagBGBL9LFtTai6aXXsAXNGf2DB8MtZZHFsCLrvsDao3TMS9ScIjvJebTCn/9O9pOOpJI//Pve63j/K8HBxYlFQoHM4mVp5iStTLUx+JyelCDsnKSeAanFSp2a7Y8V8vKiHS+Ro3VSUqCXb2Kv9nx6ZTduiHL6rFhhpcpy2F9a1TWL4yemZWke4UoqShCUd7oezgmTP54iaDRd+UD3ik+urUeMm6aADWVz43B8F5dvM6uFBG+XRXvzXbLTECvbbSlzT3DBsQJRNVHOxd4S9DPi1Qm1qPJb3KwOkK43Q4x9KwTTw6n+fzZNELAwbcVVVYeChfhjo0Amvseo0Fzu7RL2CSm5v4FBUSWpmteNmBQI4UwI8Fhbv0vhaKH6DEf2oIc+kfCpA/M2ozTdoRG29+wvBEIEMO9jkOyyXimNex+QnmY4NwXe6z7GTAKUNN+YRqnKvYfzYQ2+bN6TDZXwmhrDq2M3qHBMN7J91fEZnGsAe31YWTgmOHaouMn16PsthXa1amk7iZD6UDvAmTUT9sGVvCp5F10dBiZYFwJWBEI6/Ed+Ly5RtguJDgzA/lAy0276Y/bmnpTCzenhmU+58HQb+NcfAVpF5fnUMV45lVExwAjwTw4ZSGVz/kfT9nSqIDsxGioMyBDABOOiOoFpcROhcV6zwKcRZiDCXKpfqOw2cclMqGhC77vCmJuXbBn/bOFtYBI4CVgXy+69zwNq+AsIS2jS7TtLqwC2n4vx5mrHTh8gq/rDn0V608KP99vOvDDittsesXTFQAj5LnCCxZC00WjuTPAjCEc+TdIA5gqQjaNzqFP9pEt/pW2O+nr/ZN6AndG8ztCxWKS8HO1uvMAudI2864I/hn67s+FK9rbGRJY1rYYeQq11FPnuDXcjG1+ffENggQ6Ic9RcVHJqKL0VBcbRkNRj0KQgt/bdB5C9fFQZk6XWkvWWZql3TDq6A7BP/wSfCu5b65D0IDRHi3PKtemdVVxniaLjhdoklVO9z0YGalMfpsA38I2OFnHhFSrSfLvD6r/cKwtg2TJMywk7QiPDLQQcuGYspaJcfhJRkAz44U7q51Txd08OUfd5ZhOLNkQ+L0GcJ/Yt76/mSlhBG5HTngX7R+i76JpfZ4Ai/4ERZ+vu0Drdb9XyLzZLLGIc3JlaaEs/pDsAiMiYDwBIkojWu5SN3eZIiRPyP4SM+YFp1rTL7TfwnAIaHn3CWxvEVCwOZnIG9H0MmqIqZvvnRcOS3upou7LPYtr+UEwMLuLyzY3ljCiIQCB2riRhs7yJgaByXzrzbgeDsBHBaPGlZJVePfkO7oCze4XWPltSsXPrHpZcNukg8sQTJO98drtbgwgy1jBsTQP/E2fvN0gL7gJQ3jY+eT8X/fnDkogy9emCeb7MlywooKIj3/yt8SNfodJNcipgHktYPc+NAT7aTc9IKtY0RKJqqIZUzTR9jU30sh/7HratCPSCgHn+f5vOCgvzkAuaSqF7yVcZz7Rb2urRzpxfCx2qj/8PE/+LroiDGSA0jgaeTKh4o+WnVogaydoRF+dMbpx7hSeXqcIRW94AJmMKdFyhpV6zEH1lF8hLJGtzj6EauoUNFfX/76L5GbFT9sM2I+EP6rBLmn3mnSLD5ux8J2xi9mLJPgCNMf6LOndPQpP9wP3utTcI2OOxBhxO2tB+TulSXNYzCPDWn4HaIyNW+4/IZ+MfJwPOz/siDtB/s7W7wxsuZ7yCfa6rYCo2W5w4tANhgm6IO2HUZ7I+ewAKeJsjQS4/UnVjxYW1qrSUhV/P25HjyoxATUv44cb0mXNM+mejGjYBw4CKEivvuzNIZkvUJcMHERVwfcq36GM7jJughdTVW2ih6hLm4qq/u664vn4fWv2CeYxWzzkNPywERx4Ze2Jlk1zje59QQhF21O9TYLLcRAf+iY2LnIJv9ZbTVmlMhqeZspjF7k0HFrj8lmeZoXBxTgZ1LDf/loBphfKdTmDbcfm3tgFYCc2By+px/xQyw/DUadqlrlFxLk9U2kG2N8MvVtHpSIrH7dw5A7H6jdtfG1xNIPxyav5acv102kSnOqL/n3DjjYMD7N9N/ZFOBsmHrE1vLKhT5eTolAI3NbhmqnhxM3YD0lRT26rWNFdWRxCb3lS8TiLxhfZG+oBGq1+1GTIK8KBCK7AKZ9c5I0H7nk2adXHbu9djZLgNj/cVUV48djcMApT1iPbvU9yrFsXlXkMGALjyhiADevrfiO+S4v8OAFX5Wtwh+/hXshsg1diipB8zLfWC/KDVdNfSB3hHhChIgX+n+l4yxZW1Eronq32mXyxcyVc28bZkBrxKCa2GG+GZ5SemiIUcZWvF+qI7E5N/fm3IgOZWCLbkMb8aWd9D3GA6mMaqUC0e5nwAHykI3RF/JTfaOtbrJyMzPmjT6Ls5LTr44LVjZMuR22mK9BMW7IVH6CQHQa6A0I8OX6T9oVAi3Q+zg7e9ukFrIi3LDqSsXGjiI2MmQwU4v+xSaaY5CzNmEUYbqwDieHaySBhJMyh0I+eilvenv6IBdsxk8LpzkNwfcoNAcxlIRrFzexdJp4l3Pzo21br/bhkhjLEyJ+7OpxCISyuhjQNAtHObZduag/jW3XZrrdhcz2s7agbaN6W+6m+mDvKiz2O4s2bvk2UXj6v5r726lPAnjaA1/ifmCJprjrtvUHon8bH8KrRAqycj/mUMMvZKvYzRLCm3DLFOKqXI0wIqJ67YLOyI2Kk0brsw0mLhdxGQ7WXFp707NLKH6HLXOcZlNIWUJCYXHGiS0HSP3kNyApsFKJxks0UZcM+DincuMbdtTjC/30FbcJZXsIQjOBryqM7GUhtmJSCYhAru4gF34EbAW1e3x3MW/p04uYa56bNHL+kA5utuH39y26F8k5a7eZljOqBopYHBEyOjSk5tHpAZWYSwPIhIyD2qfljpCvYMbCnrK0O4vf3Ipu6j5gBa29cKJinkCex+SqTagGhA3ewNwQwIJOtwmNZ8pHouNVSxom/PW4vdXDMwl8qi/dgNIAX6rNCO5KjhEF13fq+KAhBqdr5B5QiZi4WxrctzxLIBNC/USZ3ngqVwtAApmLdprVP7JyY4//z7Riz6PEQtYKLynjCSi5seYXaBX9PDCVrZHPisLeM/wZMzm4pJGUnosm5ckSU2fQhDnrWdhMQbHzx4sHZ1vvyPqK7iYDkTwve/x948s3l1jZT5LAjrbzCCrEpA+1mDFbYJUFYi46bV4vEUFICWVQckI1+/YYeUbAvXclLQR2RWlxTcmgLl8ujWHg2D+K0OW60yf3LeHbTbF9QkratmgFyfdZ09b8007mEVO17ybD7WbUMpdaPtG6mz/aPHR1DQZR7dD8C/EHeQ9NIhICd2vMVPa0gE2DU/LfwnYR9midk4JfVec3mttcILqx43zPKmIT/9S8wy25ZEobUNpOBhKh0VbwH4UoL5ALdFxukggZkd6xM+MTf1U/Wl5C4XxA0nQfptfYOGXHxWQ8jf5Hagu/NV6MdXSBPnkEHnm9w1sqiKsOzvYZ1BexTvnDJ85bnpSj/eBn5PJxyFGvVwcaPBvdl+Wgx2yR0ub5pH7MHUsn4bHpbz07aMB1OHWervWH1ZcpTVj58cWq1DWOi/uVkLGwDrdZH8xXK++bnKVbHJ2fHUSUD0=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2020-07-08 14:13:58,513 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-07-08 14:13:58,514 - INFO [Shibboleth-Audit.SSO:?] - 20200708T141358Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_pg07jthfdgjs6q7ttcfvfuhjfvdhlek6mnjy|https://iam.eu-defcs.poc.hybrid.otc-service.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_24a8a8cc9ccbfdb3d34e554dedb136fe|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxmaUYQv9xtnY7UeFuTicTfJrNPymyRhndKBEZXZ1Gg1eqHc+qTtnpr9dZ0P2wT6dK8cpRe6GSUUWBU1r+U/nEYqQl8BveFAE2yjlq6oLUnCEpOl0BjfI3EB/hTnQTRhHml85C2PGZx9A1XQWyP2L7+CyH|_9d5406a8218fcf3d47c7cdcc63a3ee3a|
2020-07-08 14:14:00,139 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:14:00,139 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_5gilljlh3uhjg63to9ljliur893s9h3vep1g" IsPassive="false"
            IssueInstant="2020-07-08T14:13:59.522Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_5gilljlh3uhjg63to9ljliur893s9h3vep1g">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>fkI7rcUAJ03l0CthmWYdfXgGjL0=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>qT7XxzYt6UKRMcKCDNLBo59i+Pg7SddlhhVx48DNb8wd9ZaNvOLLtCMcwHRvP6cVH4avkXatffbrmwM5nrDXL0LxtTLTq5tJAUmIX4ykcE2qJmuxLAnIUnGUbhwye15lgg+blj/A6drusLgYc9fBtF9dF0TSsRpRW8aR/s7PcRQ=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2020-07-08 14:14:00,140 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:14:00,140 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:14:00,140 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:14:00,140 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:14:00,140 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:14:00,140 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:14:00,140 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:14:00,140 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-defcs.poc.hybrid.otc-service.com
2020-07-08 14:14:00,141 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-07-08 14:14:00,141 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-07-08 14:14:00,141 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:14:00,141 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-07-08 14:14:00,141 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-07-08 14:14:00,141 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:14:00,141 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_5gilljlh3uhjg63to9ljliur893s9h3vep1g', issue instant '2020-07-08T14:13:59.522Z', entityID 'https://iam.eu-defcs.poc.hybrid.otc-service.com'
2020-07-08 14:14:00,141 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-defcs.poc.hybrid.otc-service.com' does not require AuthnRequests to be signed
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-defcs.poc.hybrid.otc-service.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-defcs.poc.hybrid.otc-service.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-07-08 14:14:00,142 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-07-08 14:14:00,142 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-07-08 14:14:00,142 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-07-08 14:14:00,142 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2020-07-08 14:14:00,142 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-07-08 14:14:00,142 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-07-08 14:14:00,142 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5gilljlh3uhjg63to9ljliur893s9h3vep1g"
2020-07-08 14:14:00,142 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5gilljlh3uhjg63to9ljliur893s9h3vep1g and Element was [saml2p:AuthnRequest: null]
2020-07-08 14:14:00,142 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5gilljlh3uhjg63to9ljliur893s9h3vep1g"
2020-07-08 14:14:00,142 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5gilljlh3uhjg63to9ljliur893s9h3vep1g and Element was [saml2p:AuthnRequest: null]
2020-07-08 14:14:00,142 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_5gilljlh3uhjg63to9ljliur893s9h3vep1g"
2020-07-08 14:14:00,142 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-defcs.poc.hybrid.otc-service.com
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:14:00,142 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:14:00,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:14:00,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:14:00,143 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2020-07-08 14:14:00,143 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2020-07-08 14:14:00,143 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-07-08 14:14:00,143 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-07-08 14:14:00,143 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:14:00,143 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:14:00,143 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:14:00,143 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:14:00,143 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2020-07-08 14:14:00,143 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2020-07-08 14:14:00,143 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:14:00,143 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:14:00,143 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:14:00,143 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:14:00,143 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:14:00,144 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:14:00,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:14:00,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:14:00,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:14:00,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:14:00,144 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-defcs.poc.hybrid.otc-service.com
2020-07-08 14:14:00,144 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-07-08 14:14:00,144 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:14:00,144 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:14:00,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:14:00,145 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:14:00,145 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2020-07-08 14:14:00,145 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2020-07-08 14:14:00,146 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:14:00.146Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:14:00,146 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:14:00,146 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:14:00,146 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:14:00,147 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:14:00,147 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:14:00,147 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2020-07-08 14:14:00,147 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-07-08 14:14:00,147 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:14:00,147 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:14:00,147 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:14:00,147 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2020-07-08 14:14:00,147 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-07-08 14:14:00,147 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@238082730::identifier=rick, context=org.apache.velocity.VelocityContext@2e51270d]
2020-07-08 14:14:00,148 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@238082730::identifier=rick, context=org.apache.velocity.VelocityContext@2e51270d]
2020-07-08 14:14:00,151 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-07-08 14:14:00,151 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-07-08 14:14:00,151 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-07-08 14:14:00,151 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-07-08 14:14:00,151 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-07-08 14:14:00,151 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-07-08 14:14:00,151 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-07-08 14:14:00,151 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 32f2f688192536db1100203a12cda7af0ade7d8ad8c5ef434571b7d7dfad2258 for principal rick
2020-07-08 14:14:00,151 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 32f2f688192536db1100203a12cda7af0ade7d8ad8c5ef434571b7d7dfad2258
2020-07-08 14:14:00,152 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-07-08 14:14:00,153 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-07-08 14:14:00,153 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-07-08 14:14:00,153 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-07-08 14:14:00,153 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-07-08 14:14:00,153 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-07-08 14:14:00,153 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-07-08 14:14:00,153 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-07-08 14:14:00,153 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-07-08 14:14:00,153 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-07-08 14:14:00,153 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-07-08 14:14:00,154 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-07-08 14:14:00,155 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-07-08 14:14:00,155 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _4a1878a79e37e21c95343a3f22ed8509
2020-07-08 14:14:00,155 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _4a1878a79e37e21c95343a3f22ed8509 to Response _ebb55fa132597e7b831fb08d0ad671de
2020-07-08 14:14:00,155 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _4a1878a79e37e21c95343a3f22ed8509
2020-07-08 14:14:00,156 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-07-08 14:14:00,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-07-08 14:14:00,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-07-08 14:14:00,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-07-08 14:14:00,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-07-08 14:14:00,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-07-08 14:14:00,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-07-08 14:14:00,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-07-08 14:14:00,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-07-08 14:14:00,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-07-08 14:14:00,157 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:14:00,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:14:00,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:14:00,157 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:14:00,157 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxnUoVaXpOzu3cNPQ84C2ZZObcyA52DzkCEMs5QY7hoYwdSi0oiVimHJLLH4++vZil+7fZnCI1Vz+tIGKbU7NzdINwofXxrVKFnezHMSz/pI2fusoDqnC5zo9SGdRKH54I4QA1lIKc9ZeeYYLSXlB5TxcU with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:14:00,157 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:14:00,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:14:00,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-07-08 14:14:00,158 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-07-08 14:14:00,158 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-07-08 14:14:00,158 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _5gilljlh3uhjg63to9ljliur893s9h3vep1g
2020-07-08 14:14:00,158 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-07-08 14:14:00,158 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-07-08 14:14:00,158 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-07-08 14:14:00,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-07-08 14:14:00,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _4a1878a79e37e21c95343a3f22ed8509
2020-07-08 14:14:00,158 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _4a1878a79e37e21c95343a3f22ed8509 did not already contain Conditions, one was added
2020-07-08 14:14:00,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-07-08 14:14:00,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-07-08T14:19:00.153Z, to Assertion _4a1878a79e37e21c95343a3f22ed8509
2020-07-08 14:14:00,158 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _4a1878a79e37e21c95343a3f22ed8509 already contained Conditions, nothing was done
2020-07-08 14:14:00,159 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-07-08 14:14:00,159 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _4a1878a79e37e21c95343a3f22ed8509 already contained Conditions, nothing was done
2020-07-08 14:14:00,159 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-07-08 14:14:00,159 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-defcs.poc.hybrid.otc-service.com as an Audience of the AudienceRestriction
2020-07-08 14:14:00,159 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _4a1878a79e37e21c95343a3f22ed8509
2020-07-08 14:14:00,160 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _4a1878a79e37e21c95343a3f22ed8509 did not already contain Advice, one was added
2020-07-08 14:14:00,160 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-defcs.poc.hybrid.otc-service.com to existing session 32f2f688192536db1100203a12cda7af0ade7d8ad8c5ef434571b7d7dfad2258
2020-07-08 14:14:00,160 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-defcs.poc.hybrid.otc-service.com in session 32f2f688192536db1100203a12cda7af0ade7d8ad8c5ef434571b7d7dfad2258
2020-07-08 14:14:00,160 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-07-08 14:14:00,160 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-defcs.poc.hybrid.otc-service.com and key AAdzZWNyZXQxnUoVaXpOzu3cNPQ84C2ZZObcyA52DzkCEMs5QY7hoYwdSi0oiVimHJLLH4++vZil+7fZnCI1Vz+tIGKbU7NzdINwofXxrVKFnezHMSz/pI2fusoDqnC5zo9SGdRKH54I4QA1lIKc9ZeeYYLSXlB5TxcU
2020-07-08 14:14:00,161 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-07-08 14:14:00,161 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-07-08 14:14:00,161 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4a1878a79e37e21c95343a3f22ed8509"
2020-07-08 14:14:00,161 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4a1878a79e37e21c95343a3f22ed8509 and Element was [saml2:Assertion: null]
2020-07-08 14:14:00,161 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4a1878a79e37e21c95343a3f22ed8509"
2020-07-08 14:14:00,161 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4a1878a79e37e21c95343a3f22ed8509 and Element was [saml2:Assertion: null]
2020-07-08 14:14:00,163 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_ebb55fa132597e7b831fb08d0ad671de"
    InResponseTo="_5gilljlh3uhjg63to9ljliur893s9h3vep1g"
    IssueInstant="2020-07-08T14:14:00.153Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_4a1878a79e37e21c95343a3f22ed8509"
        IssueInstant="2020-07-08T14:14:00.153Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_4a1878a79e37e21c95343a3f22ed8509">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>iHs/bAD3UVHHKWGmV9VpRcQSdArkckAH+CbJk9y5TYY=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>ImJEQlpCyAHJ4JEWVv9A4kEWsxOAYwQdnd+Rfd7VumqMU7qs9OO/4WoYOCPW7QsG/YYlwhVqOQZGVWwQgyb4Q5iDeD0UbKEpqjVdV74LnLooS3urr43XqtHdlIKCWJmViv9++RQpT9PjfLs0ghFWiIWnWM3UoXlk6VfSwOvxLSj0+V1MXPVFwRQC6tsNDjDlgoQy3Wg2MszWPj0Zge2C6vHY/K4FIAsRtmzQyQi/dmJKVcmXi4akJA/m/QgPxqaSvLAKZpED/LzdkVE2whfORt6QzzWadClxckc/JOn9KfjShjG76TeVcj39BHIBm/MBlbIPN+y/LIjyx6+RmZRQaA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxnUoVaXpOzu3cNPQ84C2ZZObcyA52DzkCEMs5QY7hoYwdSi0oiVimHJLLH4++vZil+7fZnCI1Vz+tIGKbU7NzdINwofXxrVKFnezHMSz/pI2fusoDqnC5zo9SGdRKH54I4QA1lIKc9ZeeYYLSXlB5TxcU</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_5gilljlh3uhjg63to9ljliur893s9h3vep1g"
                    NotOnOrAfter="2020-07-08T14:19:00.158Z" Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-07-08T14:14:00.153Z" NotOnOrAfter="2020-07-08T14:19:00.153Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">1m0/6I9/S/nsGU4nxSguvpafP8SYnchI0ZWHdoN/ovM=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2020-07-08T14:14:00.151Z" SessionIndex="_8e946ddd4d6547411a3a8038158f07d0">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-07-08 14:14:00,165 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-07-08 14:14:00,165 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-07-08 14:14:00,165 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ebb55fa132597e7b831fb08d0ad671de"
2020-07-08 14:14:00,165 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ebb55fa132597e7b831fb08d0ad671de and Element was [saml2p:Response: null]
2020-07-08 14:14:00,165 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ebb55fa132597e7b831fb08d0ad671de"
2020-07-08 14:14:00,165 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ebb55fa132597e7b831fb08d0ad671de and Element was [saml2p:Response: null]
2020-07-08 14:14:00,168 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2020-07-08 14:14:00,168 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">1m0/6I9/S/nsGU4nxSguvpafP8SYnchI0ZWHdoN/ovM=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_ebb55fa132597e7b831fb08d0ad671de"
            InResponseTo="_5gilljlh3uhjg63to9ljliur893s9h3vep1g"
            IssueInstant="2020-07-08T14:14:00.153Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_ebb55fa132597e7b831fb08d0ad671de">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>fbN/HOw7OufVfwlW5ZWxcA7fA++mzyGFUrIokfH89r0=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>e9BiFS4AoeNkv14223/FXqK4QaDW9v3PHRb75n/wgPZR5KCrHCabZ2WXEdRJUJ5nU9Xr6ZMRxAQHKHeyUMa1rY/xfzwkoQhsIQiPIhQ7Ya5VEX/myJezSo/JmYhbTP6zPb58qCyNf77twz4yggOIBUiKSeHVQGnQpGQNc33hzItvpjYFh038sQ1VdyBoPY4M7xEDSGi0fa5g5F82uXLmOunn9YcPEPYso27bYUJ8QzD4mdv2ButsSns28Aiv+hNWi6IrR9NrBdR2ppUMCEmCb7JCcbAey7706rkpUZ8q3hskelJFstAcmMpgqjYDmO+leq3KI7loEOHYMt3uxXIUCA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_f45dc74bd0dcd67e63311a548ca20445"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_bf724ea8bb2a3290577648b85767ecb6"
                            Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>Jkr9XMBuKmlqRhceffnv6xzgVlJu+PzhfRY85Vvd3mV07Bz1PLxtfYPzjA5DjZ0Zd4YNgB5no0sirA/4KfA/AIzDeXOUrAji9Usj4PNrjBkjRVAMgByn/7r/l/oMa614sZIrddMS6I/VLryxWPI5rLPEvkeSnfGGMLbCChDNEKc=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ScFu5hZKlhOtxw9MH5cYwEZJpaYnaacCnsFIUXSo/8GrD3DVCfzbBQnCTIPhk0hF3R2CqkM3e+7ROWOe/0F/W0kzNlVJ1MONR64JDW/mD5VMHWj+yVTEZzfa0nedwEKjJu1fHCPDxaIzSN/rKcOTqy8xQq5+4AELBETaivBiENTgpmwnJH5KgHJSf2sB9VDdlgpLAyUaxVodN5sgF6vxvzeNB4EvZR/o7xNKvGU5fU6pwnzcFiwD0X9EjZbgcm0KiDIyi+XIWS05iv+9zg+FWlx4OUS4oAIeBFY+rCTxNXFmFhaxgJn4W1aEcwO9s2ect3WXe3Pai/mDKNhJmCAya5BMi3Wucobfql16AHt7A7hqlDsqLazLTHFySVrJ4vGsYAIQlsFsgT4manJAFBbCWEqqseyD9xLYWYSue6m8p6wfpv1HX+yqGBAlASUuIAT5ZHOWjbJLfcvPfzW7olSOSAzlZiktkddI0JvFsbYiaOMvhcKFf+pGxqQieE16ooQIq2R5b8P4GBMPU850T5iNd3cmzuTuof3nq2k4DM3Pa/pZGtRrzyT/EZU/ON+u+Gbs2cECrKJ8Tw2QvBcscnmZWyhKdtjAPK9SGWJZEowk0H0NMqzvttvDuJzsAM68cyLZUWhjCOAskY/eh4zP1UWErytFXWlERD+C0/1Hos5TzOcnG8rEAmB1d1pkUU4yNIdNUyMjGYnMXU9ehgC0ShYl1Y/SzD/gHtCVFKv668cDx+fYFJm0hUqQNtCne1lwkHCw3NKlfkUaDmV09X1/9C8mXU2U/EdWTpRHTwtz3kRrc+aJFCHYFCQEsP49L8YpuKrs+4oHzQYAQChEftU8eYWtVnWCqJDZlilmqYYMlmAQqw9H3ugl9+4uHqfjBUJDTC+3J10WhHFbI8962ojpsui7KP2HAGh/8Ta5MwGqWkqfoSa7rwI+cK3M2oJ+HoSAZLCczP40mMqoD6qvK+83NyetQ/q+/xMIbwzsJiKzZGat5GvWOxXN8uSxeipbETZpWMdM4WlpS4b7iROyE2yClChSG82ZCdBzDmXbDR7SFSJZJR6pacRH8k84RfGuDJidMND1lr9BDyiFoYTWOInTiYIGhFWUlASEq9l0dDUmjPqCrUrYzsBgSQ1/Vrf/nO34jYUBQSSAfQIOzhmM3A5VnpqmVEZTpc4YAt/s+MqdLgvh9KGriMiMM0jNm0RI63hdfjGaNxYp+SLBPmsMDRJt8DkuU8kbq1xb8Sjr3uV4SlGpVTkY0/xy4kbYXJ8ydcW0Wi0FnD1OsapSKOvObawWcSI+NjK1rKLG+EMHbOXihcnrZ7r8b/F76gD31bnIK0kN/R8A06DMfbOJ4GVjQyw92T/li6pwBXhWMX1RG8XCR3fdN5W10VHW/K3Hof/ctDxbfXAq6E/bC2zgP9xT+Vf9BFvm0j22iU0X4fPx6vhwO55MU4aSMU9YhTeyRKaV/AnJWxPO8wtUJQ7RNI9yvypjnWOS2Sf5MeaP8wrGw1wBpOLHnPkxMFUXri5aldAsj7n3Vo8swoVjgntLUiY4KxtpzdzzDT0ZWJvoT02/x5M/20Llzn1X6KSWc3AOzD4PnLZaVheAEPnIr2MQ3+Qp3GvpJ/Y/hmW2dwmw0uI6mhrg2zvkI7HqWODpZ6uMwlBc7YtcYB+p/R9vsBTpeRxEGE9O5680jhabyrCG+cSZMMEfqQlm718A/h3heyDtfaLr6lk8zYrW2Apa/iAUMsvyhtYshFlJQa8Owc4ZVXOCnUDvdY4tu64rus87sbNtPcGMY1A6vouFHKeoZhj4sta8XlW7uCDfA7nCn1X2SGp45UFihMcwetythMX0CGnLSfJawmGjxmsR9znuDjcuRDY01aQZObe45RQbYLwDZDdqFuWhrEatwiScew1xrfoUFSgkcXUgozrUIfjmtws+3Qy+JZdNZvWVDDBDTtV66sCUQA0luhF6GR0anVOYw4wpBXKtVHotvzlMQqSyAxOF0rwESPULyRmSyL46uAWX+3WLa0p5xJMawKj/6zjyFRFgN/KjKe9T1eroNQwhN8XvS3Spdk2jo1C4dUmBxLZArjvYpUC2orNRd9fWntIFmDH8t2cPc9ZCwqAgSTxXBQzwWSex0V1ZkmuaaFyUuZhglyF3O1jph/oUo1G4y+jcQZWyZtyiJSsqmiGGqxDbayHvJd6xkhSJf3ADjA0mLlZPf35GVN8e6TPmLGy8aEqx6mabUpoxztEMx/WhJP6EgeejAHYIVisinjKjL3pz0tve0UURiO0BCD+wL0jDomdTe4/bwHyVQhDKqvnut6nHukIYJHlJq4hKiuW0iQk3tB9ZNfJiNfg2KynEDDZyTWeWBxHhqlWmBnfEKFSiVErErOEUmOi6U6vmPWm6CK6fz1mGkq6PHdfdekZ2acwbzf1PpQ3fVLBkNAIcOE9vQocGgw2N2/T7uyc9xpSkoRnED34jaxVIoJMaOC0chHCPD5vg1mvneg886yAFf47jmDmpFn522mQN5FYRb8rAms/vhTtBqv4pvPjfHFjxLvazKJosZefBhfxHOwYgckWkVIGRnIerdem3wiOXyiEGxfYoLcMFvdL5Pl82qjqTrmcHWJ4m02XT7OEY1D5sTh3yVrxZ3cNh5fDwu+uWEnLn6DHKwy48djmwF9bza2yXiCQINFyvAt8M7gCMyEV9npeSXgjluF5VGbBN2OUSVzSZqtxNFYHp6aPaMVR3NlxYmptbQC5h9lpn0uguNzfr2hGx4khRR4WX4WUYH6tkDS3cV6IjYNtsHB/qoxhERMBP0Lj8n51truC+LKxWWfOemBlfpQ5wmGaEJ8XAhReG9j8ah0jXKKy4TIki5GlyqemOWL6quv3PssCY74H+mVTvJcOM/fZt0DeHEm3HN+Ggv1GXltS3vjnDBKrFEdhe3S3r34uQR2LluHKYtRHZBydaIY6HrpKWR570yavPYgpZAEP3lmW5ueV4OmSvYddbUSbsoU5d+rdKYhmXHr3k0I4hqcK4gql3VM05R/NVyfRESEbk3FAR/Mr0J536s+TXz3F5M7TK68m2agObbQDPOzGGUo0oaldheAD/EU5poUJ99yFXcjYZkNsqtAmXSpqEjCJrJqt28mzt/VGISH6LaSZTY0SUX3M4oGQZFA/kcVs1zNhZLJW0SAAkF8Ei4lAoPqC19yFfVzP15ZWy4q1vrTxeE5ZRTaIEqkjuNyWARDCkMvYWeXOroWTJx+g92M05tyBriq4csRwNY/vC2SeCaa9EsR6Zr9Ee/100LbUTWssAgCnMW0jD2Qz+DzsaygwSnjHwi6QqZRAQsO3BvdsRrp0TRD5s1G5PLJ1MbRkzyzs8T6+yMHWnm/QjjEoliVqxEY2fCzgXT5ZM3GPvgbKVTfxE7hcO8t2UAhtbgahyOf64tstsaGhmPlB4tQD3aG6U8Yd/+M+X4TFohFQwwW1GsAOwXnCq9cX+HkCNAK4pTNGMXFM+fSxrXebYWjGe76S0tXfVWLBRDkG29mD0EP4EZM/lTCOZPDDNCmIhfQ2nrp4pYKaExcniecAxnik4HGb1O4u6VNB4vCBC8OMouTjfTUAYOmghWAyZ91vx0LLv3cIYNtbaswlYC6Xnnh5Ex2lXLHg3sbPT83u7+4uPQhFKFfhZhY0QSspFLUAU7ppHgoed6GJQPHWUwSJOh/Q/2ixwIbRgSeMd0dPavSyyg2iR6bDdTCGmousAzBgqcj5DfGdi/NMpnHV2H1OcAiFkbkSK91TZ2qlI0hImjgV+OUjWN0sCoXIDu00rlzITjmiCsw1jBvr6SzZQg9QQY7TLnVpVZa+Gdi5b3guvGq/1tvTUnp5acOzf14ERLlQFe5OzuuvdrHzSpYa3SlLzTVoHgt/rw6v0Jo+lPq+vVGM8PXSj4SgpD10pxEiDaxv5AU3VpNXwmvDOfonhSwS0fvMSZ+9DW/p/gNcXh7E1NKS8gnsZDdA/bghBFb1+5wuzwQvKuRKkPVODf8dSQb5cd4Km8OShofuVfj1pwT37FR5vuW2O+teY5zkl6vdY2O2YVAWgcpgSmGL9RO9H04OuM7h6oN4SGaEwJdTSZ7GPSEykUaImh40HiBlSn9mziusDqsHetNquH5yvuQMZ7QCFgZ9jgnEjt+aMyRBFVd1CHm+O7M1IloRs8M7imYGd4B121B+sInOq7BQrV+cCpjEytqY8s83poMLjgGK7H9JKVcTMW6LhFP1Q+wGbDdBDEn8LHIrUJfCxn/Gi7oQuv7jd0XkowGzPbQX55+jt+ssL8e2gaGPbSxpCxqbcbC4zXueRLuxWjeF4UYGzhojofOoNnmOQtbFHe3bkQgvZ29heMuLrXbdRGyLPYRjpyUE9FmduzanBaE1taEFLj7QaC6b+I7xnKLeRBi7jqd6gfhaBydlYrvFCy7He1eM9iuAvjcHmfZLdiYsWj6OoCbsxRIl4pd3QEGPA0JsViLRXLWtH9Qkzeux0BPXHmy+0h7cxbpS8tZCSK0j67mJxC8h0rZAFMxEg2eUDObEuaN78ZMpH+sTJrCiI/56KA4LHBW0BOCHZmRBCZXAxCaPyeQsbhr0dfrgHEM/HdS5XvvT3eqxhVio11UgtUPKMg6wroS/XWyKZhBWFH3XSmOCY59SpQMCbwbcC07mAPT5yHLmfAddtkw0xXstv7TvQw88u9v+CGkefvJRBIiXry482SiSL78x3hK7ZCeAW/4P2ZNAbZSChNRM61ge4n6WntI3zEMvVdod/BGAiaTb+JZLs5uyli1+Yq8pLlSims2qgF21OjtZtjdwL/94qZIrwkRXFRlYjIK2vOvABt6ofpltZlTbyoBbOyZldvepeaeuo49+UrfxKL3dMTBIkgoVsUG/tJPv3O2g/VTmBz+Dy+M1xlT9d29pawlkwvGOTJargp5ekX9DeGdsgyURxtNbOlapEn3ITxe6PtIuj81t79V1wxb1H4ham6psdYP4yVqQ+XJM/lXY0FuRyGUzezZoTZMLS+aoy9oDw5GeLDuiWpjZZz4tIg30/L7g3h68IeEAkmXmAIlV/UzGcDGg7VH+//8pKC1if8jqZ4AvNwxLjYSOPI429ng5Kp0Y7giJCuTfSSoo7EpEKSlI3Y2sEk6LGua3Fzq4qr+Y6kFzOcbRfM7vHMqU8Y98VJUmExeC4zz+sp4IbGCILiUL7KWRCUHCIa6h4qTZjd9ny0Rm13PClV43E/4Lxwdolu9sMNGrWDOohymceF4TgwF7en64cjt0Typc3kEOrbtQcq7iNKREkxO6spPHNxqJntSjMEUhWghQupvDCNFn32E7B2lgppEOr3QH9NWInhHA2f3VMZZxUE+Be6/z1Q3Sj30nCIgPEki3nTPV+hDijDoFH0TA6/2NxMzcUbTGeOxZCm+x0SVMEd/NHfLuh1Z40zt90aLS2XaYs871pMEfm60oUDrai6efR5WYSE1tKBa+70OlX93hmenhIPbpB0sr/BQG7N+Oq52iD228c2h7J1sQz8POUo33CllatQzX9+JUL2+MO33coh1l5qyM15ZkvVWGbiJ2aeDuJZpSoVUpPN28Q6+qPq2rtsVSjR2PEJMv+UKiOY1ZT976D1TBkcA4f1ild/yhuK7BYp9jk825oAhzJ3p+pp2fLE1YWlJyFNuQJ8NMpbP1jwGRkhe0RK1yHtQfbP+i7AOVJ7UBESncIVsD+AT2TLiFmkDj33Ix2WkL/Cjq5tl02pR6k2UNFt1X5pKWGwcj3Hf/GActrMJRJuCDF4f1taUdxys7epuQ87JIBlQdjmXgswhsABI/U7ZYipKG3cPUCmZHrrJ8B09lae639ECjzuhwm2hCBoHoIu0Y0FvYEBE7OPpXQt9imOfXeR//WpiLsR9ohOWba4XdrYB+rWCZI/Yvmb7AlU0iX8HUR6C9QC8aZZyc+a2mhU+8ZMG5mdqKtF5raQHsqgS27oREiiFHbXk2K/3dLq/4gGWLlRyqECbe+M85PteqpQQUb68W3F1HuwE+/YBwID/I79Lu8S2udkRccroU5pjwQY7uiyNLR9sm2yHmAzZaxXWPTypWDpH3LyI3p9oxkAP+Cw67iR0v9fQTDgyGKzHQzxI3aFtUxjaPhY9VmoEmpYqHuV6kEMtWzRQNFF+tQVP5NENFQqY6K7Zx2lOHrNAqbGcKguzz9CRWfYWzjwovpvdGcg4utdrD1YwSBggmD2KuCXX/FnrRlmrceqj+Pyr9RE+XVGql227Lu+8lBU0uX4iLCXAB4AveTt5oVTj79tKNZr8TUoHfwaCjdgDttmyMLZzgjqaSFS4jIF118bSBQV+Nu7hQLfZvF3aIxllErK2nb7+lrzGZMbyDpPjxAzCxBgkG6EMX+0eZB4FYs9Vx5v2Pv/vpTVPIpwOqa4ZIsqcE67/2Rxa+jdGwSV1vHR5RiL4e5f1rpk+WntJ/+WZgWYaoeKDCTTvz6fFTIEetgEhTPkWvIhW/PHuLwoCNhmIvKPieWrgbd4QkkHkxrhtKEw/0Dub/i13LshOhmcIgLQDes45KESmUUVEF7LfmAZtZEpwP1OYPbuUlJh87zELj0dXODfcukbHMrwMhYp4k40FmfFmK+dahOmwECvduWFdX5LIf430wfT13ZzhEvN21CD/cvPbLitbiH/M1HOHyfPuw8nhDmsti0QsKgJqpjVPB2In8D9gQh5oaby0cm5w+TRf40s4FoTRrpiXrR/bFvQWGzEYRw2FgKsqjqipmpS3/DNynN1SWuqE7QmzPT5n+YV+WyeoHrw+b1gTC3QCDDNw3EsIY2h0LdGxKiSoYFpB5ohHycZ739p30LNPKBaM/TZm26hUYRD8Z8zjCyOQvJP6LulswrAi2pngzQTc6Dkpfmv9L0TJtaw8ruNCBaWSzJ9BpEL6CXvZ9ChJTZfIEe30WTQMPfPiMNPTw0WYjR+XrRVja+8jN/XIazvRwRUeFtsUXtAaAnlsmTjpmLY7jqBNtZE2E8obJ8spp2DH2OyRo+VmPz/Z8tfu7kAp/RrBlAii6FXJL12kp15VAgQS0g1M3IFss/s9jQ1WWi2qvGldwEFZO0Zkk/BNUH+KWYx4kO6MtFgxs4rnTkrs8xEHqfZLsvTZqgq/cVlcOE/3lm3mU7I3ghBr2M5omiQepYJzmOfIKWZdqZI90wTr+wrjvNnC5XLRdVAnhEkz+X/uRFQgP7ABjZC1AEz0KFLfQOXrwcesqd4ZdIMoQdXxwZowmxmlXI1I/WXysyrBUmNk8H4bKnnotuKVzSsBhNev9U4vONATcmx9bxGwCR9UI3J3v3YRjSow7f5ScON6GvKbuAHrS5zWAk06q6XNq117Zn2IUaWmqKXyUlyiLYd9rPrzEBBeuCDdaMr34maoAefzIQPP068KStYvnUoscS1dN18ptmpHdpeerUaUm3qlB0KOmXgVe4YjrBqBJCycjT548FDQZDd0kyAshOYVnsjaVtZhtkJSMqL3pcuJa4I6/YXagWD0vbQGyGMwP/UiG0y0xvVAHMImiA4g/X+43XOUjGDySbkaMQUUyqhp8wePOMsf0BQXMC+4+vusThRTu5iMaBGA6tiBfBm/XCNdAFjUir48PhU+uiWKUjGOiQC8T7Qrd6VFeiyyuzbE9HWSoaEzfZ3vrEYyCvgZPozgcp3kn2M22uhW+aE5MljqinQolwIJYvrr4n5buWp1ZOEEQxoSIdVuuOFmCxArQB/rbrLnvcB0wFVlv5fThVgZEqOYzyqiyVW3ETnYVvCv7Yr1dL4TvTBzCETyi3iQjyL0vWgqjoKyhV71mnbv5BM9Hn6W/LomATVyIBWHeVD+q0hmZOPxmANLBqDrEenwh9PNOOyJKoWne9aEf274KgazsuTP72qgDM+1rq3/0oWnMRYOwiGz0g/A2WEPpRb1IeI+itwSuOBeXtgh/qWnBpSkHy82coF8ZqebIEiggg9jb3CuLZ14aq4n0H7pnm1fM42Ieo1+hDe1SPS5ss1s1PWu4l8PJSbS0R7g9INdbnvDPLBtGr3e5D4GgaKjiuvgvC8feLOw/bQ6klVK2MJLDzUVm8mEANqKw8X5JoUnz/FilpFu9wDkWg95sjYDM6XnH/Jo0vnNvq3Hk+6QgPJ27Hub07ULAG+3JgVlIYEEP06pqFVa0TbzVrtwn3+glg7ylDbjiO3VHgb66yg1L+xzVOGIkidmYJuWUzWXxI2mAIza7ZDGpQflMDbrP669Ne0KmzWy79Hl0EXrpo4dqv0aHRV6q3OV+kTAv12zxKWGpiovoHpl5eZ9QECV481xu8nfLj7pU60LhZrg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2020-07-08 14:14:00,169 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-07-08 14:14:00,169 - INFO [Shibboleth-Audit.SSO:?] - 20200708T141400Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_5gilljlh3uhjg63to9ljliur893s9h3vep1g|https://iam.eu-defcs.poc.hybrid.otc-service.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_ebb55fa132597e7b831fb08d0ad671de|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxnUoVaXpOzu3cNPQ84C2ZZObcyA52DzkCEMs5QY7hoYwdSi0oiVimHJLLH4++vZil+7fZnCI1Vz+tIGKbU7NzdINwofXxrVKFnezHMSz/pI2fusoDqnC5zo9SGdRKH54I4QA1lIKc9ZeeYYLSXlB5TxcU|_4a1878a79e37e21c95343a3f22ed8509|
2020-07-08 14:14:02,078 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2020-07-08 14:14:02,078 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2020-07-08 14:14:02,078 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-defcs.poc.hybrid.otc-service.com, acsURL=null, relayState=null, time=2020-07-08T14:14:02.078Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_ef61655e-24b9-4322-b389-ce9969938b31"
    IssueInstant="2020-07-08T14:14:02.078Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2020-07-08 14:14:02,078 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2020-07-08 14:14:02,079 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:14:02,079 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:14:02,079 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:14:02,079 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:14:02,079 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:14:02,079 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:14:02,079 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:14:02,079 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-defcs.poc.hybrid.otc-service.com
2020-07-08 14:14:02,080 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:14:02,080 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:14:02,080 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2020-07-08 14:14:02,080 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ef61655e-24b9-4322-b389-ce9969938b31', issue instant '2020-07-08T14:14:02.078Z', entityID 'https://iam.eu-defcs.poc.hybrid.otc-service.com'
2020-07-08 14:14:02,080 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-defcs.poc.hybrid.otc-service.com' does not require AuthnRequests to be signed
2020-07-08 14:14:02,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:14:02,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:14:02,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:14:02,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:14:02,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:14:02,081 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:14:02,081 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:14:02,082 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:14:02,082 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:14:02,082 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:14:02,082 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:14:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:14:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:14:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:14:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:14:02,082 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:14:02,082 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:14:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:14:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:14:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:14:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:14:02,082 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-defcs.poc.hybrid.otc-service.com
2020-07-08 14:14:02,082 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-07-08 14:14:02,082 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:14:02,082 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:14:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:14:02,109 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:14:02,109 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:14:02.109Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:14:02,109 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:14:02,110 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:14:02,110 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:14:02,110 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:14:02,110 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:14:02,110 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:14:02,110 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:14:02,110 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:14:02,110 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:14:02,110 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:14:02,281 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-defcs.poc.hybrid.otc-service.com'
2020-07-08 14:14:02,281 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-07-08 14:14:02,281 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-07-08 14:14:02,625 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-07-08 14:14:02,625 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2020-07-08 14:14:02,625 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-07-08 14:14:02,625 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@487661170::identifier=rick, context=org.apache.velocity.VelocityContext@4ddc1aab]
2020-07-08 14:14:02,626 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@487661170::identifier=rick, context=org.apache.velocity.VelocityContext@4ddc1aab]
2020-07-08 14:14:02,628 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-07-08 14:14:02,628 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-07-08 14:14:02,628 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-07-08 14:14:02,629 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-07-08 14:14:02,629 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-07-08 14:14:02,629 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-07-08 14:14:02,629 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-07-08 14:14:02,629 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 6a8f4df9728773f41b2a4e6d1cec715ce9d4bc030b826f42288b687eda9b1d56 for principal rick
2020-07-08 14:14:02,629 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-07-08 14:14:02,630 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-07-08 14:14:02,630 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-07-08 14:14:02,630 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-07-08 14:14:02,630 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-07-08 14:14:02,630 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-07-08 14:14:02,630 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-07-08 14:14:02,630 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-07-08 14:14:02,630 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-07-08 14:14:02,630 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7dd7df7a'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-defcs.poc.hybrid.otc-service.com'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-defcs.poc.hybrid.otc-service.com'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-defcs.poc.hybrid.otc-service.com'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2020-07-08 14:14:02,631 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200708T141402Z|https://iam.eu-defcs.poc.hybrid.otc-service.com|ClearAttributeReleaseConsent|rick|||
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-07-08 14:14:02,631 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2020-07-08 14:14:02,632 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-07-08 14:14:02,632 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-07-08 14:14:02,800 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-defcs.poc.hybrid.otc-service.com'
2020-07-08 14:14:02,800 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-07-08 14:14:02,800 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-07-08 14:14:02,800 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-07-08 14:14:02,800 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-07-08 14:14:02,800 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-07-08 14:14:02,977 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-07-08 14:14:02,977 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-07-08 14:14:02,978 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200708T141402Z|https://iam.eu-defcs.poc.hybrid.otc-service.com|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-07-08 14:14:02,978 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-07-08 14:14:02,978 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-defcs.poc.hybrid.otc-service.com'
2020-07-08 14:14:02,978 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-07-08 14:14:02,978 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-07-08 14:14:02,978 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-defcs.poc.hybrid.otc-service.com, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1625753642978}'
2020-07-08 14:14:02,978 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-07-08 14:14:02,978 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-07-08 14:14:02,978 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-07-08 14:14:02,978 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-defcs.poc.hybrid.otc-service.com'
2020-07-08 14:14:02,978 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-defcs.poc.hybrid.otc-service.com]' as '["rick:https://iam.eu-defcs.poc.hybrid.otc-service.com"]'
2020-07-08 14:14:02,978 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7dd7df7a'
2020-07-08 14:14:02,978 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:14:02,979 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-07-08 14:14:02,979 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-07-08 14:14:02,979 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2020-07-08 14:14:02,979 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2020-07-08 14:14:02,980 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-07-08 14:14:02,980 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _7b04eff6ed14914ad471db51a6351e2e
2020-07-08 14:14:02,980 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _7b04eff6ed14914ad471db51a6351e2e to Response _6451e66109de8a111586819d39c59d2f
2020-07-08 14:14:02,980 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _7b04eff6ed14914ad471db51a6351e2e
2020-07-08 14:14:02,981 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-07-08 14:14:02,981 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-07-08 14:14:02,981 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-07-08 14:14:02,981 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-07-08 14:14:02,981 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-07-08 14:14:02,981 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-07-08 14:14:02,981 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-07-08 14:14:02,981 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-07-08 14:14:02,981 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-07-08 14:14:02,982 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-07-08 14:14:02,983 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-07-08 14:14:02,983 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-07-08 14:14:02,983 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-07-08 14:14:02,983 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2020-07-08 14:14:02,983 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-07-08 14:14:02,983 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:14:02,983 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxSgTBF69Oxq0gphNhWh7DjPv7jvgh9F+kGAMFx1urd6MDsE0ZYqrhvaLJtB0pFcNN+pRIcWP1DL5EvbH1/p08h9KY+cd8F510Kz5QulC29I1NT3z8nnVvJrd9XmQmO8zvjMiOFZMuP8fO1HRGodRePYcr with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _7b04eff6ed14914ad471db51a6351e2e
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _7b04eff6ed14914ad471db51a6351e2e did not already contain Conditions, one was added
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-07-08T14:19:02.979Z, to Assertion _7b04eff6ed14914ad471db51a6351e2e
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _7b04eff6ed14914ad471db51a6351e2e already contained Conditions, nothing was done
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _7b04eff6ed14914ad471db51a6351e2e already contained Conditions, nothing was done
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-defcs.poc.hybrid.otc-service.com as an Audience of the AudienceRestriction
2020-07-08 14:14:02,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _7b04eff6ed14914ad471db51a6351e2e
2020-07-08 14:14:02,985 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-defcs.poc.hybrid.otc-service.com to existing session 6a8f4df9728773f41b2a4e6d1cec715ce9d4bc030b826f42288b687eda9b1d56
2020-07-08 14:14:02,987 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-defcs.poc.hybrid.otc-service.com in session 6a8f4df9728773f41b2a4e6d1cec715ce9d4bc030b826f42288b687eda9b1d56
2020-07-08 14:14:02,987 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-07-08 14:14:02,987 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-defcs.poc.hybrid.otc-service.com and key AAdzZWNyZXQxSgTBF69Oxq0gphNhWh7DjPv7jvgh9F+kGAMFx1urd6MDsE0ZYqrhvaLJtB0pFcNN+pRIcWP1DL5EvbH1/p08h9KY+cd8F510Kz5QulC29I1NT3z8nnVvJrd9XmQmO8zvjMiOFZMuP8fO1HRGodRePYcr
2020-07-08 14:14:02,987 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-07-08 14:14:02,988 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-07-08 14:14:02,989 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7b04eff6ed14914ad471db51a6351e2e"
2020-07-08 14:14:02,989 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7b04eff6ed14914ad471db51a6351e2e and Element was [saml2:Assertion: null]
2020-07-08 14:14:02,989 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7b04eff6ed14914ad471db51a6351e2e"
2020-07-08 14:14:02,989 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7b04eff6ed14914ad471db51a6351e2e and Element was [saml2:Assertion: null]
2020-07-08 14:14:02,994 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_6451e66109de8a111586819d39c59d2f"
    IssueInstant="2020-07-08T14:14:02.979Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_7b04eff6ed14914ad471db51a6351e2e"
        IssueInstant="2020-07-08T14:14:02.979Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_7b04eff6ed14914ad471db51a6351e2e">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>5+xZDn/PlbKCWmWmsQH9F0abIkWf89M0yxPQokOPMAo=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>eu1cd/eqFsILY5oMlfwMV7SUzJr/J7jQB5zWhH2KpNPn4oF1UaNbrv9BTNI5IB07RTmQUC2eOnON4bxhCq5ePaytG1EemSy0T+DBRbRxRZgbn9+eqDPysaoyV09p8OPhOEAt9Crcde8X0UAZPky7Kb6sD1NSgGWr4SJr1JKXd3uoNU9UxGHYfcv8dMzyNvz5Msv9n1lHwjuV8PQTe/6mc3NpapLcUc6BwfVskO3STk4StqKH2NRTrzlmnNVtuiyN3gyenmyF0Kcglh3fcaNuAP+OvCIfzWkHEsU+UbOoCNe95Ygjammr3/fsP4oJtIriUZvH7UJ8Nc+jSgLQY8cKBA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxSgTBF69Oxq0gphNhWh7DjPv7jvgh9F+kGAMFx1urd6MDsE0ZYqrhvaLJtB0pFcNN+pRIcWP1DL5EvbH1/p08h9KY+cd8F510Kz5QulC29I1NT3z8nnVvJrd9XmQmO8zvjMiOFZMuP8fO1HRGodRePYcr</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    NotOnOrAfter="2020-07-08T14:19:02.984Z" Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-07-08T14:14:02.979Z" NotOnOrAfter="2020-07-08T14:19:02.979Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-07-08T14:14:02.628Z" SessionIndex="_186f3a76bef59fdb0a5763ef00c564fc">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-07-08 14:14:03,001 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2020-07-08 14:14:03,001 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2020-07-08 14:14:03,002 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6451e66109de8a111586819d39c59d2f"
2020-07-08 14:14:03,002 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6451e66109de8a111586819d39c59d2f and Element was [saml2p:Response: null]
2020-07-08 14:14:03,002 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6451e66109de8a111586819d39c59d2f"
2020-07-08 14:14:03,002 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6451e66109de8a111586819d39c59d2f and Element was [saml2p:Response: null]
2020-07-08 14:14:03,006 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-07-08 14:14:03,009 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-defcs.poc.hybrid.otc-service.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2020-07-08 14:14:03,009 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-07-08 14:14:03,011 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_6451e66109de8a111586819d39c59d2f"
    IssueInstant="2020-07-08T14:14:02.979Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_6451e66109de8a111586819d39c59d2f">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>gvNjdQyHfaITNFRxSYG29NakIHcI5Hhq7LHcp6u8Gjw=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>i2tk66DObF88Nvu/uOmIpVapY+YtX8cmJCo5EVcBKSvORIzeP7wPNpdz31Sz5+bF770o/KzSPsefi/3kWskS1X+pXKgczoLEHsuSog8FSXvLKd++sZO1bIfyjROgl6daiRy1lwv5/Xie4KXr+k0c4L7/QBLe8uZbZ11K0HrtWaVY7Q/5wU9wVZllxs7XR74Uj7JlRFX5NcULwMYYEzGnEKCe3ifZW+FnCOja9LzHOf15pGtxxEr/WSxB8KTuNJdGKOZHZTezA4gh1QdmMdxaRjyKOAMVxzZZS+SAodRp0EmXexy/wJ+Qf2uFGCvLf/l25THNv6XQ2mADwiQSW9wvcA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_7e8311e141423373cfa90e4d4cc0ba0c"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_2c81ade83fd57778f515b6cca2f93f85"
                    Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>owSdYleuP5HsDsgj/qsnx4ANt7iONi3aGH5PGRHxbaS5cXbviK2Pntple/s1XzxLD3KlOE/Qge+EeKtQV5fRghtdNH/JKOiQruGJnnD29708OiPEpEOf7Yt8tBxPD6KbgLDaETR2Qv5LoH7yhriz5uTI3qolk5XWaTfHabz2W2s=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>k/GJPzQni+e4fsG+CvIMg9cLcHxRc8RXbHYzmYdiA8zjJnGgSyXqiEB8ifVtREbGaLOYvz28V+iyFUFAvW42ikIOW4phczW5bbYQjjqTWYUEyiFOLlUFbI8SOz7TUTXLcBdxENb6y/ZJ3b88Ri4Jkv3WvP6q8gcMdYR23E41Q4M5RwC+/+w2o6ph6ig0zhI2i6EircTxac1EExIchaHcmx2DQtWVZ6tCC0wZWcbCUGNtyIw3yfTk4Y5gvoW+JJNK1Xnt+4ovGuCmylxyzfKqni8MaunIK4GWtRbPa3cCNKaOsPOZRTlmrMMBe7eght2f2SPECqkiP4bKEYD1RxWEOuQtRi1VerUesq66FH2dfz1sUq1nlZnyoCc1dCAPVty7Onp1lybiw8L/5X4QlESjvUu5n1t0NxXRgvpXPwpXG5LRMclpbrn8oCFK/Mk7HcT00i4dV9byYyWsVhtnPaazqAwMDoeZX04NCwvCgBN3TY5hAPh5sTFobQzKqMo9lZ2V1DWyZ5CFVLedUv6vlm/JW6pYUwKvh9bgabsAvN2503kIGXeenDfxsGu99MstdHyFV+caxhPZla/Lm0A2hCKKWbqsJ78kA595hcluEVBZ7Ug2zzNFVgE+NL250j0nC1DWw2rfXVwGCBGYJyJH9UBp4hiQdTTzUjMF9JlpvBJG4lhOwis6MbVVH9PzaI28onl2rnzUqO/3mCggG7HsKRrsBdbzbTZ12Lszh0ay4dW+sfGBnX9jC35RUDTc113IB4NfLE3QDqSXCepMdQZLPjOtG2TQCHQOf4BjV8m0a8hN0753+mmTljLWKgLViZE/1zDoo5F1udHYIB43GZSoohgARfO98d30JLMmgvLkQpHTP41TC14deZw1FNrJWM9BqbQtFiIGEs3YQowEU7TL8PBtWs8yLXWdmanQfKIoGLZqzG+KIRM7PE2DmZ4gYkJlosWQX5T86ve9ao0r+TS3w7MfqorAdvoKwBZcijqw1W+lfB1gR7nUbdklgu3+BBCOHXh+0LwvutDRjxXH2wvx5sBy9VwH+eI4ONYZiWM8DDolZarpilvbuuJOLD0L4GUijbEgIW3bZQpPEdSz/COn10g+Swe43qt68tp05tSqATzLmsHz4E/FE5ouppd5hTGs+lhMepi/Wvzh5cC80AJHjqegiICXpYlUte9frvTBM07MH6YEFyscE5d5XD6YUU8eTWfe9SuairUMnJWOU6qCcbTNswkl3LrWxNgEHlzOqCibwugYFaVLChUQCu7z2ORTIGZcKj5JVFJPikWCGULHiw0qLhNbxALmXJpfLA9J0tyKyytyP7PJITlar035WLi4C5DRn2QKttnFpTPJvKyTOuIPmdJBaUtNN79/Cga2/6ri9P8+Ah7wfNCgD73RzYJ2vY7TyMSFTAfdrfBBAbSfIryqEfygEdqJnJcDpEHmBM0nPEiUbNzk+gjy743bA6HZ18CB2coNU3oZ7vV7gu1MowzZqIYocXhMaH7pEZtPWcRp49FPQ1fSpsUhsu4pRvAGCQxiAjMgH7LD/w9yui4y8zZ6IhqSgaocJ/L8aO4Dq00o6oobtGIE/jv+23CKHUZKXgj3uMXNAqq94kN7YpJTHHYWOKy3hisCRLEZ2RzuHEOJX0tIp+ebN1mf+S4mgTKn1iR4R5fZeduJy1+V/hQMtaLncAp8r3LD+5Wfn5wNsxfySSg5xBfpjcuzgmo5c8d/i/wl8Ffn4rGkGz7Juw+2+WqHg0ZWrpbG82226wRLhNofijvMi4WCUAZ1K+19AY4qY9jJh2gAcLdVdaSVdy4f65H1WQ2G2IiX+J2shymbBR2qdHh1qmhDJQykLVoYrr91rfGzo4W/MXtcUa18Owa/VM79QD9TLA8Du2oyPLJ3qLIp4/iQTLrm+hzWA7tABdKeW3Ct2ZOVnmgi/rwNZ8ivTGxtV6JdunFgR25KRYzKEvy7q1PKoHenW9ip3TUAqeB2aU0tXwIPi8fAvDLDpt9QQiEEwHO8jhFeNl/ZOjGyWJSBrfsxHU9upBwyRu+0ZCaRY+61/yO2YTOUd+lJIp+czc2x2dV8BS82NlK7lFEfAQsdWQvqiNq3nz6TbB12wx9GZI41beF8GvwhN6a10TrnpuQqc9SxVdXhzRSWYono/2QJzc3D9TJltYDvtZxdebOrmi1U410Q9palR7kMJ9rHGbzNRrK5dmF4YMkCspV5CbxSCD7st/B4xZdyYh+9q/zsujZ7xbzhTLK9pAB21JJ/l9qLJYQi1HZfbqv4nn7FPtQZ2cUYHIKCBl9rfjJvSXId3GEx8ThQDburjk1BAdmToZJMTCsfRTS7UnIiUEC4pbhgerTvqMFWv6koNSLbh53W4BerYNxrVKgmQ8b7QmAjhmlhCcvpHQneFQM8FFUqOecS+9xCjDzn3Uk0l5KKddn1dU8aAn9e9uR1ETs99eBV/wdCnmZMOuIbSQmZ+Aw3a6RHle/hpcWE+yqzdeV364ysh9Ab1kXWbQBpYGoBGQuuTlzVZeBhP+fZePaCya3QG5PtjOc4O+SuWsV4SFlRU/zak3BgKLoPfg+UiR64xetp7BPvFyA3Xu1ClDvpspCZPIay64mcnUem6ABFFyesoryaTENIrpfEIxsNpFj1a0OAxo0SyzfpnrSJdBVWATCnpwgVba0E0Iq4hUvPP9RrXa9IMdfDtl3lwwWNROSccpd2VeeRvOJ6BqogFJWxYMD8Z5btYDKNtHzWPCJavWf/VD5kQ1WUdSaFOhDr1xZHucM4CHw4BaeqiN5fwyB2tXOuTDnRNbiHjYJJLjn3Tpr95kpMpnc31r3jDEAF5MORr7taOCt2Qr3QiyOLlzvSIhj4Wd5gTm8ydNB2XsVmF46cqC4tsy6LPGEpU9i0PJQdlU5v6tVb/pcjJC3RuK2zCz810tLPcuXIn7lvoDjzw9sqAZj409Ag1mHGecDD7lfObQhsmdmE8eVY+dyyKGz2NKEUGTXuuceGhUHgDhUYFK3A2cybLwe0yKlHycC8nJepVvi4EK8BE+wne/J+7nLRbnepzx41F/9wCVW7dzz/6Z5a3Zz8HAZs/YwBtRr7sCmmOSXYO/Tnq84PuO1/uBSCpwnSMTlmtFRwZxGGZ9tpHoTKqi3quxHOllWkHL/at1xJvnBzapUeIHebZrd+gaoNjFEkY+PW8A0rUYph6ZRyc6YIKJ/gcchx6Kn/QYiXeeLmdiEyg9azPKIr1dgSRuf36YsS7N4se7hM/iLiQNB+YrgF6O/3RRkTy7CT3fNMnAah0q0RlhMfaT9k+3OLv44TVK9jXycJZGlLFoH0vcZ5H9F3+0nQDIVEbiwc8Oa73rhkHZRx4s/ud7e/sbpeI9yVqUsQowNbItb9SBWgldVmrrR6FqmdZ067CTOte6NGJ7dc9v59uyesfXnq/1erBNqZ2P1Wv4f4qLVnAPBd7ZODB2wM7PEVVMivPnRuTusNqHvEzE6AgL4fFpTK+pDDA9/NCwJdppARdKV5lRfln+dqtAGIzPskwlMfDR5FwRkff6aqJrvgRrDjaoA+RRuz3x4FSj5/3Rgbbyie6FY5GSt9n33uTQgHD7psi0t6BOhYF8fF9NWwNl5p9bfHcuQyjnnFCMVNNzjT27wELxxU9HfNe4cgB8rxKpTvKuhpHsF1Rg6GNPP8ti8uKmTDSUL9VgCgI7m6/4ihnBHRcsbbvmMyvgIDrbgrtQmaHZFpRd6/ErKsB3mwTZ1r+BHyOPZuXui4U1Ze51gZIBADu8jwKIKOegzLX6jRrqWQmY8km/s1EAndSUW07uKL0crSRrjbEa/6+9Q/LTXFYIk6fJ4PToDzDrPfJHv+OhEQuG9iShdNe0w/7CoFoNSprGFga2Bb/VtO0oywe5zeI0CvfrJ6/fCbKaQKPdkfgXD/V4pt7IbvHSqhmLZtBVVCWB6Q68KyO5JG326qPQgWizyG6NE1dUHN2MS5oA0PNmJDCqqf7K3ITAwVnPvkB5QVZTXIlnffB+Y0TQdMHA7whpcX3bht2jRGTOYEzy1O9QtV3fQNKPOReFcPpAw8NgGsWj0wWFAKdCHL+R7NMTG8sQjZwh4rnyK2ISmLWn1NNkOafJrl3aEmaAx2ZSwIqPSfTAHEbHk2xpZHTDCPTA7xHksYd5OyQwtDMZfYoaaOsjfDsfRWsHk69W9pIybyV8AXE25gROm2V+ugpC9sy5KrGmbuChDXlzaExnyxsn0kqguZ7pCgVY7Al+hoKSav7+zO6her/dH9v5ZRvGuVvLecyssGDAeirhX5AizK8N/mkYRc/oKWwyqhcIHspYr9NCSmjmBBN/O8duB9jtpexIjeGBJS8CtdBQmKg80dGuC0NYbbPza9XPgQSVQEy1i8RrSK3WO6rj3R+hVlpdRtJFVkSelO2ivbOpzGXTit6EkvesKpblkM3ziyEHeRJag/CruMVl3WNiNoBK4y5lJsshSDttFa8MUKoq/jYlg5UuSVzd6bi4w8eQ+89MTCa9khqmPS2V2AVFAcoMNAuQArF+c3ewJNHT+uQ/imqF+fyFHR17jhxR/ixtW+ceyOo7xWep2t4Lh84x0955+WaS85Ygccm+ZiG5Dl2SBUw8YxZ8SLBABxpQ/byqbNKgz22WPWWLqdWcxLlhOMbWXEuCAX3p0t3AkhvvtY5taxmBhNIAJL55aMhNi9gL1UDy4RPBojU272Q4vRPVDuSZY+6k9DowAaI/9lkep+nmr5od+wwh7SXVRRHVeqrMOX09CPLudK//xP5oBuY+xQV3F42qtU8ezxVO1ezkWeTyoereVBMG9mCm1cVoFJ4tLQKxeAeIJYoj6rpGxafj/EOy1tubuoYm4c7G3eQPtfZYdd69xaohTBRVMgxzjvCdV/YJ9BF8jvAHFXYkCXEGxbKJ8JAhAH8loxqPxBU5PNJmhps95FMTg5sawEeKsTo7QUEBPEtQMg9pfK2mTscVeJAQuHH9S5To9210qjO34h3+dPKLAFZcv0f5cY7VLIE6HrwR8zHO9+UJVSBjy7MGC4+6328/4h0wQxElzjod8AwZC2V4/7HcXSY4Fr7jui+HiJ7ltgrJbqCKk9mBhgIR5RwZxiPk+1C71avdK0B1bhxDyGnFBE2D+Z+FYRs9PiQ//Uophkw2ijD+xvNx14JwaENVi3Llc+MlhhxIYqFLClUYTnn1jxdqZ+BAvnheOX+olztmXYVgtZXDLyFevOBV7xGqjoTc78AJBsr3VJvr72i3klQZ9vcxHvQhrLWBHtV1bjeFQ8mzCUFCB0ipHzqJWU4nci/SKZc2Vq/So+0AK51K996UzU5+/NOQjXa+yMDl6vXWm4+3nVqDWotfpiL6CeM1fhhaGYs4yAco2wF+b/DFLPqnExIXJxKtbSa2M08Z3CIZQ/3gk3Y7jeM/3EAU/T7InJTDwedZUmNIXsiUlmqGYMOEgL+dMu1tBOGRXFI1G2okCeXIidXf9/T/uX2rjjoom0DMJwiKGyotiiCYLjLMMnY4Osil6YXYb+/w5dys/lwuaNYo5RMbpCxmKAEOrnXT4iMFDN+xP8LsCJj6JTE/vZ+5XxpHNzB+WPf2xXYyEEOVw9GUPJoLQoTnbm5x+UAZoGOtUlt1LYD4k+pSFKjVLBqaIR/osJvRVCaYj5yW5Hwom+AVIRBPeVAeX6x7zh41f00QjQ52eaXiDsUu6h6VOWhe5bdJl4KDvMpPxHCQ4D67DK/Gz9friFkx9nd+Jsi2Iaed0Bl3nCKwPJhi2d8mGqFYA9w9/7+jdxyojfGgNwd6dZzBg2DGoIZNccprxJR5R65oOTtjQaPHdrMk8hfwfYY6NoXn3vug3dNAd7fdE1CGPJEqePGVCU5dQrxxr4xVLJedWaWnsMhKAxRFIsvgUYS3c4EkDUfgOdaNpNCHP4TQvYOiIDNxwuc4ZZ3mPK7bm+pd2MK69xjztuBxOkTfg0T9LeKkFwX1s+3ovxWWZGV6pg9Ft8RecnrW6sBFc743awTQTZSjkNC2Ja3yaazPbQYbQwFJ1mzOLkSfyXtTEl6aSNcs5mwoM+laJNJJqgwX7Z13qTG6hHOy7rISxRS3dEQXWbqRKrdPSbFC2ytdqrYygmpWXCV/xYf0UIGAGr9eIoL6p/p+bC+3tqRdJT1a7IkRXuDaSgI9yIlumcs59AP2Jzp3uwtVmpaEVVtrM3HLyKXajb+dz5+YQFy7qFCrHPmINaTSNDSCP97t5EWNRE8heQff+agKFw82jfNZBgsMV5JeBf0wyO1RR0UoIJoo0g8FGiNN3Ie24y5hJ/rKkyridv1z2hkugK7KlzHMHFRwHB1H0unn0028zOfzFpgPXjLfOiv0viD+MEmJw0BASaQc/uN3YaqlmEsNVdui1W/aC2t+QcuZAB9uz74GXDoJHQQHrATurmTiqDr1JV4qXR94mmld7QPLgWLxjqcQUVnGRb8XmU0ElYwzuLjCHcvdOnBG8zwwbOJ4s2k5S9/rXC3skGL5JpvF7Cm+c8/P7CgqnDt+JkzkEYEBI69ycNlbDAI01fk7TM4AzmlokbBONA2l1iGljg9nponPSYClKHx8EvUMAx/yS0iJn50LBBxN38y7cbUuV9tFpRKjyqEFFae5UX6kv3GZiqlgLp34UExb0WO1vcLvW3x9OZjebbRCOVz0ByyZwbKR0ObcZe51kISag8EK9cQlEptF6Fj7yHGPAujLz4uWl1GO2jZrd/G168bzMEiV2tdxfiULhMB4+5ZFE8zyGuSBOZ4pN/q29qlNR3Mc5FOpkXsjTCNPWlqZDCaaJtUffz+q/gziDON/2ydyJ51g2dj7F//5wEds9/Sz5S9iMTPwU3ixgLlzye6eEBQ9LCsY7UW+n7Mv32E89KY3t3D26BBr+ieyePipotxmmA5RJCgO3ZJb8uLxnqgeAYOiUbp9m9pIiAZeuXAar5dADz+vHuuUrAZ5kKwGwdAAupEU/HY8FjzTbmML9/88tOOCVaK6/GHMAev1jAe0tJdiQLUwNfROOpCcAkrN6jfQlCh+wnZqhviRTyhezO9gHDkPxTLWzCWXnknOgbN3S3n3j08S2xVENjLR0TlD5DtayGI9VJdjFwMq9z57HP16HyiaZdFjbgsA5XuN9/CsF+SM3J3nhvf44EfBULSO9aJlcB/yoFZImIMepbsnsF8my5eUEWD27+Tt6rVby5CRnXQMCBXq/4VlGVw7OlntF4Ykt7VOIENeHrfuuCiAVDOFBYsQDuTtOn+ivVUTVqN4ci+n5jhLBp8xY4vEOxCHVS/zUo/Nlxh5aZWXrYNZzk82xPEuE8s/p3f/FaKXVwSzYUQ3hKcL99OUlnoN5lP7yuLiEqruU4gq7WLSxhBSrgJnD6NBoVN+SdIKe1LwAisRVVn0AOFH8uXgdewioVLI0E+xL+vccnTQpnov8YHx6Z7IIYeOMJ5jRO2vGmu7pYoYV+hEw9GD8JYshF1ZBxMXdJxuQUK4JPwPkLXCieti5OmfKklAAOUrVRUH7uPcuhBJQtAC6+dT+6aEiHUVC+xPLAr8nKitXD53X1glaxuLiFDTei8io//MhmoyxOyrHaw0jLsuVxgLHvMVtJ8THlg8rvUI72fT+stHabXKOIUekYqKX5kwR9vKruRgplnFT7BAPymFRPO8r40g8vka34kysHt8WMOapxXSdG7HT0uM1t7kcwCaGvSmhaBx+m2HiGL6PuoI65DWMV5HGdWL+xW7/s7ebBEdaWh+WvTGZHk5DXkO+Ti5/2VVCvjLhURj+vHmCH/kaJTrYBI9tLrlA9gqGDUaszsziHO7ZUbqJbO0USPz0ml9Upt7k7bLAsfpGEfVZ/om3UPxLw6iQl4G7rT06X78ZucjPmHyu394N2WCPCnXBDSCtF3r2w26sOswT+IJms968d4gG3HJHZX2hG4W80bB0cnz3OW25tUTWuMJ34Uj5Je+HSR0RAuIr/GIzCujYChs0Ho6ZqCmpBz49vYTUnRv5hzo/i3w4xX8yJ1kLuHofMpgqDcItUQ3Uj</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-07-08 14:14:03,012 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-07-08 14:14:03,012 - INFO [Shibboleth-Audit.SSO:?] - 20200708T141403Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_ef61655e-24b9-4322-b389-ce9969938b31|https://iam.eu-defcs.poc.hybrid.otc-service.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_6451e66109de8a111586819d39c59d2f|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxSgTBF69Oxq0gphNhWh7DjPv7jvgh9F+kGAMFx1urd6MDsE0ZYqrhvaLJtB0pFcNN+pRIcWP1DL5EvbH1/p08h9KY+cd8F510Kz5QulC29I1NT3z8nnVvJrd9XmQmO8zvjMiOFZMuP8fO1HRGodRePYcr|_7b04eff6ed14914ad471db51a6351e2e|
2020-07-08 14:14:13,886 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ZNolEjE9GHBwNA1GWBi0AoysmfzZRJ5UbUIIvUE9vX_1Q90E1Vx1jqC6
2020-07-08 14:14:13,886 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:14:13,886 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:14:13,886 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-0f547ef550f84f03b2b2eb2d2876bfb97bb602ec"
    IssueInstant="2020-07-08T14:14:13.777Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:14:13,892 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:14:13,892 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:14:13,892 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:14:13,892 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:14:13,892 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:14:13,892 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:14:13,892 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:14:13,892 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:14:13,892 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:14:13,904 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:14:13,904 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:14:13,904 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:14:13,904 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:14:13,904 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:14:13,904 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-0f547ef550f84f03b2b2eb2d2876bfb97bb602ec', issue instant '2020-07-08T14:14:13.777Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:14:13,905 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:14:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:14:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:14:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:14:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:14:13,905 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:14:13,905 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:14:13,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:14:13,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:14:13,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:14:13,905 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:14:13,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:14:13,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:14:13,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:14:13,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:14:13,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:14:13,906 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:14:13,906 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:14:13,906 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:14:13,906 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:14:13,906 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:14:13,906 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:14:13,906 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:14:13,906 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:14:13,907 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:14:13,907 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:14:13,907 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:14:13,910 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:14:13,911 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:14:13.911Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:14:13,911 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:14:13,911 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:14:13,911 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:14:13,911 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:14:13,911 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:14:13,911 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:14:13,911 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:14:13,911 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:14:13,911 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:14:13,911 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:14:13,911 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:14:13,912 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:14:43,892 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: dDtNbmFEE8SYb580I9h7tpO-HDEcBuU94rHS6gRQ6koGpEXZijI3bhWI
2020-07-08 14:14:43,892 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:14:43,893 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:14:43,893 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-6fd47d33f178cc4c67b1cc515e4f87934d097ed9"
    IssueInstant="2020-07-08T14:14:43.784Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:14:43,898 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:14:43,898 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:14:43,898 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:14:43,898 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:14:43,898 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:14:43,898 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:14:43,898 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:14:43,898 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:14:43,898 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:14:43,899 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:14:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:14:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:14:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:14:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:14:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-6fd47d33f178cc4c67b1cc515e4f87934d097ed9', issue instant '2020-07-08T14:14:43.784Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:14:43,899 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:14:43,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:14:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:14:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:14:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:14:43,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:14:43,900 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:14:43,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:14:43,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:14:43,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:14:43,900 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:14:43,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:14:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:14:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:14:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:14:43,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:14:43,900 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:14:43,901 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:14:43,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:14:43,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:14:43,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:14:43,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:14:43,901 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:14:43,901 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:14:43,901 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:14:43,901 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:14:43,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:14:43,904 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:14:43,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:14:43.905Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:14:43,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:14:43,905 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:14:43,905 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:14:43,905 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:14:43,905 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:14:43,906 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:14:43,906 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:14:43,906 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:14:43,906 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:14:43,906 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:14:43,906 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:14:43,906 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:15:14,628 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: zSeslJ1B7mCCVDQxGgBcFTCrlQccaODSsl4szkleOs2OXDnwDfDeZeKz
2020-07-08 14:15:14,628 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:15:14,629 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:15:14,629 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-ded458f7b00017184711d146772d65f9ec709801"
    IssueInstant="2020-07-08T14:15:13.769Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:15:14,636 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:15:14,636 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:15:14,636 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:15:14,636 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:15:14,636 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:15:14,636 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:15:14,636 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:15:14,636 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:15:14,640 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:15:14,641 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:15:14,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:15:14,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:15:14,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:15:14,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:15:14,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-ded458f7b00017184711d146772d65f9ec709801', issue instant '2020-07-08T14:15:13.769Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:15:14,642 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:15:14,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:15:14,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:15:14,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:15:14,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:15:14,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:15:14,642 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:15:14,642 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:15:14,642 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:15:14,642 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:15:14,643 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:15:14,643 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:15:14,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:15:14,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:15:14,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:15:14,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:15:14,643 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:15:14,643 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:15:14,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:15:14,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:15:14,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:15:14,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:15:14,643 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:15:14,643 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:15:14,644 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:15:14,644 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:15:14,644 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:15:14,652 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:15:14,658 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:15:14.658Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:15:14,658 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:15:14,658 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:15:14,658 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:15:14,658 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:15:14,658 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:15:14,659 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:15:14,659 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:15:14,659 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:15:14,659 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:15:14,659 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:15:14,659 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:15:14,659 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:15:19,155 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: tN0UOtO30qfJP1xhWXg3vv-BADNtb6dDa3N96YOWyrvid3dS043fsKUs
2020-07-08 14:15:19,155 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:15:19,156 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:15:19,156 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-0a76ba71213f7b214781d1a7dd321eb2cace48d7"
    IssueInstant="2020-07-08T14:15:19.05Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:15:19,157 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:15:19,157 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:15:19,157 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:15:19,157 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:15:19,157 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:15:19,157 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:15:19,157 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:15:19,157 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:15:19,157 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:15:19,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:15:19,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:15:19,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:15:19,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:15:19,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-0a76ba71213f7b214781d1a7dd321eb2cace48d7', issue instant '2020-07-08T14:15:19.050Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:15:19,158 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:15:19,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:15:19,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:15:19,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:15:19,159 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:15:19,159 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:15:19,159 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:15:19,159 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:15:19,159 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:15:19,159 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:15:19,159 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:15:19,159 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:15:19,159 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:15:19,159 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:15:19,159 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:15:19,159 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:15:19,159 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:15:19,160 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:15:19,160 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:15:19,160 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:15:19,160 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:15:19,160 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:15:19,160 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:15:19,160 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-07-08 14:15:19,160 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:15:19,160 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:15:19,160 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:15:19,161 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:15:19,161 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:15:19.161Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:15:19,162 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:15:19,162 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:15:19,162 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:15:19,162 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:15:19,162 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:15:19,162 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:15:19,162 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:15:19,162 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:15:19,162 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:15:19,162 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:15:19,162 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:15:19,162 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:15:43,878 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: KYSLntWIb_T0fItdwPfqw3jbp01oGssif3lUhQPbN-QpCLFLqfaGsauZ
2020-07-08 14:15:43,878 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:15:43,878 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:15:43,879 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-b50b698fa6fabe18bc877e46ea264a81526a36a0"
    IssueInstant="2020-07-08T14:15:43.767Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:15:43,884 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:15:43,884 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:15:43,884 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:15:43,884 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:15:43,884 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:15:43,884 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:15:43,884 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:15:43,884 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:15:43,884 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:15:43,885 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:15:43,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:15:43,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:15:43,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:15:43,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:15:43,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-b50b698fa6fabe18bc877e46ea264a81526a36a0', issue instant '2020-07-08T14:15:43.767Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:15:43,885 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:15:43,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:15:43,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:15:43,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:15:43,886 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:15:43,886 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:15:43,886 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:15:43,886 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:15:43,886 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:15:43,886 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:15:43,886 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:15:43,886 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:15:43,886 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:15:43,886 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:15:43,886 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:15:43,886 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:15:43,886 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:15:43,887 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:15:43,887 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:15:43,887 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:15:43,887 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:15:43,887 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:15:43,887 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:15:43,887 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:15:43,887 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:15:43,887 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:15:43,887 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:15:43,892 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:15:43,892 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:15:43.892Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:15:43,892 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:15:43,893 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:15:43,893 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:15:43,893 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:15:43,893 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:15:43,893 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:15:43,893 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:15:43,893 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:15:43,893 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:15:43,893 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:15:43,893 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:15:43,893 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:16:14,369 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: EH3-cxRAPlNhH-_0cgipBbaZ3cVy25xsgHDqdR0P90R0MYIChBEPcPXg
2020-07-08 14:16:14,369 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:16:14,369 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:16:14,369 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-bc3ea5a55b07647529454bbae5fb5fc8e7bf7c90"
    IssueInstant="2020-07-08T14:16:13.778Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:16:14,374 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:16:14,374 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:16:14,374 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:16:14,374 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:16:14,374 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:16:14,374 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:16:14,374 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:16:14,374 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:16:14,374 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:16:14,375 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:16:14,375 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:16:14,375 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:16:14,375 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:16:14,375 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:16:14,376 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-bc3ea5a55b07647529454bbae5fb5fc8e7bf7c90', issue instant '2020-07-08T14:16:13.778Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:16:14,376 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:16:14,376 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:16:14,376 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:16:14,376 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:16:14,376 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:16:14,376 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:16:14,376 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:16:14,377 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:16:14,377 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:16:14,377 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:16:14,377 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:16:14,377 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:16:14,377 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:16:14,377 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:16:14,377 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:16:14,377 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:16:14,377 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:16:14,377 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:16:14,377 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:16:14,377 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:16:14,377 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:16:14,377 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:16:14,377 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:16:14,378 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:16:14,378 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:16:14,378 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:16:14,378 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:16:14,381 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:16:14,381 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:16:14.381Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:16:14,382 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:16:14,382 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:16:14,382 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:16:14,382 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:16:14,382 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:16:14,382 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:16:14,382 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:16:14,382 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:16:14,382 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:16:14,382 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:16:14,382 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:16:14,382 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:16:44,173 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: DVdaBPCPLAW_bTC_xDn4v5JWJgU2ho0PDcQvQgILYTh8h4MtAFfajuHj
2020-07-08 14:16:44,173 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:16:44,174 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:16:44,174 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-45669231bb4071da722be37a4c49ecd36337ec27"
    IssueInstant="2020-07-08T14:16:43.767Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:16:44,179 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8081/saml/metadata' from origin source
2020-07-08 14:16:44,179 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:16:44,179 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:16:44,179 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:16:44,179 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:16:44,179 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:16:44,179 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:16:44,179 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:16:44,179 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:16:44,180 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:16:44,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:16:44,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:16:44,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:16:44,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:16:44,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-45669231bb4071da722be37a4c49ecd36337ec27', issue instant '2020-07-08T14:16:43.767Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:16:44,180 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:16:44,181 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:16:44,181 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:16:44,181 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:16:44,181 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:16:44,181 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:16:44,181 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:16:44,182 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:16:44,182 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:16:44,182 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:16:44,182 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:16:44,182 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:16:44,182 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:16:44,182 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:16:44,182 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:16:44,182 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:16:44,182 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:16:44,183 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:16:44,183 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:16:44,183 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:16:44,183 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:16:44,183 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:16:44,183 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:16:44,183 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:16:44,183 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:16:44,183 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:16:44,183 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:16:44,186 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:16:44,187 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:16:44.187Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:16:44,187 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:16:44,191 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:16:44,191 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:16:44,191 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:16:44,191 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:16:44,191 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:16:44,191 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:16:44,191 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:16:44,191 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:16:44,191 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:16:44,191 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:16:44,191 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:16:45,627 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: QufgeXo7miczXFxiEGt0zZimKkyCkm8Y9X1nUlma_m60M0N-0QL6Zsy5
2020-07-08 14:16:45,627 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:16:45,627 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:16:45,627 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8081/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-cb798b2e714751d94c5d641850820309858993a1"
    IssueInstant="2020-07-08T14:16:45.26Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8081/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-07-08 14:16:45,628 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:16:45,628 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:16:45,628 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:16:45,628 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:16:45,628 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:16:45,628 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:16:45,628 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:16:45,628 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8081/saml/metadata
2020-07-08 14:16:45,629 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:16:45,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:16:45,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:16:45,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:16:45,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:16:45,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-cb798b2e714751d94c5d641850820309858993a1', issue instant '2020-07-08T14:16:45.260Z', entityID 'http://localhost:8081/saml/metadata'
2020-07-08 14:16:45,629 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8081/saml/metadata' does not require AuthnRequests to be signed
2020-07-08 14:16:45,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:16:45,630 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:16:45,630 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:16:45,630 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:16:45,630 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:16:45,630 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:16:45,630 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:16:45,630 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:16:45,630 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:16:45,630 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:16:45,630 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8081/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:16:45,630 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:16:45,630 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:16:45,630 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:16:45,630 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:16:45,630 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:16:45,631 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:16:45,631 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:16:45,631 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:16:45,631 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:16:45,631 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:16:45,631 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8081/saml/metadata
2020-07-08 14:16:45,631 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-07-08 14:16:45,631 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-07-08 14:16:45,631 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-07-08 14:16:45,631 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:16:45,632 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:16:45,633 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:16:45.633Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:16:45,633 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:16:45,633 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:16:45,633 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:16:45,633 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 45583135db78c1f02fb0f8a330c52fe6f2ade499faef7177e193881e45d5dbe6
2020-07-08 14:16:45,633 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:16:45,633 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:16:45,633 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:16:45,633 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:16:45,633 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:16:45,633 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:16:45,633 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:16:45,634 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:16:45,837 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'localhost'
2020-07-08 14:16:45,837 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-07-08 14:16:45,837 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-07-08 14:16:53,470 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-07-08 14:16:53,470 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-07-08 14:16:53,470 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1043279133::identifier=rick, context=org.apache.velocity.VelocityContext@2d8c7e5]
2020-07-08 14:16:53,481 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1043279133::identifier=rick, context=org.apache.velocity.VelocityContext@2d8c7e5]
2020-07-08 14:16:53,483 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-07-08 14:16:53,483 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-07-08 14:16:53,483 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-07-08 14:16:53,484 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-07-08 14:16:53,484 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-07-08 14:16:53,484 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-07-08 14:16:53,484 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-07-08 14:16:53,484 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d930475dab0fec1f148058c02f83698f00bd4a7968ff770e16d839e45c6ffd17 for principal rick
2020-07-08 14:16:53,484 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d930475dab0fec1f148058c02f83698f00bd4a7968ff770e16d839e45c6ffd17
2020-07-08 14:16:53,485 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-07-08 14:16:53,487 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-07-08 14:16:53,487 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-07-08 14:16:53,487 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-07-08 14:16:53,487 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-07-08 14:16:53,487 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-07-08 14:16:53,487 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-07-08 14:16:53,487 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-07-08 14:16:53,487 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-07-08 14:16:53,487 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-07-08 14:16:53,488 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:16:53,488 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-07-08 14:16:53,488 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3071637'
2020-07-08 14:16:53,488 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-07-08 14:16:53,488 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://localhost:8081/saml/metadata'
2020-07-08 14:16:53,488 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@5fedc9df' with context 'intercept/attribute-release' and key 'rick:http://localhost:8081/saml/metadata'
2020-07-08 14:16:53,489 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:http://localhost:8081/saml/metadata' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1622998236735' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-07-08 14:16:53,489 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-07-08 14:16:53,489 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-07-08 14:16:53,489 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-07-08 14:16:53,489 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-07-08 14:16:53,489 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-07-08 14:16:53,489 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3071637'
2020-07-08 14:16:53,489 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:16:53,490 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-07-08 14:16:53,491 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-07-08 14:16:53,492 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-07-08 14:16:53,492 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _08db18c7cf3ac57773a3b79aaea859fc
2020-07-08 14:16:53,492 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _08db18c7cf3ac57773a3b79aaea859fc to Response _407d075413b8bd0edc2b238eec79477d
2020-07-08 14:16:53,492 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _08db18c7cf3ac57773a3b79aaea859fc
2020-07-08 14:16:53,493 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-07-08 14:16:53,493 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-07-08 14:16:53,493 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-07-08 14:16:53,493 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-07-08 14:16:53,493 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-07-08 14:16:53,493 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-07-08 14:16:53,493 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-07-08 14:16:53,493 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-07-08 14:16:53,493 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxvJzFX1yxvCwVIhD0rByRLFOSLnqoj1s6OnzTx61v0bzRNRfeToGxITj7s9rsJE74CJSRpb9E60TDB9QtpsKaTB2koAS1hsWk7xcRHg/zK+1/M4848LlY40ojI9YAzNGgOOqLIKPg with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-cb798b2e714751d94c5d641850820309858993a1
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://localhost:8081/saml/acs
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _08db18c7cf3ac57773a3b79aaea859fc
2020-07-08 14:16:53,496 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _08db18c7cf3ac57773a3b79aaea859fc did not already contain Conditions, one was added
2020-07-08 14:16:53,497 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-07-08 14:16:53,497 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-07-08T14:21:53.490Z, to Assertion _08db18c7cf3ac57773a3b79aaea859fc
2020-07-08 14:16:53,497 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _08db18c7cf3ac57773a3b79aaea859fc already contained Conditions, nothing was done
2020-07-08 14:16:53,497 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-07-08 14:16:53,497 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _08db18c7cf3ac57773a3b79aaea859fc already contained Conditions, nothing was done
2020-07-08 14:16:53,497 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-07-08 14:16:53,497 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://localhost:8081/saml/metadata as an Audience of the AudienceRestriction
2020-07-08 14:16:53,497 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _08db18c7cf3ac57773a3b79aaea859fc
2020-07-08 14:16:53,498 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://localhost:8081/saml/metadata to existing session d930475dab0fec1f148058c02f83698f00bd4a7968ff770e16d839e45c6ffd17
2020-07-08 14:16:53,498 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://localhost:8081/saml/metadata in session d930475dab0fec1f148058c02f83698f00bd4a7968ff770e16d839e45c6ffd17
2020-07-08 14:16:53,498 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-07-08 14:16:53,499 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://localhost:8081/saml/metadata and key AAdzZWNyZXQxvJzFX1yxvCwVIhD0rByRLFOSLnqoj1s6OnzTx61v0bzRNRfeToGxITj7s9rsJE74CJSRpb9E60TDB9QtpsKaTB2koAS1hsWk7xcRHg/zK+1/M4848LlY40ojI9YAzNGgOOqLIKPg
2020-07-08 14:16:53,499 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-07-08 14:16:53,499 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-07-08 14:16:53,501 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_08db18c7cf3ac57773a3b79aaea859fc"
2020-07-08 14:16:53,501 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _08db18c7cf3ac57773a3b79aaea859fc and Element was [saml2:Assertion: null]
2020-07-08 14:16:53,501 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_08db18c7cf3ac57773a3b79aaea859fc"
2020-07-08 14:16:53,501 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _08db18c7cf3ac57773a3b79aaea859fc and Element was [saml2:Assertion: null]
2020-07-08 14:16:53,505 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_407d075413b8bd0edc2b238eec79477d"
    InResponseTo="id-cb798b2e714751d94c5d641850820309858993a1"
    IssueInstant="2020-07-08T14:16:53.490Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_08db18c7cf3ac57773a3b79aaea859fc"
        IssueInstant="2020-07-08T14:16:53.490Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_08db18c7cf3ac57773a3b79aaea859fc">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>QNPChvTl7O74C0iLO3Ar+OMG+uDD/qAZT0xGRGkuScM=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>IZE9F7H7y5mQeXMUBEPuB/lK+p2mw61I6u1IyvWv/CIxfzZHkt28AoRyMFz6kk6vuZ1tYbD5w1yYdmTeAvcTdV6prSRwZJG8OSrAR6pz4Wqd60Xp3b/lJVKa8UP+FBt+798ruyjTTA5X6ELzSUYRdglAPsEEj/1lfbImBe2B62bki2+R+NeDX1wjzREjJu69PqDgYJF/y31y8pJmgO9bSlYZFdOxaOixftDkHzQXKH9Egfb3MAHUTgiIKsGf6NWNjLQfQoRadVEL0G3EJGykrJlcy8xSzM+zpeh8FoSbuKkvWyVNdcScgKM5tTr1679gsSYUCbCWW/YXsDHtchU4sQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://localhost:8081/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxvJzFX1yxvCwVIhD0rByRLFOSLnqoj1s6OnzTx61v0bzRNRfeToGxITj7s9rsJE74CJSRpb9E60TDB9QtpsKaTB2koAS1hsWk7xcRHg/zK+1/M4848LlY40ojI9YAzNGgOOqLIKPg</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="id-cb798b2e714751d94c5d641850820309858993a1"
                    NotOnOrAfter="2020-07-08T14:21:53.496Z" Recipient="http://localhost:8081/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-07-08T14:16:53.490Z" NotOnOrAfter="2020-07-08T14:21:53.490Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://localhost:8081/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-07-08T14:16:53.483Z" SessionIndex="_4a8c23d0857e9412b44e3c19f9ce90a7">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-07-08 14:16:53,507 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://localhost:8081/saml/acs
2020-07-08 14:16:53,507 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://localhost:8081/saml/acs
2020-07-08 14:16:53,507 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_407d075413b8bd0edc2b238eec79477d"
2020-07-08 14:16:53,507 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _407d075413b8bd0edc2b238eec79477d and Element was [saml2p:Response: null]
2020-07-08 14:16:53,507 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_407d075413b8bd0edc2b238eec79477d"
2020-07-08 14:16:53,507 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _407d075413b8bd0edc2b238eec79477d and Element was [saml2p:Response: null]
2020-07-08 14:16:53,510 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-07-08 14:16:53,510 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://localhost:8081/saml/acs' with encoded value 'http&#x3a;&#x2f;&#x2f;localhost&#x3a;8081&#x2f;saml&#x2f;acs'
2020-07-08 14:16:53,510 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-07-08 14:16:53,511 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'QufgeXo7miczXFxiEGt0zZimKkyCkm8Y9X1nUlma_m60M0N-0QL6Zsy5', encoded as 'QufgeXo7miczXFxiEGt0zZimKkyCkm8Y9X1nUlma_m60M0N-0QL6Zsy5'
2020-07-08 14:16:53,513 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="http://localhost:8081/saml/acs"
    ID="_407d075413b8bd0edc2b238eec79477d"
    InResponseTo="id-cb798b2e714751d94c5d641850820309858993a1"
    IssueInstant="2020-07-08T14:16:53.490Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_407d075413b8bd0edc2b238eec79477d">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>XKKYIRKbzSFfuWS1BG9K8Q+g2N1Xlix/kquSx8v/VG4=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>rLW4rfldl5SCnypuwbP661AkRc6JEnqAC+H34e8uxne5UQVTCoSq3H474E9IoLpnLnYuyBTXUcdsjSSMVr0UfNOxwDtt/VSktBCFCD6ONr/0bk1Nb/DJ8xsEFduQhLESAA+WubWaDKfPkjDVRWkytBDr9QLY8wEnNsa3n+yvANwVhDAapVX78rZ5lp6onRBUWBYbq84WtQeV+J4ErHuEy7LP0fM5U4j+9qe5Di5GS4punUHiTuGg8PfJTCmHHcwSMvYYX78moJKJEJnejDhhuoyxwtcPy96Iont9XTROSOVNhc6Swvu9xzdbYYZcEqRB2X1qPV220fwjrTkG7YVyOQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_81e60fad147062df5bd072fc8054cb8b"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_f73cc6e702953c7199dcf8609d09eb0d"
                    Recipient="http://localhost:8081/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICqDCCAZACCQCSZJ1W2jXtaTANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtzaW50ZWxhLmNv
bTAeFw0yMDA2MTQxNDM1NTRaFw0yMTA2MTQxNDM1NTRaMBYxFDASBgNVBAMMC3NpbnRlbGEuY29t
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2nLfrdPZd1d1jvtY4sG5fu85wPaGVpf
K2j+Vo8mLQySn4SPYoEOv9rlJVrBSxx3NnepJZd3IsDCW6A6+yDiOvc3zYAgRyx1GfzBKo/c8MKe
r+iiF+shdsW6jpY/wy9TnNCU3B4C6SBn5DOA38hEb2IQGF1rH6dg0bOqgXjHN+Xpin0OGz4VhTTU
pLvr/9xLQnF/TdfvqT/DcddSdwIYts1g+pW2DKSZ/CI7wyN23K3aZscpbB/e5KjCpzpK0nmLxePX
QhSJpyK7wYEoOnIf/ipbQmzS5EzODmlaPuLlcTHaZTf3CeJl+/jiXiNNPv1R8Bmq0nVrL8V7SZEA
7pUocwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCPO2crY0ySkFHHtPepdUQ/8ZTVfk0qS8ungOYG
ocgb0SlDnYiVI6HYhl31uyyv4UBEk43yj4JQ3XMiVt119ixxAfGyez/Val9awGKJLGSx2UTGXZ29
Z5o1Iwb/xpJ0e7axoeVT1lHvLx5xJlNp1ex5hcQrxjHrJ6Mamy/ytxUV57iwY2HYfUf8OoKQAB76
UKe+GAoEqtBFEq0DgvRWXAEhxnfSU91/AX0kmpAEfxxU3hR5iYRlsQhkRO+ttJ9DFMBzh0yVixyR
zqdv0NuwcGCdwTcAL/s3AmLcqeA6AWq8S7aNu9mPgrwkVA9nL+WhtxaxAVLGlf5eGkWVOkmwWVet</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>EgeWu2Dcg3KSi6Uv5VbPZxUQn7SSTOZIrivynlnxIyWD9H1uJLkXAlvWHqO2cD1/tsYCQ3z/FuIu7TdidmL3kuQ6AIXB0ervX8g1Pc7VJKm7zdkZutrj83g2euXMqRp2M2bwjyfK+tyvNycwz5hlOmLfO1NgYommWW4RVWEPzReBS/fvCjQBOZBBcTZMCyyGOrTR+qODmsx/ruesW5O+sI7/UJCH97//+Xf8LBeWXYKFMVMa9D/vMY76NE2QUtLkgyosiTSc8xE5AA7gYF5qUl8Xj8EmrOEyisA8TyY75gRpHulakGfTUeGcnwKs3QMnGPUYMjpTvTU0OB6JOy282g==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>RBK816Zo4BwtpXJOGEMMlBFAfWv/p88pvd18XANV962kjKH2YADjmTGYrXVKwSXROeNqwn39iowd0gvScewZ1brGMf7sIKM3bktE3cF3O4AeBq60uRSpnQS4qcP/xerTTQ2W8ZJVrGaZ8AzhQzGo2kbBXdNZeJguffkdrUhVTiu0iFwuFu7ORdKmtMxD+VpfCzYTpjW7wC9VdaMlvaMU/EWeElyYVIL3E5KimjUfOIYTTyQVri3yxO099E+IEVOculRyTZunnDGwU0Xz4SogycgRx0DiV+qbBBlVyDGQ3sstJ1r6+n3unkqIcgWLvHZSqah15CREvzF1ZqCK9Zd3uahWqUkOh06WwF8+IzjpJyj7cEzwqAVJmc1R/cDX9EcVAgnFGnYeO0M7X5FTd/HBI5C0hxZ2t+b1DFBcveec7huRtw/dUf2E96g0jY2tO8vVYq6hRxxoHnJoHVru0cSts07xDzfYYGZAbjmxpE36mwJFPwDVB6psSn53xPaDXcgLBboKZ2Kyru1RDRcZU5dGyiiOYdhBY37JEL4Cd40CJXhrRCHCI97t0hG8/epDMBEuTzxncuYv8IMSwE1Rv/Lh0MCKn+4LpbUpo85aNljB/Tu8WugKvX5gS7s/BCWChltrLDHAfkl6JJJp8YHm8su2wFnMN7H7J6D5H/hkrQVl0zOYsUu2PJetLNewtlQNHpRLribDHa3AJotfzaYR5Vy81kOUWRMxbNR0oyeyLlkiqii//o1HaCKJZzCk3KZzVrf0S1oK34F5LJXIgZwub8SPzvYHNQURwDsuwBbZYDsa+mdnI0yVApnqLIc+C0pQR2/6C8K8nKPLoD04VmzwseLd/gPgnn0bwN6rocqWjryGJwZxe4W57otO/9zzIAQ1PRB19KOSgiOlBxl+Pg4O51fx3cCE9i5940+3Slh+3J4/w4dU50yObgSOk8j1HPI5F4E0kqxPbvYC5hryrBhUqsJQ8fYwR4jcHAOGinT5dffjU/8C1BgNzwFTeSEZ5RTfS/OZUvXdbFgyoIUCMylQSo6nu81eF84KATwXiaG4d3dfhW4kb+5NUKi2tp3CXTMWKJpVYouC0/mHEF2GjyaKjhjfO9Z3GvRzL5lCI0uX0D7XbVSRoKf3ebfUXM4PZalY2PhK16ZC1HskNFQWpbnytHeUaEwD07aOTtdCiMbW++Abib9rIaukCwB5wuApxdIRGmXDrcel48zW5GgsB93BmZPqy9fwmcxTK0YxchMfAkYftpeuTeHONr6tIrC2UYSTxARt8PfyNLDnIIWR4QSqTE7h/031vReZREbAQ5hC1e5NWiRrApJ/xZ2m8fL5iMQXkwQfkjEhycZKKGNaona3nyrPyZgdpWSoXL/pk+06TvDCrW1V8Ud8YBp5s7LsMUW6+Z9aCZei4qPU0OtKDxrcJrdseedGk751E+5bHU5e8YsSn1xVWq6GnpYJGQA6ALUUhVMR1+jH9v1dtOJw2zy9XkTzHx0uRkPznkHyNBFqRCI/zdnsEtfmhgHtRwepmNL/M/D7wp547nEYlNL8wfFWqQ0sv9UhRS/5GBarCsQkPMWXKj346g3alMEl6DHdBmTeStgSokcdcchDEt77bnmf6MwlNg5VNXutfTHdNffUfFnh8T5N8dHH9Jgm1dWpTIDDa2sNT7FaKOgjKyQ0lHfxQ75S9j4xkP9sCOhipEznrswD4y0CGImd7sEGtJmaNJbJXFONuB6yd3ETYD4NrJJSq7t62Z64/ha+/EbkQzKsvEQMOw4NKPpCd0Wjk4/grkT1IpgdJqcmIMro53kFncGcqCZ6VARLeiLFu3niKOjWe/oQUh+SZqahdeLJpaRw2ADB+71xMeraT2cM3gIKnf3khZlC/A157tVRubepNeSGL9boYlW0fYvW005rLd4BUOo9ixYTrE0gkW2NpekJw/s90zWUJ+VbwWw0/qNdv+iy9545J+u790jXd15l61yc8Ce4js6la8ZggztRffE5DFk71WuCB9157HsaKnKGEsjvqxP5FU+WOG1L643KzwjKWi3Ra2b5Bu9rPCXmiV8z150NsI2/lwNLiJ+DJeW7w8eyltjuFqtvfq2eLJD2vPT99r+3qiALrBrn2xiebZ+37Ou4wTvLbxCiadJaDygUww/friCIhHy6N53YzZnrL/l5k5uTaB5If/G+HCgrkAXGcCB2RUY5Jzl3UCAimAkj0w0ZIbY2lG/y542ltQV8pDPvpbUL7Dx2oDW0TLJcCVGA0hLfkot0GFa40M7gMKTG/4vAA7CZ62y0LbDpk3aG/Gukue/y5Dihy9S5wIOoa5fy5m0D8lc+QIzZUT2FZpPcyJIZ/BN2WMmWr/2l78DujJQvQdTktnjEh7LpT/Hk0C3lwDzy2XSxbOY18vWkqsKnGXIBYlpbkFt6ycoUTWsTgpBSl7oUtxJbOn3SAjFFQuqPtN/OG0Pxtwon5MzfTaXHw0fzesHiZxUmHbjLcekKbqiRV6hAAbC6wKjII/y72VJTTbitEuf+r5acC0KozPled7CXjEtZwB1RQuauMEBS4q0xA/0MPrighUNxlzblWmBJ23CRkB9BCXLPqmOgT6A2bYGZAGdwbN0hLI/UMXzEDAQIpsNMDkfTOC6/RLsLI8DJ5A2hRb6FUugeiMAps5rxf4OZW4eo7C0YOahLkF9gCdpxDOb8XtHZ9/LQOsLcPZhuuck0KI1a4hQmuxSHvDbAZhQPqyCyCQsPqGfRnEmXJCh1HeLCMeplYWw3t0mXnQviGj7raPWiq62L3S15gbEJ5FooT0BdiRvrfBO0k24C/R4mZ2czuB5XuVx3naE1PcgngZqGEmkZ+al5+Pk18jfSWT51FTlokMtAViZEgfCiTZgUAtH606LHIi7D67KKyd8I86ChIsbcGhrROXb+oYHOmMbTFRaTaWZinm0Gfhj71l/s/c7vtG5pmZY5xaiMiRfxQT12iJSnc1RZkF6zLwxixk4Ij78li22UM9LmuraLUYm+gwBjM3ySyd+aqypdLpH2NJWtVMpQP+fTqlb4P9X/bn5F8BrQtTzH0qWjUntPlL0/CJOxD3C3+ZUTzlyuAjw52+bzSKm0sX0Dknw/Q2789wUL+lOe3G1Kuep4k0Iz8h8YpIWz7Nn6PrJgRU88AmvF6x7coNEfpsqsoo7fYuI2s4LOkPEFR5U3/If2/jd11TZJy6j7YvInWjiX1vXrgrKwOQGlc9yYhso+NYSLviUf0iWBpXFVpSVAkXWVG0Jve15JmBvqK1ZxQMvaTljjVPeTlJ+XrakkncFc1X8rIjP68a+iHdIgRxx3nROZXgX6dTeXV+EHxXy4CGVoiHmnnczDLc5gH4qJyV6UY0fs7Bs4V6ZrJSS2u5bFdqP8zzdieeWjlGY99/aDOEKS3wlXv8TAbQ0UhAlliMdQLe44MjJJamdT6kTfpU06C2eJTNHULWynKfzd2pv24eyp+hSXzknH0afWPeJlxwZYe3kZvxUt/b6SjCVNe2B7kSuxn61rwtxCGJhnKRmyJcXuFk0HPH2SQ6Gaiwj3Yao6IrZxn9HK8rDt4RgqDUfL4qEaYA5JRLnp8pLHq+vW2Gxry6mp0xgxnLJEE0a/ZARZ9hCOmOU5Nk7pXJ91aiQ2ivdi5zsDVHQKwA8qRLPKGZ/jWgJMcYtVlaj+mRZkPvFu/Y2rTcgQxsL90+geWpdxw1WP2WonQEBcLTwi2DNOTnixXUmlAGercsqHkD+EYwtEqW+Oll+KGKk7tzLPv8Tj1DNvL0+gBIsdq3998Bef0W0Fp85b3eaOJSxdgkzog+uNKHsWgUodgsNKdPMoJJgwcrkdRgcXMhsg48ExxgYICwbf+MqFNn4T6W2GlobgzqdkL6q2ernUrMfTAZ8NaPXPQpFuVKDDMWEu01Hyvvt0c9ezVEZIS49kHVqPnA1C4hXpxtJBiLI5WT+4ijHwYDJP1wMpC+gR7KTngQ8a9AcoCk+qyLbOYM+yXCWaJYUyezL1Ghw25FMDA1ite0osvn5BP3dBFTUD2rzWKOteElfNUo5Y+VofESFcRiq1LALE/K4wF6IIBXGGp2kquDAApJYwUlSx2jZZZt1UxObM39a4mRAQhxlxSpu/7eid4BQDuWAQUmlSPVkbPsn5C7BrHioy85t7Czb0B0vfYhK11Wk/+bbNp3guMOuA6YgaZK8R0mKLl+uH8g8xY+x+RW98vyu3YqXyYToDkJltA5T6EbX1gHVvijMSrj38OKhVCADw+jNZwep+1PGGB3azHTSuAnm6uqTOVB8zsg5gwyMBCg8/m60dCWIkTAa2DBzBNnqWiYAAAp+noWIY/4IWXeaULGFnR0AT44DhmDb2lSoBOSWUuqEknxQnAgcRZuX7kkJvZWtFDOX+tDgQ8rV5yvNtvXPUTijVoEbIAaCCrXzqTZshvw30JCNSpe/kmNGyR2tUntypxPU7KytOmwtMWdxVaV4FGkAoWkqUUJyIBCbNtC072Bz6g6sfbXuPHusVwasAmEHG4EGN4CIlh/mO5eIl4S+mBe4uoymz4s8UFLTS2EiuaMLvCDFy3glWSzeSgC6SsdrR01c2zX7P8DRkbKirxZ6uYu/YTT5ulIW8y3fubDw5k7D1VY7b8vJPxPI31RA9HgHxzP2N7Q6WSJaoDf3jbBlUsnMlpdoYTbY5P0toxT663N0m2mgSfG1d79ybmnm2zD6w5+jTWI2H0OFllA5TvAt6PPx0aSpyH1MzFXl6qvAk/XkG/cPs6V+esnJ5R+JFG8tRhpnran6gkx7TieDhv8OD1I4uH3gQCBh4V2Q4dT956Y+xVC8wbTNQpn+NeLNj3AG4moFIyD0iMVUkCaToq04oEGjPahv3mqwqBEsgr1tyD+1LijaLq6f1rQHrTvDasimtGOj5xUXhmiNh8FJvpm3zFY1CewHsff7Z1HRlsT0SVWHCWBB6efropBY61J5XfKlt+5uyqGWMtHRL8j80CIroCkxp1LLoigiW8jrR5/ImtvAIu85e6gbz0C8tV2iX18sqOm23bGRJSuPMC44iatq+tPkietyeVnAAOhtEey+NBPNH5Aj53PNNf7Njkx8QrdiwgDBuNeTLI845iNlFJhUPplQBBw/4LsypSNf8AL2mflvDqz/0mDgiO0jDSqGyCinS0Q8MFbFwoEayn6XMjUeYXQGXZ7Rcy+7IRcVC8zAiraCb52osHCVzoapRPi9L4nUTt7JnVCmOrHTaoxW7YO2eNtPcG2IDBFEXVUBGMQccmr15Wgq/DmH2yJKR5qTudLoNFbPeuR5uGbAXYyoloI837FUQr1cIwhXYjbv9s+9uHz6Qdy/PSqB0jELA/Xu4x5Uv7tX84svuJ9lJ4+wxyGGhPjzhuRuoUgcdKYYlcjXgx6bv6+cLD4mKPlMMf0kGDo+jxgyxUloH9fmGVTlygZbLeyoUcMcLwDEPQOBLsPcBEXj5JUjiGIDVFnAcZ83BBlkEYslykRdvA0DvVCNHOgoM+bCTgSMIazyExaHg29Bd1eydvTGWcc8/c4gdNRegbb/QcOViKcJFGGDsY5TrTNDwzZtwwdz/G3A7UJu1HZ4/k3jvnnMtN/xakRz7IWYKtTheQawiA0vabgarVpdAlWVDZBn2PRNCDm0vI/xS0dyNCiVEO2wIcXae2N2Zey1F2dVULfuFI4To7LfnrJeP34xhOTWxDiN3UAio3hdm0bNGxaHfF5DYIDL2CoVxvl8WEzFKNj+3v4U+5bdCikZndAIn2ShDsqkVKZ4SOxMhpGB2z+ENSWMsvrqlZIH5THi/09YNNN88A0JqZGDCJbVIld6sIZSYvRmlRfDs7dVsVml0wKpmVsbxkOmJnQLMtUrxku88Vj0DUpTQijl7VtevSbAezXRENf8xiF/9iGaiQa9sLGRvoB2JFe/qsIENZhNEaZY4xphN8/8bjWGkBO5rqnNYvIT2uz88xhg8iYNbWFn89fGRTjoyCc8cxZynJmwCoaH5u1oY1TNHMOnkfFfWT1e/joU7PDFbSNW67p7XFEdtAI17B0CaW3ZIl9VucFOsLm0CRnF4g920k80/TEoU5ndfWCWAWUo92CWMR9WvE8WRNaA0OTxY6M30Gc4wx1Vi2RtiYzOTzSDeFu3/D5/mkTGbuvDV+5/fbOhjmMUMDPsmW2Nyzc1U8MTGKstxb27HQFHzrUhsp8ZXH4JPQBWebd2EAD2DcueqxMrSplpFaJDigTAjTeGElqPzbeBdAowbkIFeicbBwkbLqkD8aJqKHFMOj2Ru3hVfIVoi8wdfNaE/g5T7E11vj6DxNGlFX0pNr5dkN3yaH5o3WtWLB6I4cyLzuSzWFTEc0MO3wbJ25S/W6g9GcPXDfnsKQEN8ZmRuYbT1prGeoa2DQpzYjNOS4iGpAI32xECk2xrRzJ1jGQFvc4pjEySQ1aL5VJFg0jAjXRyYGh0MEBFgAM9FgOCa1iKOOnLfhbRShC1prNo4dUaBhBX2UfI/7EpXzC0eAT/I42wZ//UZBgmB+6V/qwhylCldZxqMthJRB20qDsGR1Ajm+5gtfdi2CCv8V21ZHOCgERNtalnh3SLIFE0IABcHuadO/cuRBS/MhoG2vflO+TS24ixwCbTcjDy4ZcBip6dZYsO/7vGC3SERbmb5mH/opgGQ8KJGyLE+Xw+RC98T5vpiGdMMNMD+PBMg6wfUdlRqD0iBYUCxjQT725RvzKMBGC4Imlj+Ho0W5KokW4s/2KRQjvqxL+5VEZ+4BBPKIQPxvrshjLjFkIrAlTL7KkAr2J0GkvrXeUp3YypJfsi+sACwPUYQVrAXbrnsGAw84slL9lxC2qeQkOgBpQ3cLyYaK3HpJoks3QrDlOn1a3wk/MFU1fpZro5UkkgEEEWqYQ/yf0x3L7UGbsFJ6liGFiHGl1fczYD9or2F5czFyaUCB07rQkHf0tZifXXfBmAShR0v87Y3Yc2tA2oqMCoXRF2Cbq1xTWbPBbKCCm9bdkpXHC0P3sRX5UiF+0/gP68td2VNuS+RYh+bmRuJjkWrTZcSpbPi7neceij/pzBFc78bGG7YQBT65Ol9gvITLsKOAnQj5DOYW24OyAS2yrH8I8nS0snkeUIM8z/GQjAKtFzOGzBnaaFfXmcy0iurtCdTtQyvA2ENvf0dH0Zq+Ixo42A5R267e5OdMq9iV6EqXCRauRUXFvxLCzqKiy7uMg3zFhm5rAKaStKOBMc/x/kmq0kKcwQ8Q+c4q3qXByOy6QoBuZmYvgMJGholCXgFZvRmYrADuszRmMVMz5M6mLW5d06P4ERpnGRp2bisCnOJacL8Tpf8BflbeV+TWrVU2li6OhG0PmKCxEHYeYt9K8fUVj6XFI6IGGOHhET738MpkjEJsBw+6M2Tv4EUj2QjtCO+7BnQmGQ4WB+cTueoOvCIZ2WNebe/DcwaxWXk3VsvWpV4DyWt2XLKf4x6gbMHaz5f0CPlZXqt+HvYdDDTR3Z38nIhT/rilyGxZmY5VKBYF94O+g1zbo5l3iz/SkOuWy6Niul0TvJaDxo7LvtP3DryPfxHGcHNlR7mhXeJi923dqgTMYhvi9hEbL/xYAIjK9M9XzWBB62khXtyILsVSms1SeSC5ac31oNmSCtWHGqyZBDh7r+xwx72tt1ZsgspYts/5iI8pw7T+9bKv+jR41HfYjDJT6BnUxG0qVUNBkBt7AUWiCEVNiEPvZn0hITEy0aepDqZTaSzzxKP3ojF0BHRSnvGnMtOa09YpwuTpkLD/9lvJE2Jh7SJZs1CIe+2AAmemA4e1Gmyxft/5C5La0Zm3Xw8Lbxh+I/XCWQvxviwbZbQ1iWtqF07IqagNPkBhWs8uY3hQ7x7/MTW+zLBgRVaztu+/FggPjQhwNMTHW/yImrDtqxAau63Q7yRyNS8AqHWFBhZbcViKENLadwO9DxMB8dgSGQSj1fYuRHn1CLeWcw/UhKuzSy20La3raph4MRk3+1uRQ==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-07-08 14:16:53,513 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-07-08 14:16:53,514 - INFO [Shibboleth-Audit.SSO:?] - 20200708T141653Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-cb798b2e714751d94c5d641850820309858993a1|http://localhost:8081/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_407d075413b8bd0edc2b238eec79477d|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxvJzFX1yxvCwVIhD0rByRLFOSLnqoj1s6OnzTx61v0bzRNRfeToGxITj7s9rsJE74CJSRpb9E60TDB9QtpsKaTB2koAS1hsWk7xcRHg/zK+1/M4848LlY40ojI9YAzNGgOOqLIKPg|_08db18c7cf3ac57773a3b79aaea859fc|
2020-07-08 14:17:09,501 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:408980a86699c5abee40c1ea26437f8887a70b183466899a9a381e5b4d6cc05b
2020-07-08 14:17:09,501 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:17:09,501 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:17:09,502 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://samltest.id/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_971e6a3b95046a3ccd0151ee32c88986"
    IssueInstant="2020-07-08T14:17:09Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-07-08 14:17:09,510 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://samltest.id/saml/sp' from origin source
2020-07-08 14:17:09,510 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:17:09,510 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:17:09,510 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:17:09,510 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:17:09,510 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:17:09,510 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:17:09,510 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:17:09,510 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://samltest.id/saml/sp
2020-07-08 14:17:09,511 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:17:09,511 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:17:09,511 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:17:09,511 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:17:09,511 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:17:09,511 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_971e6a3b95046a3ccd0151ee32c88986', issue instant '2020-07-08T14:17:09.000Z', entityID 'https://samltest.id/saml/sp'
2020-07-08 14:17:09,512 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://samltest.id/saml/sp' does not require AuthnRequests to be signed
2020-07-08 14:17:09,512 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:17:09,512 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:17:09,512 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:17:09,512 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:17:09,512 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:17:09,513 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:17:09,513 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:17:09,513 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:17:09,513 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:17:09,513 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:17:09,513 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://samltest.id/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:17:09,513 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:17:09,513 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:17:09,513 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:17:09,513 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:17:09,513 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:17:09,513 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-07-08 14:17:09,513 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-07-08 14:17:09,514 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-07-08 14:17:09,514 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:17:09,514 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:17:09,514 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:17:09,514 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:17:09,514 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://samltest.id/saml/sp
2020-07-08 14:17:09,514 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:17:09,514 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2020-07-08 14:17:09,514 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2020-07-08 14:17:09,514 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:17:09,518 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:17:09,518 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:17:09.518Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:17:09,519 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:17:09,519 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:17:09,520 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:17:09,520 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:17:09,520 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:17:09,520 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:17:09,520 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:17:09,520 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:17:09,520 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:17:09,520 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:17:09,705 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'SAMLtest SP'
2020-07-08 14:17:09,706 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning logo from UIInfo, (225 x 90) : https://samltest.id/saml/logo.png
2020-07-08 14:17:09,706 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Acceptable Scheme 'https', returning value 'https://samltest.id/saml/logo.png'
2020-07-08 14:18:44,673 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:a6516657af252e620bc514b85bbfa65249989ade8ed075e293fb98eeac1b1931
2020-07-08 14:18:44,673 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-07-08 14:18:44,673 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-07-08 14:18:44,673 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://ewwebdev01.examworks.com/sso/samltestid/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_3ae42544ec89f6f4a1ad2f1d36126bc2"
    IssueInstant="2020-07-08T14:18:40Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://ewwebdev01.examworks.com/saml</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-07-08 14:18:44,679 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://ewwebdev01.examworks.com/saml' from origin source
2020-07-08 14:18:44,679 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:18:44,679 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:18:44,679 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:18:44,679 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:18:44,679 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:18:44,679 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:18:44,679 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:18:44,679 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://ewwebdev01.examworks.com/saml
2020-07-08 14:18:44,679 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_3ae42544ec89f6f4a1ad2f1d36126bc2', issue instant '2020-07-08T14:18:40.000Z', entityID 'https://ewwebdev01.examworks.com/saml'
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=hZJBU4MwEIX%2FCpN7CVCsNVOYwfZgZ6rtFPTgxQmwSEZIMBuK%2FnuhtGO91PO%2B97683SyQ11XDotaUcg%2BfLaCxvupKIjsOAtJqyRRHgUzyGpCZjMXR44Z5tsMarYzKVEWsCBG0EUoulcS2Bh2DPogMnvebgJTGNMgoha6DNIeD49rwxetO6Q%2B0M1VTREUHnOnpIqdxKdJUVWBKe5gMOI%2FutnFCrNWgkHwg%2FeaerXbvFXlD%2B2cVooKTcQ%2B50JAZGsdbYq1XAXmbcvC9G9%2BHbH5XzAqfuzz3CjefzlxvlmZeL0NsYS3RcGkC4jmeM3FuJ848cX3mzpnvvBJrd2p%2FL2Qu5Pv1VaWjCNlDkuwmY5kX0Hgs0gtIuBhqsCNYX5zgeiw%2F752E%2F2%2B5T1vQC8qIbNhTH7te7VQlsm8rqirVLTVwAwFxCQ1Hy98vEv4A&RelayState=ss%3Amem%3Aa6516657af252e620bc514b85bbfa65249989ade8ed075e293fb98eeac1b1931&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=mkqoCjWbKIySbkfnk8J65Bte%2B7up9uMK8sNrCN9RD7dQ4HGLkTDPgEhx8vM7WXBdCSL7J1qopu7XjET1UeAXeZPE8JTzCOev3vk2mioqFzNUNVllx2KlRsonUkZUAv%2FlQf4Q3shkQwhNa6vLGjq%2BReOsbAT48z6mcC524Us3cxDYbBpC0Cb3yZRSLq0U09bmwIZoMkKRoFC%2BEfAn7wS65ONgp7h1T99JYM3zmPcZPrGN%2Fjakgbmxskep2WQjVvftFre2ycfLO55LkVENJJ%2FshIT%2BFMld4zgeDc5Ujaix79TKRP%2BYSIbN40iyPXF59vHxszjw9KVF9G6AlEEKovqTBys%2B91TtYh3LqJWuLzkqyTGwnoF9HNfrDzDoRlxLUTYRZAGyfNlnBqmz9LuWi9cEk73%2BfhxEIQw47597nkFJgiwM9OESuXCo8FXShEoNAv4IXWBYg5bfQ8SRqML1aIOnSryrsc1wixFYB%2BfS6IzJR%2FZBQZLACXv2CmrHkiV%2Bo9Ru
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=hZJBU4MwEIX%2FCpN7CVCsNVOYwfZgZ6rtFPTgxQmwSEZIMBuK%2FnuhtGO91PO%2B97683SyQ11XDotaUcg%2BfLaCxvupKIjsOAtJqyRRHgUzyGpCZjMXR44Z5tsMarYzKVEWsCBG0EUoulcS2Bh2DPogMnvebgJTGNMgoha6DNIeD49rwxetO6Q%2B0M1VTREUHnOnpIqdxKdJUVWBKe5gMOI%2FutnFCrNWgkHwg%2FeaerXbvFXlD%2B2cVooKTcQ%2B50JAZGsdbYq1XAXmbcvC9G9%2BHbH5XzAqfuzz3CjefzlxvlmZeL0NsYS3RcGkC4jmeM3FuJ848cX3mzpnvvBJrd2p%2FL2Qu5Pv1VaWjCNlDkuwmY5kX0Hgs0gtIuBhqsCNYX5zgeiw%2F752E%2F2%2B5T1vQC8qIbNhTH7te7VQlsm8rqirVLTVwAwFxCQ1Hy98vEv4A&RelayState=ss%3Amem%3Aa6516657af252e620bc514b85bbfa65249989ade8ed075e293fb98eeac1b1931&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: https://ewwebdev01.examworks.com/saml
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://ewwebdev01.examworks.com/saml, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://ewwebdev01.examworks.com/saml' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:18:44,680 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:18:44,681 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2020-07-08 14:18:44,681 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2020-07-08 14:18:44,681 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID https://ewwebdev01.examworks.com/saml
2020-07-08 14:18:44,681 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:18:44,681 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:18:44,681 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:18:44,682 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:18:44,682 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:18:44,682 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:18:44,682 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:18:44,682 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' did not match 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
2020-07-08 14:18:44,682 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:PAOS' not permitted by input criteria
2020-07-08 14:18:44,682 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://ewwebdev01.examworks.com/sso/samltestid/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-07-08 14:18:44,682 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:18:44,682 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:18:44,682 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:18:44,682 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:18:44,682 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:18:44,682 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-07-08 14:18:44,682 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-07-08 14:18:44,682 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-07-08 14:18:44,682 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:18:44,682 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:18:44,682 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:18:44,682 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:18:44,682 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://ewwebdev01.examworks.com/saml
2020-07-08 14:18:44,682 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:18:44,683 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2020-07-08 14:18:44,683 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2020-07-08 14:18:44,683 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:18:44,686 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:18:44,686 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:18:44.686Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:18:44,686 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:18:44,687 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:18:44,687 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:18:44,687 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:18:44,687 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:18:44,687 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-07-08 14:18:44,687 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:18:44,687 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:18:44,687 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:18:44,687 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-07-08 14:18:44,766 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'ewwebdev01.examworks.com'
2020-07-08 14:18:44,766 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-07-08 14:18:44,766 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-07-08 14:18:48,993 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:18:48,993 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_3ymnmrgabz3z6puls99idehheotcvzg4jvup" IsPassive="false"
            IssueInstant="2020-07-08T14:18:47.054Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_3ymnmrgabz3z6puls99idehheotcvzg4jvup">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>gTz0DHKKn1ZEogRkXk3rTFY5gZY=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>QWl3K4eA7jGhjrMXPtNJ97mMNRV0BMNCwkuFzjfi8ALjgzIcHAZGUfu42ETk/JJq+T4Gn6zZJAJTnlXcKVgVVILcsWCRcpGa24vY4it0/Ye81EoU4wARHRXaYwEOYhqfBdkR2LXD3nhcTEcxpy4YIxA4EiZ3IXTv8sI7PBV2Fzs=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2020-07-08 14:18:48,994 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com' from origin source
2020-07-08 14:18:48,994 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:18:48,994 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:18:48,994 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:18:48,994 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:18:48,994 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-07-08 14:18:48,994 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-07-08 14:18:48,994 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-07-08 14:18:48,995 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2020-07-08 14:18:48,995 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-07-08 14:18:48,995 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-07-08 14:18:48,996 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-07-08 14:18:48,996 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-07-08 14:18:48,996 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-07-08 14:18:48,996 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-07-08 14:18:48,996 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_3ymnmrgabz3z6puls99idehheotcvzg4jvup', issue instant '2020-07-08T14:18:47.054Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:18:48,997 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-07-08 14:18:48,997 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-07-08 14:18:48,997 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-07-08 14:18:48,997 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2020-07-08 14:18:48,997 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-07-08 14:18:48,997 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-07-08 14:18:48,997 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3ymnmrgabz3z6puls99idehheotcvzg4jvup"
2020-07-08 14:18:48,997 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3ymnmrgabz3z6puls99idehheotcvzg4jvup and Element was [saml2p:AuthnRequest: null]
2020-07-08 14:18:48,997 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3ymnmrgabz3z6puls99idehheotcvzg4jvup"
2020-07-08 14:18:48,997 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3ymnmrgabz3z6puls99idehheotcvzg4jvup and Element was [saml2p:AuthnRequest: null]
2020-07-08 14:18:48,997 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_3ymnmrgabz3z6puls99idehheotcvzg4jvup"
2020-07-08 14:18:48,997 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-07-08 14:18:48,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-07-08 14:18:48,998 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-07-08 14:18:48,998 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-07-08 14:18:48,998 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2020-07-08 14:18:48,998 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2020-07-08 14:18:48,998 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-07-08 14:18:48,998 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-07-08 14:18:48,998 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-07-08 14:18:48,998 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-07-08 14:18:48,998 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-07-08 14:18:48,998 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-07-08 14:18:48,998 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2020-07-08 14:18:48,998 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2020-07-08 14:18:48,998 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-07-08 14:18:48,998 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-07-08 14:18:48,998 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-07-08 14:18:48,998 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-07-08 14:18:48,999 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:18:48,999 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-07-08 14:18:48,999 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-07-08 14:18:48,999 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-07-08 14:18:48,999 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-07-08 14:18:48,999 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-07-08 14:18:48,999 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2020-07-08 14:18:48,999 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-07-08 14:18:48,999 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:18:48,999 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-07-08 14:18:49,001 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-07-08 14:18:49,002 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-07-08 14:18:49,003 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2020-07-08 14:18:49,003 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2020-07-08 14:18:49,003 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-07-08T14:18:49.003Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-07-08 14:18:49,003 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-07-08 14:18:49,004 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-07-08 14:18:49,004 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-07-08 14:18:49,004 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-07-08 14:18:49,004 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-07-08 14:18:49,004 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2020-07-08 14:18:49,004 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-07-08 14:18:49,004 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-07-08 14:18:49,004 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-07-08 14:18:49,004 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-07-08 14:18:49,004 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2020-07-08 14:18:49,007 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-07-08 14:18:49,007 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@246611701::identifier=rick, context=org.apache.velocity.VelocityContext@39d3a36f]
2020-07-08 14:18:49,017 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@246611701::identifier=rick, context=org.apache.velocity.VelocityContext@39d3a36f]
2020-07-08 14:18:49,030 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-07-08 14:18:49,030 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-07-08 14:18:49,030 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-07-08 14:18:49,030 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-07-08 14:18:49,030 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-07-08 14:18:49,030 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-07-08 14:18:49,031 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-07-08 14:18:49,031 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d50a59ab45876d243eefcc9d937d3f49b2a47f19cedafc5577f4cae275f2b29b for principal rick
2020-07-08 14:18:49,031 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d50a59ab45876d243eefcc9d937d3f49b2a47f19cedafc5577f4cae275f2b29b
2020-07-08 14:18:49,032 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-07-08 14:18:49,038 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-07-08 14:18:49,038 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-07-08 14:18:49,038 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-07-08 14:18:49,038 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-07-08 14:18:49,038 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-07-08 14:18:49,038 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-07-08 14:18:49,038 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-07-08 14:18:49,038 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-07-08 14:18:49,038 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-07-08 14:18:49,039 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-07-08 14:18:49,040 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-07-08 14:18:49,041 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-07-08 14:18:49,041 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _e0308e9efcf26aba2a7b8a7b25898fc3
2020-07-08 14:18:49,041 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _e0308e9efcf26aba2a7b8a7b25898fc3 to Response _19c36a341d86865b7f85884a39f7fadc
2020-07-08 14:18:49,042 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _e0308e9efcf26aba2a7b8a7b25898fc3
2020-07-08 14:18:49,043 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-07-08 14:18:49,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-07-08 14:18:49,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-07-08 14:18:49,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-07-08 14:18:49,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-07-08 14:18:49,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-07-08 14:18:49,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-07-08 14:18:49,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-07-08 14:18:49,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-07-08 14:18:49,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-07-08 14:18:49,044 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:18:49,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:18:49,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:18:49,044 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:18:49,044 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxAaDX3X46cOSFbMeU5odoQePzHAsozDawu+MA3QCLXEHIkOQFCbfvIbUW8Sm08jmy2UPbHW2+WVgjnYlqzyMBcWu7W8Hpn8QfAdzBLqrT7PSFkJPULHHcWVznTP0wLSUfBpdGxZKH2b+h4Rfn with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:18:49,044 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:18:49,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-07-08 14:18:49,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _3ymnmrgabz3z6puls99idehheotcvzg4jvup
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _e0308e9efcf26aba2a7b8a7b25898fc3
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _e0308e9efcf26aba2a7b8a7b25898fc3 did not already contain Conditions, one was added
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-07-08T14:23:49.039Z, to Assertion _e0308e9efcf26aba2a7b8a7b25898fc3
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _e0308e9efcf26aba2a7b8a7b25898fc3 already contained Conditions, nothing was done
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _e0308e9efcf26aba2a7b8a7b25898fc3 already contained Conditions, nothing was done
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2020-07-08 14:18:49,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _e0308e9efcf26aba2a7b8a7b25898fc3
2020-07-08 14:18:49,046 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _e0308e9efcf26aba2a7b8a7b25898fc3 did not already contain Advice, one was added
2020-07-08 14:18:49,047 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session d50a59ab45876d243eefcc9d937d3f49b2a47f19cedafc5577f4cae275f2b29b
2020-07-08 14:18:49,047 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session d50a59ab45876d243eefcc9d937d3f49b2a47f19cedafc5577f4cae275f2b29b
2020-07-08 14:18:49,047 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-07-08 14:18:49,048 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxAaDX3X46cOSFbMeU5odoQePzHAsozDawu+MA3QCLXEHIkOQFCbfvIbUW8Sm08jmy2UPbHW2+WVgjnYlqzyMBcWu7W8Hpn8QfAdzBLqrT7PSFkJPULHHcWVznTP0wLSUfBpdGxZKH2b+h4Rfn
2020-07-08 14:18:49,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-07-08 14:18:49,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-07-08 14:18:49,049 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e0308e9efcf26aba2a7b8a7b25898fc3"
2020-07-08 14:18:49,049 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e0308e9efcf26aba2a7b8a7b25898fc3 and Element was [saml2:Assertion: null]
2020-07-08 14:18:49,049 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e0308e9efcf26aba2a7b8a7b25898fc3"
2020-07-08 14:18:49,049 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e0308e9efcf26aba2a7b8a7b25898fc3 and Element was [saml2:Assertion: null]
2020-07-08 14:18:49,052 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_19c36a341d86865b7f85884a39f7fadc"
    InResponseTo="_3ymnmrgabz3z6puls99idehheotcvzg4jvup"
    IssueInstant="2020-07-08T14:18:49.039Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_e0308e9efcf26aba2a7b8a7b25898fc3"
        IssueInstant="2020-07-08T14:18:49.039Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_e0308e9efcf26aba2a7b8a7b25898fc3">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>7sfsKekpxCbC5ST2MiSqD6Z9iekYXDQgaYqv0V2r5Cs=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Xg5XRms9MOZWNiu5sPW30w4d4AjJw3RjqbGIgb41sHciOHbVR73CcFJr9pUcNwsIt6bA0KcKtZhMRanYtp0IL2JSLOixII2Cfk48UsX2R2I6klWJ4JUFZw2DzG2f8eHYPvNfvaXRpdmhEh7qS/Q/VR7TTbnNHK8u316Qao4uqTsQ2s9/B2Gj4H/6gtEPWbVNMdqAVa34sRPYCgIAqhEDqkO6Esp+5FDu0wyY7oE0O0t3bTWMiBTAwPu7rM++xhfqnrxz1YIQpoVoLhhiHI90JjNK8TaFwOLC8gBNmd9apeUTOQt5d46jOl/2ueKeMND8QSv3rBjfaolOGzGNSPCyGA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxAaDX3X46cOSFbMeU5odoQePzHAsozDawu+MA3QCLXEHIkOQFCbfvIbUW8Sm08jmy2UPbHW2+WVgjnYlqzyMBcWu7W8Hpn8QfAdzBLqrT7PSFkJPULHHcWVznTP0wLSUfBpdGxZKH2b+h4Rfn</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_3ymnmrgabz3z6puls99idehheotcvzg4jvup"
                    NotOnOrAfter="2020-07-08T14:23:49.045Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-07-08T14:18:49.039Z" NotOnOrAfter="2020-07-08T14:23:49.039Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">Zzv72bbKr5ePxy2RhJ25VPZ1BlNlO+R9BSLg81Emmbw=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2020-07-08T14:18:49.030Z" SessionIndex="_9272957db2acd113b956846e419b8af0">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-07-08 14:18:49,054 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-07-08 14:18:49,054 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-07-08 14:18:49,055 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_19c36a341d86865b7f85884a39f7fadc"
2020-07-08 14:18:49,055 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _19c36a341d86865b7f85884a39f7fadc and Element was [saml2p:Response: null]
2020-07-08 14:18:49,055 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_19c36a341d86865b7f85884a39f7fadc"
2020-07-08 14:18:49,055 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _19c36a341d86865b7f85884a39f7fadc and Element was [saml2p:Response: null]
2020-07-08 14:18:49,062 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2020-07-08 14:18:49,064 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">Zzv72bbKr5ePxy2RhJ25VPZ1BlNlO+R9BSLg81Emmbw=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_19c36a341d86865b7f85884a39f7fadc"
            InResponseTo="_3ymnmrgabz3z6puls99idehheotcvzg4jvup"
            IssueInstant="2020-07-08T14:18:49.039Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_19c36a341d86865b7f85884a39f7fadc">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>yPErH0+QaZCPMgmhln4IHm0jdg6V5PoxNQI7wBbLDrs=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>EAKb7oJCWkJ2vkOStf++If+vDmrwX4m6MfCelIN/DuZSakjwpJblNzfxQ91coDtxF2VebX0rxuefr1KiiEGTMLgtQ4AZyVEd9yb6TYygu+kcbrF/HN4FLJ0dlJvaXiMD3CePAQAg8vkphdqae/HJxf/o4jNNMBLnor7dSO1BxrJd+1m6f7r/1bSYuponMaLyz4xrRsC+HIuaqZODXxw9zEONxEnXSdWeNgCr54b86oZCjApbaTycl0WuuIRS9T6O5RXUPg2UACPObScwzzNyZKrMr7pRYSmpxJ5rNwttkStTQnXO0qz9xSvKmCASEq3V7dR4MLfqxhGvSO4j7XA4VA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_5181558a26f8e35c179f76be79670967"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_913e37a96937673f9a388f16b67b5eb0"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>KyrUVXj5ZH6d3LU5JCb97yTKjsgo4Frb5AJJkH0nYQExhg7sgc68ty6V4uo/y5+Y4BYylcXlZZhw/i8LaXMNmBBK+8mkGnTon9v+fHjwTy4ihgOB+1A7Zjo5+j+r1+2z4mSzjAsdEBiPHKbMn2Pjah3yC6xgxu0RYQLGVF8NO38=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>cJYmhkGZbwnpqq4HhEV0OaR9+4zHJz+JkY9Lv2krGScsjEOGyTN2ge9rWOyzOHyP/YXUZJOp9D9u2nQ1sfep4Nx1RKWUBPCbMBGewyPUjjoltlpHcDauK9ahjgWZcHBNwx4W4JcR5mEkwiL3OmRy8DSLb/2RSo0us2Mfizkc3BisaR0N6c1M9lUzvXn+8KzwFGogHRZ1qEMv2PfpyS5XFz9ISb+YVyWTR81dVfu1LdAOxh2KOKZnPW985nl5zJY8cnM0Kxpi79yePMIYimKM+7ZKL/irzjxAP8MNr9DnvwQxe1PKIlswCIWf6WlQCvI0POmmRrcjwrJVvlCsBWwA+9jSHgrIn39uMFYeSq01ab/Irl2CsVo51tsj+R1RFd0GWcLXlZRg/EBX39uJDvb3Mk1u3pe8u825PBGWft2lB5n760EWK+E/X4rxEICd+TEpA+MwXZTvVJjCvv7aY6VCDASF3DlFhcKO4tWph91xC/bJDDYT1JWvIdZ7w7Ph6ZetOMZXgCM9EhXRA9pyN1SOCtVhp8DCv6zrXL7OOZ6FJSQZTVic21hvFIQtxU/ufKmCrT6HSsw5AD1THaKvOzrbXrKGpVGKxrQb+T9odjn6rGbF/B8NVEfli4C7eevJr9pRAsfcTQ0vqa5uW/zS1kpZJiiX4xVL5VdQMLbdLuA0UbSRV4/uANHPopHtLa+x4vyK/v2tZW5yDgBnyNgWVbJuykS5ArrbDac4J8S1xTLyOFlJsX0EBvIQDNe+EER0jsHRZGy/IMwL8X4hg6PJ69xOETX4ST9rpp1UOaTBImfG8WnQkF1fxLyBl/nvkgoJZ8DbpNQfuQn1XTJ9eyA+FSWAFsZLj0qpJ9+Brl8u9EOW5WRBhgPgOJmCqYHMk/fWs4b1VDTSketlZ5xQ9QftzPOhld69/ayvNefi9MSMxN4mO5BnQV0kvb0jLe9cC81Of/tsOqTxixdX4Xs+XtkhNrCQv2RT7MMc+1F/OgkIe0DQ53SJzrJ2CI54D/gHZPDkJQBhvy1SXhzZTPTGK2Dgeo1xmotzzGEiGCeab9v14TExBO58rJ0yj+uJYeWQ8KTngUmyPfcjl/yvZB67TxLn+rSXWL7pWBW0BxQVT/usTD9uuhZ2zj4wX7i3QhbpjSJ4sBqr+fRMvibC+J6k1flp90qq9aTVWjagl+G36S0PKlKA3LFbvtIC5tEzdqzvbq1yVqbxvmbLw9oBAYvKL2WCU1ewPEkdiIh7S7griYtqm5yxMMEoDBCucowVc2wqL1dFqo9vpHnRPNX9EcBGc9uWDkHsC1A4Hw+9KfC6eME6GGzzeiEE1uQvm4W32FfKPvys6RxCy15D2t/Jlap13yy2Dcp1wTa3J8WtNxALg43w2R9RwPhERuZ56BvyRuazPj4iBOrSLNylIwm6DalBDcOsijZf8u9uIvP2T7P2kNwPjdUbFXE4z3TlSFVF6eT6dmC1Xuv0a6MzOjzjyAXJTqrxbgDyZn0S7W9mqi/2NOaQM1dLRkWSnwkx4njLgtOoSBNre3MwQ+rqxZIVU8E3+UmAG4fWnI6MrsOK96oDYQthQRkh/U7lK/wqSm+hlurQYhTwCY8Pq8/MAJ2JfwFqhZinPx+BK91UOQV+glr1W2vE842kDsEG+rvrjSVgplziqlH30NNalPC6mWFZdwkuG66WygKE+FT2Gnc4gRk+gAhqHlLXAd7FOuBng4wlg+SEc9n4tQKq6KlEDLvxfAQZAtrz3IjYeWhXy30waP2I6FG13+b9Jhd5lHpDhbD8zThh8qIHMm59pgD8gMXnmFltKHZ1KjruU3ALrUFXgksihJcRDRmubkm+HiYq2h7bRV0+emQ6ogcct7vIVsy7FGuf7XkHo30tz4/xu9toafKzbuJONnOtC0k5NAg2hlTkmzCd2CwMqtUcJ1On6g2hAawz1jdjPZtdl4BCoEI2uiU9PaXVyeyNSH9qM/N1WlOUrZY/fpfWnNy8Uh1O5k1Ys4SMcoSqifrN91N/eeXghmxTZ3z6BRRKGQNVxt1FWqgmbGB0p+Ew0HLmI42XaLD+BSkDoMm2UKnFozRislBkysE6hUe9tmKXTi8myBrj4518s5T5gDSIg6qG1GLC/L3tKUp8T3nxEtRhCpseobKWkO1i7eYJvClKZt0oA69BEr7qRRa/2gUga2QPYKCGgrnQ+gKW2XUhj0Cm21+LYcgf2qoZ4WJDntRlWXoftN6+QMGhXZO7poW9aPoHlhVe2Fm1w1+bnQYXAhiuD4awMfAneptBCG6nsl7WFgYoHk4eOrO6dJS4AdPFi8HdrK6ptesiiM1WDPgBargJTpT8qVkRmaaNikxfJnvIdPRt4YRGhMYh1keQv1ebUxCe9E2l7dVVelp0bZV3lrQtjY552rbklU0ZeDE5zWJh6Ucl/qUymkygXWhVajZOhqc+VCjU1zT4UhxkncjFP7ZF/zUo1C9p9+23Qfxo44sZzLNje/YlS8x7yMMBDMTcsz3nHXWC0CY+CtAF+ntsgc+kYr2aVRbER988HCHZsJz2mLqJS5dB7hm8WTmJ6/a18t9vp54TuAUx4w2w59MQsY7lMCYGsbfNJEtzdXvxTJIHxYHQM9g0wtrhK0EnWwf4dopsjXDXg4CZCUnN82azEI83r+cr9E/wGjnTZeiSYGEmptKuk3rtacBXMSpaIYoCV3wd4UhUduGT0uDfbLxUPQPgQgo3ypuDrD7HUoG2QhgYM7NAA7tzR9hzYfMg5R6Z1Fbk/W+ZG8J8s7nIR5ER7Tq3S1CVfFyT9Bi9b70brsQwsl++RFPlLqekJv86tI+91xFwMZ9LNc6LsKfXKNDLL7Vbt1gWrb4LzRCi4e+0fPcXHVluU6j1h5vkDq5VVeRIubC9f0lTe2cK8ZShwIpIXOqVu5bmyA6B5ljucULPNG4nuSfYC1GRgPy+fMVzEX0LrGZeA0WMOazsY9MyrWr7MzJO6L8Pe2KTHHWN1zvdSlFbYaqiaulRwVm83ZkVS8N/hRym7Jdd04Obd5o0NYGe9o2BsXTLirvKOsNd39N7vwa58y3f18KbI6WxyIJiu0q0yUbUI04NtLXdelD6Xn/igbTUA8mMBw6M2WJaXwts5sQtT2+vBTq4OWBdfMDkOvLkbSXdcZvK/cLAFKLit7ueNJpiN94uZtERCajVysp6lSMyA4BbKhPzH2pXlbpV