2020-09-22 12:00:11,549 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:1593c3d07f33f61b5e24cac656ebcdef90e5eca93bf54850f9e77141b42a5f86
2020-09-22 12:00:11,549 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-09-22 12:00:11,549 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-09-22 12:00:11,549 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://samltest.id/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_bd0ecbf6ef9cbab6a4dda43af2800979"
    IssueInstant="2020-09-22T12:00:11Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-09-22 12:00:11,563 - WARN [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:1195] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Metadata with ID 'https://samltest.id/saml/sp' currently live is expired or otherwise invalid
2020-09-22 12:00:11,564 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://samltest.id/saml/sp' from origin source
2020-09-22 12:00:11,565 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 1 candidates via EntityIdCriterion: EntityIdCriterion [id=https://samltest.id/saml/sp]
2020-09-22 12:00:11,565 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:00:11,565 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:00:11,565 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:00:11,565 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:00:11,565 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-09-22 12:00:11,565 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-09-22 12:00:11,565 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-09-22 12:00:11,565 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://samltest.id/saml/sp
2020-09-22 12:00:11,566 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:00:11,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-09-22 12:00:11,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-09-22 12:00:11,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-09-22 12:00:11,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-09-22 12:00:11,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_bd0ecbf6ef9cbab6a4dda43af2800979', issue instant '2020-09-22T12:00:11.000Z', entityID 'https://samltest.id/saml/sp'
2020-09-22 12:00:11,567 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://samltest.id/saml/sp' does not require AuthnRequests to be signed
2020-09-22 12:00:11,567 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-09-22 12:00:11,567 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-09-22 12:00:11,567 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-09-22 12:00:11,567 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-09-22 12:00:11,567 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-09-22 12:00:11,568 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:00:11,568 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-09-22 12:00:11,568 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-09-22 12:00:11,568 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-09-22 12:00:11,568 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-09-22 12:00:11,568 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://samltest.id/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-09-22 12:00:11,568 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-09-22 12:00:11,568 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-09-22 12:00:11,568 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-09-22 12:00:11,568 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-09-22 12:00:11,568 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:00:11,568 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-09-22 12:00:11,568 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-09-22 12:00:11,569 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-09-22 12:00:11,569 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-09-22 12:00:11,569 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-09-22 12:00:11,569 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-09-22 12:00:11,569 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-09-22 12:00:11,569 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://samltest.id/saml/sp
2020-09-22 12:00:11,569 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-09-22 12:00:11,569 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2020-09-22 12:00:11,569 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2020-09-22 12:00:11,569 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-09-22 12:00:11,576 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-09-22 12:00:11,577 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-09-22T12:00:11.577Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-09-22 12:00:11,577 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-09-22 12:00:11,578 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-09-22 12:00:11,578 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-09-22 12:00:11,578 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-09-22 12:00:11,578 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-09-22 12:00:11,578 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:00:11,578 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-09-22 12:00:11,578 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-09-22 12:00:11,578 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-09-22 12:00:11,578 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-09-22 12:00:11,680 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'SAMLtest SP'
2020-09-22 12:00:11,680 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning logo from UIInfo, (225 x 90) : https://samltest.id/saml/logo.png
2020-09-22 12:00:11,680 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Acceptable Scheme 'https', returning value 'https://samltest.id/saml/logo.png'
2020-09-22 12:00:31,519 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-09-22 12:00:31,519 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-09-22 12:00:31,519 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@279012104::identifier=rick, context=org.apache.velocity.VelocityContext@5bb70776]
2020-09-22 12:00:31,526 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@279012104::identifier=rick, context=org.apache.velocity.VelocityContext@5bb70776]
2020-09-22 12:00:31,528 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-09-22 12:00:31,528 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-09-22 12:00:31,528 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-09-22 12:00:31,529 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-09-22 12:00:31,529 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-09-22 12:00:31,529 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-09-22 12:00:31,529 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-09-22 12:00:31,529 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3e4ec7cd85cd468cf95b4aa02a812a48d8efd009748187cfddefb7cb6513c392 for principal rick
2020-09-22 12:00:31,529 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 3e4ec7cd85cd468cf95b4aa02a812a48d8efd009748187cfddefb7cb6513c392
2020-09-22 12:00:31,530 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-09-22 12:00:31,530 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-09-22 12:00:31,530 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2020-09-22 12:00:31,530 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-09-22 12:00:31,530 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-09-22 12:00:31,530 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-09-22 12:00:31,530 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-09-22 12:00:31,530 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-09-22 12:00:31,530 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-09-22 12:00:31,530 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-09-22 12:00:31,530 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-09-22 12:00:31,531 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:00:31,531 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-09-22 12:00:31,531 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4640ba03'
2020-09-22 12:00:31,532 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:00:31,532 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://samltest.id/saml/sp'
2020-09-22 12:00:31,532 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://samltest.id/saml/sp'
2020-09-22 12:00:31,532 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://samltest.id/saml/sp'
2020-09-22 12:00:31,532 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:00:31,532 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-09-22 12:00:31,532 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-09-22 12:00:31,532 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-09-22 12:00:31,532 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-09-22 12:00:31,647 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'SAMLtest SP'
2020-09-22 12:00:31,647 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-09-22 12:00:31,647 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-09-22 12:00:31,647 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning logo from UIInfo, (225 x 90) : https://samltest.id/saml/logo.png
2020-09-22 12:00:31,647 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Acceptable Scheme 'https', returning value 'https://samltest.id/saml/logo.png'
2020-09-22 12:00:31,647 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-09-22 12:00:55,234 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-09-22 12:00:55,234 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-09-22 12:00:55,235 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200922T120055Z|https://samltest.id/saml/sp|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2020-09-22 12:00:55,241 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:00:55,241 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://samltest.id/saml/sp'
2020-09-22 12:00:55,241 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-09-22 12:00:55,241 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-09-22 12:00:55,241 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://samltest.id/saml/sp, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1632312055241}'
2020-09-22 12:00:55,241 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-09-22 12:00:55,241 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-09-22 12:00:55,241 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-09-22 12:00:55,241 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://samltest.id/saml/sp'
2020-09-22 12:00:55,241 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://samltest.id/saml/sp]' as '["rick:https://samltest.id/saml/sp"]'
2020-09-22 12:00:55,241 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4640ba03'
2020-09-22 12:00:55,241 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:00:55,242 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-09-22 12:00:55,242 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-09-22 12:00:55,243 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-09-22 12:00:55,243 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _3926d8fe4513fd26bafe80d4706ca5b4
2020-09-22 12:00:55,243 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _3926d8fe4513fd26bafe80d4706ca5b4 to Response _cb09314771409c9af4e098cc0dd66775
2020-09-22 12:00:55,243 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _3926d8fe4513fd26bafe80d4706ca5b4
2020-09-22 12:00:55,244 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-09-22 12:00:55,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2020-09-22 12:00:55,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-09-22 12:00:55,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-09-22 12:00:55,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-09-22 12:00:55,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-09-22 12:00:55,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-09-22 12:00:55,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-09-22 12:00:55,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-09-22 12:00:55,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2020-09-22 12:00:55,245 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-09-22 12:00:55,245 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx9XCc5U7RuHdIGJQbSUfTFelE8VQYxpOGnYx9NvMuk6txTiKq25Mfe/IjWPJTZ2A/5MJEbZkQ68GeRICeUPAAXHKYeSMsVda7dFYGd1Mam7TNmOMAAKlZYW1Aqg== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _bd0ecbf6ef9cbab6a4dda43af2800979
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://samltest.id/Shibboleth.sso/SAML2/POST
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _3926d8fe4513fd26bafe80d4706ca5b4
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _3926d8fe4513fd26bafe80d4706ca5b4 did not already contain Conditions, one was added
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-09-22T12:05:55.242Z, to Assertion _3926d8fe4513fd26bafe80d4706ca5b4
2020-09-22 12:00:55,245 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _3926d8fe4513fd26bafe80d4706ca5b4 already contained Conditions, nothing was done
2020-09-22 12:00:55,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-09-22 12:00:55,246 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _3926d8fe4513fd26bafe80d4706ca5b4 already contained Conditions, nothing was done
2020-09-22 12:00:55,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-09-22 12:00:55,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://samltest.id/saml/sp as an Audience of the AudienceRestriction
2020-09-22 12:00:55,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _3926d8fe4513fd26bafe80d4706ca5b4
2020-09-22 12:00:55,246 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://samltest.id/saml/sp to existing session 3e4ec7cd85cd468cf95b4aa02a812a48d8efd009748187cfddefb7cb6513c392
2020-09-22 12:00:55,246 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://samltest.id/saml/sp in session 3e4ec7cd85cd468cf95b4aa02a812a48d8efd009748187cfddefb7cb6513c392
2020-09-22 12:00:55,246 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-09-22 12:00:55,247 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://samltest.id/saml/sp and key AAdzZWNyZXQx9XCc5U7RuHdIGJQbSUfTFelE8VQYxpOGnYx9NvMuk6txTiKq25Mfe/IjWPJTZ2A/5MJEbZkQ68GeRICeUPAAXHKYeSMsVda7dFYGd1Mam7TNmOMAAKlZYW1Aqg==
2020-09-22 12:00:55,247 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-09-22 12:00:55,247 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-09-22 12:00:55,247 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-09-22 12:00:55,248 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_cb09314771409c9af4e098cc0dd66775"
    InResponseTo="_bd0ecbf6ef9cbab6a4dda43af2800979"
    IssueInstant="2020-09-22T12:00:55.242Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_3926d8fe4513fd26bafe80d4706ca5b4"
        IssueInstant="2020-09-22T12:00:55.242Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://samltest.id/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx9XCc5U7RuHdIGJQbSUfTFelE8VQYxpOGnYx9NvMuk6txTiKq25Mfe/IjWPJTZ2A/5MJEbZkQ68GeRICeUPAAXHKYeSMsVda7dFYGd1Mam7TNmOMAAKlZYW1Aqg==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_bd0ecbf6ef9cbab6a4dda43af2800979"
                    NotOnOrAfter="2020-09-22T12:05:55.245Z" Recipient="https://samltest.id/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-09-22T12:00:55.242Z" NotOnOrAfter="2020-09-22T12:05:55.242Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://samltest.id/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-09-22T12:00:31.528Z" SessionIndex="_fc60fe594cc93c87922a133d5728f1f6">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-09-22 12:00:55,250 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://samltest.id/Shibboleth.sso/SAML2/POST
2020-09-22 12:00:55,250 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://samltest.id/Shibboleth.sso/SAML2/POST
2020-09-22 12:00:55,251 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cb09314771409c9af4e098cc0dd66775"
2020-09-22 12:00:55,251 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cb09314771409c9af4e098cc0dd66775 and Element was [saml2p:Response: null]
2020-09-22 12:00:55,251 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cb09314771409c9af4e098cc0dd66775"
2020-09-22 12:00:55,251 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cb09314771409c9af4e098cc0dd66775 and Element was [saml2p:Response: null]
2020-09-22 12:00:55,253 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-09-22 12:00:55,253 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://samltest.id/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;samltest.id&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2020-09-22 12:00:55,253 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-09-22 12:00:55,253 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ss:mem:1593c3d07f33f61b5e24cac656ebcdef90e5eca93bf54850f9e77141b42a5f86', encoded as 'ss&#x3a;mem&#x3a;1593c3d07f33f61b5e24cac656ebcdef90e5eca93bf54850f9e77141b42a5f86'
2020-09-22 12:00:55,255 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://samltest.id/Shibboleth.sso/SAML2/POST"
    ID="_cb09314771409c9af4e098cc0dd66775"
    InResponseTo="_bd0ecbf6ef9cbab6a4dda43af2800979"
    IssueInstant="2020-09-22T12:00:55.242Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_cb09314771409c9af4e098cc0dd66775">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>ehpvYuW2wgtHU1MhHIeiPIQC4j8aEi06na1GEC8tMXRLU1gTmMEITTO27eGdIgWpT+Dd/uxluqeQ/wfu34MUvw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>rTJrNtaDmkRmdkKvFQf05EYa708LQcSfoeiqSS0epLnhcjzg4Q/3FEt1AX9rXobMhIyoOhcgaixixRVi7XA5BJwPw7YtU2c7ejoGUPqZNgcGBBWLA5lsP9y0EYLsC2C54qVg30V1uTAFsZTi3f9jVSM8lbS4PAnbh5Slv8JDjMiPMuAbyO4S5hcyq/hXg00bQj9PqVGDTjC2FQoh5FpOJIaCvuKez7SXRlzhzBEq8Hug0sD0rCQh+9mQA1AiyvMb0I5A2gfmCFbXmS4GceldAF7bOS5WAfT+px5rSdK6MhnkepyQnAu7Awqa9qyvKbdqvfvPRDQdmNmusV6GLwnJuA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_1341c82fe56ed8b69b8417d1a024b90c"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_e0e97ca4a87e9c7f102e1cc6a9aca11d"
                    Recipient="https://samltest.id/saml/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIERTCCAq2gAwIBAgIJAKGA/tV7hXUvMA0GCSqGSIb3DQEBCwUAMDUxMzAxBgNVBAMTKmlwLTE3
Mi0zMS0yOC02NC51cy13ZXN0LTIuY29tcHV0ZS5pbnRlcm5hbDAeFw0xODA4MTgyMzI0MjVaFw0y
ODA4MTUyMzI0MjVaMDUxMzAxBgNVBAMTKmlwLTE3Mi0zMS0yOC02NC51cy13ZXN0LTIuY29tcHV0
ZS5pbnRlcm5hbDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANoi7TtbPz5DD5b+pGj2
bWHUWcOm135Dl+kfKWcJV6x4Z4VRMa33nwSfFg6U0DhPaA6rYr8BfcmCIY4V4cGlJkLNsYbgbZNn
rLh23mj7jkaUeyv/DlGtLBcqr0gP6eDtcOf3MMGAkhROcicMj6i+uF6hqLDh4eNcpqEVDVn+ADBs
osIPiAx+RkcyZkfAF3UeGEV5WTSiQw7qYpI7x+c4ViiBzV4waBgXjvNN72Dqlc01AylpmMKaUPfx
IpPC+Ctr0bHu5xn7NxMS8Zt5NDWsP9T15qrpYatW68sXVyE5nJRYpiRiRbo8i7QpUEya+TkXEI8P
VD3KBw9UwhqL8qPPe0T+EeaawF6BVRTEPc+Mn4lGBr4cCFcGk/PLHeyksgPdjNmO1g7y5TWQzu21
WzkXRTWJq7wGwWeW6NrcNqweYPLbXEo0JlmHqunkUs+NsLQAFqSPX02P2xzkA/eOU2o/jN4jAPNp
zqxJouvmiWGXl8Qy4U7vQZ0tGvlTDSltATOQ/QIDAQABo1gwVjA1BgNVHREELjAsgippcC0xNzIt
MzEtMjgtNjQudXMtd2VzdC0yLmNvbXB1dGUuaW50ZXJuYWwwHQYDVR0OBBYEFBBtS9YNKSIwViH3
7GJCTxjNBzLAMA0GCSqGSIb3DQEBCwUAA4IBgQDWXcaI7zMnhGsLVTUA6dgzZCa88QkN/Z6n7lCY
2oaKj1neBAWA1Mxg7GBJsmLOrHN8ie0D/uKAF+7NqKCXYqd0PpTX7c1NICL92DvbugG/Ow50j5Dw
6rU4Y8dPS7Y/T1ddbT2F9/5lHCIWP/O2E9HREJ0JAIbu/Mi0CE1qui2aSJMDWKuiGK63M/7fvP51
m6xSJOfZBhmjgllIwEhIzfh4hVPhH0C7iqVls34UyLCZ8IZOCuGPJyTaJN6Pi3Uo1Otkz/1igN5M
pQhVaeYG7SMgha6skTLrVXTt4CuMVsOZ6cG3kHqw8XZoRld+I50iyHqansf5qwzmNoPeXyjGRFQz
V/EH3SUu8eAISTt9pfirwjKsVNHrmMRnQEB/hJYYbTWSsvdS8ghw7a/A0EKQPVaZGCP/hcpt9JMM
b66y2L8VgBbb6aTsR+Uabf6aiMnj1UBMUz9yaMkakKM7e66uHdXUDZ/s8F5rPOGCK+O8O6EsLRf8
XetRWLa1TXRDkJZVPX4=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>1144y5ThnSDXeRVWbeJKz3gI2bc2ELxXOo6ja3b2RmS1PXhT1vy8OxQxgnNz1m/5VG1W+q0/E3DwctpAHP4IG/q3BZveNvy1cYO+Srbu+8P5ABj44xDLZ/6cuXQcUr4b0ySxyyA/Jb2tkpPam+fxVq9XtTZzOk61MlSmljgWuFmFn3dLSNBvmXXBhuiVD/RELzRhLdB5XPhRlhYCz7C6SpQLRoBlf5QQ8FVEaDT57wXBfl7f29QrFZpLerutz4d8+Q2kmHBjgc5DP/lYuVpMGuq+PXurPPyqAlYwFSIZqX+AzaD32+7Qzk1C+ObZLdBPf0AqZ8VUEojQfr7qXGsEpNKDwYOBWRdUmnj28u5WyW9PqHuGHjSZuC2U0RmlrcmO0ON+wTa93Y+X27DarukNFgJS0Z9UhPqRehnVVTSL5AugHthODt9TjQyOCFFZwNYf8Fbdtfo6+UOnz3fae7oPINRFh+NGjNwvl1iBZDjgwA/U/KA+PujMcL1yFYZUW/W1</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>VAxiNqNpQfAgsChEJQmvECiRLW0WzURLLUzgOI0V6HUlRnffGXPNxYUNkvvtuptBXr0cXbWus3Er1sLEsMJZlqs6MwObiwZurY9QJVuNpotjFTWIEy26LnAqs/d7nbVicPdas+GaEpTmIkdU3nO02Meu6s6YaMSU3xMY9fnszA3hzSxfXoQ9YHfLfWapniOqQxesKYqECa5nJeM9uhh0BgsKiBsuouPdFqZcCo2lYqX7VbAYAaXG+EyyNh/zP6KM0K5KyX6EzgUP1z/ZPjwdCAyOGGIKjlVPJVTeazxm/osif/4lPo3s6pwDNn5Lq0PcqOuYeyr6U1Th+CVlCns0kOlDVktZ9Gzq9XBoTRisj180Ie794pKkXSjglTZlhlEzOo1XzyOiWlE3WOQ9QPOKwLQf17kyyagkGTy73BT1BLbxn9hFSEZVGeggyhxq7fZd/7ey7eu8XXsLb7Jk/LlXiqQ8q70EO9ADM+E/gtfHaU8uqDGwiHyH9riPIKPd+RcTXV0bGZak4ObM8tN1QKJ4Nzkp4V/0AfUTiAc03y/jF1nzLWyNoVeVPE9dt+8D2xv7co09R392pHLQPqlXGSGpLSJ7W/V3ltSfjmZbwKf/l822qUkvPVRoenXMUzltTIm54FV7+TRrKih1p/bN6zBGkWAdjVBtfUvrTq4qmgtKCQLPaKOKq235yFAmPrz62QZUs6aNH3MbhODoZDhZqQ69/9QKoqsewgt0EbYiyVAdVQzAfWpunIaBzbli8O0ydrC9hhOxuMTEPGpVAZy0fzC386/XJo+f+GLqH4gR0eRCmJ0afD8WnLSMcrp679B9Pz9sySLAVMCLMFvMU/rPddhFr/NEiPXvG64CDgRUzZhLUrkFniyxyYU/sTo42VjLOqX0u51pu4JuYHUdU/FdFPnEfXE/7fVB2s3jucAZlXLi0mMNLz3OR1DziZNQcM/N1CI68WULwmAyWh+sB+VtTezQYLR/wk9/dG9jCM3gC/npX6mFQNkKMRJvF2/5s1oyh/TsbJ3Bc7KA3q7B3te7Vn8cgiL3e+FTorcu16cGVAc19sUTK472TScEr7ZSOAragr93SBY9MMK1DseFm0zYPMsy/Ze5gepPdw7sSWv4VCbKwxdnkeKD1EYejRkyG8/N2zNckTxFvmpqHH3xVlrP+L7ssIBY/yYpakAj+Gd94jUbuo5bl020rVV8khJyZTZo27zdvbE/9vmsY7npwnJBQ3rNtWz/PH6QfhGvdKZoQtZ/Dnov7UHWWS9HqA5+bq2AD0GxkdJ83Ob+7/Tt9uS094wehDCahdkEoVnOOAyh7XnwJcTELptd/bxwket8J+Z7hYYOYl7FSU3w7UJhue8b5Hun3rXvxt+VPBuG7kAGOeVt5d8k6zm0a2iwS73RHE5U0nPAWXfMDa9d9kw8z8DHc4cqOsoqaMdCdbz5n8G6k6+jUFamHTrBMMesDy3O+JNGfxGSPOK4dnNzNRVs8xxKlu+acGgHFhvtE9nj8W3h/ng7oa1PvZZCFqMEQOFZhj5Njf2Lfh38+3pVPiW1lN4biMVMweuVegZ0rw8FFeDEvRTzygH5SvD41ublhkNRtmG++5WcChQRDhtgX4cNI0pgzfF0OQeNqapT4bseiW6SNRDtKl/Ume/KSeiqpj7EG26fVeRGHjDRZO9QMhoP3rU10y4wUL4wH7uIaV7T5w319j22mFzvG6XUzxnm8bPx8d3C09Q3aVpN/ZKQPm1xZV3ndnRCNr4EU2Zfj4mt/17EdTN+XQWpE/u/iIj94is/06cCQEyjmQiV0uauSovvJ8mbkTa9FwZHGqOzKf13zmvDk+l/XXK+2RQXMk7q0qTkwPCqo844cyYI14P2ScWPWwpsDfQAsbbqKwoIX53jzvwwyM45xwHOIRqOdrnrdfhxdGz+HEQrjQ3gcDId/p9wZGL1QOCrJWNLxJcW1F+8j06Thw6MSPJ6zYAEJgZadRYplsBtb1XAknvMBRcXCgu0VcZMm8bIf43nHdRu/uJxdBzqVxjEkK7rRpaOThOe3UfcAXulblVACxxDYScO/8r9goLfc72l8wmkPuBUMfPINXzsnnQ2zajANTIXJd/BphAg2wF7AxaVdXrGYXR3AuQRpVecVIls9vqJGayDQZ7HuQiFQD+FWIpLENoczXcVxiKPtnQtuIO+FYhvKsX9MpIcoiKAyl5SEdmol4P3l01Qw64kxufD2UlguCA+zV1CCzzkpmY83uJNS1xcJ1fl1yL926vhyBkyMQGd2wZpVVLba6rv/bXVGxy+r9DyoHOL8EEnMDpOxxWp4AVB9cF6tHhyzV0BsKe9lT7bXA6W7iJ/p6jz/GSCwLNK+0GrU/un5J2/Re5OjPyepDQgRNgqcC2ilDSmyRygFf3L0kApYOIRD+g1o3Elnmgn3D9N3i58icLvCLcnQdCQcDRTMYZidQNER/IyRftvkjYQTaQXQH6iaxpk5mdUCwWBaxTl9/gzSfJoXZZo0ERuH8LnMy/uxjdjLHWuGuR4LrVNgyavYmArq8bTDCl1rbZhcy5rxtwLYmDqLgpe7z1AgHlq5bbVgHadDfzgY5COjPqSmPOO9Q/8W8gpyvr8Jmpn81T38t1fRwV6wLMM9C3pnyPHTNEojmRSt6sZINyPt1mjxRGXHtMInQ5OtjQzqRBNVv9WXRzp5CayAT16pnejokFntLwjPQrHV2FoTslo8XJH7lROcRalASWXTgL4vyUgfheEbFtleb2as9myLgIw9wDxF6i0T5XudGs4k9sPBmPC/da0t38/kMgrH5QeSiHeUOvKu/VRUr5PtEG1xCZ7CHZHRwr9wJGBdscLO3qtGyxjC1msDoQ3Rt3amBrOwMd508IPqWO+tQLkWVgyxaHl3vb1ToWmbllQ70LVvtQ6Tz3H5cpQbBSIvlXwTZk1JkO/0XDiKHtuMKGq1Cl0UnjKn0vytqzRy6ULGW9RrSPtEzSWmHGXZxbp2ih1wOmGIpiyh8LcWTVKnqTrDTMkIH/Yg0AE5z/P3BpO6xG2O1iJssVNwHYG5EdSxVRhVioCW85JTfmETDkizwM+I0frsWGa4Xwo4SJP2wZcbP4NO+7YTWiMedvXnSeYwm2o5YZWDkI/KoVnXAxYrPqJHkaw+LAIFi/Pfom98bWyuEKryvQMg6xhfAP0KfFImcbnXS3cHu5hMZc+7fI3DBI91ZoB1ZcKiTEWm966dmG+/UYqGuy2tz/tf/cQe1Hl0C62FRy+hl/Fu/wLK0uolspOeSvAuhJXRRAg5dwURUtRfvtzPAzMzk628fcuuyrxHOubBwBJahsE3bQkUkdmdpj6NvKxpHf7MHR4D5yFVUogXhqdhDhJz4BoFZbFNlO1GMnLm//KcAl9uEEwhAqUG8mUd8LbTjYfwOsHNe7VNWn2y3fbJPsI5JbVSxWU3z3QPi3ZFsdez+vmjenrKZJh/wlMLuRvKexu3Wod+nG62VEXwZ2Iq6/DxG8s07rSSUN25R9DjNVMjqLuuHWhxJ9G3iVmywpQaEN47rgIUgwQeObPK0h3c2dL5FetagBkwKJPoH6E150m19PBI61Ov8uCNUym61ilRLVW4TKwl6gYziWfHANm5tw7Lc4Sc3y+hSRQwchgoKSAR/XW/uXggK5lWFy79HASS5lRMxwf60ObxQwSwixkoW6lA16vPm1K0cNCJ1xnMpqZSEXiEe5mijgpqJkFTb2dtxAwoCtDlhuyKnZqnSZWhEGjFVjfXdvO4YUJXAsMwEtiXaLUp02JfAgvOProqYv/hw0TgfzADIW6FKZcPARo4Uxb/ArnOehfMxEnHsoBu2oDrMgSh7XZydDb0CApUsVhonv065me+76WdguHz9FxJEhn2GvNhLZhno4D5aHGvsmDwwakeFC91FcFwP02iVLhrLQpNg1hJe0kp+qOBVZFvwYyMA7Vhu1sW5+ch3niPcWWp2Ud5OvYHpswf1ee6EnLjLPMUC4cSAd22uyPNfjJKtakxWMOuUHVIzP9uBEmnQsyoSYy/M2CvhNafUs3MVklK1PcBx6s2GxJxbVcjeRIaNqIkkOzm3HRZB7klnL0BT29FzNawDzzAcaaO1DE21PJj5aOBfX8jut+mibObuHyk3DRojMg4m2J14f72V/ulo87dvVbINHN+tYhR26NUNL7QxHqvK0OczacC8UATT6Y1+w/ucvxwd/XPVteepQIEsJMXi60jMnjFGCV8yM8MM5rkCV5/GsSu78Xvo+8Cb8LHEWTLa5kKWRT4JktMrkFZU0iLg5K41KygDZqoZZUuAgI7Ey3cAFK1h/J+HAsYacuF2uZ++so/uL5zKaDeKsykiuaUfoopNXStLYLwpkImkwJ2ScCryHTjOZ0Be78fYbRd9ObSZr/NdP7ISR1/cmW5uligiiWgLnfv9/hEmX5+97L/dtx9t7+IaZkhEtrkdBvu1+lRRnQDaGy490qUQ2T6UF2i5q5vHw1Rf5YgeWP3cGsC/XfrAq81xGG6RLck9XyspLDpkZbUYkXiNYC851cDnzeRyTN35jLGhGlATUOBqz3lyyOwXethPcPWnaj/YfGJwNofVRDsba8OL6FQuB3jwDtKJ/lFINOhjXQPSqYuyy1R5NRUr4q5ogpR54vphOtSKjAnq1XtakWjyw2nwzGRiZferJ6Kuv8gRs9SrNAfMu5edxNzE4CwYcXSyFdUo27U3W0AxzWU5S6wKSolr4XVqVPOwn6TW+QnONwIjvL8zVDRGBD7GVQxEaIvB34Bb1idZMDHu620g0va6OTiU43VMpfOjS+Ss13f7xQsyANytr2wD7xSlulxbiBk8yGEE/0I+U3UxeWQkqYXBWa0YlYkXrE+btQNImX7hW6pseJMrSxxezbsz4/tkq2ICH3RUIGWCLRmORlAry05gsij/Dz/fqHr62rmhsjy+41hQEYwbLwI7tCkiWSaqftV/F6vF6OpW+DuVIXaCM8VIIJluYlKyXDlJTgLsI5Dtx0jFtfp2nRkNzGHAxEYOuPQ450cxxZwEYkyF4g/h8LhUskoNO8tu2cVKcCVLEg6hfAgCZrf8pf8QWlSqaBbw2NZSVnr3i9yD6cR8bJOz2W5yBHZQmEHCg21ZOCpAo=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-09-22 12:00:55,255 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-09-22 12:00:55,255 - INFO [Shibboleth-Audit.SSO:?] - 20200922T120055Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_bd0ecbf6ef9cbab6a4dda43af2800979|https://samltest.id/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_cb09314771409c9af4e098cc0dd66775|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx9XCc5U7RuHdIGJQbSUfTFelE8VQYxpOGnYx9NvMuk6txTiKq25Mfe/IjWPJTZ2A/5MJEbZkQ68GeRICeUPAAXHKYeSMsVda7dFYGd1Mam7TNmOMAAKlZYW1Aqg==|_3926d8fe4513fd26bafe80d4706ca5b4|
2020-09-22 12:01:27,206 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://34.249.24.65/?XDEBUG_SESSION_START=phpstorm
2020-09-22 12:01:27,206 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-09-22 12:01:27,206 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-09-22 12:01:27,206 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://34.249.24.65/mellon/postResponse"
    Consent="urn:oasis:names:tc:SAML:2.0:consent:current-implicit"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_D0FAA510E3CBB2657D5F2FC38204BD82"
    IsPassive="false" IssueInstant="2020-09-22T12:01:26Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://34.249.24.65</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-09-22 12:01:27,217 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://34.249.24.65' from origin source
2020-09-22 12:01:27,218 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:01:27,218 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:01:27,218 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:01:27,218 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:01:27,218 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-09-22 12:01:27,218 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-09-22 12:01:27,218 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-09-22 12:01:27,218 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://34.249.24.65
2020-09-22 12:01:27,219 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:01:27,221 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-09-22 12:01:27,221 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-09-22 12:01:27,221 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-09-22 12:01:27,221 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-09-22 12:01:27,221 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_D0FAA510E3CBB2657D5F2FC38204BD82', issue instant '2020-09-22T12:01:26.000Z', entityID 'http://34.249.24.65'
2020-09-22 12:01:27,222 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://34.249.24.65' does not require AuthnRequests to be signed
2020-09-22 12:01:27,222 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-09-22 12:01:27,222 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-09-22 12:01:27,222 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-09-22 12:01:27,222 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-09-22 12:01:27,223 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-09-22 12:01:27,223 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:01:27,223 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-09-22 12:01:27,224 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-09-22 12:01:27,224 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-09-22 12:01:27,224 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-09-22 12:01:27,224 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://34.249.24.65/mellon/postResponse using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-09-22 12:01:27,224 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-09-22 12:01:27,224 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-09-22 12:01:27,224 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-09-22 12:01:27,224 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-09-22 12:01:27,224 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:01:27,225 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-09-22 12:01:27,225 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-09-22 12:01:27,225 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-09-22 12:01:27,225 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-09-22 12:01:27,225 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-09-22 12:01:27,225 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://34.249.24.65
2020-09-22 12:01:27,225 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-09-22 12:01:27,225 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-09-22 12:01:27,225 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-09-22 12:01:27,225 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-09-22 12:01:27,228 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-09-22 12:01:27,229 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-09-22T12:01:27.229Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-09-22 12:01:27,229 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-09-22 12:01:27,229 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-09-22 12:01:27,229 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-09-22 12:01:27,229 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-09-22 12:01:27,230 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-09-22 12:01:27,230 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:01:27,230 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-09-22 12:01:27,230 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-09-22 12:01:27,230 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-09-22 12:01:27,230 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-09-22 12:01:28,024 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '34.249.24.65'
2020-09-22 12:01:28,024 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-09-22 12:01:28,024 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-09-22 12:01:36,441 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1600776095_cb0c
2020-09-22 12:01:36,441 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-09-22 12:01:36,441 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-09-22 12:01:36,441 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_d1f5cbff21eb7869c6789cc5d541d021"
    IssueInstant="2020-09-22T12:01:35Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://services-sandbox.sheerid.com/Shibboleth/UK</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-09-22 12:01:36,446 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK' from origin source
2020-09-22 12:01:36,446 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:01:36,446 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:01:36,446 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:01:36,446 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:01:36,446 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-09-22 12:01:36,446 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-09-22 12:01:36,446 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-09-22 12:01:36,446 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://services-sandbox.sheerid.com/Shibboleth/UK
2020-09-22 12:01:36,447 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:01:36,447 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-09-22 12:01:36,447 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-09-22 12:01:36,447 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-09-22 12:01:36,447 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-09-22 12:01:36,447 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_d1f5cbff21eb7869c6789cc5d541d021', issue instant '2020-09-22T12:01:35.000Z', entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:01:36,447 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://services-sandbox.sheerid.com/Shibboleth/UK' does not require AuthnRequests to be signed
2020-09-22 12:01:36,448 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-09-22 12:01:36,448 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-09-22 12:01:36,448 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-09-22 12:01:36,448 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-09-22 12:01:36,448 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-09-22 12:01:36,448 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:01:36,448 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-09-22 12:01:36,448 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-09-22 12:01:36,448 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-09-22 12:01:36,448 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-09-22 12:01:36,448 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-09-22 12:01:36,448 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-09-22 12:01:36,448 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-09-22 12:01:36,448 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:01:36,449 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-09-22 12:01:36,449 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-09-22 12:01:36,449 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-09-22 12:01:36,449 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-09-22 12:01:36,449 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-09-22 12:01:36,449 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-09-22 12:01:36,449 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-09-22 12:01:36,449 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://services-sandbox.sheerid.com/Shibboleth/UK
2020-09-22 12:01:36,449 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-09-22 12:01:36,449 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2020-09-22 12:01:36,449 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2020-09-22 12:01:36,449 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-09-22 12:01:36,452 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-09-22 12:01:36,453 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-09-22T12:01:36.453Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-09-22 12:01:36,453 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-09-22 12:01:36,453 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-09-22 12:01:36,453 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-09-22 12:01:36,454 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-09-22 12:01:36,454 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2020-09-22 12:01:36,454 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-09-22 12:01:36,454 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:01:36,454 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-09-22 12:01:36,454 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2020-09-22 12:01:36,454 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-09-22 12:01:36,454 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-09-22 12:01:36,617 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2020-09-22 12:01:36,617 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-09-22 12:01:36,617 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2020-09-22 12:01:40,177 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2020-09-22 12:01:40,178 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2020-09-22 12:01:40,178 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1706961842::identifier=morty, context=org.apache.velocity.VelocityContext@5dab936a]
2020-09-22 12:01:40,191 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1706961842::identifier=morty, context=org.apache.velocity.VelocityContext@5dab936a]
2020-09-22 12:01:40,205 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2020-09-22 12:01:40,205 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-09-22 12:01:40,205 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-09-22 12:01:40,205 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2020-09-22 12:01:40,205 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2020-09-22 12:01:40,205 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-09-22 12:01:40,205 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2020-09-22 12:01:40,205 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 148bead5b2d632df82fd57806ec8a36005c7780c22e7bfc3e3cb26f0cca31ace for principal morty
2020-09-22 12:01:40,205 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 148bead5b2d632df82fd57806ec8a36005c7780c22e7bfc3e3cb26f0cca31ace
2020-09-22 12:01:40,206 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2020-09-22 12:01:40,211 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2020-09-22 12:01:40,211 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2020-09-22 12:01:40,211 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-09-22 12:01:40,211 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-09-22 12:01:40,211 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-09-22 12:01:40,211 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-09-22 12:01:40,211 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-09-22 12:01:40,211 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-09-22 12:01:40,211 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-09-22 12:01:40,211 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-09-22 12:01:40,211 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:01:40,212 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-09-22 12:01:40,212 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3725d15b'
2020-09-22 12:01:40,212 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:01:40,212 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:01:40,212 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:01:40,212 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:01:40,213 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:01:40,213 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2020-09-22 12:01:40,213 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2020-09-22 12:01:40,213 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-09-22 12:01:40,213 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-09-22 12:01:40,377 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2020-09-22 12:01:40,377 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2020-09-22 12:01:40,377 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-09-22 12:01:40,377 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-09-22 12:01:40,377 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-09-22 12:01:40,377 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, SheerID, Inc.
2020-09-22 12:01:41,153 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-09-22 12:01:41,153 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-09-22 12:01:41,153 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200922T120141Z|https://services-sandbox.sheerid.com/Shibboleth/UK|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2020-09-22 12:01:41,154 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:01:41,154 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:01:41,154 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2020-09-22 12:01:41,154 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-09-22 12:01:41,154 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://services-sandbox.sheerid.com/Shibboleth/UK, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1632312101154}'
2020-09-22 12:01:41,154 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2020-09-22 12:01:41,154 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-09-22 12:01:41,154 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2020-09-22 12:01:41,154 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:01:41,154 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://services-sandbox.sheerid.com/Shibboleth/UK]' as '["morty:https://services-sandbox.sheerid.com/Shibboleth/UK"]'
2020-09-22 12:01:41,154 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3725d15b'
2020-09-22 12:01:41,154 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:01:41,154 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-09-22 12:01:41,155 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-09-22 12:01:41,156 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-09-22 12:01:41,156 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _a358a346044190961b477769b68cb2aa
2020-09-22 12:01:41,156 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _a358a346044190961b477769b68cb2aa to Response _f9c1cabfb4c6b00885101110edadaf99
2020-09-22 12:01:41,156 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _a358a346044190961b477769b68cb2aa
2020-09-22 12:01:41,156 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-09-22 12:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2020-09-22 12:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2020-09-22 12:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2020-09-22 12:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2020-09-22 12:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2020-09-22 12:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2020-09-22 12:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2020-09-22 12:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2020-09-22 12:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2020-09-22 12:01:41,157 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-09-22 12:01:41,157 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxf8JeHK2k+RccFZLAcvKrDA+bCqWxOhvfxGYKhqGcYDQPef/NUE0KohhWO1HW08udNdgzyldEsvUa7FExd7MZ2/nXG7xQFPGeN+rCLKs4zc6OAPDOmXOeIQx5evVHv/DO/B9L5itb2ATZxXt/HcjOjS4KWCL1Ow== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _d1f5cbff21eb7869c6789cc5d541d021
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-09-22 12:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-09-22 12:01:41,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-09-22 12:01:41,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _a358a346044190961b477769b68cb2aa
2020-09-22 12:01:41,158 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _a358a346044190961b477769b68cb2aa did not already contain Conditions, one was added
2020-09-22 12:01:41,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-09-22 12:01:41,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-09-22T12:06:41.154Z, to Assertion _a358a346044190961b477769b68cb2aa
2020-09-22 12:01:41,158 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _a358a346044190961b477769b68cb2aa already contained Conditions, nothing was done
2020-09-22 12:01:41,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-09-22 12:01:41,158 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _a358a346044190961b477769b68cb2aa already contained Conditions, nothing was done
2020-09-22 12:01:41,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-09-22 12:01:41,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://services-sandbox.sheerid.com/Shibboleth/UK as an Audience of the AudienceRestriction
2020-09-22 12:01:41,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _a358a346044190961b477769b68cb2aa
2020-09-22 12:01:41,159 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://services-sandbox.sheerid.com/Shibboleth/UK to existing session 148bead5b2d632df82fd57806ec8a36005c7780c22e7bfc3e3cb26f0cca31ace
2020-09-22 12:01:41,159 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://services-sandbox.sheerid.com/Shibboleth/UK in session 148bead5b2d632df82fd57806ec8a36005c7780c22e7bfc3e3cb26f0cca31ace
2020-09-22 12:01:41,159 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-09-22 12:01:41,159 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://services-sandbox.sheerid.com/Shibboleth/UK and key AAdzZWNyZXQxf8JeHK2k+RccFZLAcvKrDA+bCqWxOhvfxGYKhqGcYDQPef/NUE0KohhWO1HW08udNdgzyldEsvUa7FExd7MZ2/nXG7xQFPGeN+rCLKs4zc6OAPDOmXOeIQx5evVHv/DO/B9L5itb2ATZxXt/HcjOjS4KWCL1Ow==
2020-09-22 12:01:41,159 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-09-22 12:01:41,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-09-22 12:01:41,160 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-09-22 12:01:41,160 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_f9c1cabfb4c6b00885101110edadaf99"
    InResponseTo="_d1f5cbff21eb7869c6789cc5d541d021"
    IssueInstant="2020-09-22T12:01:41.154Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_a358a346044190961b477769b68cb2aa"
        IssueInstant="2020-09-22T12:01:41.154Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxf8JeHK2k+RccFZLAcvKrDA+bCqWxOhvfxGYKhqGcYDQPef/NUE0KohhWO1HW08udNdgzyldEsvUa7FExd7MZ2/nXG7xQFPGeN+rCLKs4zc6OAPDOmXOeIQx5evVHv/DO/B9L5itb2ATZxXt/HcjOjS4KWCL1Ow==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="_d1f5cbff21eb7869c6789cc5d541d021"
                    NotOnOrAfter="2020-09-22T12:06:41.157Z" Recipient="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-09-22T12:01:41.154Z" NotOnOrAfter="2020-09-22T12:06:41.154Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://services-sandbox.sheerid.com/Shibboleth/UK</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-09-22T12:01:40.205Z" SessionIndex="_2e15e9c4799d084d2404bc6b16b8c70f">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-09-22 12:01:41,162 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2020-09-22 12:01:41,162 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2020-09-22 12:01:41,163 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f9c1cabfb4c6b00885101110edadaf99"
2020-09-22 12:01:41,163 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f9c1cabfb4c6b00885101110edadaf99 and Element was [saml2p:Response: null]
2020-09-22 12:01:41,163 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f9c1cabfb4c6b00885101110edadaf99"
2020-09-22 12:01:41,163 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f9c1cabfb4c6b00885101110edadaf99 and Element was [saml2p:Response: null]
2020-09-22 12:01:41,164 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-09-22 12:01:41,164 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;services-sandbox.sheerid.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2020-09-22 12:01:41,164 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-09-22 12:01:41,165 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'cookie:1600776095_cb0c', encoded as 'cookie&#x3a;1600776095_cb0c'
2020-09-22 12:01:41,166 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    ID="_f9c1cabfb4c6b00885101110edadaf99"
    InResponseTo="_d1f5cbff21eb7869c6789cc5d541d021"
    IssueInstant="2020-09-22T12:01:41.154Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_f9c1cabfb4c6b00885101110edadaf99">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>ibV5I2uJ5iMTBDmkq+djEdPPqCS+cckYc+hOdxjjP+M9zbisv/7mAbNbbABHiwLbhHDF2Y45zAm8Jy49rfoW+w==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>jRC2MuvmJQZkUEDK8kryNTJA6+Q/GfI4gcV37d9/brMji5fKkf5Zzj4uekRkpmz8Y0fNbBiQuVXU1Aob/s8ffi/LxrwCMZ96fcdI8rvWgqKXnG2mS9Bvt6SUKRy/cJTcKxMnhCrFzstDVnEhO2+NPwY2xT66HVfz4aHTJ35rEByHaVzaFryfla6mLtSv5U8fWddvIcgCr0b4XijPoEWgz84M/DgtVsnnmACHaNeM+hNmxwrJMPzw1T/FD0CcQM1Ap5PWx5u9qSbvGCWX4C/3VtnFiJ9maRdGXV6CBxZvDcJFL6IjO86uM1rM3xUwHH7hCbomPr1Logn6iWjPE8Japg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_6ec398b1e52a7d74180124ec2b0a0159"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_962021711564633a3b1ab067c401c66a"
                    Recipient="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDaTCCAlGgAwIBAgIJANNSqhQs7XD0MA0GCSqGSIb3DQEBBQUAMC8xLTArBgNVBAMTJGh0dHBz
Oi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTAeFw0xNjA4MDgxNzA4MTFaFw0yNjA4MDYx
NzA4MTFaMC8xLTArBgNVBAMTJGh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZUxCXQ9C05W39KdufUi1bOJ4VRIbGEqA7c
vy3SXvcADhTb4G5LN3mVC+PcviQFDhTd+oNCqwFOinx/kfQRrumSsIHIcN4h50Mw9xSBK6G9dG/j
A9y6BWKVpN8boOhcAmGdR0CQus0qBzKcJZKUBMLjvah1XNCLbE7At7Z8tl4mmFeYdqpLNedr57TG
xBL5dcP7nGEYsTs0xUSA7yR9bbm0HVYAccJoyCmG3L2vHeAeUa2jRFxSWLqBOYzTLqhE9osHabXI
sYQefmmxCdb6OONW1JwFBGvDSAWQT9IWgoS0AjDBDpxyzCKF6xrFkVQ4zh+yoJVqXLc+czmo7JMl
jokCAwEAAaOBhzCBhDBjBgNVHREEXDBagiRodHRwczovL3NlcnZpY2VzLXNhbmRib3guc2hlZXJp
ZC5jb22GMmh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbS9TaGliYm9sZXRoL1VL
MB0GA1UdDgQWBBQXZ3r0gtUr5tZZDwCX8vvufbyOQzANBgkqhkiG9w0BAQUFAAOCAQEAAs80tndG
r5u/k57rCoVuJWqNCBQtzqExuoMTtAICMHvmNCsBioy333vTgJrCm3z6dnlR8BEiyFsD43lOw15M
OnLqK/+QkuKis+8MruMJD2x+cZQgBcXbzHhebdtjMYAd1tGVmHyp6EoQ3+C8xnNORotJmJM3Wp+D
oztlycBFLrZXZW+VBhBEcZnF9wLXCYH4bYegJkk8ClMmlgUu7G9Vlextabe4xNOSBTV8j/CMnmEU
GpQ8vUAotwUO3TkcPEd9dAmzW7Ah4RvMHtLwPUdkNLk4/9zZPSnHdWFlnecZ56ESPTX8mN29Rotb
q3/LSmAnyGz1Q6LEVrHgUn3ud+34yw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>NCxQEsprm6dTcRUoDGH0ZdkXTiO11putqooXHziYjLICj0qyFOc1dwNfAnF85MA/6bfpLHCm/wQRow6QMkrBqjYXia7FSuEcuPNWkkdoDfiXJE4iZSg1c0ZNhZV21T1ZdzfupICqOFxGJ7gr/N3vFAQw35LfGtbdj2G6hM0zrJUHMmGx0gyXWXzpPMnlzWDz0rH8nkdVufQcnDC4Fi7NfGHeXJ9STxH0tpjjceo7xn0x+hXYMTSxybXCHhE/2pB4JKlQK9zFf2teN7hrztBGFbn5Fk7YxwFiHgGKhfBO+j163cGaoMeM7NMlLZ7bj6H8Exar+BvXZQ0htVnSTO8TOQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>P6zUrQGQBRdZ7R25wuekaG3xkSJtrvyxFTBXv1wfXYXsAn428XglSrd8XQ4ZqQrfk/H4SijE7Y/6rNBbI+Vm1FB5AwMcaFWKWE/piEjbORKI4a83TTzMU/jA+hDxwVSM/aHZvW+nzMEpAKeoIY/Qln0jR8x5oUftdvx6xFaxqZPSFX+HvjZg25l/tkk3vjW6/mIPQ2E8hP4yGySGs5TTdLr2FMVukcVX4DSr/rWoXmt+Y5nJiMp5Mue2LxNmpWBUVVTJo+oAPTFyghFK49H6qGjxRa5ZkFmkxGOIwatYDHW8PLIMQc68Qrmy59g8UL01nDDuyDWDiywMQRvCJcQqUq/CRTRC9gLDZKOXF7/tRPqvFtP2aifrkjk+uP8PIvf1EehIJ/dPDwgekzozQ3Twpt6ZLd4RfR1IDqNGVOmuM6eglPRPIYLhb/NRg69VSRc91Smdk4Fcyk6aMtnn8pPYBWOPkcSzyjQJ7Qbin5PieNA0HyVlIdiugnZCU9UU0fSVltb6BRRzw23vr4yQvtFwv+PelG2/bu0y+9pyxzJxVyNVTHruiXRr2wFVbi1K61/PpW8dspaPdMR8IO7YepVjTRu7f+vvYWXCpuyV06F8PNGt0bqUB+YrUwQWxnKr/yo52YPHpdw82ECgmxiLfpdGXYvL9bW0OEYYOADbSkl6OVrOWC+sw26yiYCeAC1VLgZEEwPfNtwBBn2m6B+QnjyX9ExRkqSfZPLXmPId1B8s9XVDkcitmN4wrKlgDt1JqAQhBdIorXFktBTbONefYcxv+oEpo2u4xIrTrGSb6SWn3N0vhqoVTIYJ+iiT4TaNVkY/zvvGOAQI0rEjuyHLKm73it8VRwW1M5m77MSFnMtuTj8Ll94zoLMhcDQscOheZzCzxu942GQiVFu7RAiG3FG+qOzYedphkRiRjAR+31cJV/kb3q7paNeCZ4o88wo+/dlHyvmuOlfhQkUblPnLeZ1X2QzXnc96rSFAXbIfl5v2v7eeu6saTyB+yoKV4W08ssnEpTvE+f4c8Mewpbddo7Q0tUG2ZdqJpX9N7i0mb865HSz/B3KFHoPXi1rdA8AMtQZPuSf8zjoEJwo6V0n1NpbHNv0EqR9DN1Z86qV7mbNOXqa8VJmRTGzJyNayM7ApRlnAA5XJjMKKi1WuhWDfUaiQurTMpfAWcaRTymPdvWBi0Egv48yEO9E7/Jaz/Vo4E6/+wYEihq/DWHCHzFqaH2dl4hK6KZs8vaWK6rUOf6UiOu4bM7sqVSs0e8xLvsZGKCJqblowpelioyfmrhl2aVN9IxuhYiiNvRWLbXmiytxfU4eG3BtPb7WO7MaXNmosInjPy+tAS4BMnXeQc7hTFV5ms7GS5uYRZeWcqNGIBcyy9LJ/yWvzdtFPkjdShzkQkqIXfxKk/58EBsAOwE2i17j+BlUKgGFpjxBkMhQeziDqHc7GN+IYm0TOsgzMbjyg46t++8gAHIY/uPO9m/4+CNBFRO77W1/PSbqWEz0lsXG3yDUSVXDuwld/xrHCphe8pZ5p87dHUd5bC6ReF7CNCQXSQSjLcBgFyk2I5WXIWIJfUhxAbB7PmX8Bfr1h7G2KZkXjlQ9Bfaetk5uYh4j9q7kEH5bl64NiuqPGMFqX4Tu7nOMqPAdpQRuDtrtviLu/4HJCv0Wnwy2+NnuJPqUGhJK4mwB5O3gVkvuporMpiYTpYWeViKfFJTeP2yPbsS5+kdY+Eyo/lwHzFlgIOl4Uayj6GBBwwGSxU0hUbrMJuST0qalh7etCu2ecfP6wP5tuiFrKM0Z/3hf4l8dWCMJfZrWb3RPM5O+F7N/uuyCpka+RkruwBCDQT+5/ZEmT8U1DwZzQ+7B8BDQG/3vdsQ3zkBhepeiwkqv8FMs4xJA+wnVONNvu4e3YcwRW3au7zXupmh3IUJ1uRk4IfKcX7GC19c70OZdvdEsLeLMWD4md+UVJwLjP4kZHWkDvoOxOBsswm68oOaOvNQtf4fDaL4O9o0zLKfE2GZ1ByXd2dQAJZTNnXSnVgKaeFnEcSq2qZLJxi1h6k0Ki2eYk5KbbGX09EWOMEJvtkqYnv4KnCSKSjO328QtrU2cs9jNRdjzSPDrMKdWJklFc+VFcE0SQYlvgM6EZNSYBTXStB8/z4eW7cef3U5enPaUniAJLjUnflPtVu/VxV3fzbAdqNuAln+iKbaxtGlbe7Pcg+72sU2Nm1s3m64i4JJQL3muog/gGg5DW42eSqCWziHX3b4eMH+2ehCj9w2XL584/SDjBc0UNvOf5xWr057Jjv1ocpiKBC5cNgpLAgmfNXD9i5iQew1isnl9ZYt5ESKdHw2pe73T+1e04AEnAZcXzkxXgVkrzRtvs+Zp63nSLVpqablwB27N+iULQDVFDMUsZNTHKXlFi2akwgVOQQRsdZV4ewmm+tTQAhqSI/uUcEFFDCJ5mxpOdLcMXjLUW2+g4tMDKTUei8GBlrUIIFuOPGH50rbkV52/K/4X+g0+T79AYrZ/LlqxSU7tffbtHHNgPtn9xxjmEzC4wUzn7fIdVWWyxivP/vCcFfH0w/NYph9OVeYUMfDvz3tWvca6A6afalE04/Ohic8koifRKhZzBIE5b+7VCnJoc8PLjM5aXrjT5meKw89BBIinnDDKIMX37+lApkWBo72AgTZpiPQzUKv7WhKdpq/cdR+JN74Jgkv1KUJu6EuxE6vqHRYS+85DuGUTHiOjAysbwriIarl67zJltu7XypeBmeIwPLqE1osQXBrU2P9uLVsWzQ8jJatng9rHUbxpPKZ/oJjQn7ehZiLbssRtBjdOiyDmr9A5JwzEbCf21z05CiQy7SjNFLIOrpoWLYrPjnWrEZIb6RS31hmraZ0zJ8sK1Txrl81R2aylYS8AOapSc2ajSwLTMbtrD/fPw3+bbPcpXgoEXsmPozZlA+A38YCJoazLCatMEID2riZIiU80BWK9lXq1Qmm8fHHjTz0EC88MhOFm9zNkgp1TGcBwjCCO3oHG3urvxgP241lD1FGSdtBX3brRH5v9EGwJIdQgBgF18cSfKeEfMEdfui9ByJ2aMB9r+rtWC/RQ1ZxOethWsa8/qYgU/osUjXmEJztd+o33bewKBtrQAt4ZHOCGMXVnC/WbPlxa17UmhftgQTJUvVzi4Sz759h6ChRZcxhz1nXB1StGpDz+TJb8ZD3qjFyt6Deo/nk5kSNlz5bn+ZmSPpEEMp0Pq9Uso0QGB9vn7SyUzwmpDIykVfMTTpPLBhpctwrF4DIvEFf6SoGScIjBC7nt5V/V38quLuHA5a0GP0Dashw/gniPt9Kw3nyh5UycoLtPqT3Xa11yznUBq7FqlRB8Gaos2hY090pRDJjNEf1wq43rLaBXpUudYcweB6rlUXXQOXYlOwGYxxWLSlPA5YUZBZQvJaplomyLRy5HoHTTbK4oCNNEDyLaFgoKfSl9vkYUvE01fiVGkVLswukEvk/4TPvs5G3EDGm8C4o0Gm9bu8/wolWDWj8eln/QvdZwQofvEwMcPk9xmmc/IMyT6ni0BLnlWTF7uJ+oqDjAWGJstVXa/EuHcbWDEjz5UxdH7XIX4DNQ/6JKDwmUN6CMJQbdRILobHXXPEvK/0B08YHDb85ZxXkHjs2P2oDPqaTI/vpQ/ddZeHNPSYoT0VbR0pISg2t6YVdQea90y0O8WSiugeSJAH8M+TY/DzCoc0aAPvFYkaiXN7Jo068c6nQAxD1JHCyCEmDtS1eeR+acFe1J/ff+Oiivwr0tJHbMC08onqPEr0dRlfdlsJvKuI7BYXF/ZvVEcd5fde2hymqocLnjRI9c2sBAhk4/7ea2wim5g4SLOKQtQ1Iey05P5i2PhpV7NNIL8dNkDR2DkTy4Skj/UxWbl6Da85we35xYlG9w66cC2jhS3A4Dq+x17Ai1k3NvwfFz/zAvPlOCFvm9IgJTLqyJMfw4wZw04aDofHWxR8wytItIY203aH/ZYJcHv03qpQx6Kk2IrBxXStNOSPhVOxSnfEoV2oXT/1qwNmv41JwP/Nb1pYU1QZ/CgAvxHVILi1AVpo/FSYcOCEnYKqkHFKV3jwtT4e8dH9IJTtK/uBWV+U2vd1rPbAiqBQxGIqtmTECyh+OELryOqxZ/+RGhrMMmhMhc/g1lPiZIv2bvO1GnNh+eAkvZWfkG7EU5VW29/2LgUybDn7a+tT3AJh/iIdmkQNhxytQhFwNL4i0J0VP+dp7FSct6mqUhGAw0v6W9evDLTUknOpg2bQac05JcIyfh+XNt/jmJI7C2fvjSgHwu920K6q+Ip/TozL3mN2N2Bd2gWGT2hhY5GM9Y2IPAptUMNBEJ8iWUhWrbPb2bAMAUqxyyRmK6fhztBKClHAB2vVIhDOA3JGm2wtZY9rRTxuwS//is+w6jfzyTy2EepEqVVlTmnnjAC7xsaO8+xUFIy1Bu5WJhketfMAhlGTpe9LyaaJve5mZpiq6Xa+Tu6m/5nDcGlGXWwH5juT9yBO0PzX6HKOJwS/6KMBUthtHjLvNE/ky8SAKTyJbcliEhF2b1CxZEwkUwrF4p/HFFk0nBaKKYGmWP1HaWdCZskHJdCcgta0DZNRRjv3xIatTWIXo3t7StW4ZQwbHH998QcZ6RxULcad0aki4PNXro0lKI/KBexRD37goY0FmEcEgLN8N/xSCaHs7z5N9XrWNbbu66aFTHWgZXYFMJTY8/zdJBcmLqgLR1OmSYD0fcPiIMlDXsjsPU6rC+tetveJdBsdzzvo57xpDmg2TY/5YLbXO/ko8acRHSwlR7XH8P3tjxPxTH5IFUWwuDrARyC5C2uigcWSAxNnpsm65mH8q/cl08rqSVwNocb4wGCzPFy+KyvXvZV6w8dgYil6AfiyXBLmAk5GZiZvhZZ8We9MOZVqF8xBZma1NzkcAobCW5JRZvXVwNlH6DRgn8dtUCf04bUgm+S+f9q6pNUmof1xN+B+CPNgt9G83Ztfe4QYVNp5XfibKUcjf5ElZJ1HWOUJIJDJ8kLHnSaVJ1PhAeC7s69Y0mhUEJzy/1Rfp3Pvz040og5sTP4eED0skCjosV9HXYAhvUJ5TcnVxsHYIqyxvN34CrvdU0cG0hV1D6SU6ku30rvbj9dkTG683tPZzk6gIj1ofy/TOIJOjF5+t1zL032VPnKrhasyUQgkg0KRyEbcA8yWpoN5w==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-09-22 12:01:41,166 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-09-22 12:01:41,166 - INFO [Shibboleth-Audit.SSO:?] - 20200922T120141Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_d1f5cbff21eb7869c6789cc5d541d021|https://services-sandbox.sheerid.com/Shibboleth/UK|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_f9c1cabfb4c6b00885101110edadaf99|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxf8JeHK2k+RccFZLAcvKrDA+bCqWxOhvfxGYKhqGcYDQPef/NUE0KohhWO1HW08udNdgzyldEsvUa7FExd7MZ2/nXG7xQFPGeN+rCLKs4zc6OAPDOmXOeIQx5evVHv/DO/B9L5itb2ATZxXt/HcjOjS4KWCL1Ow==|_a358a346044190961b477769b68cb2aa|
2020-09-22 12:01:48,695 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2020-09-22 12:01:48,695 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-09-22 12:01:48,695 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-09-22 12:01:48,695 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8080/saml2/acs"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="a54e5ib1jh9455ei25abgh825eb011g"
    IsPassive="false" IssueInstant="2020-09-22T12:01:47.836Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://hmcts-java.local.kinlycloud.net/saml2/metadata</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#a54e5ib1jh9455ei25abgh825eb011g">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>wa/oLd/B61No1OR//lILrQoLPl8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>U2FAI1B3JSEz8qc5nlli36PXmWcXMz4E97D8Z5Xi2zR0G4FLgJbTqeOWir+xz9E3OHQSxLZ5PwuMy9rDWH6prTqiZmFkcR+/Y7Vy1TrY3TZsWs7jy8gZiG0OJarOuM+EFuocuXN4g1XCAb+SMC+JUSZWOJ3pDyH/kdZNNdF8A7ZWQdfwKdkXiZKGYaFFpIDdF+zm3XMjUjEnqDK0GlLoxzee1stChZG3LtfmXwn+RnmsSOi2TWOLgTI33pI2WgzJa9wSH+65yvCGsNyq9UBezCqtwfY/G3jONCGhzgO0t24kYaN+Tc2MbcLkJ6V0JPfPsq1Qj17+cfU2Qsr6KuU6z2S0fRZ61NDA7+Ahl0bWg/ZlO70GOy3xIuCcalllrXWmd3iMBQUUcUXMnOxK2VF07RLQ61pg0RU/FkruHU+rMoVw7luD0OcaPCnkNyBVNqd9jYQlflY46DRqrRIi55rL7Cmw/Haqt+gDaBiJZeSGHNYSTx9KDMiZwe/kLE5/ejtl89+Gggk0S9gAP4GY0Sr/Iz4fGFVZxb2VLPNZQIToBeWg1JcFuIxxo3hH5Q1vojJyMP+p0IUEIc9iexlixTRnvs0/XPU7HTDBCQ+Os0Tf8+HJreOM9I7XXBUm2K6VXesJg6qisrVTpLgPoMys7dKeJ5lzmr62ARfUNrblqocBSnQ=</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIHIjCCBgqgAwIBAgIRAJ5UTCJzUNPWPnRu7NSfttMwDQYJKoZIhvcNAQELBQAwXzELMAkGA1UE
BhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEOMAwGA1UEChMFR2FuZGkxIDAe
BgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAyMB4XDTE5MDQwMzAwMDAwMFoXDTIwMDQwMzIz
NTk1OVowZzEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMSEwHwYDVQQLExhQb3Np
dGl2ZVNTTCBNdWx0aS1Eb21haW4xHzAdBgNVBAMTFmRldi5oZWFyaW5ncy5obWN0cy5uZXQwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCmyrK6voqy5vjS9n70i7b7Cc+gq5edQnBM7X7d
CPP3KoSe2byqRWSae+f6zZp8InsDGF9SSG+pcM1A3icSegCIldBCf0UR6Zg3HEBhJGYWgyHEeEfK
XioFzV5GvTROBFBCOk77xCC4hY1SEJePb7yvqARn+ia/UnPlQ/0o6fmZkNsZyohPv57fVayn7QSg
Xtrttvc/iO0nA6op37OJ+pFE+Z/7IQA8lsio74N/Xe/sYhsV1B9h8QiAkTtYEL8vqDtmkMvLqpfQ
5FsIxaSJ0ZgESq37zqOT8F3lbSmp1ezSBWhuI0w7hGvPPChEy5tWivSwkdC+DIR39Fk65PFwDOZ0
p0cXV5tCvrotjGVE/nyODFnEuv2McRyoXj1uJ10Dnq3c3L67i5JiTLXho9KjoXF7M7mQfwmXPMtL
CJMRmsSyPvbgf5bmpAt7XQai8k/hXNZ+kDCoFuV1NIXOsfCjYZmWF5yf57i7BRfSdl+VbtT7d+uk
JOB0kQrNZ/t1PIBvNuhYcvTzv9STBqV17KYfX1vuuUVB3FwPmnkfRCjgt2dKGmV8paQviMOtlc85
A0HJ624TEG18bG8a1Vj3EJdrA4Xu3GWmdHOa/mZ1oy3K46kb3P+DaKgXeoNc+TYxDKkmCj1hfcF7
7qHFbavjY9n5jjgzy0/5rT486eHGlIorzc+TSwIDAQABo4ICzzCCAsswHwYDVR0jBBgwFoAUs5Cn
2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYEFHaUsgHRafQ0NKK26a7w9Tz4sByaMA4GA1UdDwEB
/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBLBgNV
HSAERDBCMDYGCysGAQQBsjEBAgIaMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVz
dC5jb20wCAYGZ4EMAQIBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNlcnRydXN0LmNv
bS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0
dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNydDAlBggrBgEFBQcw
AYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTA+BgNVHREENzA1ghZkZXYuaGVhcmluZ3MuaG1j
dHMubmV0ghtqb2luLmRldi5oZWFyaW5ncy5obWN0cy5uZXQwggEFBgorBgEEAdZ5AgQCBIH2BIHz
APEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWnjpD4MAAAEAwBIMEYCIQDr
pYJV5xB5l07zCIoTdn1CfKOxIQIZxN6UXDq3tAUDzwIhANv3UC1vg5z7d1v0pPpCJpbgfCHT+yNw
CZrgbQNAex4WAHYAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFp46Q+MwAABAMA
RzBFAiBVVJLwbePpsh5zhEbwnQXhhszLPm8GIXG2/ePn4k4KBwIhAN5tE5C3aw3QRqtlSFdU6N7o
m3a0A3z3DAxieOzfvWoTMA0GCSqGSIb3DQEBCwUAA4IBAQAF9VsLE/dhmoz46431ip/t/418kvK+
MNfvPF2cy+pEDgWJKYFDZwScKVK0e73xZHL7Q+vmm93P7KB/sj/kfE4TVI+lvMiWlf6nLndBb3cP
AW3MKL9jlifvD4Y+aue0JTAbaiprBaXvBbpEhKlw76qlZvxfqdSavh4+yi9CORlZ+ujA1NMhK6ZF
75Mnv7v7gfLj7pAnJk28//zzzXI2aVxL9Z7mzRL6eOxeI1n6LU2CC9furw7hP+JAHEIbFzQPjuFm
8GQlyE3Mz4g7dJ0a4WKp7nbSMcOE5N16iu/F0ULYEAXz3cifbBKWPzUF6bUh933nr5Y8ljz2dRxo
tr1tamLg</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-09-22 12:01:48,701 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://hmcts-java.local.kinlycloud.net/saml2/metadata' from origin source
2020-09-22 12:01:48,701 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:01:48,701 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:01:48,701 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:01:48,701 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:01:48,701 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-09-22 12:01:48,701 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-09-22 12:01:48,701 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-09-22 12:01:48,701 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://hmcts-java.local.kinlycloud.net/saml2/metadata
2020-09-22 12:01:48,702 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'a54e5ib1jh9455ei25abgh825eb011g', issue instant '2020-09-22T12:01:47.836Z', entityID 'https://hmcts-java.local.kinlycloud.net/saml2/metadata'
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://hmcts-java.local.kinlycloud.net/saml2/metadata, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://hmcts-java.local.kinlycloud.net/saml2/metadata' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:01:48,702 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:01:48,703 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-09-22 12:01:48,703 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-09-22 12:01:48,703 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-09-22 12:01:48,703 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-09-22 12:01:48,703 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  modulus: 680451135424813761334748405304937019664695608867092054099102321783766281462153917907174523746121618928557074662879427759994926628660042185478309129272056284321431858385911393954619526343288339868798154091324008013663207144438508248385398463140675096853639840084599018090471400713612180257948045031829608569889296591596643788610128754237458176344026608073788875112423551812085799661512543730000701385332779937462120063373703566214074502367684580980237077826918501542048470428034512032795989824844453173830337527250374854427191201863382204685144978383764343912092253796364557220980160603652918416623514196147186503871358445231427920265290247050016323412925818815098508960094023805210889067586536829377907576697880859464230581087028622135540713529065193212204069745574986483069456490615082455886338131504728929565600831159430855538279156814068633310211656998790723530442264301427521036191945726190061475234411833876786902969268711186070306812159158488393885130078532737314028446462921539911811231894794523697557229922190668897187001596469329088685000680486564816686084342835400051618494907594595706352116819589816589904991945382929642252234607426412136812843088155260861470647627076698745184844642310282603079089219896376245780181128011
  public exponent: 65537
2020-09-22 12:01:48,703 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-09-22 12:01:48,703 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-09-22 12:01:48,703 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a54e5ib1jh9455ei25abgh825eb011g"
2020-09-22 12:01:48,703 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a54e5ib1jh9455ei25abgh825eb011g and Element was [saml2p:AuthnRequest: null]
2020-09-22 12:01:48,703 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a54e5ib1jh9455ei25abgh825eb011g"
2020-09-22 12:01:48,703 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a54e5ib1jh9455ei25abgh825eb011g and Element was [saml2p:AuthnRequest: null]
2020-09-22 12:01:48,703 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#a54e5ib1jh9455ei25abgh825eb011g"
2020-09-22 12:01:48,703 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-09-22 12:01:48,703 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-09-22 12:01:48,703 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://hmcts-java.local.kinlycloud.net/saml2/metadata
2020-09-22 12:01:48,703 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-09-22 12:01:48,703 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-09-22 12:01:48,704 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-09-22 12:01:48,704 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-09-22 12:01:48,704 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:01:48,704 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-09-22 12:01:48,704 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-09-22 12:01:48,704 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-09-22 12:01:48,704 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-09-22 12:01:48,704 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8080/saml2/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-09-22 12:01:48,704 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-09-22 12:01:48,704 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-09-22 12:01:48,704 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-09-22 12:01:48,704 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-09-22 12:01:48,704 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:01:48,705 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:01:48,705 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-09-22 12:01:48,705 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-09-22 12:01:48,705 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-09-22 12:01:48,705 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-09-22 12:01:48,705 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://hmcts-java.local.kinlycloud.net/saml2/metadata
2020-09-22 12:01:48,705 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-09-22 12:01:48,705 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-09-22 12:01:48,705 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-09-22 12:01:48,705 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-09-22 12:01:48,708 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-09-22 12:01:48,709 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-09-22T12:01:48.709Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-09-22 12:01:48,709 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-09-22 12:01:48,709 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-09-22 12:01:48,709 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 2b729dc8de1bff24d200ef1d5c42917195424df141e41b2974de48fe304ceeaa
2020-09-22 12:01:48,709 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 2b729dc8de1bff24d200ef1d5c42917195424df141e41b2974de48fe304ceeaa to 2020-09-22T13:01:48.709Z
2020-09-22 12:01:48,709 - WARN [net.shibboleth.idp.session.AbstractIdPSession:?] - Client address is 172.31.28.90 but session 2b729dc8de1bff24d200ef1d5c42917195424df141e41b2974de48fe304ceeaa already bound to 172.31.46.7
2020-09-22 12:01:48,710 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-09-22 12:01:48,710 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-09-22 12:01:48,710 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:01:48,710 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-09-22 12:01:48,710 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-09-22 12:01:48,710 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-09-22 12:01:48,710 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-09-22 12:01:48,895 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'hmcts-java.local.kinlycloud.net'
2020-09-22 12:01:48,895 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-09-22 12:01:48,895 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-09-22 12:02:36,583 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-09-22 12:02:36,583 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_7snylfo6ldfzbzbuo83ump3yipqn4447vw5i" IsPassive="false"
            IssueInstant="2020-09-22T12:02:35.947Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_7snylfo6ldfzbzbuo83ump3yipqn4447vw5i">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>Qo28X//gEVK3OH8O5Y117RctqsE=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>SK8wV5+5jgDeaA5xbkpUo/+wEbVE9gWzoT56Wop9x/nK0cCANxN0dE6kxWkY31ooek3zDP5Res2f+YrzezazqHIHx7lJUYFy/b+ngestLl4sJKU9bszQRjyCpqnF4ACIYW4ywUm21ff26uutLaYwLCyzdt8TPxfAjKrce/7pBvY=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2020-09-22 12:02:36,589 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com' from origin source
2020-09-22 12:02:36,589 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:02:36,589 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:02:36,589 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:02:36,589 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:02:36,589 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-09-22 12:02:36,589 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-09-22 12:02:36,589 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-09-22 12:02:36,589 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2020-09-22 12:02:36,590 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-09-22 12:02:36,590 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_7snylfo6ldfzbzbuo83ump3yipqn4447vw5i', issue instant '2020-09-22T12:02:35.947Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:02:36,590 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-09-22 12:02:36,591 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-09-22 12:02:36,591 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-09-22 12:02:36,591 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-09-22 12:02:36,591 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2020-09-22 12:02:36,591 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-09-22 12:02:36,591 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-09-22 12:02:36,591 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7snylfo6ldfzbzbuo83ump3yipqn4447vw5i"
2020-09-22 12:02:36,591 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7snylfo6ldfzbzbuo83ump3yipqn4447vw5i and Element was [saml2p:AuthnRequest: null]
2020-09-22 12:02:36,591 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7snylfo6ldfzbzbuo83ump3yipqn4447vw5i"
2020-09-22 12:02:36,591 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7snylfo6ldfzbzbuo83ump3yipqn4447vw5i and Element was [saml2p:AuthnRequest: null]
2020-09-22 12:02:36,591 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_7snylfo6ldfzbzbuo83ump3yipqn4447vw5i"
2020-09-22 12:02:36,591 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-09-22 12:02:36,591 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-09-22 12:02:36,591 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2020-09-22 12:02:36,591 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-09-22 12:02:36,591 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-09-22 12:02:36,591 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-09-22 12:02:36,591 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-09-22 12:02:36,592 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2020-09-22 12:02:36,592 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2020-09-22 12:02:36,592 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-09-22 12:02:36,592 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-09-22 12:02:36,592 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-09-22 12:02:36,592 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-09-22 12:02:36,592 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-09-22 12:02:36,592 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-09-22 12:02:36,592 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2020-09-22 12:02:36,592 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2020-09-22 12:02:36,592 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-09-22 12:02:36,592 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-09-22 12:02:36,592 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-09-22 12:02:36,592 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-09-22 12:02:36,592 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:02:36,593 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:02:36,593 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-09-22 12:02:36,593 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-09-22 12:02:36,593 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-09-22 12:02:36,593 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-09-22 12:02:36,593 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2020-09-22 12:02:36,593 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-09-22 12:02:36,593 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-09-22 12:02:36,593 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-09-22 12:02:36,593 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-09-22 12:02:36,596 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-09-22 12:02:36,596 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2020-09-22 12:02:36,596 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2020-09-22 12:02:36,597 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-09-22T12:02:36.597Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-09-22 12:02:36,597 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-09-22 12:02:36,597 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-09-22 12:02:36,597 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-09-22 12:02:36,597 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-09-22 12:02:36,598 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-09-22 12:02:36,598 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2020-09-22 12:02:36,598 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-09-22 12:02:36,598 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-09-22 12:02:36,598 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-09-22 12:02:36,598 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-09-22 12:02:36,598 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2020-09-22 12:02:36,598 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-09-22 12:02:36,598 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1777803280::identifier=rick, context=org.apache.velocity.VelocityContext@451ab8fa]
2020-09-22 12:02:36,599 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1777803280::identifier=rick, context=org.apache.velocity.VelocityContext@451ab8fa]
2020-09-22 12:02:36,602 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-09-22 12:02:36,602 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-09-22 12:02:36,602 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-09-22 12:02:36,602 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-09-22 12:02:36,602 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-09-22 12:02:36,602 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-09-22 12:02:36,602 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-09-22 12:02:36,602 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session c9c5167cdf3d97d1d595758ae05b8fddeb9a6cf003a720133d2f0aca4d640d61 for principal rick
2020-09-22 12:02:36,602 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session c9c5167cdf3d97d1d595758ae05b8fddeb9a6cf003a720133d2f0aca4d640d61
2020-09-22 12:02:36,603 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-09-22 12:02:36,604 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-09-22 12:02:36,604 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2020-09-22 12:02:36,604 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-09-22 12:02:36,604 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-09-22 12:02:36,604 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-09-22 12:02:36,604 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-09-22 12:02:36,604 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-09-22 12:02:36,604 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-09-22 12:02:36,604 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-09-22 12:02:36,604 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-09-22 12:02:36,604 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-09-22 12:02:36,605 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-09-22 12:02:36,606 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-09-22 12:02:36,606 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _bbcc35e36fb23b1b7c8d2e2389c33f1d
2020-09-22 12:02:36,606 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _bbcc35e36fb23b1b7c8d2e2389c33f1d to Response _802d544133a991f97870b7bbf81f580c
2020-09-22 12:02:36,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _bbcc35e36fb23b1b7c8d2e2389c33f1d
2020-09-22 12:02:36,607 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-09-22 12:02:36,607 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2020-09-22 12:02:36,607 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-09-22 12:02:36,607 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-09-22 12:02:36,607 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-09-22 12:02:36,607 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-09-22 12:02:36,607 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-09-22 12:02:36,607 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-09-22 12:02:36,607 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-09-22 12:02:36,607 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxgiisPh727VYfn8b1K8Q/2GaPR5FhekdRAJnkWEsA8R7mPBnFUCToT4MxR5sV2ax8FbeuFgbJzFJwuu8UZLkketuk1dnddHCmcyaq01Lee872IuVcTDZ0iC4zANGox/vmkAoLDAMrICxIaJuy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _7snylfo6ldfzbzbuo83ump3yipqn4447vw5i
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-09-22 12:02:36,608 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-09-22 12:02:36,609 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-09-22 12:02:36,609 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _bbcc35e36fb23b1b7c8d2e2389c33f1d
2020-09-22 12:02:36,609 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _bbcc35e36fb23b1b7c8d2e2389c33f1d did not already contain Conditions, one was added
2020-09-22 12:02:36,609 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-09-22 12:02:36,609 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-09-22T12:07:36.604Z, to Assertion _bbcc35e36fb23b1b7c8d2e2389c33f1d
2020-09-22 12:02:36,609 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _bbcc35e36fb23b1b7c8d2e2389c33f1d already contained Conditions, nothing was done
2020-09-22 12:02:36,609 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-09-22 12:02:36,609 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _bbcc35e36fb23b1b7c8d2e2389c33f1d already contained Conditions, nothing was done
2020-09-22 12:02:36,609 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-09-22 12:02:36,609 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2020-09-22 12:02:36,609 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _bbcc35e36fb23b1b7c8d2e2389c33f1d
2020-09-22 12:02:36,610 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _bbcc35e36fb23b1b7c8d2e2389c33f1d did not already contain Advice, one was added
2020-09-22 12:02:36,610 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session c9c5167cdf3d97d1d595758ae05b8fddeb9a6cf003a720133d2f0aca4d640d61
2020-09-22 12:02:36,610 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session c9c5167cdf3d97d1d595758ae05b8fddeb9a6cf003a720133d2f0aca4d640d61
2020-09-22 12:02:36,610 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-09-22 12:02:36,611 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxgiisPh727VYfn8b1K8Q/2GaPR5FhekdRAJnkWEsA8R7mPBnFUCToT4MxR5sV2ax8FbeuFgbJzFJwuu8UZLkketuk1dnddHCmcyaq01Lee872IuVcTDZ0iC4zANGox/vmkAoLDAMrICxIaJuy
2020-09-22 12:02:36,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-09-22 12:02:36,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-09-22 12:02:36,612 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bbcc35e36fb23b1b7c8d2e2389c33f1d"
2020-09-22 12:02:36,612 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bbcc35e36fb23b1b7c8d2e2389c33f1d and Element was [saml2:Assertion: null]
2020-09-22 12:02:36,612 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bbcc35e36fb23b1b7c8d2e2389c33f1d"
2020-09-22 12:02:36,612 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bbcc35e36fb23b1b7c8d2e2389c33f1d and Element was [saml2:Assertion: null]
2020-09-22 12:02:36,636 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_802d544133a991f97870b7bbf81f580c"
    InResponseTo="_7snylfo6ldfzbzbuo83ump3yipqn4447vw5i"
    IssueInstant="2020-09-22T12:02:36.604Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_bbcc35e36fb23b1b7c8d2e2389c33f1d"
        IssueInstant="2020-09-22T12:02:36.604Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_bbcc35e36fb23b1b7c8d2e2389c33f1d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>E44uSfea+A9ZW7pFGXajGRWYT+s0O5nXFqWNSC7a5eE=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>lEzISiL171SHYtQCYiJzy9LLwKhd1SUCm2ZrMBLaooq0Vd/bCcHJ9bJDg/agVUB+vTJtqFKPFvlux3JDT7gjN+JKnmJ7xmDRXZXOPeOlRskcQPV9p0+/XncelR0xLfbNCqY91VRp/0Rs0ThzTmjCTQnQ4t1cUNQcHARa+vUOGmza6BzBHo8V0rT7iT0V8T8PFwDkS2HdVJtZFES3956K6IXFNCK8LNxFaQg0YO8oIEFTL8JPEZEn+LA/Z6mkhfm2xzlz/S+NDXUxJJfgeCmXcSI0HyLbY1M2eAwX3RPhn5ySUS4dXN/VJtOa6Ri/xLPoXXv20uyKYTJlSECcPUfX7w==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxgiisPh727VYfn8b1K8Q/2GaPR5FhekdRAJnkWEsA8R7mPBnFUCToT4MxR5sV2ax8FbeuFgbJzFJwuu8UZLkketuk1dnddHCmcyaq01Lee872IuVcTDZ0iC4zANGox/vmkAoLDAMrICxIaJuy</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_7snylfo6ldfzbzbuo83ump3yipqn4447vw5i"
                    NotOnOrAfter="2020-09-22T12:07:36.608Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-09-22T12:02:36.604Z" NotOnOrAfter="2020-09-22T12:07:36.604Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">Ct36cXFU/KUwhkBpm/zET5X1HZpl9lLPGWPPHcxh95Y=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2020-09-22T12:02:36.602Z" SessionIndex="_2e5e1837ce6674304cd90308749d4585">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-09-22 12:02:36,638 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-09-22 12:02:36,638 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-09-22 12:02:36,639 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_802d544133a991f97870b7bbf81f580c"
2020-09-22 12:02:36,639 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _802d544133a991f97870b7bbf81f580c and Element was [saml2p:Response: null]
2020-09-22 12:02:36,639 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_802d544133a991f97870b7bbf81f580c"
2020-09-22 12:02:36,639 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _802d544133a991f97870b7bbf81f580c and Element was [saml2p:Response: null]
2020-09-22 12:02:36,641 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2020-09-22 12:02:36,642 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">Ct36cXFU/KUwhkBpm/zET5X1HZpl9lLPGWPPHcxh95Y=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_802d544133a991f97870b7bbf81f580c"
            InResponseTo="_7snylfo6ldfzbzbuo83ump3yipqn4447vw5i"
            IssueInstant="2020-09-22T12:02:36.604Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_802d544133a991f97870b7bbf81f580c">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>eVHDLHHHvfudQPeloh4ec22fx3dbqTjNmpFVkqgFcnM=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>I8fzzjklXXJQslP3dgVZSTWK3CqtP+4CZKQP/Tc11CBpq5oqGdf5NkHxbVinj6OT5TD9QqAql2g+jWP3FdCqTSRCGjFA71bPAWiXBuQm3FLtSaEI057DxeweEW50T6HbPeBobBOPFGgi3Q8m6+2pNPxKKeVQ8EPtPHO/uIH13uQJ2Pxth9+5xNg4oUaW9FrlPmzr+VyRfZRrEbH4DoXu0HGeNZxuPCwTR6+8tCEU/Mn0mjGyb2EAjCIF2X69ABtrSX3dofpD3r01Pd/fF0I4Q4vMLGs+VVPmrkAc7SoVOI67evHRt3eoGUVV/qJ+EBx3sV1H6NOg0qxLcr7weMzAkw==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_3f6e1064fdbab2581b8547ca231fd816"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_01efff5a4de6060b3e11fa6dd74fa4b4"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>I4/6XObNONMvB8oUy8lBtmzmYvD+p/HtjSm0+tdr2lL62Mks8I9a000pvEsmj9iKzJ/y+IPh83tEXecGPUDvHWwa88QpkdhvZbfW2sek1MXTekLZSnoQFeKyHEYvIzZpBybOjUjbXaBx98cixLjqgmwRsrttPIRtX7vb5VFMsNE=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>D5DMnXgGk+iRiYs7pn5QQXRxfWl+IDMmeq2CK+egE2VxpMzjg1Ud186NF7lTGA+eneUOy9MVZ5tW7OM1PcgC8rF/6qE+yEPsLRh2BUutZoAAIktgoe5Iu5KAP24tsGqxpHgA+/ceamH99u+PdPS2Z7MGEjb3FsNnQUPJZh24mMUO8tz+GJSkkFqqpnFLC+1HXQxmh2D1bCqzkSvfgqBpos0Rn36bFrkgEpezgxsNOg+utXggVVnaCu2ZYFaxafvJDxA3VjR05E4nMIAegqxgr4Z90R5LogXyRDUONk2CWxlwN8TeyNmahTXjz3t04h+jEmyPOE8Tzs/Ycxw4mIy7e+gTvsKcMGNeKmz1qUOS45o8aOrtXSxjl+NEI5JQmxEQ+/vcxXS/VWIugOi4DNymi4gmxZlD4XS53rnHoTrNiCQQ43sHxmW+SPqfwQTcTPFRuB/kD+0FYUPu+4yXR/KOGd4AX/nzadKRbgy/WcevdGclZNjadI+R0Z/AnYxbaxRZA7DS4m7Zw5rcooxkTYNqU2EtMKLolugE40D1ThYXxe3RitoczsGdFV9G0OlW4XopHs3RPdFf+ihV1yRoGts9xHlfcurYdUiTKzp1tdBUFU3eQV4l7R5D8jhz3giMHHEy29jmWojn61hvieJr4hUd4gpR3imx8eATJn2Bxmw7424scb0bD1Y3mSB+3cn1266Mq5aMnsWBEz4+EGdk0Jvh3OtAjdbJ6+Ko57g0m9iw97qoANCQF6JyDWx8c+RKdh65hwf69+ejApSfxJpTgf+UNZqldRTjUwn8zNOHoM656ZNhpl4OEE/E8oil6I1VW9x2/6pk+jk0OG0VNbP4fOcvEFWQNTd7aG9VVAXmD0vG76dxGAkzGoFkc1EENZQrsWnikTssmXYv7jN8ceoKbjng7wvkJFY9GOV/zzUYFcH4tivAfe2Aa+y0Ir5BFxyP9HAYK9o/AtUQq9dRFWW+kQ1RA/wrV1ter+F8ljc0H2+kajKtTSitdo5jj9JUPyHGk9cVHQtB9ems3i3A0HbUfgI1AS/Z3eRMEZoqU8Il/hvE68JmYDlj18wt88OR8IFHsPGMHM2/pv7sXtWO3vYar4nWrpFtOlfSPe1tNxOElo8zP9sqiRPWqhaPQwcEReceY2rgMXbs1kkTLVEj1YGJu8gATsPWAcSIbkwIRuUIBaeUbOtwUc5tWxmBKE+MIY0t9i5Q445UKxVvcNLJZ2PfXJgk8zkHBaD8g+t7SVMP7yTzIwm1H9qJSu5MibZZ4j3KNulgDAwDdl0Pn9UOqB/nfvX/WpRCMXuMhy2W+jTAZVDrAmaJy9kSDAUxE5ZQDaUwjiEuK+h2CyOfyk6QMOTA51QacoWvIqUKLIz1QRY44KV0nX0axKHBo9wFwyviz8n0W8/op1vSiSmZG56nB/U0zFq01kqWVNuNZyfrJiHNwTxiJLl3ivkwKaDVYh4dyVIlKynWoJGns3buC+dVsp0AHWlWIjY2LF5BxwBwNEvkaXjOUh9AIiGdjpwu3MKcHt8BQ87OjZylc+N3oGioihQg4xRvgfdhiCXlUKE4oAvkc4ZB+Y6s3BQIgjvwEVpDZSJ82lyl5xINTaMtoqXuQjzwrneQxV/XUCvqa6Y7hjtq9NTF3jHr7J6egRS7g1sHpJg8nNAnv74tAR8XXE/bShvfdmRMWF/P1HUbNRYKaGtied81DAR47VuCOLrplDNZUQIySUNNYxOClnCOnu5HuB3lPgIXmuyt6RyMQR/3D5VIkhJ/7xfhBoQfD3jQleGRdUV9+KLDBxlH6H8datJ6S3TxRaZg6TzFvl3rmbJrmf30iEyeRnhNAQe3TWJgzRTxDuaZcBWF+rjZBrszdVwYT7np0kI9/ZElmXPH2ctXrZUDdTO6i4vBunxk3Bi3okassGcboQm20G1kwZ/yp0sLNcmdIQR4bcBMIgS0UhcTAt1V7cHNqtaBifgazjrv+kqN393zfNDADwZhtyyHJcyAKBpaorXFTP4g5CCqxvL6rplpNbaYYnRhqRvjZDmJXjLbPvIymldMbjpl9fmkWddodkvElsZ3fgGvVccJFTxTIS1j1Hx43Qn7R7RHokW+jqq8AduP1wqkqwVJjEF7hjQM2eRyQ4aIcAF6CuP0xqAtutqeV4JygdlCr3RAZJ4NxrTDNcF106JVERZNvEqRwb+WGv1YvyNUbj0f3d59nY2/m9LyxCuRRfutCTZ1qLMPnhJUpXqrU1c8HfyeRT2hm/KXzQGZ1mz4dfXm0cbSacnsCDa7SBLqN1/q++rY6gCiaiSzZFCHF6uHgEcKHuCWDWXTwGMngmwNTlR0l2dK5EK6cpAeAzhllmCH/6R+Ii2zDcxBRe9HNFkdb2Nsd8q9HxDHcHt8RMrXSZxgr2lkTTZG3Efu1qmpTfTmyOTC9SEwTBDjW2qxZnVGlO9rWjBSHrHs2lW71sABuCioIQoDlON4nYjCPl3GOkCW+QtL+XMK8ZYDpS3WzIUpXwVJnf2hGgMeIlHNtcxc/+XGkX4IEqugdNEuRq82GzXi2N9fg29LKBRjCsqH5daG2QHSTYRjQ6RHdBsPbwOitDKg1lCddwXtHpIk5K6g+gpNJDAfhSMDM+37lf4ed2LVDVBJfxMv7XuoZUpCDk/K0odhosg1s5Zw7OJVHOyJ/whf36ll6RZ3Q5jrqe2ojeJvS1XKa8LxLqy7g0x1f3adj+vO/nTeDT0Uyo/y6RdDnK7QQvQZjO0N97nu+UqPmnP0zt8O6dGk2jVJggkfxZPYLuuZo6hKnYlP2eRCKqEzu+ganF3eKPgB+QfJnxxjeQKGT/HEWRvO22D/YOe9oRvsvejQd1UH7r0sQY280oTS+Fga8TC6tjQJtOyLCK25ngIGx6lq+fOlq3lJ/F2wP4uUbL4woKX3dpKQsifHH9+VRiBrm7S9oMKD6yqaPWg7Ua12eq33xlLBiPXFQz6eqfEveC4RdqkAVgs+6l54sziLWD9GYun3xCj8NQ5YZeDh0lQLFWjYa9L3kOI5Z42M2SeCo+EFlEgU/dYQKG0HV6uwMJ3tbm+zVuBiwZPaMvZCE+CQ+fmE2bEkdOYCqjhbH/3l/8OHI4cT6Vxrcx1MYrcwAtKMCqiEJEFhIIdooLOiAYnFC/AjjGvfD+BNC2XgiWWGlT7jeSUfe/rAnWFmVSpIUD7QbZ1ayyBuoQ8kBL73hv8dsdeFEYyNmCrJzU8rK7zmG5urPcbZRUQ7xtPnpGoX3sOHgWvNKhER/SWMidEXLxVzRjX9gYtdLcmCCYxwVGeocU3oWFyKOKVPSyUTCoWZJdvOq6/RXNF17TILaTK0deLt4jSmTr3XPbWPFZ3h6FvKhF1v+lKNEuPlzCV5Fe2R/zKtCmv1LPUL11+ABx6PE/f4jd/MAfLYtoOTZok6Mgva9bjHDNlpgLw5Uf3ppc7lRIvd2aEBDIXyPa7SH65f3By5GrfoQgkI92xjenf2Do6l7hpxUAOo7MVGg4avhSMfkoMjE8lihnDCG7JN0ua0ooaLTSU3INT6zltZlZWLmskPEn/Dvh8IGr3c6BJ5/MVgyu86iVdvcBeBxaUR5blxEzLtxwulRWxwdu88IdRWQmOY4uQW6ncPV57+8C4ox1IRSF68YBN6iK1ZB31yQ4E95F///misosK8TWNPDNp84erVSZL6NC+hg1a46215SrFUyJWgzsANiNqCa7GdaP7Vn3i1FbK6cYOjai6fZ/nTStpr0RgpaLCg0aezxaQGsFboRnMEKR5VtfyWc2w2JtT8PvgyvKvaGi+qkg6DWR94WohM65z/ey7mI1k8uhvgatWvINPBXRTOQzt2lSZm7g0utL+U8bFYSu23vWjT8F6pZjSxRkfcBOuP8ZOquFpfMLmWUATUAHJFxoLSMythtqHRQxTPMIfTfd+e/miFDPbCo80uOifNmBUKCQIlhRrukw5U+MdD1RXwKTuLcEHp+LuM/byTx4Sl9fv1Op2dPv4Wue1ROlN7pJPOv3dYwU+6b7Z7O2qyOyKvUScVaEbkdfi2ASImb1U5uwnZxeDmGD/tTASuj0KhAarUxNNNlbIyFgKWm27/heT0SrSF010Xe/OUBUL7awE0g5wKgvhloWZA6L6UbWaRzAjZzXsrqx6V8wffe9/tu4cIWXyc3ldumNyhwIVr8sSU9E5oodeE7XFVGeYtqXQvAOm1SgntIpMJXgfb6ZP9xd0mG9WhWpA5O5CafsM/6NAcpM6mkjy6dempMGkRPjB7Wy20ulU4CywEgQbV+HLFKOxFgtbs2vgrrLfhdLF7LtgYkclZZFIApKn1DB0GQC9gB41wIOAYf+oeXXWw6BDnXpqZ7jjycfO6zgr3cC3DHiNcxtQp7o9DRqiWQ/NMY6mJaEJSBl1soyy262HlWQfHth7ZdfzATge9ITw8OC+M1KWlrPpFmJO0R5irD5F9LfqFH2+HAs1rocIWM8ZxaOBHGonLmsasfBkg7Yj4KkAEQkkYtNroTRAn5srm935xvxN8UCKe55KRUlq83qEwNK/RzVztKzy9aMvLgOrP5Bm3tyQo/oUrlmEoUnRwAZRwS2zxJ6ggj1ZzDYvtDqMA/Tz1QPaFJIGBqLJhrjOaYjydRogSl7e2KiaJ+4KbFNY72d/JRzzscMyYVh74o4WIN9xK7N3urxjGywWpuOd/EQ4C/kPqqMyYHH7u2DRRerTifZbLirIrDFDEwj5IKbUavaWH4mn4sZu8vgraKiAG4SKZ6QioAOMQme9JhmDpEtqt4qhBm3JiRQ1uONJDrezxSiuc13k85EfnJ2yeCDaSfoGCdy7DC8Tpe+IVZz2/RXIjSQbl8QBEMBDl1z/dulufOwfIewm52p0dk0UXw9tYBmehUQYOALJ/nhGWTznH9vVB2phvFc5qHMiKyIv99w0A/GPW3kSkP0+guCSfj71hjCdQvAbSze7BefvUNriH0RWQZ6g3e3V5/cRqazyOP3BqyNCX/QEFKPHFL16jevqV5pR2WV2jNaqI5cV1f8cIQxy152d2Fnx3w8tCUkdxqXzfW13ML4UWBFJDXbtVNJt+ZoQtP0y7x2Y7Meeo+5AO1yo/Em/LctQF6b5QK5bi6/Nq3URaVN6kyeQYF9C95xhbJjQNpbqvnNojqrtEq2Y86LOBHJGL5AgYxUnArpq1PD2ABIYs+mMe/w6dbWEdlmvZ0mai/Uf7vc6hkj9otRh66tpQ7WF6YePBhIwOGI8Zg6f6Nrpt6tMsVI6ovD58g25W++LNzwKGjbOvmaUYcN+AA3vfamnUOwozmYOI/OfoehnQ+I+9wporu4hW4+3XsQMAc5NOugande9ME5WN8QPGiLXo7XdLVVDgKxu9MQJurRYk173AmzS7Cg6t7XVMdGUx7PApQEDLEB+GTh/uhNVStzVW2DpmSzgZ/stWiMHUK7xkfdrO9kCAdWZGURIMCAr2ifI8ZOGrAQJmz44PLanqVuWZKADp+EggcgQQ7/iOJgRPkojgjo+OjnABpexIv5bZvBfCNFkWzPfB6vNoBAj1AOSU5iVKKlAV5rh7eU3AIelmZrjqbSOlGVxCS+EXLcQGSiUJ55T3P2Ao5HGFaeRCQ1Tm9RV/BylFJdqwqaRNFeMCRRepIbMJKwG58UWnoCgTU/RNbKlB8W77YKp3tMevHLyWBhz93Jois9iKppkUbo2GhzwQtcgMcW69vJhEYNps0oYgX/KVZzw+8FWl99qEs3/TxCMJV3NtOdPmCGus83Ebvs/tIMPtO2VB1v/lzDtegqZb7ioqFWRggWRzVpbhoq+fATb4HJfXB3RQncbTPV+EguETYPDaTtHyIS4qHSZG5VowE2UwNcX8gLQKj9gEaAN0bvBiYaXyytLiQgp+AAzG2VQjdK+xtu8Q650BUcNtoyyhrhNQUfHQnWECUChsWTuog1TrHDOAAyYOacPyfcBfFqY2iP4NYBeuHt4pYqc6z8H8vUDOiJ2i8jvXBa64ucH4eRdAkY4nBhWyORtcSeL+i1/YSWEmd9PZfljE3M1crhlEngiN3PAInYKnsjN74XgpG5pFmTv5lxmcuGZqxu4o4/pfbcm+8KG8zKrTUk4oHmz13Vc+eaxy+7uIMaefoi0Z8zsZbN7jgnpMdJBzdNU+pN7Q/k6D+QNIP7c8bnp8efSexOF6V3QmmMiC8hvEihH4qP6gtKVCwptBjH/CB9kDLzOuij8z+QLWAz68UnpAgXrorgAqZPbp+dLzVU4CUJ34Njyw1wpm1Ym9qC4Hk4LRrKKajOw3wEXKV51DD8b1Og7iYUpdJ76SZ4l/4d+rfA9B2spRv2fmD+QKHsugVxokwesOez74oFdUOznW1ujQwS6bYkpPdMCH7Qwh9atuvrjM/SOFIRXCCtJTxORAYOa62IABarfJ3rv4aGCpuCfxVI2EssJLBNX/ikDqlg868U4tDV4jFzTXlBK0pmfpTwVAnnAorfSLaWAfM26CQHDc1PWW2HtR+jnQ3y9CKFNyMzHcedZ9araMpKVbclTT4fORCWmo4Ft2dIrN6o1EQzAG9dSHmWmnJRN5yee3JNfyZ+cDnk7gcmsUzyqIPfLdFDuBRcFHO7t63mKzJhZBB4aEb+yF+KcmBuwIyOQ8YSW310PRMhzQqFFuzU30inmNPv0FjiS3iwtFwAv3ldVO3YqzyvrZcsz8ramHZkOCRALk1EMkDaWF6YX/ia8NzgAAVcjtBNJ0E2omezuAVhoKQRJMw0ZuPnkS0eqIQDiOrxVau6eOnMJppanCWmloHvRbZtCkwHKuJFIE11JywJGT6rKRMxPVPXmHzLplO4F3jF79Vd+8BAevS+bPD1G9AwkrxlIDjt5U5neKfrkaFWP0FLlIVNFkvWaPviOA3WqR15fgx4VGabwwMF4DuOXnWthZn8UDmsD2la8fiVI1QDrJBqGRxH0jlZaZNPzGWAxPwFDwKFmYHcWdCnnNMANzY+C5U8A1bgPYSYbozEooSThRsn+fazWWlN3Wy6JOkQwyvn3L/AZ1r240qfou0oF8JnD5ElzMMiirKKF16IxYEG2x7OUz8GISOCL7iLGGD2hNGlcjI3sGyEENp8oqR6kF0ZMyktmomKTAa+YLJuJLYBPeGudcA2NiDMwE9LYlI5oZ6bYDafKSWoPQR3CgH+AtQjNJGEY2O3cSdemFGRWPJvgjL7deijkhVXn0y6Fsmfb6BssN1QJSFzsthPemTLlXrjl5td22ozg9MfMZW9Ff5Ba/CoPWrafj648xK1eRjYA8Ke+fedOxKBENM7rMeP9lKpLtkr3iMt6j0JMBT/hYO3XTGvsFa19/cWw/Xif8/hoCJK0IoBNcC3IebHJ1mmn3QIVZLwZz0j/y4Mb6MKBmu1FNSaRzaHkftwjPbfoPBVYoH1uwS/WA3R9GPF/VNg1VDaAccjUOCt7mHs2VUCY3SxTqEJT/qlh+J2q++85y4cbjSqJQu2WS4f+iRoSlwbRw51jfOPnMT8GqtZtFdCQuEIomLX2293T8XE5U7TjEgho84BGJe+mtW3aY7ZNfuT23J85ByXNyaYbgcljH9I6SRsGKGX6j3pTIqgO3eq/9J4z7dPUcrTEPPxW7UZqxnK0r4OdfrMfyiVMMILjjNosjwRjnhY+VFy8xjJ73jHlgAYohOjsTIw1yS3aATpgEX8h+P+56ROOYkOTAyo6im1kzZAOctFEELPllrJRnepU3rqM0EeHhhgqiSROIyTrDekwb2kv3WPZdW6gCPzV/yd0hrM7/WByVnPAXyymfv0mV6kkswtws1UIxxUFpXtuti6FbMGeMJ8O1HFZOc2Vw0XvZLkXl/n37H4VIXoUtlTsE5Iy/h/AqvHKfykwshpFNzyCJYQ7ryCfxE3xmJvdSVHpUkvHKbi7KoErwNh+OvxEhv1yAUsJtKvHsdDWXK/NX1M3Ktir0tLLIfE/eG4/h2UhSFbTRcSLgbbq5mm2t/hUXIuBpkPPQEf63VXYC2wCAXv31CroDv9e2C7ZJ1bYRc4dD2oiTp2JajdQf7RqUNOfNakTbJEmYJzT1yGiBnZOvjDyfz/+AgxMIyp6kHzJLndBt+jdcg7xH3sX5IEXSAKIqACyIUiJ0P+D3GZy3gYC6VuGsVxmZKIYeMxuCjAa+awOlz9/v0G5x7D7VL8UYxUmgR7suaCZmVio842pZpfEiLZpcsgFRWM37A2yjdjfo3zavlcDhIfJpsFZ/SK25IwtAx47WU8Cl0IYjenxQ6pasR2JKIgCXOGWwCiuNNHNz+C4QB08Y0tsNbzWHvCqWLmge3UMt0rovTxeKwJOYWhdj4uPXee2dCY+6yx7K6aJc2rluA6laQhF6FVYNne6toma1z/95Vi4+XzADKb7UhsuTxJRQPGU401nh8pCz0t8KN6FHgU6HPiKFj2nYw6uFlicW2x5HTwuAZ9qr/DW1v1OM/6XCiwJWIY00VuSdukjgGhI8najE4/EHJK83TY0xJjvoDslvu9AE5nPoEJ4crGdTL+sJb2CVzV/DBNRVUu6j70b2uGo8h1IGQHgh4/Te+rN4mivGLo6mEdOm79Otu1Kw1kqHhnsxQx/0EKzZU0KKoON/jiwzhBC945eYHA3UnjJpiMueDitHEt+XYA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2020-09-22 12:02:36,642 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-09-22 12:02:36,642 - INFO [Shibboleth-Audit.SSO:?] - 20200922T120236Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_7snylfo6ldfzbzbuo83ump3yipqn4447vw5i|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_802d544133a991f97870b7bbf81f580c|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxgiisPh727VYfn8b1K8Q/2GaPR5FhekdRAJnkWEsA8R7mPBnFUCToT4MxR5sV2ax8FbeuFgbJzFJwuu8UZLkketuk1dnddHCmcyaq01Lee872IuVcTDZ0iC4zANGox/vmkAoLDAMrICxIaJuy|_bbcc35e36fb23b1b7c8d2e2389c33f1d|
2020-09-22 12:02:38,320 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-09-22 12:02:38,321 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4" IsPassive="false"
            IssueInstant="2020-09-22T12:02:37.684Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>F+KxDrC8BWr3VwH/0/HT+iJ9V4w=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>K8VHyrLONOSeOQeNt/pe1LENroxPudhK6BEzl6cAIuWpq+YvZ1K4WsVIvLd94DtWFJKcA4SmEIumXtGy//wcWPrv76qD3FVH53cwZQsqNCpWSU23vujvkmZ8qrlZrPASI1XY/M9z2ZyEgkwZzI95o9qMJDMJORc7CO7PCJ7zKbY=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2020-09-22 12:02:38,321 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:02:38,321 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:02:38,321 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:02:38,321 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:02:38,321 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-09-22 12:02:38,322 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-09-22 12:02:38,322 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-09-22 12:02:38,322 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2020-09-22 12:02:38,322 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-09-22 12:02:38,322 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-09-22 12:02:38,322 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-09-22 12:02:38,322 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-09-22 12:02:38,322 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-09-22 12:02:38,322 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4', issue instant '2020-09-22T12:02:37.684Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-09-22 12:02:38,323 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-09-22 12:02:38,323 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-09-22 12:02:38,323 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-09-22 12:02:38,323 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2020-09-22 12:02:38,323 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-09-22 12:02:38,323 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-09-22 12:02:38,323 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4"
2020-09-22 12:02:38,323 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4 and Element was [saml2p:AuthnRequest: null]
2020-09-22 12:02:38,323 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4"
2020-09-22 12:02:38,323 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4 and Element was [saml2p:AuthnRequest: null]
2020-09-22 12:02:38,323 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4"
2020-09-22 12:02:38,323 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-09-22 12:02:38,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-09-22 12:02:38,324 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-09-22 12:02:38,324 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-09-22 12:02:38,324 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2020-09-22 12:02:38,324 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2020-09-22 12:02:38,324 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-09-22 12:02:38,324 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-09-22 12:02:38,324 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-09-22 12:02:38,324 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-09-22 12:02:38,324 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-09-22 12:02:38,324 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-09-22 12:02:38,324 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2020-09-22 12:02:38,324 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2020-09-22 12:02:38,324 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-09-22 12:02:38,324 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-09-22 12:02:38,324 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-09-22 12:02:38,324 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-09-22 12:02:38,324 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:02:38,325 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:02:38,325 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-09-22 12:02:38,325 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-09-22 12:02:38,325 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-09-22 12:02:38,325 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-09-22 12:02:38,325 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2020-09-22 12:02:38,325 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-09-22 12:02:38,325 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-09-22 12:02:38,325 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-09-22 12:02:38,325 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-09-22 12:02:38,326 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-09-22 12:02:38,326 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2020-09-22 12:02:38,326 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2020-09-22 12:02:38,327 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-09-22T12:02:38.327Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-09-22 12:02:38,327 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-09-22 12:02:38,333 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-09-22 12:02:38,334 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-09-22 12:02:38,334 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-09-22 12:02:38,334 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-09-22 12:02:38,334 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2020-09-22 12:02:38,334 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-09-22 12:02:38,334 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-09-22 12:02:38,334 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-09-22 12:02:38,334 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-09-22 12:02:38,334 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2020-09-22 12:02:38,334 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-09-22 12:02:38,334 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1980711114::identifier=rick, context=org.apache.velocity.VelocityContext@53e0061f]
2020-09-22 12:02:38,336 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1980711114::identifier=rick, context=org.apache.velocity.VelocityContext@53e0061f]
2020-09-22 12:02:38,337 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-09-22 12:02:38,337 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-09-22 12:02:38,337 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-09-22 12:02:38,338 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-09-22 12:02:38,338 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-09-22 12:02:38,338 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-09-22 12:02:38,338 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-09-22 12:02:38,338 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 4298394c6578f0ea1f16f4beb0f7fdcdc38eeab263e7fea4c0506d80782ba600 for principal rick
2020-09-22 12:02:38,338 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 4298394c6578f0ea1f16f4beb0f7fdcdc38eeab263e7fea4c0506d80782ba600
2020-09-22 12:02:38,339 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-09-22 12:02:38,339 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-09-22 12:02:38,339 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2020-09-22 12:02:38,339 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-09-22 12:02:38,339 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-09-22 12:02:38,339 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-09-22 12:02:38,339 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-09-22 12:02:38,339 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-09-22 12:02:38,339 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-09-22 12:02:38,339 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-09-22 12:02:38,339 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-09-22 12:02:38,340 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-09-22 12:02:38,341 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-09-22 12:02:38,342 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-09-22 12:02:38,342 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _386a2a08e7b7dcd0e0e1526054c6037e
2020-09-22 12:02:38,342 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _386a2a08e7b7dcd0e0e1526054c6037e to Response _92bd8ca74d2d035b90d547500d06e657
2020-09-22 12:02:38,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _386a2a08e7b7dcd0e0e1526054c6037e
2020-09-22 12:02:38,343 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-09-22 12:02:38,343 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2020-09-22 12:02:38,343 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-09-22 12:02:38,343 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-09-22 12:02:38,343 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-09-22 12:02:38,343 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-09-22 12:02:38,343 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-09-22 12:02:38,343 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-09-22 12:02:38,343 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-09-22 12:02:38,343 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxDbVFat26L1aXI95Qy0yhWckCSHHYMQcFysyA5fMqcK8lgRK7b39fPkk28mRyjylqGlDxtcJZBZ9niugPClD6YOVB0y1P4nvAI+01gI2oQsv+6vkkjZjneKM2egHhdi9LKXVm0JaVIgkFyqti with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-09-22 12:02:38,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-09-22 12:02:38,345 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-09-22 12:02:38,345 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _386a2a08e7b7dcd0e0e1526054c6037e
2020-09-22 12:02:38,345 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _386a2a08e7b7dcd0e0e1526054c6037e did not already contain Conditions, one was added
2020-09-22 12:02:38,345 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-09-22 12:02:38,345 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-09-22T12:07:38.340Z, to Assertion _386a2a08e7b7dcd0e0e1526054c6037e
2020-09-22 12:02:38,345 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _386a2a08e7b7dcd0e0e1526054c6037e already contained Conditions, nothing was done
2020-09-22 12:02:38,345 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-09-22 12:02:38,345 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _386a2a08e7b7dcd0e0e1526054c6037e already contained Conditions, nothing was done
2020-09-22 12:02:38,345 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-09-22 12:02:38,345 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2020-09-22 12:02:38,345 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _386a2a08e7b7dcd0e0e1526054c6037e
2020-09-22 12:02:38,346 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _386a2a08e7b7dcd0e0e1526054c6037e did not already contain Advice, one was added
2020-09-22 12:02:38,347 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 4298394c6578f0ea1f16f4beb0f7fdcdc38eeab263e7fea4c0506d80782ba600
2020-09-22 12:02:38,347 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 4298394c6578f0ea1f16f4beb0f7fdcdc38eeab263e7fea4c0506d80782ba600
2020-09-22 12:02:38,347 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-09-22 12:02:38,347 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxDbVFat26L1aXI95Qy0yhWckCSHHYMQcFysyA5fMqcK8lgRK7b39fPkk28mRyjylqGlDxtcJZBZ9niugPClD6YOVB0y1P4nvAI+01gI2oQsv+6vkkjZjneKM2egHhdi9LKXVm0JaVIgkFyqti
2020-09-22 12:02:38,347 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-09-22 12:02:38,347 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-09-22 12:02:38,348 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_386a2a08e7b7dcd0e0e1526054c6037e"
2020-09-22 12:02:38,348 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _386a2a08e7b7dcd0e0e1526054c6037e and Element was [saml2:Assertion: null]
2020-09-22 12:02:38,348 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_386a2a08e7b7dcd0e0e1526054c6037e"
2020-09-22 12:02:38,348 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _386a2a08e7b7dcd0e0e1526054c6037e and Element was [saml2:Assertion: null]
2020-09-22 12:02:38,350 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_92bd8ca74d2d035b90d547500d06e657"
    InResponseTo="_7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4"
    IssueInstant="2020-09-22T12:02:38.340Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_386a2a08e7b7dcd0e0e1526054c6037e"
        IssueInstant="2020-09-22T12:02:38.340Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_386a2a08e7b7dcd0e0e1526054c6037e">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>56tRkY1lXBrjgCMyFC8Rt45oOxo2GeEOpsUxOyDLb4I=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Z3bVrIOE55eNQnua5nSd1p9mb9WvkYxAFng71J/SnAU6du67mh7JITrgIK88QTmtiTYydECXdsg23CHJoMSUwoXgeWWOqma/LGTLoARL88m/gZ2nJ7axVW2HLXCtgYLUGJcHKNoiioVQXlPgdRuak1GN3+WuaZ8fM3J8Ko6koP7t28RPO6HXodAqbaViXl9kUDmvVhUnZKLikMUWRgrdQgWMb30B3X+FSaxmONw4voAfqFaAOlPvpsfNgWrvpv+uarlDcqjhtlC4QiBR+pMxaqv0GkiNyeti2H4u0JYryUOxy1uDNgIDikoUvV1M+NQLZpYHXnjR/eL3Av/4RG1DOA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxDbVFat26L1aXI95Qy0yhWckCSHHYMQcFysyA5fMqcK8lgRK7b39fPkk28mRyjylqGlDxtcJZBZ9niugPClD6YOVB0y1P4nvAI+01gI2oQsv+6vkkjZjneKM2egHhdi9LKXVm0JaVIgkFyqti</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4"
                    NotOnOrAfter="2020-09-22T12:07:38.344Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-09-22T12:02:38.340Z" NotOnOrAfter="2020-09-22T12:07:38.340Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">HNH6Px1t8V6u0TwCFVLt3LJBeovNJUKJnXVFIYclNow=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2020-09-22T12:02:38.337Z" SessionIndex="_0a1052dee3b92d15f32a5b589d89ff59">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-09-22 12:02:38,352 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-09-22 12:02:38,352 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-09-22 12:02:38,352 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_92bd8ca74d2d035b90d547500d06e657"
2020-09-22 12:02:38,352 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _92bd8ca74d2d035b90d547500d06e657 and Element was [saml2p:Response: null]
2020-09-22 12:02:38,352 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_92bd8ca74d2d035b90d547500d06e657"
2020-09-22 12:02:38,352 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _92bd8ca74d2d035b90d547500d06e657 and Element was [saml2p:Response: null]
2020-09-22 12:02:38,354 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2020-09-22 12:02:38,355 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">HNH6Px1t8V6u0TwCFVLt3LJBeovNJUKJnXVFIYclNow=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_92bd8ca74d2d035b90d547500d06e657"
            InResponseTo="_7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4"
            IssueInstant="2020-09-22T12:02:38.340Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_92bd8ca74d2d035b90d547500d06e657">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>Z+mdOq9XQJe4X2MkUHQ9gdM+wZx3I0Njz71Hl8rN5wE=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>P3LLUEt3MwGapwAY7h0NVGCifj+z1xHilkiQpxEA/wuHuONAp4ZZi2sGJAgI4PPq40IOFGesQYPbOzX8S9+z5+/KH1ERWNuZ+fIhyRFGppzvi2y1wTj4Hn0lQEvPTinY8eVRrkGqAodN2qgeMtpBAUXBDl0t+2g6ssCBhUfpDQzEbJHmN2tURfeF2RaY1hMc7hNBarJ4uQpOoKKNREciQwtdKBZQg9COFDfaCnMrrxXVavSl3LNc/pledwLDlqKHim1m5KxJt2+hb3MxnaQf6jZqu3U//QINx67+lzFSDakT/isWzmb40FFveFnZTWrKvVzWp4KsmicMHgciWui92Q==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_f3ff314c1c8ee893c3ef66f82e3475d0"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_fbabd7317a8c375abcf14704bc0036f1"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>pK1kJ3sC/GWz6UVZ3Gfu3Iw7anhLjmcugTYgbPTp1v3t9BbdJax87hsYy6mafxBMcDVzsPn6fREaNroIiZIErsrWrJjQlfoeDINK/XOa9+FAGpYsKHH6WIm+jPbR0IUnrFHjbnn6kzbHoZKU/4qssxnIpPEI8Lccv1jJi1pZJ8w=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>2CPIR3InDn1tWkjXTSJ7+cCn4q4SkHxr9KRocGxBLK5FlM411Sfx+AjIjy8itqRnNpMfymyBS7eROcEMzsL3zfmm/c9xgoZlvK8B1T3zM5fnOFZWfdmZWpsWIE68nHkpNMMVSzXt+6nTsMzeqTjemAYR4k6B8RlcQSIVXRCbghBgYNyqaHDqpMtsM1/Xsw7E7EGMboBJvh4qIokq6hLkiBEsaX/W85bXnusQkxoftTonra70+yRfdlaewjqzWzHkkMxrMic7hJl2ffcdui/xDP40E4VuZSDgfmikFVIktyECFRWzTekup3vg8OuSdKkJi7V/tAv7dsUJcg9XLEbck4ScJIvPZ6oDM0GEiR13EK1PcJgzpOLt6Q4XUK2g56bARJQeH1bC3D4L74X4upW1cfg6xBHXWD56jo6sNxHZwjt//4ILykUMzdCZlDEY3LeOiK8bRsv5l0xNZuM53NFexDxj5ycuXRaTr6vJmJhnfr2J4RHiJAKXJVyhOBtjC4LihkvgcyAExnHZ6TZv1KKvJ44JVQh7FRYIRPcN/zX+XJcoKzRbxR3eL5wrC0GxoaU3P19N1L0gDJ659v+XBtznVJaQC0gKEM1w/DjaeDiQsTS6YWHKvc0+kZlNLp6ncmYFN4Vc5fyS107XDi3jHiE+N7KpjX2YH1lmJqcZhrOUI2+xjEaesJzk9Brf7NPySdZKrxidYmm5YJPo5F3IMCsU7vzQ7TfzDB3ii3/Vp0I+6EDtYvcutZvAYMP9GhO/5sy5J41Qbshb76lybuQWsaooTXEFvKDxnejPVqvdcpWIulVSqH863vV3UyaA/7ljEaZHdE2von9NHf0HM34Gv0qUQrzHEmq2w1u+Jk7LdQmSVzETHnfFE+ixVq3vPEDxLIwkzUE8cPHy8nLUL6YEFsc/PRfZYIQaE/yS21QsbBoZw1J386W7vF4rIdHNyFLJunJPEEGtASwjyQ0kAB8uYYevhh4QB72sqXLP1XVek0Uq7dY16KZdiuk70sw5pAqmQBVa6bXgIIN1jtN0nu9i7uT3hHFq6Ijx8dODi3eRARpXpq4qnjn0ghsU4urD65Zx/6REg29yrqx1xEUTjWXexyqKi/XKL7+Ux5Uu5XAHzo9mTnA078sDEg5rqJkExCxS7+tPLhKiRWwLTG5/jl6gJM951K7PMCyHuUjv0g8Sbw+Na8xpbkYKi/roxyuhJgJ6wTMS2JB0dSw1CSmz2OdwtyjYZysHTEIZh3yLyM6/TZIA9RoWSO230SQbZjv0dfyJXRXnuGTwnRTxq2vGu40lEbBaHQomd1uHZoMfcTuHru+UU96kPSYcZxIZDYR+9P/4e2J5e+xGCZqT7x/H3GsZDEar0xRFn6ksf1ShRoleYkwG9GOrWHGXK6mmG9j/JkWQVqYhhcNvqq5rxhaVLX7e3i862XuAyd6Os1j1pdKB222GaZUp+Fg3WF6vTGksv4KHBvIwKLCE2/CCiuCYqu0XGpdCy3wc4KcCQSN5wYoUk9IKb2l10ur/dOMtf1NJajMzGQTkXuwDDYCbk3pQoiwbdAHBsdnsAsep+uQvtCrCc2kXUAaypDKaQgTWzIintw8tieUbzY4UCc2ZpsonGmuSPBye6lxHJYPzBsvhUHJL4x0jSU/Y7EqiZ3QAnwvo3APW5blNmLks7jNKVrfEwjGSzOn8p5f6oPrVpNqrY47T/fkv8cqouS8z2ZcrJklhUk5BSDkxFeMrpfD9SHj5DeUWvc52fkzLwDnw2kRYsng4PixUNmoSO8X1O7ufXu1y/sG9CCCTN+e9NQOeQcOKXCSRGkYTp2vxljN6IHybzJ8n6qqF3g5KYdeJsbWEkgS0sNCdpo8NrxjSp5EY7Wbtc4YRYKqIMzYfEpTcesWO8IxJh1j30h2mXNByMj0oAFK/v/sSOSguaA/nDgyAXCr9LzsyJirGdVWLcdNJW5/46viEm/Z1rzMwZK/giT06j0NSYAJIwIcTbelEAa2HSkDMF7xyUOEx0TUrxPAY/wAzK3wt5dF7KEFEnkHq8FlAxdeiplEU043Zt49eZ01BqZS7nsO84cs748AtYFD7onq6BPY4zI/aB5u9Rkwt9NvcZEEhSGa2Ha8AEwa5RsSPY01BpocXDFK+dhR8+Yx4Y14VoQS/N/KhjeAL9/0zMTrh2/Usw5ATkNQ73BYzQMoBq63lrA/MZoX/qp48RxADY1JnXyTHHIqkV2/F2VAAD0Tv+e6cGBewHCwIqxgLtc+HflrBDK/2Iue2FZPq4qP+puLXzunBvS2Yt9udRCVGhvD5eBr2fe915WkCNPbhrEiHuFxCBE4lzuC5SHQYXRTlemrh0xeM48moGTC6u0/ccV+3wf7pWkpb5Tcm1zGusXtrRVDhK0QoUOtPYGeVmgyM5BXew4p7nWS/vecZ3NFXmH9nRqhzElHsfHW8HSxvesDd5dneHjTLtTLHdEqKNNYmg478kl9Sad6J0D5GASg+m8TbjF61tYp0OqkD5kC5YpBOaoPz3EG0OSnf78CVRT7dp6yEvlGvk8dbu/SBBhtnx13yoot0L9L5A1Vq3AA7DmTij7/Yi+zKnT06iG6At7iDTtF0Kx6VvUBRxkP+/4lQWMJdysZgN64MToWiEIKDXjkuyra270CWOj/o90zfbQ/L/RXb5iJtpIs6cMZambdd6f2sXxNLZzUNeVl9GXA/A4iJ7VhLSq1J0f49XeyoaxRmk4BTdgg8ORTxzfyMW4t4JWCzf9r/GDLBvzEyyAqpS4jb3S4DGisZNk1t3RINM0u+kYlAC3CEfsYMDBmeR3f4cEBZyIF8U5HqZyzI+SFe2NjcNLSz1XvscwOqUAd40vausx4UF5/vOJg86vCjA8YXtHZ79nJQrhN+7Mb2cO9Akeib2Ffq/WXffkZJxCt82OkXrpRFuXlprdnILCQV1ORojsg3tJZLYu0te5nDaF3vHL2WV2HpuNaPY591uLDNE17/eTY4Q6F7E+hlaGOFOwpALbo9APuJTs9EvaE1wQ6UsBw5qIa/hanccaIqYxt9nLBpHaSwUoa3/n9Sz3Oagr76GQaBzxwSsvDQbhCiD1AJGSWV827nDnvJ8qkOkMzi3cM3C6SPSZe8vZflIG29Hsz2P2Mi2Mzwip9s/8c0gYBLzcrnSL5kxzQKN4oySMlPBUDhzh38FWMzWfgK3zQnmJ89J/2eyf7ESAd7crB/DPN7JpPY9/g4REptw3Pwo0Gkmz9Hx1ohgqRVlpVYSFcSdCgEz83J0dwAbzXIZLLddOEAn/yprFc8feNdkzFgviZc5mGiZfniNJ6TX7VyyAqAm74vbxDUYVGo9j/74G/igdKelKNwq97ljJ3Fr4B3/BGSmW1HKnjPAgY6MJWtmP9e50LUohnwv3QnERW8uFwlCF9UW9M2zxQ9MDuZz3dxK6/QEs80H224ahyjdk2A50DNjRzp7AeQb90QiS7eYP1TAcMqg1B2zI1XAaIdui01+EiCO0q1ShMsomQu0I5rW2B+PQhTCz0xG+/NIB95AiRXDYuD2v1ZeJTBuyv02MDZcV2FgbUnSDZCVWgaTVWfZt0boBy8Tyns58d8XK9ppKYnlobRjsi0119bNVUM7Qf0DetzDyJ7eYyqX5eaoOGsFNNOx6QhB3r5xiveVmg0KzdOvdHuznnH+xTTcPmXyubWe5yNZTI1CWsr8302QtPpr5btMSTdB0R7ga06iLKakbDTFXxsP9RMi1YJK0tdNhUjxd9rABUTJpafkJVYRInFnQRhT9/aVRC6qnIy0PdBRpmAzJkeFCYyQqJZGQOZuPLWnhswbqEZr9SwOcoUAWpdAQYZpYcT94uuT/x7MZ9nZNH++eAdYLcr5GzIycBZOuxXx+195bzk9v/RV5A3ZUeYZuRLhe70ECGfSKWgRhtZ/Gq4aBdNe+v8R2qVG9jUAl6vM1CHaMvY+8XkUZAqWWswKIfcGAauaM2zdWb8nzTF2gulVlATgC+u6vOBti+cSj3hQb4AK0rGo/AxURtL9QhhO43yCe/35z700W06Oo51Ii27NWTGWLnyAdKAbkBCL30Y+KrlA/3UTRpngg8btDOoWL+YeYq5me3s4kOUcyk5QM1Je6Bo3sxKwB3BC103/USE/z/dpFQEAy+xlSVNMjWYH2hxpggYfQMLtwv8pSHDeF8LDGUGS4Xa6sPoF4TsmpfL4qJs/xcZCGVcI7k1nPCbozZL+qtPEjmvnSBQLLi1zZlXgHkG3shuUVrX66gVJr0U5NdE2LADy8SrOb0rRa+LJ4FAE7aae1qsb1Xruc/OYJOlFinoe2deGn8t1oHDhRuOYktW/xXYW6pma8k+jr48Xy2Zm1CGOI+IihwSfztcME2iA0NqJmiJdYtY74bNUV7aGuHj4gv8yQC+KtnBFgu+yKGpZPYqpV/nwSFKbO+rwcTIzKkMjrIJcklhQoTTLBJdZ5UGxqFE/PC7BkhGm1uE/G+3SjxkNJxaCsT0Y4i+Kk5wJsxg5xMaWcky2hvUYgBjR0gFQg3J6mA2Pdcy8FIEDTgPxW8WJtvXwVr6Q7JbN3BVM1gj/idSeH+WrXPK2Q3Fls8aN/9Uw5xOLVGnhHQynZUDMelZiDpE68z+dvcc66EO5pN26JCvDBjixJ5lITzjqt46KRFotOvSLE6R8tdNnVu6nC6JSrrDAW07IV9LYkq49neiwRhepnKw48LW+lrSV3eHib0hEy1SoRg7vDhOCJx5hZ1eV99CAEUfg+RD3gh7qVum9iMa3Ja0Z7M1xRkgePgKhcnPfEm2ZAIEhRMJOtX9RjLb4ZRjSHMK+osxWP7fsTSy493s1aGibJ/l788AE0LMNyxlG6Wp6+44SsWMpk9bGfQ0880kWasmkR5yhScbtMFqXMjd+YR8sR7fx0C+CEFzl9YQTcXdJHFNRMeU8Ylaq/Gd3tNqg/2L0heon3ADfOiMpvUTwrCzDF0dTzAHluLl7fOYgwTZRw5MXjRlnkgQWVtI1StS0NUyL4C9BwnY8yDkoQVRT13n8Wdzr24uLDpOCkty4r/ftJXrGtIKI2l42sPUbygRRVZJqPp5kBgQXwm3FeZcssbT/82eovKnB/35BwlYRzerPINicuh/kjGgon5D3lQIO5GuF5UWqzTnyMliXesG0+9osLlbwZ6BiUXdWHWcQcS5yuPtkwpQ5lAWo82pHQ2jUao7npDk3ey8SzS9bw+tmUh5R56aYb4AQbKTV9EB7mdRYjmrs4LWYXax3ZQhliEmqiPXogXxlRg3/qHfZfKoAI99fVOS+eQyKjH1strJxngwW14nMZZMMUgWst5GrMhnPY8FPnVBDFdY/pVoTfBaRMybKZTJJMKyVlOgcHnFPKdrqgq1r7rdpZIRaOJtKDxZd2/soEk/9Y7vV9Zd4uM7wupoak+6gllv3oK7cKgJBsIYyfh+/tXZF10TeFbSn8Q9XtexNkNZ5q6UY3i/9mfNL0YYQ9UdYTaYtH1/0QY7fDG6l/GfByUeOXevrpb9/ziiVFm+h+iS/I89eRZCKTsJi7GZy7jsiDBpNstvMe8Oa2elDnhWifx9tNOId9Q/F/96AVsuUoYM4S2+ZsdDqbl7qyvwgKISl/xc1muEUh9Zn/t2R6mA9rJPlXVTSR1N4FO9v0Z16IekLWfPBdX1YLTN/rJnSeuQJooC+vwhb5sLVlyXgvEnDFipxKWX48wbEyhjbz3EdTEY3C9wWweLo6OCYQbfRiLWpZhcGu6WfbIPeOmuDdC7tHfg3hd9qi5rv+/udI4DGYSa+nnxb61i4JpilXfE+hygd/7QVNYbes/DWKpuDigmesOa1UWKIAsUyjU9DfaRwlYxUkOnHuvhxxDGEqXgTzkkbECgE4YF+I5TqTHOugOBut3aLlriSoHE5RBcQn5sX5FRLL4nMUe0S0y0NPJObYWpYs40ckqBqYDWPqWov8yHokVQG9vrjaP1ZJCB1Cli//UvxmAs/qGTJJ/rF1lRigcrp0kfEdGAkJPwVXmGNt4JSpuXjKTLjx1hp12s9WNZw2aNDgCTbZ9mHVukW5TZBtsyLYzPCmUlZjFdMm978h4Km9reoYhRJtmFXM+xxz1lSPNWlF295cQagLDk38oA3hmGfnk7tVoD7SQicknNNvewXYkQ8NfaqZ2ROkWJ43MclM3KLaR8O3E3en6lDqCKhYpKyNwvPoJwH2ZU9z2ecuheumN/irOBIlsAZppOQGK2f8to2vv9n1OFmOLMICAQIFRzvhS5yeisssakUaU4H2BcCNW814kELbKlBTwBYF4fzkFt+FjR4YJ8Hu9NHxPkbJnUEMLQnP1ph/Ip6veNGtkJepwzYvsT6dZ+YSXgDzdvE92CkaCK7LdJ3v+P9AW77IOcw+mln9tcsK1Io5QQSMaP7wHjY67dWMhMkONFf7Ka5fLRcGPI6inoOSjDNKsLcqRRTGiHUJZllQAXmrIAldm9VedX4PQ/H7LggtnRXkXu+i12N51wQwM1fOM2fU5QqaxM9OBwAGHi10S+VlArnJjpqAVYk5nGCvNu2lIb4kbItZnK+DQqzFraWdZdc9CT+CJSVEnqaHwnmIANJHoAOxoH87aDfW1fdH82uSaMxDy0IV+gJL4A89fihbeThsZn3/bhdpiujpy4nUtdYP9Arwvud+C60XLdJpk5KcTOZmIoGYLkrRV8EJYCtEX+r3zg8O6ztHPM2ivDpa8Q9RCbXeGQZqp+wIMxkGzg6n/c0+DQAsoi5ba2Pk7QIMgq92RQHF0MapOe7hvPyzccVQNF97F8g3oWvrgsZrBzz2OdrAlCULZoMIXMcZPlW7jM4soUWU/ELawfm8r2mQya0nMP2Oc7KyvAr39dbYEDYnhlK9yu6ITuUSOGmnJoTV3hgrNduTpzxeXgHiMOtwNXFDP0uuWcp6ZbeY7Z7E8GeYXFk39t92Z2q1tXxgDXSPY4Uj+IG02gv87r0ES2+lAI/yOPpo+LMTlozgAIlToun5ah7wWH+3MHkRISSd2qepxRoIS8Qp9NjhqqsaYRUVY0iYeiB5jmk5c9S7TdZVfUNtocgpH/kgOYgIcxeG44c2BoIREY0Wninaar5ASeZyv16NuW0DHvF4yEQ+0YxfGbuouHlHaFjOTwdM2/b7JABvm9HYONO2C16vqDLuDeaHDxIckZWEKYCyhiwVfAh5v4eh2FEXb8rwAokuahiiJ5YAGoB8fKESE+VN0Q0a6caIalLeGII200LJ8LqRCSksYfpEoUjAsrSWAs/OenBw1WtXXAtkAqZ/2T1ocPgY60NTUdNmP8Y+juoxEdc+hJsB0ROc5jXTxsdgpzMQTz2JrbhFbvo6PqCjueZTxy3WFWNK72fEH+QObf1FLoxMr5ycEBUP+1IquuZbwSohipYgK0ZXPuZEqMX+GC8RUMMRLu1Hab/ckcF5TQtMh6P0DWRD9salKrJLMKGj52MnIjRq4zwz3Ybabuhm94F3hZV5AGmJ1DqGYeFT6yMMdFRCAkVzVjgeKZjrRGw4BL4WDK576sTVnP/FW12bLKpzMnagxYRUEJ6m/uy++A3hjtClb32HD9msxXD4oyudNdgBvueS/J4dRgXllCCroOvvonI4rwluakcRblafdaK7V2OWBnRPodZ5QJtbXlHF/0tzJogopKA+SVi5Vxz4/+dUXBghvcEyZ1DR8qRCKHBFQXw+PEYmXR+T4mp0z5KFAMUJQETZAAEOnyZhcIY2K5CTjrf2jvwthUItsz7MJmAGw22ZOOu0U02M/ssKWybREQ4DiUvLICeeWJMghU3HsvRywwzCnsisPfA4gwQOxUyxPaikDbBJVIYFhsb55zXrotZMUSsaeQp8Wd5L3haBr+6okqJTq0n6F9XO2vJo4W7/LU9PIYM0si9AAfMqAj43iKqIPM3KpLYsJqrg5mcp9EzuYMa3egxxafbdZSAJNrQXAgdCEkAlK/OXAu2g/khuPNCO70arLc4TmeIPsKAbE68GmGsn5v2Ure8exe08Nqlwj00C1cMiqNG5S7MC476mKsrpNDlWXz9g7AMUI6LO+FDnxnjS/T6GjRGqQtNRkxcwKBaqT31e0BrRmA9mC6xsh3AQei0XmKyZVQi0pOSHBgqkVy8hg7hbLfNoSD/ty2OXZrpaVOo7EIos2whqov1m0udlASButJTqtyUEzKocJY93Em/2OXcfSRds1wtvE6/C05bUizOlX0jPYJBjUJwY4TjoSpL3QdqlKzEyWK0KuRMPSVi8XGP17smLFkHQGbzoNlzGbVzWWFwCqGfHupUFsco2HpVNhnEe0zse/OgXV7O+G/dnHq5P/BkFleUBKgi+IYKnE3IH5czFhsyLETxh8RQxOiRTJoDjVoYxBFceTHdjaDM8iNrOc0CQ/ZQC/AEqn1b2BWSCGWTCwOJMnln5V05AK/Frqj9U3C1LQfwz7QutierW46dMG4A4dNAfBH17F22L0HiOgNp1+p14gMeJJ9du2OBRvBpRIe0gZjF0GThyX+WlqE8roU+d8hBHl9FRYPmPMCMblGTdLArJIDiY6dSNZHLx/WM0Z2MQn/V/YxuTd0qtiISWOt9qUw5gaKSbxSWfaQom1svHGFRnsZI+XJ+Jm5rbDcLosnTFooEeE0XHaqMg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2020-09-22 12:02:38,356 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-09-22 12:02:38,356 - INFO [Shibboleth-Audit.SSO:?] - 20200922T120238Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_7sg9hjulaloa6p6ptfmmnvsabsfyrwljhig4|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_92bd8ca74d2d035b90d547500d06e657|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxDbVFat26L1aXI95Qy0yhWckCSHHYMQcFysyA5fMqcK8lgRK7b39fPkk28mRyjylqGlDxtcJZBZ9niugPClD6YOVB0y1P4nvAI+01gI2oQsv+6vkkjZjneKM2egHhdi9LKXVm0JaVIgkFyqti|_386a2a08e7b7dcd0e0e1526054c6037e|
2020-09-22 12:02:40,145 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2020-09-22 12:02:40,145 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2020-09-22 12:02:40,145 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-ch.o13bb.otc.t-systems.com, acsURL=null, relayState=null, time=2020-09-22T12:02:40.145Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_41af7bcf-9939-43b2-8a62-20aae8e257a7"
    IssueInstant="2020-09-22T12:02:40.145Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2020-09-22 12:02:40,145 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2020-09-22 12:02:40,145 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:02:40,145 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:02:40,145 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:02:40,145 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:02:40,145 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-09-22 12:02:40,146 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-09-22 12:02:40,146 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-09-22 12:02:40,146 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2020-09-22 12:02:40,146 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:02:40,146 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-09-22 12:02:40,146 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2020-09-22 12:02:40,147 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_41af7bcf-9939-43b2-8a62-20aae8e257a7', issue instant '2020-09-22T12:02:40.145Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2020-09-22 12:02:40,147 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2020-09-22 12:02:40,147 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-09-22 12:02:40,147 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-09-22 12:02:40,147 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-09-22 12:02:40,147 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-09-22 12:02:40,147 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-09-22 12:02:40,147 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:02:40,148 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-09-22 12:02:40,148 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-09-22 12:02:40,148 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-09-22 12:02:40,148 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-09-22 12:02:40,148 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-09-22 12:02:40,148 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-09-22 12:02:40,148 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-09-22 12:02:40,148 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-09-22 12:02:40,148 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-09-22 12:02:40,148 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:02:40,148 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:02:40,149 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-09-22 12:02:40,149 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-09-22 12:02:40,149 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-09-22 12:02:40,149 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-09-22 12:02:40,149 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2020-09-22 12:02:40,149 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-09-22 12:02:40,149 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-09-22 12:02:40,149 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-09-22 12:02:40,149 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-09-22 12:02:40,150 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-09-22 12:02:40,150 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-09-22T12:02:40.150Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-09-22 12:02:40,150 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-09-22 12:02:40,151 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-09-22 12:02:40,151 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-09-22 12:02:40,151 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-09-22 12:02:40,151 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-09-22 12:02:40,151 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:02:40,151 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-09-22 12:02:40,151 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-09-22 12:02:40,151 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-09-22 12:02:40,151 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-09-22 12:02:40,330 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2020-09-22 12:02:40,330 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-09-22 12:02:40,330 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-09-22 12:02:40,692 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-09-22 12:02:40,692 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2020-09-22 12:02:40,692 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-09-22 12:02:40,692 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1116801138::identifier=rick, context=org.apache.velocity.VelocityContext@6537e534]
2020-09-22 12:02:40,693 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1116801138::identifier=rick, context=org.apache.velocity.VelocityContext@6537e534]
2020-09-22 12:02:40,694 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-09-22 12:02:40,694 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-09-22 12:02:40,694 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-09-22 12:02:40,695 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-09-22 12:02:40,695 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-09-22 12:02:40,695 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-09-22 12:02:40,695 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-09-22 12:02:40,695 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d2a8d5b4e574aa79bd10f295f0dfe6d5ad80a622ac2c86784b8223dd86369036 for principal rick
2020-09-22 12:02:40,695 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-09-22 12:02:40,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-09-22 12:02:40,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2020-09-22 12:02:40,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-09-22 12:02:40,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-09-22 12:02:40,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-09-22 12:02:40,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-09-22 12:02:40,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-09-22 12:02:40,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-09-22 12:02:40,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-09-22 12:02:40,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-09-22 12:02:40,698 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:02:40,698 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-09-22 12:02:40,698 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@46133e6e'
2020-09-22 12:02:40,698 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:02:40,698 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2020-09-22 12:02:40,698 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-09-22 12:02:40,698 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2020-09-22 12:02:40,698 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2020-09-22 12:02:40,698 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-09-22 12:02:40,698 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2020-09-22 12:02:40,698 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200922T120240Z|https://iam.eu-ch.o13bb.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2020-09-22 12:02:40,699 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:02:40,699 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-09-22 12:02:40,699 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2020-09-22 12:02:40,699 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2020-09-22 12:02:40,699 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-09-22 12:02:40,699 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2020-09-22 12:02:40,699 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-09-22 12:02:40,699 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-09-22 12:02:40,876 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2020-09-22 12:02:40,876 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-09-22 12:02:40,876 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-09-22 12:02:40,876 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-09-22 12:02:40,876 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-09-22 12:02:40,876 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-09-22 12:02:41,065 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200922T120241Z|https://iam.eu-ch.o13bb.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-ch.o13bb.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1632312161065}'
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-ch.o13bb.otc.t-systems.com]' as '["rick:https://iam.eu-ch.o13bb.otc.t-systems.com"]'
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@46133e6e'
2020-09-22 12:02:41,065 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:02:41,066 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-09-22 12:02:41,066 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-09-22 12:02:41,066 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2020-09-22 12:02:41,066 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2020-09-22 12:02:41,067 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-09-22 12:02:41,067 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _daf8a01744c98d5b554aef2e702203f0
2020-09-22 12:02:41,067 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _daf8a01744c98d5b554aef2e702203f0 to Response _47419dd92851cf2e1d2ef8a011975fd7
2020-09-22 12:02:41,067 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _daf8a01744c98d5b554aef2e702203f0
2020-09-22 12:02:41,068 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-09-22 12:02:41,068 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2020-09-22 12:02:41,068 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-09-22 12:02:41,068 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-09-22 12:02:41,068 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-09-22 12:02:41,068 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-09-22 12:02:41,068 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-09-22 12:02:41,068 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-09-22 12:02:41,068 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-09-22 12:02:41,068 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-09-22 12:02:41,069 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-09-22 12:02:41,069 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxERHIwCc8qUESGZrqaKtOPOqhq8PSj6K0BihEMqAuwCLipkdj5UTZ1oiNtRnApihYssfpkyYCKC6DSbMiaoGHVB+Qm2VjnBpkEEhka8kQs/GLHjudds5FGVOm4XF/80AkHrp/FtzBHs/cMyTw with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _daf8a01744c98d5b554aef2e702203f0
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _daf8a01744c98d5b554aef2e702203f0 did not already contain Conditions, one was added
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-09-22T12:07:41.066Z, to Assertion _daf8a01744c98d5b554aef2e702203f0
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _daf8a01744c98d5b554aef2e702203f0 already contained Conditions, nothing was done
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _daf8a01744c98d5b554aef2e702203f0 already contained Conditions, nothing was done
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2020-09-22 12:02:41,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _daf8a01744c98d5b554aef2e702203f0
2020-09-22 12:02:41,070 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session d2a8d5b4e574aa79bd10f295f0dfe6d5ad80a622ac2c86784b8223dd86369036
2020-09-22 12:02:41,070 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session d2a8d5b4e574aa79bd10f295f0dfe6d5ad80a622ac2c86784b8223dd86369036
2020-09-22 12:02:41,070 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-09-22 12:02:41,070 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxERHIwCc8qUESGZrqaKtOPOqhq8PSj6K0BihEMqAuwCLipkdj5UTZ1oiNtRnApihYssfpkyYCKC6DSbMiaoGHVB+Qm2VjnBpkEEhka8kQs/GLHjudds5FGVOm4XF/80AkHrp/FtzBHs/cMyTw
2020-09-22 12:02:41,071 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-09-22 12:02:41,071 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-09-22 12:02:41,071 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_daf8a01744c98d5b554aef2e702203f0"
2020-09-22 12:02:41,071 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _daf8a01744c98d5b554aef2e702203f0 and Element was [saml2:Assertion: null]
2020-09-22 12:02:41,071 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_daf8a01744c98d5b554aef2e702203f0"
2020-09-22 12:02:41,071 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _daf8a01744c98d5b554aef2e702203f0 and Element was [saml2:Assertion: null]
2020-09-22 12:02:41,073 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_47419dd92851cf2e1d2ef8a011975fd7"
    IssueInstant="2020-09-22T12:02:41.066Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_daf8a01744c98d5b554aef2e702203f0"
        IssueInstant="2020-09-22T12:02:41.066Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_daf8a01744c98d5b554aef2e702203f0">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>pjtoJKfXJF93SDO8DyTw8+qWZkwDp1rJJ9ixqlFiaIg=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>giLobC+D1AkwnG1UrZKhn/K9xym2LEotXb540W0xsuk29ClvPzm5R6nZFI5xAeVE0mZ7GUYnwUWUYTYnvnekKFUOY0GNrXtmL+PpHHOQxThdtkuEXFNuu7mJe1C1VUQdM8Y5jYjw2ZNiwSkfhCPrTWIkNEhAm1TDt8Dg0m5fVozVlTQxwLAAmRNAhHUcdvuVODOsstNmrE/IOfaLJ47OfjMXWN52rHsotPih6V66uRGVytAwtCKqgQzvtI4vk308WCIwyMUchciKD42Aq9YW8AupVdKAgtgagPLQAkCeO/s0cDOaUibjYUQnMGgxVON7fwZxfj3Py6qYVeSARB22rA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxERHIwCc8qUESGZrqaKtOPOqhq8PSj6K0BihEMqAuwCLipkdj5UTZ1oiNtRnApihYssfpkyYCKC6DSbMiaoGHVB+Qm2VjnBpkEEhka8kQs/GLHjudds5FGVOm4XF/80AkHrp/FtzBHs/cMyTw</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    NotOnOrAfter="2020-09-22T12:07:41.069Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-09-22T12:02:41.066Z" NotOnOrAfter="2020-09-22T12:07:41.066Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-09-22T12:02:40.694Z" SessionIndex="_c5aebff1b12dbb922890568245e166d7">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-09-22 12:02:41,075 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2020-09-22 12:02:41,075 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2020-09-22 12:02:41,075 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_47419dd92851cf2e1d2ef8a011975fd7"
2020-09-22 12:02:41,075 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _47419dd92851cf2e1d2ef8a011975fd7 and Element was [saml2p:Response: null]
2020-09-22 12:02:41,075 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_47419dd92851cf2e1d2ef8a011975fd7"
2020-09-22 12:02:41,075 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _47419dd92851cf2e1d2ef8a011975fd7 and Element was [saml2p:Response: null]
2020-09-22 12:02:41,077 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-09-22 12:02:41,077 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-ch.o13bb.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2020-09-22 12:02:41,077 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-09-22 12:02:41,079 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_47419dd92851cf2e1d2ef8a011975fd7"
    IssueInstant="2020-09-22T12:02:41.066Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_47419dd92851cf2e1d2ef8a011975fd7">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>krruyhPcXzVbozaZFIj85/jn5JUusc8AatApmGj1xvY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>U7cIPY69uMOF+lN6wOL4W4pmBnXINFZXp+E6OFMb/ArIIz2ngpOGsdXtKbhgIkwtPcMW9PUiwkq7kH4u+/mP1TYVHqYPBjtYOafFEVAMSFM7U5hOEWHfsDwpyCUboHWB/6jdGKLJJTVbG8l9DqwULO7bhVDRjfbrFZsz2BDIDtuIo1qlDJYOklejyYbmZFcpSndeYFwDu0ut8QZC2U5Tf+MwflpHywVWc0w49oQSLKFznPUhBdGAWLw+gWk4jJZC6pzsyLG58XurVsDISzB4t17J4f4jxfT/Y4Yu6rRfADiPiVgC82mMW9F7Rn8+KaYm3tOsyathucG6TIxI1ov8DQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_8241eafb8b9ec2ea056b8971ddf49a87"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_950f188819e7f2348b039ada6416d8d0"
                    Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>U/uVLykQA6Mz5rKsMWHXxbWKbCvkjEK9f2jIhKrqxVWndMjUo3bw7NXb9g5VP+leJWSCP9z2aOHiHOq8WiGgKXQKay/PBT53j7az/KQjBDg8NQc+5hNkVBPqj3JNLmufgEHsCuJzaa8G/WdYnkTy0GHUc7VoS2ChbAREtppLuiU=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>jEPwpdBLP8HZOjqgfOUINrU6tgrRwjRLk78XCeBuA+Bnn3i7BPaaQQWE0OMdZnKEUG8FIYaycLvpbj3BN+0FpwuBmHd3mAN9En7gu0TVrzSPs0DcyfqNjDAuxSbTaUAfkNHZSubUuoENsAe4wtmI1VMsoNqF1zmj9sbP51r30v+/yuPo1VZC3d1/KKpLOzooUZMTjJf8rXn/8iWbfpsi/fqVsd24XGmSC0xsLi8GwkY3eIqJuuzVge9JIqVUKpeCsp45rN/VaKkPDi/XDh+wem7b+l4hyLyVKcQwL5RwI6S2EWFzZbiWEW/PjUDzSlkQgYMZg/EjRRH0ouThycP7I21OvXgmtCUIGWtVEqgc5ynuTuw6AsgWowr/9Qlbh0kgqnBx3QyX4j4Q65DiE7ll942JI4qLBNVqiBiNWpcfE2EtfSq9pLdMbaUGUDieoq1enB/7QWU18HZodO39Fks6A1RvX7x5q/ZVWVCjm8UuIFU2EJQM5LjEOyLdwdzpmkaCwy+Gy0gHT1v2ohWKzAJE4LYI1BfkAp8sPCUYEd3feN0v8V+dZJrk8BOCiTb1koz2F3W+DZOPH353W0GT9R6MzGyaFd2yNe2yHO3dly+epNObJ88tqLrkQAtOvZoFKbzCE2irX36ABuVAjWnueL8Z096aHBs4D1VVtQHnCePsBt52AHIUQ+ansgwRhxS9Zl4sw7LKIu8jdaudEgpmsvL5zri5fT7r8MjGEzt8DrX7f7r8wdZV/HJ6zaeVVOGU+Vb26fL3EtwDbKlfgWeJfMw3QJizbATWwkdt4NDtNKpEr9Ogc9aRSX/MQ+gjOHnEVDJJyk1/KQwd2fLW3jETlPNo35oJtQODz4dlG09kjMBXYYtj3iyRuKcca79q4GqqLvrhn1iS+ZZVFLH0UDdJrKQ7+Jhx8ycXZr0MFipqtW1o6KYeQPAv6/IcYbYZX0Csfg+bQdowERdSnhvZY/AHzHHFi7QnIUCQLj/YDa1Xhm54tYWBJtZHoiggFsn3Dn9/A+c/ybsPBG7AUDbbbhN/xcAOOXqFjF8vWeu57k885rUjcGUfxuqhs6oI2IDzANxEo7PVNPLmuRd4dceFDJtwuYO6v4vONIyg2iBfCkHiQyjRb5r+Tz5qhvXO2nC/B9zXp/K47JdH/HJqrn/EOc0fqA4SpsUDdZM88WgncQ5FC8rVNiITxq1rH7HGdEqshUlfDBzXktugG6IxlUcilvTyBo+05X3kwvORieLLr3twrNHx86xA71bospuKJPlX4P4iV+ZCiJM1dMW/himllhzR5/UL1a5uPVIjMQaGsSQ3+Ovfi1IkCY8PKa1lxucnut8SvKyummLST2uObfFlCfiVM3H9Jvx+GQQSrqz7GanuiZWQWob5P0EeN1JyTNrQ9JtgmTlyRVQ4BzWaUSSNBpUQxslEqvygJy3ydEEKgPZz/xr2oaCC0cr/MFvijG2w2w/isHwBasZBGI4zibtOOCHuug01IHfw6lZXHYyrDv9fEfXPi/b3AzdUM7WeEs8TNxdAKd1Lykds9/9n8N4M36Q5EOdM4+Lqmp0Jf/T0qwOdsJB8Mf7x//+W6L6cQ1XbmVYluL6XLHF1eokwEWr+KQ86gNkI/1zhHUl9Xo3m6gUaCqeyaK1HUY5I5YqRlHqg+mDITr2Y3E3xwnB51ecFDmW4RJmR5cuCXCuW+u2kPp385I1XTRPNcEImho1Ef0wXxz6zSsIED226NurxHHJGlRJIxQB7hBcxXUnhAHbObZSAVaAOO+nLGaJbyX5Zy9wjtdBjl1fSzu5HUhDssbQw1ChD9InLk9M5JmRo+tD0PIn3cwj667lhdRrYD01ww868yYk3VzV8BD8JwDlSPGEClk2zsfW2MII5mHXByiLvTDBxZlT46TFOpEQbSqe3fw3BAbl03M5PgE1EUdTLQobzMhIa7mAaTYQ04yv3Pbv/2TSDyFLrpuTjKHfRXtQ2uEbOYEj3fFTpeF2Hoc+kFJBJKlKvKPVQTiJRCFYUpbGgHB2DwkzlCbhOvsaw0s7viz/g7FGn0HFu+kfePKh0qqbhR/QvOy7i+11CTLIvNvcaGUUqQrYi8D8rW3eCpzz6DEb7LztJ8ezjzC/1kYNnruT/a+IXiG5kwtMWZFltEF9RtKADIc/m32NCKOReiZ5xZ53L2cDEF0s+VB0Zj3vLpPbzFMqlqsEO0OkHOF1u8UDAaE+7KAK5bo0C9gJYfz08eVVP3YCnurWSyQUQCVYGCZE1w7I69Sz8N7Xr2OdQBylKQljyGehulEwg1F0pSe7XHtUQ+0zyYCAZImZB1H8jl7gk1bW71EzbiyWLtr1UIximqiWDHf74KuEGkcMiXdXP0f+r2WzdySOI4BBxIK1vHAolQcFYVNYSMQFO45Bosg3uqzRSwg0IRymyfYx0ZpWuJD4Z4fnWz/Y8bDVH4iUWSCw/9TPyI0bOVOohOU9ianxX2Tw7B7Yk/HXt6ve1s89pA98MzLLnuCUZFs6bUrTd3rAKWwn4WWsMzue8hlDYc1pGE0Etq3td9NZYk53VGsJPYMnKwBeROOcQUfdQZHcpzla8EjcCIb/oGk3ZcWFnflOpeYujzhE8AkOtC6sUL2VKP7QsDc7kkluUnfro5rrR8xKtlgV0daGRBgI3z+TqNKd8XQE8UctoJkIAFM48jKekCOf5O4nBcGHa2XIDBqhOLbnEQJQkmpEKYDAz9tEums6ccurnQPt2s8bL9u9c0PLoXsiErnZOe0lcIXLD9J9DPHb+yXxkYIcGLzfob6bMCu5xwIaAeDHmX96NjiiiI/KV+x2siVNxIV26mVWweaY3w8Q/ZCGeUhwXQIjQ6x/Uy6nH0cwS/hjHfbTIGIW1awt2Ozsfqnv8AGVCY5u9tR/TBrfHnI4TEvyqS+VYzxWSnwzSGutTnK9HeuSrBVaBM59Kfsg4soqiebB9jWq5digkVUH9h5tt6qiTS6jQ+4C6ZaHSZ5kNE9JB8dxCeKi1UsI8IMNMHl4S3tFo5/fvmQj/tq7wcngAcK9q7dDyjd8PxKg/WlVhlEY4dNd+dobWXNMpdnFsAX1YHiHRgiW0MtEdtGcqSQZNFBy3vJ0b0GXeV1gouaUwE6CCTrA9mKdWb0bPn/YvNKsknMiI/QHJIEI5pBoV+9/msoHZe16UUduTGmm90MiAgxnZ+dAoqiEoh1/K8ElZMczB6n/TiaVqqDE7PIeNGlynT46bJKtMdzQK8bxi+J7gJ95h1shCIA24yGUEP6GXRhGXCdWya+Er0zdbq+tdBZGfmACcjO4tcQfqUNlbcY02PXv18J10NzeJUpT/utm4yrW7lm0LVKFOk5ADj/c2F8cD3XLRcv1Oq0GmZKD70RRwk0+WkAkJf8SxUHgJEllPrjg5k9XzXtUL4zJmcgzuLvItSueNqpUdR55pqYDrfYv5iPAC3c4aBdMZPZ4jzC6gySV6mLunE2gqeBqnooG47GIlEq2KQnPLzCTtjV87F26BQHum15/KG1R1EOVvVJESFkskHBXtgi3GwX9kfwVwMsQzCpTsOru4584RU6cKBLbuS8KZZ2gaBN3u7g9rSzM1u9VREYu2zdR+ZNURJeqecmdQZEYIJc4LPdh2jVX21jkYVCbJrjiGa6uQcRVYCY1z/v95oiuPHfbCLkZSd/dZmvffN/GntYOXfgp8pAQ0s7vBY99uvuMJ1xPhnZJkDoD4/4oKYUPybhAXZLW4NQy3f7sIG+9FqnQdlLAXryz3PDzljQsKP5V14IVa+iQvQIq0DtfCS5DMLMwMqEHwbMDjVsYFeODDaVy+4Suu58mdHBdrSFLTer0S0GP9VwCohGOabn9IT/9kYb7mfiJxi9Q+9IbsSPSFqE6MMSR//GXu5VmLG5j/7bRySRllwBbPy1kW8W81Phe+ofzYNSFPlGzaMGP7mnTXSH4Rbe+6NWc8XKm4jXEv8VIc5HKWlghY/NfRMLv0Br3h+oHEosOCZDiiqk8JucD/xkrcOmhYhkKhECfb/PPJogIMVKprVl8aHlRTLI3IsTFtzKecIKFsZg27oKiuCQYs9PwF15yCl6oYk62eMEyzwfZvr1tnuSphVT8mKZv9nq6eTZjo31UhRdP4o3wm5ukd4cPtGsqxOkm8yus9slhP+76jT3V/8EQmNLqoaNs7NME4ON+6rdUA0L05fAhs5EaRaV46MMlgXAx/NIRUAe00tRjIjimtcq3yPCtWceA+ICj+7wmIcnDJ3Qbgpu9WdhlrU4OWsVJZ4kAvpWjKmgg7bK+y5L/pDaAG5cfHrZ/CnzM8Qil9ILPsqu9OTQAHioNSYgErJEoRy/73hO0dV8q+TcKLXMWJvzokYgYMwxQvI1uHKikzGQMMexbP+E+Pylxj6dMf1L06WcdPTHT3bGmOMy/ugfrnX1kuw19D9zTrj1ihWgvk4W3StHtUs1xahbrn7QzwVfKy95Lb4jmJ9e91MgdqUAj94KYLxCrDKX+enYKqQvSV5lt2ACL2+t56kp28tum3M5oQbPvKh1ZZyR4c+gDEUhn4EsedPkFdYRJJjbe0OA8y34krIfJjQkqYmo5V5OcKnhnekpERSFkdT1sptpjWzbS30p/X1ffOOq3FPOKW6WYW5qfSpgx9jLu7OcL7NWeR1g0P7AWSEtZDaY1UgXJ6Kw/fqRFc/UbUqY1wJR+4qQF1UmDYPXjO0GNBpKJxkhd2eC+Hlc20t0XSjlRqa5E6QQoTWrLzS1/Xwj2OlqKRpIxD7gLxCwn0Y5iUkbY5V6+Dpi8N3c92MfZ9cYrLD4Epf9EUUcPwSyJRkFYOSAocz6wdIwNnTUmMvsZaKIfFI2aSCs+I5boYAy4BDrxzS2xfWgJiW8020V7kBPkoHLQccBub11rOGncZA9Q8zkZ4HtHo3xkqiMR8BmBH+Dk+UwfKRvW+FHw92JgJiPNGeFnhoCugzw/Chihn+0wizhYrBrbAssp0d5ys2wTyrgQj+DTG0zPLQTQlpmetJET6BIipi42eUlFcbacxOAGxupZ3MEG18ZZtG2ZDG0dm/OtHWdi1F1L3xMArbkSpdpEMsRSpvuBmAxMF1cAVqBb49Q8UQv1Gtx3lz96f5q8OVHQVCjuUWeERCGhl9kXnGwEWZrArfDoNc3zIzYAD1gCtX3kYGYMLx709GEi389/uAfAMkGJhwf0Ua/Yoz6l19CkEZIC8GJTlyk4jwYaEQH8Uu5H79GhpxiAAksJkRDTiXjcDJHStRNzfhB3MwceSZGBrnIhEGrtBjhMRuUjhllROws4e8EIyRlpjLtmaO05GZ+AhB4AZ0z/r2FHuyczJZF7eRs+mWP9biUqwZOBv/Z9m9I7+FI/dTCQvVfjpqMvB6DJL4EYxBwQDfg7R9bLcDMEnk+Xmd9KzFgaRF+sYDHJ9ZcVwa4fFVICJ2eBs8gv9wghBiJvrhqruvefddo5T3GWWZIsYRSna46jpBjuPv6mq65W36WY/d1rOpQG0AY5PCsuvZaUFRC7VYMEfAGVk0d2qg+bFf+j5JJLDTBScltwwn8wCYCB+DIldWMOPA8JOZDTlesR3yy5EKcrhZDgrdwFrHyNBf/EWGs1iFwB1ESPLvQo+cWZMNX89hOzE4blbLDdrm2CnPOzPOJES9oNRXIMzQ5fd+ctvKbr0GM4msOKfmixPQPWR0Z85/NVYJg9DjRraQVjSJ1ydqcvDOmX2UEPIGMGj33h/DPXC3ai1YZFuONzpdA9xeXpDms9qcEsYomWDYjn06jNNABDLwB4Vro2uSf/qr0BwtYjoBN/pfzM7QY5F7CKEkda4LRuveNQ/3fceeF3v+BiylOttTrJbiWrh5D9UmkGqJ+20lA5slOfY7cU0qepkyy+4s1ZC3V5HaQ03XoI+iSsvKRtAucgFukzdoTFTRIWxCjew854MmmQPSXj83gJ09dJreo6asF4m1VxJB/7ce0B34VLEXic9VlWQBk27/tvW6K/7k/V5BngN2jf7FOuSaAQj3aERfVzK6ySjGyGC1K8+KrinGNg7KXZr19+4CxwJVob9yLvsnRUWv7+Y02dLqPxq14z8Jvbks8/JV/cUfVEb1usl+tVqt6wKDnTjUBJSPfZ9yzGDo8ukq0/rbLEbYHruAYyi8t8m/AIezMQbRgfHjMuXPk2at4VLUK7kfRcoUSJ35hXU5P0KtnmRe3bcIDem4gftUEZEmrWf6OR08OfwyGHVwUjJbOJHzIUHnUS+SMoYIbyR82qspQmQZUOZHlEh2u7vkcY2X3/ykf1k6BqUBHoTSIR0YDbFaL6YPz+doVZFn/jB8U1JP3xLVgRCr0YHjUTatpjhiOUK4yRz/yGMl7fsNvelFlt/fL/TZu/DlsAH0+4kFv6IRPORqeUren89kHla5FedwxQAFFDn3idldSJf0gu/tDDZ18g/S+rxpq2tm/bAhd6ZHSmXPI33WkdyJ2f+p4+ClSQ+WY1K3c1W7R18A5vLRKwU8/Dvxy2c60k+HYho4hCpAzImWmfRsagC8xK4r3MRm/y7QWi8JixdUtkCh5d16rEJ/VfEkwurdd6Qf40XogCZGM99ksjuHkX457OP9vzcZtd9u0W9xgtVpmSK4GMq7ReEkzFtWvhFOG91ghhV9nranawi6y7HpOL/g6/qsjw2WM4TG/eLItcsvuCSikfgiSBO40yikX2el5L6+NC8YWa+fc58ue60pPzJOR5haj2qq/kE2UX9sXVKcfz8iX2STk8AkwJoY5CdQn/FeKNMOhLIhMANLR5LnXtPalkymoVOLDqBbj4xwoql4RXTHYm440mvEIzuTo6S6/ARm/dwUR7Z4l3fEvk8okz2gumjONPM5Uztb5e4QaJEBpKA/t/gHcpi8Z4+ke9+MNSnJWQxBoeusYH6G9CszsZunqsICCMdGV6SKYntZfxYVk1J3hB1JaMx+7Ain+bLAM9hIkFcByyxSRE5VWsaKlKEsWubvLOe+z1jw03woZEB4QwG0ScBCfIPnoNb+F0kRU0daAhmw3+aohsEjOAaCh5UC5hX8CvVPByu71MS38tntysuc8f7wQOpL6b+gNZI3PPiGzLzdR87du2jUSwFN3/s56EpQctMyT//4tXrj3//VUPfzArFdjPkcom+CSK2f+Ey9nCGuk2t+Rnymi76+mJxrVhPrhnGkBQrvoHkZIx+MB+mefRqBiZpNfUd7qho4u+U3UOHcRp2Ljy5xhkvjiaTFtpR4Jzdc93nbNL2rwAtQ0QbnUs+YLLpx2XplpcS87HxXT80uKW6uJbr2g+XoI5PCVcL38xiFw26iw1ueKh0VBr/uJ14L83i6Iu1b5o25pjLvyZHbNLuzc5bcdE4LusohaVwWNM68G7SGorOxC7CY2DOLIrL6bCyXgKk3KfyaEzHLqUZlbg8JtcUzOCct6MCe+o7NTfaZnzxnxchL7vdKVlOoP3d1/H4a29Ypo7N5rOCCYgJEmcMVzM6EDNaG8VAQCuRVoh3W6Ilu+P9PYg/BuSLUtBeifpdpTBV7BhqdsLphHeltv0WZDhUQSW2oKDEuphMJJf2Wes1KP56zs4FloVJTXGcSOScGIl9y+a9qnhTzURXLgx7T2u7LhJCb9XRwhYyQGZEJ8hxZ0AujjQBaw/dvImKEmgLdtYQa5F7n05qIvZbOsBMEmy8x1vbrgspAv0+y++Lpaj8aRfL3G3a5VC9bmNnDnmGWdtXCEGCbEmDIYu5bPIgx4/8k7kS+oHY2gtHm4rs/ziKeCF3SIFofg9eSiBVhtOOi5WuFPAJlHgISauGPqJ4C2qEuf448EOWdRBDegdcMwlRNvJMTGvXceOl8qAOfV+1A/qXe/VSoVbk8jL9ItG/2OOl0FOLOhWy5sanpNTCzdaKo8/p/jfMEufHksnjboEXIvAHpMryVbT5B1TVU38JqOjY1hSH677hlX94b97dKDT5oAKZGcEMeng6/WluhzItBIxJTjV/kEG03Q7lunJ8YpXfvyRVKUN5Z0993hUvhghw1ixLn18fkQE6FO7UksLi7MsVMZgNeEDd+l32BkPOuuluNO6J7tKc9elEhxJbIdU6OXskiCirtLx8JNvZ4eYkZtV5Zn1MsGB3itLzzSdGoWBhenwtOh09GZfcigQH6Fp+CsvzbCPq+xMD2HtvFku2j/hRU+SQh8Dd4ZQ8HojF9oZ8hBJRWHsEahXLITipuTkQxv6UdeoSumOmKayOLqUcpTfEdp5VWqyzYlNLn6k+Aqv0zinufCyUtfprXKr7GghyLGgs8fcvU2YH7TnKqVGfonCb5O0urvhJueejBXn3ee/Pbg4NmEIfeZw2AbKJykppFDyCn59rAgVj/uWj+LD+wGbJ</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-09-22 12:02:41,079 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-09-22 12:02:41,079 - INFO [Shibboleth-Audit.SSO:?] - 20200922T120241Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_41af7bcf-9939-43b2-8a62-20aae8e257a7|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_47419dd92851cf2e1d2ef8a011975fd7|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxERHIwCc8qUESGZrqaKtOPOqhq8PSj6K0BihEMqAuwCLipkdj5UTZ1oiNtRnApihYssfpkyYCKC6DSbMiaoGHVB+Qm2VjnBpkEEhka8kQs/GLHjudds5FGVOm4XF/80AkHrp/FtzBHs/cMyTw|_daf8a01744c98d5b554aef2e702203f0|
2020-09-22 12:02:49,645 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1600776169_02aa
2020-09-22 12:02:49,645 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-09-22 12:02:49,646 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-09-22 12:02:49,646 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_419a1e7b29efa0c7a8558d35022e3af8"
    IssueInstant="2020-09-22T12:02:49Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://services-sandbox.sheerid.com/Shibboleth/UK</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-09-22 12:02:49,652 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK' from origin source
2020-09-22 12:02:49,652 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:02:49,652 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:02:49,652 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:02:49,652 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:02:49,652 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-09-22 12:02:49,652 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-09-22 12:02:49,652 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-09-22 12:02:49,653 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://services-sandbox.sheerid.com/Shibboleth/UK
2020-09-22 12:02:49,653 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:02:49,653 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-09-22 12:02:49,653 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-09-22 12:02:49,653 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-09-22 12:02:49,653 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-09-22 12:02:49,654 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_419a1e7b29efa0c7a8558d35022e3af8', issue instant '2020-09-22T12:02:49.000Z', entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:02:49,654 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://services-sandbox.sheerid.com/Shibboleth/UK' does not require AuthnRequests to be signed
2020-09-22 12:02:49,654 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-09-22 12:02:49,654 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-09-22 12:02:49,654 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-09-22 12:02:49,654 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-09-22 12:02:49,654 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-09-22 12:02:49,654 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:02:49,655 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-09-22 12:02:49,655 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-09-22 12:02:49,655 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-09-22 12:02:49,655 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-09-22 12:02:49,655 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-09-22 12:02:49,655 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-09-22 12:02:49,655 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-09-22 12:02:49,655 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:02:49,655 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-09-22 12:02:49,655 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-09-22 12:02:49,656 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-09-22 12:02:49,656 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-09-22 12:02:49,656 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-09-22 12:02:49,656 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-09-22 12:02:49,656 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-09-22 12:02:49,656 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://services-sandbox.sheerid.com/Shibboleth/UK
2020-09-22 12:02:49,656 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-09-22 12:02:49,656 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2020-09-22 12:02:49,656 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2020-09-22 12:02:49,656 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-09-22 12:02:49,659 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-09-22 12:02:49,660 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-09-22T12:02:49.660Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-09-22 12:02:49,660 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-09-22 12:02:49,660 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-09-22 12:02:49,660 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-09-22 12:02:49,661 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-09-22 12:02:49,661 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2020-09-22 12:02:49,661 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-09-22 12:02:49,661 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:02:49,661 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-09-22 12:02:49,661 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2020-09-22 12:02:49,661 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-09-22 12:02:49,661 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-09-22 12:02:49,826 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2020-09-22 12:02:49,826 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-09-22 12:02:49,826 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2020-09-22 12:02:53,397 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2020-09-22 12:02:53,398 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2020-09-22 12:02:53,398 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1667330580::identifier=morty, context=org.apache.velocity.VelocityContext@7f83fc79]
2020-09-22 12:02:53,399 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1667330580::identifier=morty, context=org.apache.velocity.VelocityContext@7f83fc79]
2020-09-22 12:02:53,401 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2020-09-22 12:02:53,401 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-09-22 12:02:53,401 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-09-22 12:02:53,401 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2020-09-22 12:02:53,401 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2020-09-22 12:02:53,401 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-09-22 12:02:53,401 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2020-09-22 12:02:53,401 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session b6000aba61cde10248b33f4d49e41b76f70f9f2c08bda86b2d7f3d0cf29c1e74 for principal morty
2020-09-22 12:02:53,401 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session b6000aba61cde10248b33f4d49e41b76f70f9f2c08bda86b2d7f3d0cf29c1e74
2020-09-22 12:02:53,402 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2020-09-22 12:02:53,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2020-09-22 12:02:53,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2020-09-22 12:02:53,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-09-22 12:02:53,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-09-22 12:02:53,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-09-22 12:02:53,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-09-22 12:02:53,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-09-22 12:02:53,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-09-22 12:02:53,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-09-22 12:02:53,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-09-22 12:02:53,403 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:02:53,403 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-09-22 12:02:53,403 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5379d0fd'
2020-09-22 12:02:53,404 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:02:53,404 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:02:53,404 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:02:53,404 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:02:53,404 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:02:53,404 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2020-09-22 12:02:53,404 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2020-09-22 12:02:53,404 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-09-22 12:02:53,404 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-09-22 12:02:53,568 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2020-09-22 12:02:53,568 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2020-09-22 12:02:53,568 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-09-22 12:02:53,568 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-09-22 12:02:53,568 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-09-22 12:02:53,568 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, SheerID, Inc.
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-09-22 12:02:54,347 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200922T120254Z|https://services-sandbox.sheerid.com/Shibboleth/UK|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://services-sandbox.sheerid.com/Shibboleth/UK, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1632312174347}'
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://services-sandbox.sheerid.com/Shibboleth/UK]' as '["morty:https://services-sandbox.sheerid.com/Shibboleth/UK"]'
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5379d0fd'
2020-09-22 12:02:54,347 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:02:54,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-09-22 12:02:54,348 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-09-22 12:02:54,349 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-09-22 12:02:54,349 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _f92607b4f796ffb132e1aadd811bf40a
2020-09-22 12:02:54,349 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _f92607b4f796ffb132e1aadd811bf40a to Response _bb6cd97089e57e07124c41fce47ecd3e
2020-09-22 12:02:54,349 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _f92607b4f796ffb132e1aadd811bf40a
2020-09-22 12:02:54,350 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-09-22 12:02:54,350 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2020-09-22 12:02:54,350 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2020-09-22 12:02:54,350 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2020-09-22 12:02:54,350 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2020-09-22 12:02:54,350 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2020-09-22 12:02:54,350 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2020-09-22 12:02:54,350 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2020-09-22 12:02:54,350 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2020-09-22 12:02:54,350 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2020-09-22 12:02:54,350 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2020-09-22 12:02:54,351 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-09-22 12:02:54,351 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxK8fWqlSjDzxmxrA63pOdr5sHfmgUZp/Nw4sDaW9N4LrITCjwkm8uyzSbR0l36CVw9P4BrbISj3JTOEZKqVGzt9CWGTVjtGkKnA/T0mIU1BQxJa2XhZGEcxXDL227vFd95t3iEGa299bzpv/wB8bDbu88jwZj6Q== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _419a1e7b29efa0c7a8558d35022e3af8
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _f92607b4f796ffb132e1aadd811bf40a
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _f92607b4f796ffb132e1aadd811bf40a did not already contain Conditions, one was added
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-09-22T12:07:54.348Z, to Assertion _f92607b4f796ffb132e1aadd811bf40a
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _f92607b4f796ffb132e1aadd811bf40a already contained Conditions, nothing was done
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _f92607b4f796ffb132e1aadd811bf40a already contained Conditions, nothing was done
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://services-sandbox.sheerid.com/Shibboleth/UK as an Audience of the AudienceRestriction
2020-09-22 12:02:54,351 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _f92607b4f796ffb132e1aadd811bf40a
2020-09-22 12:02:54,352 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://services-sandbox.sheerid.com/Shibboleth/UK to existing session b6000aba61cde10248b33f4d49e41b76f70f9f2c08bda86b2d7f3d0cf29c1e74
2020-09-22 12:02:54,352 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://services-sandbox.sheerid.com/Shibboleth/UK in session b6000aba61cde10248b33f4d49e41b76f70f9f2c08bda86b2d7f3d0cf29c1e74
2020-09-22 12:02:54,352 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-09-22 12:02:54,352 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://services-sandbox.sheerid.com/Shibboleth/UK and key AAdzZWNyZXQxK8fWqlSjDzxmxrA63pOdr5sHfmgUZp/Nw4sDaW9N4LrITCjwkm8uyzSbR0l36CVw9P4BrbISj3JTOEZKqVGzt9CWGTVjtGkKnA/T0mIU1BQxJa2XhZGEcxXDL227vFd95t3iEGa299bzpv/wB8bDbu88jwZj6Q==
2020-09-22 12:02:54,352 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-09-22 12:02:54,353 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-09-22 12:02:54,353 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-09-22 12:02:54,353 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_bb6cd97089e57e07124c41fce47ecd3e"
    InResponseTo="_419a1e7b29efa0c7a8558d35022e3af8"
    IssueInstant="2020-09-22T12:02:54.348Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_f92607b4f796ffb132e1aadd811bf40a"
        IssueInstant="2020-09-22T12:02:54.348Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxK8fWqlSjDzxmxrA63pOdr5sHfmgUZp/Nw4sDaW9N4LrITCjwkm8uyzSbR0l36CVw9P4BrbISj3JTOEZKqVGzt9CWGTVjtGkKnA/T0mIU1BQxJa2XhZGEcxXDL227vFd95t3iEGa299bzpv/wB8bDbu88jwZj6Q==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_419a1e7b29efa0c7a8558d35022e3af8"
                    NotOnOrAfter="2020-09-22T12:07:54.351Z" Recipient="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-09-22T12:02:54.348Z" NotOnOrAfter="2020-09-22T12:07:54.348Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://services-sandbox.sheerid.com/Shibboleth/UK</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-09-22T12:02:53.401Z" SessionIndex="_c7988903cb9f10648de1ab22364c8c58">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-09-22 12:02:54,355 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2020-09-22 12:02:54,355 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2020-09-22 12:02:54,355 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bb6cd97089e57e07124c41fce47ecd3e"
2020-09-22 12:02:54,355 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bb6cd97089e57e07124c41fce47ecd3e and Element was [saml2p:Response: null]
2020-09-22 12:02:54,355 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bb6cd97089e57e07124c41fce47ecd3e"
2020-09-22 12:02:54,355 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bb6cd97089e57e07124c41fce47ecd3e and Element was [saml2p:Response: null]
2020-09-22 12:02:54,357 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-09-22 12:02:54,357 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;services-sandbox.sheerid.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2020-09-22 12:02:54,357 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-09-22 12:02:54,357 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'cookie:1600776169_02aa', encoded as 'cookie&#x3a;1600776169_02aa'
2020-09-22 12:02:54,358 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    ID="_bb6cd97089e57e07124c41fce47ecd3e"
    InResponseTo="_419a1e7b29efa0c7a8558d35022e3af8"
    IssueInstant="2020-09-22T12:02:54.348Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_bb6cd97089e57e07124c41fce47ecd3e">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>nxgiuZacJCn5kVhi4SOlscS0HpaX1JxWBaFsKdJn0IwUaqxtNXSqbk3ewFVv5HTTL1Fhav9eGYzrv2YqitKp9Q==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>MquiuTZFXuGMBn0isrSUs6ikQHmAyDXZ+gT2xJEKbxXJhaW8Iej8Y4nzo4ajQyBqQ67LtAawmP5YLWFLMCKAJ7YKfX2BZYdFZetUqXGOtGE02zzP0LcySPxFQ7vCJyB0RwithxUlQADys7JC6vsb1FhDSWlfBO/4meKD+rveHyJ94wWKrOePvmDtgQQ2c88zb89FtQjaclKGhLxVbKuWEUDCW9R2IyIHg5JTV4wT9hyeTYc8ATYV10zvo4ZvBYP+j3ymbbl75chY4PsV7REOp0qc3to+jOMRtk4cB9gnG0mIhtTzx4x4/Rm2BhBKQhffA/joiI0xYW6z2VLrhL+0+w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_892aa923674ecfdfe78b8848864ec2c6"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_a01d4442526aec6d2eaafa26b17f3405"
                    Recipient="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDaTCCAlGgAwIBAgIJANNSqhQs7XD0MA0GCSqGSIb3DQEBBQUAMC8xLTArBgNVBAMTJGh0dHBz
Oi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTAeFw0xNjA4MDgxNzA4MTFaFw0yNjA4MDYx
NzA4MTFaMC8xLTArBgNVBAMTJGh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZUxCXQ9C05W39KdufUi1bOJ4VRIbGEqA7c
vy3SXvcADhTb4G5LN3mVC+PcviQFDhTd+oNCqwFOinx/kfQRrumSsIHIcN4h50Mw9xSBK6G9dG/j
A9y6BWKVpN8boOhcAmGdR0CQus0qBzKcJZKUBMLjvah1XNCLbE7At7Z8tl4mmFeYdqpLNedr57TG
xBL5dcP7nGEYsTs0xUSA7yR9bbm0HVYAccJoyCmG3L2vHeAeUa2jRFxSWLqBOYzTLqhE9osHabXI
sYQefmmxCdb6OONW1JwFBGvDSAWQT9IWgoS0AjDBDpxyzCKF6xrFkVQ4zh+yoJVqXLc+czmo7JMl
jokCAwEAAaOBhzCBhDBjBgNVHREEXDBagiRodHRwczovL3NlcnZpY2VzLXNhbmRib3guc2hlZXJp
ZC5jb22GMmh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbS9TaGliYm9sZXRoL1VL
MB0GA1UdDgQWBBQXZ3r0gtUr5tZZDwCX8vvufbyOQzANBgkqhkiG9w0BAQUFAAOCAQEAAs80tndG
r5u/k57rCoVuJWqNCBQtzqExuoMTtAICMHvmNCsBioy333vTgJrCm3z6dnlR8BEiyFsD43lOw15M
OnLqK/+QkuKis+8MruMJD2x+cZQgBcXbzHhebdtjMYAd1tGVmHyp6EoQ3+C8xnNORotJmJM3Wp+D
oztlycBFLrZXZW+VBhBEcZnF9wLXCYH4bYegJkk8ClMmlgUu7G9Vlextabe4xNOSBTV8j/CMnmEU
GpQ8vUAotwUO3TkcPEd9dAmzW7Ah4RvMHtLwPUdkNLk4/9zZPSnHdWFlnecZ56ESPTX8mN29Rotb
q3/LSmAnyGz1Q6LEVrHgUn3ud+34yw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>AxzbuB2MfEbpjqx0jd4fqOrthehYNBLmDFzuuWdXR4Kdac3o30BNchgeYrbF/E2fK0B4sDjL4T24umKbdCI2lUweFQJBqFPiURSydq7QGWMR40fDsmn1dGBvxXBslCl7HeD+iNUDyLTCw+wx/izAplEx2RYMiEOPadK9YUFbZyQK8lkjU4cQVvRfGdeZSuyu6eDyoAKpbeL71/Uw0s/xlGO83RjR/RXlSNZO9E+iwzH5VMsAc2wHTYLTGiB5r4j2OW4m10JfaWUpVl0ia9nbmJCJT7P4/lcYZgJIyn/FOXh+q0TO6SyieX+RaNbJcMEiUuvRwybSkg4B0lNPmA857Q==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>JnvnEsnGv0wYT86i8WAxFjQiKykOLmtjPIO/Iij7Y0cu79LcVprigkISrAkkxR06KL3zqxcbWcQ2Q74Y3b8+0N0gZkA5o0tXggSn2duP6ECFaObO325nzuZu+3qucdE3N5kj5UBuycOMlQtbIsDyK+1wz/aY17tV8n0vUhUJrPgUOiwQ+ym3EHC03b7ezH8bUDQY6OPkAbwTy3HR1ufFSIf+5pjpt3+pPmt63sd8Mx5yK67XpqGbRQc+GjPQP8yKa5HF3zLIzrP9VUkRhaPKh2N9jgEwJb9fDXDJsHY902T2ru1lQjsIVlrpCNcMQta3yYQP+9O1ZOLSoCA55mAfl9U3PfXv19J+YGddpgVYa3g2C/YbClcthvwLvOWraObfZKz42bTZzWNCe5x6VlkE+PuBvkArXps6HmlEwFr+AY+hap1g+qJEauDQEMnEX05K1CAoldJb/+bgRYWVeyTmPY9G03J2Ipm/Dz8NdGyFWn70TD2MyueTDsotr6pVyy8hfeZauIxGefeetmqkQYblT224FwTFbgMPwDUGOHb13dfKnDqjhV61tUvn98A27CsE8Eiv5tOw4zwMJQg95vW6b5HVP5XmeWPByCNi6PO8zZkqeXkJ2yW/z3WckFu2/uUIWeqZUTXEnAqmdjG6TBmhuBZFUaZvQye/BNDnQMnE1ZDz7zMggsGfr6rQ6EHHdKIJdap1qhxn4nUPQeAbcUftWSPl6Fs5+k1hz4wAfHJTpNmtyTVe5Y/L9nqfZk9U/q0yyRDR1cEEZbVtYzZusHM8KczVe4w8z8TI6/RRLPDKIR65hktVBRdqkNHxEY+W9welsvW7305n1Zee9kknvI1L3hO7p++1/kAMuC7xjSKO4ndVkVhkKGZnfsdXpEi54tpezeDAROG4zgfybvAMt/Me/7DVGnSC7SnmVvNghljj6Dd3OYkk68RaRyMoRzKHyxQvZpb6uZjZufG0+t3K6GG9GbivxpbcsaHEp8pD0xOyWb2twb+zK0hFCqULWA3/Vf1RNW6JqDTwS1dpEAjpvS0eYdfJ2XpqLz0NGeLCAz26sbtw46LiHgsxsD7EtCLnNunqL77f3/IAOV7SkSSKkL9VAUwlD5yFsWJQVh+8ocD1kuZz7Z4uM3JQZgHkFDQqGMgAi76r3dTIXruAk55DEInZgp7Y1jiQJk0dTdAvoRy+bb9L+sTFb4O/EwyBzYTgVCQV6I6P30a1uV60VUSrZR7XqTqrjdHmVm3yA4Sx7qxTdbnEX/tA9RpyxEVxeBML84lKI77Bjtjk3kNvJBgXOMbG761oDjtBtfHdLDMC9eYJc/q49PjQHsYwiYr4kqqv5SwHxUvQSSOECf3JEgfEsZQIe8KVKq6UXyFNGkI5CLz1xAXhU4wSdQV4YL9Qpyf6cA+JZCSe4UJcAxUJMMReXuYXImDZ3pGmZn0H+tNFWcwsxK6vt7CCkcGhPmkC0TCF2jbHNCBotbhHqRyASahMbX2cuzdL1jc5z5/MDazsGmnSDXk9Jjl1Z4Vr3OMSgPJeNjHx8UFT1boSfvNqXyhiNsjbiEsHwdEUYBFnz/opltW3V254f4GJIYMM4XOpMF9fttJIlaKO1UxjZq8M2R1qT4ZsZbQnWlV+IDqfgJtCL2Ki6V7/mKsQgG6somgHlr4b3sUt4TLezAyPxBI4MhK4EBThaIz72JM4FFUCK9e2flHQuQ3O+RAJOyl94tXvLohFrjrQUlQ17qxBkeNL+r2TFl/IPPegC4y/hXK1D7o5AyUTp4DvWZKSRvnx/wyzr6rNy9fpBkNGsc2Y3UQB+J/9mmwEvclqVj+znEYsagIPWZh9aeLkVQ9jENIY2GqVlLpwgdzpSNQoDcWq0XKmI+Nij968KFUDDsACFEpj1+g3e0vQZ5mWtenh0ohMj289GnQiGUaZ1kknBYSY4ZGVFww3HSGqdfHBZVYZSP86VJNdaCoCUjRsYnGjUvMyjpVJqHLGNvicQBQTyowCv5lXdlXTxy61rVQ0p2DHOwgxOivcVSQ7VejK1DRmAzUCRBOsBoa6b65Q3vUKzVnzwZeisybHbYCH3agqFF3UM7jdrT+1CHASVzz/62ZPmF+q2sgm8APAMuvp+e1S8+njEGShI9B+wAuFREmLST8enFCuXsMxMhzdlHLPbXu7CCnB2a3nM+ZUI/YtLbc+tvBB73HhOE7YvpQbum8qkz6wSWpisCxUSdPUuzastt5sfbE+rPmb2vNJb945MixPFuTa93Tdtx0/NwG/CMyZQqsTs+klneyMq8mNNolbSzupJSpuxU0QRb7tFIm0aADf8AQK4crXbMsrpkTpr8iJWeW/7OeOAaPTwJ/YwQ1bziUdInvJ8mjHjPi3NDyhdFelzxh2mLcIoJyKpQThRa5MVXpbGiFpqHfY1Z9OLmALVFpQA/+3C9vvW+xVa2wJq1Tza/Zkj44hmmpcY6vtlGEuaag0jzy+pWvATm+MPjSt/ATk4vOMRCbHgHGKOqpG5RM7KVB+NtQv/DRwSpT0zeT6TyruPrIIhEbyVe9xLnVaXs+Wl28vh5HEAibY3XkntOz0p6NQs0ALHKRp19hmzErSr9thDJDvQ05VMcL5NVQQIAopuAKFprrhi83YVgR4aIWIJM5ww8cLQRNPDjJkR3guZKH/+cJ+pfPtyV8dg6ao3RZXZ4XtV+pR4GZOMrRJf4G4blPSEH1CJBs67N1rERdo3MqnLX+Jq3xOZu65d4oWktQUPH9r67O1jFXA1tmWHFb0jpunPkjKI2H7JY6lMNh/aOwnpIjCunBEAIchWfr46QWJAJ9mV3JvOTJa6Xxt3ywhd6u8kaLsRyusBZ/+LLIexq7GzIOpmaaKkQfHLbiA3L4PHAOLij4MAZjhR/wE4w7+ALB5RKSvo6GicPv9f5ShmHA1v3Sse9W9bnNIrR9H63NlCXs/BEzzpQqSng4ZsQ/pBuCuFxA9yjXU3B2Phqrb40YM+aalun+dzjCWQOKNsL4D6j50qCBkAlCczjRcL39BEJbfATuz9TVpMY34+pEoTHeIQQPXXp0xSYWZnMHNoQumgYvcBK00XspxXmBM8DG5CVEgCDMQpKr8fXvvRVcSYv/yrhsfss1Jpgcwpw1xnj5Lx+Rxb1zpuWYbWZ5Jo/54YCNbjcnLqgT1qEnyhFJdGLSelvpn8/dXp5GHKe57PLNHLQVctvy975u8R3BTbhkuC3P3ln0n9fXE/4FRtp220VW/L/7y5Q5i88gPxKAYCyPOLyLJEuWBw2fSy2yv2qW8h5mg+yONm95MO/HctCTndYo3KWlI7mTTvIziwIxHtfrBWq2l3NOhbmdj7g/DzK2yoEQ+uadKQFsTxaRdXUGjDixO2CgglM+kKeDFEUm0v9eueUU8y2YNDLGgG0mh92fVDeFphrFLYCpMKjSJaUvhzfnp5iOyrkvAP+Szs+/qMhAPJYRBMu1+XAz1d0hK2AzpgT+MUzqtHZ3fcogKS6uVEEJ2/ei3l7Yr3JGLzbjfznKUH6Pd8REEraS1e/hJ0k3p/hheze1/m5ZueV52D+LxE/IZZtnS6WxrKtOIYVrstwihFL3AJn0u6abJAWZEzaGNuW1FCgK2ljERsUoxfhscpZbkBYTZU8xoJMZgITSAzqPVWW3fBtkcRMFzewU76yxm8imL2nfkuZAcEDlUpraW6sg2Zmf623EMdgy7LjVBQZmexkU9xG3Na6PvXVgHpu6yen3iVMWElpDO1XUPnuFSu+Tf7GGWic+SMIoHj1RABeSaTZrF03E3W2wWMmJeWCNTvliVd4irRLA56YQtnPjpbs06NaBPhuYukwXfqkcsBwEOrArAv7lQcNP7u8cB7nUCK4olYPaXtHqcy7QBiQ0QErotSlkaVCI2NhG/JklEcNkkr84ADcjMbYZiBTpu4UuCdvDPyt/Ty5jbC2stYOQpkRXg7XPYLM1Xdha9KxULB/FtDrX98pBqVzCYUsVDMXTAZsYBLPGQW2iduUeX46v8yOFQZ/UptKBePc3sGSLcnS4+DOneVPIwdu2bzSk9hqqsN99/ogAOfq0mhHqpGz/yTgI1wavuWub0SnpbN3Od3GlrO25osPxTgy0qWyJ2iUjHbEjSAbCu2ZiEbzL0NYQAejLdXea7XN0OglA4KFSB4veP1OSKTfvDZDB37qkYduBvvi0ovIVWS6Dcqd+v3UT/kLLBwhtZK2FNeP+2Ly3eS+eRVaBHHqFOJJzQBfdPv+nH4aVqaYcn89I0PIEwZgvL7V57aTOnT9z95Tdtqk8cFMc6YlCSnuER5FJGy2COmooa8G4bwpP9BHmwYIy4wIlPV4ZHZ98g2+27qKgvALevAbpbk7zvniUowj/GxIu+oGzBT+BB2yf0iojNSsULtMX2zokhfFP2K93TqKGMw/2O3n9+Xzrd3oprbe5O8WqMDLRQFu2JRTTG6zV4T7xFCtTI95GPOs+204w4k2NZeTmlYYSqRPgXt+PbhKQq+w/oMV01OZvtcGwmqT65cLP5YqFOCVSWgncbL3eyk1Y81ygCGhITZtzYG7I+HYx9UmB/T4zWq752L/xLE7bxkLRB6T47mMPIdVu0i5fx+fqiCaD8EMW4XeN3AXjjiAiNlkrMyMVZ/q7t9OWyL3kHxj8tzx8Q67TRNVdj0L4DfBFm3+wBxLpaetpIgW7P1BqIs9SbslvCKE1Xfp7q8d1MA4/5Ye0gF8eVyCQ1IHOIdxQRqANktW267ACZ88coqy1HH5tYwqJzHhRerHhefawUNSq//4cm9J9/fit6JDpFMgPhrDs6uEbYBrEuFsk0z5BLJKSN3FUBg94w8EmhWiUaVBdkBGQOrW1KB9bQYmSbkOcvPX1CW+B1GGruRV63JEW08cAKZ4hIe1IViPTciFtL4QmiBIhT6kPOsB9Z0JIqBliXjnEwOqMGg2gbNN3PHeLmMyvhYILz7G+bEodAX6wehMdjNCVrFSMFn8E0UAtIf9cMwSeWm4YHt3lpgfIA9RdnjlEfM3td+5aavaogI9Imk57XF4Fqir4VvW4oVGi8Ur/OZLT3ZYUrzz1pXJxzAU5dT0+o72YayTlxRDPevKYyyjcm3oY8ufKMr3/E7SZKqGSudi8FpYmGbGlRJSp3fjko7KWl5/gF28kCP/0WZPEgHc0yu6bktJk7BucN5v2xBzd7yJHoU2sFMmny0uccqab5</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-09-22 12:02:54,358 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-09-22 12:02:54,359 - INFO [Shibboleth-Audit.SSO:?] - 20200922T120254Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_419a1e7b29efa0c7a8558d35022e3af8|https://services-sandbox.sheerid.com/Shibboleth/UK|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_bb6cd97089e57e07124c41fce47ecd3e|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxK8fWqlSjDzxmxrA63pOdr5sHfmgUZp/Nw4sDaW9N4LrITCjwkm8uyzSbR0l36CVw9P4BrbISj3JTOEZKqVGzt9CWGTVjtGkKnA/T0mIU1BQxJa2XhZGEcxXDL227vFd95t3iEGa299bzpv/wB8bDbu88jwZj6Q==|_f92607b4f796ffb132e1aadd811bf40a|
2020-09-22 12:03:26,869 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2020-09-22 12:03:26,869 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-09-22 12:03:26,869 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-09-22 12:03:26,869 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<AuthnRequest
    AssertionConsumerServiceURL="https://api-gateway.dev.smartlook.com/auth/sso/v1/saml2-acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_847e7fa730864b9bba2a61f3c5be014dc1801a55e1"
    IssueInstant="2020-09-22T12:03:26.348Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
    <saml:Issuer>https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml</saml:Issuer>
    <NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</AuthnRequest>

2020-09-22 12:03:26,874 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml' from origin source
2020-09-22 12:03:26,874 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:03:26,874 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:03:26,874 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:03:26,874 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:03:26,874 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-09-22 12:03:26,875 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-09-22 12:03:26,875 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 0
2020-09-22 12:03:26,875 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml
2020-09-22 12:03:26,875 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:03:26,876 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-09-22 12:03:26,876 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-09-22 12:03:26,876 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-09-22 12:03:26,876 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-09-22 12:03:26,876 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_847e7fa730864b9bba2a61f3c5be014dc1801a55e1', issue instant '2020-09-22T12:03:26.348Z', entityID 'https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml'
2020-09-22 12:03:26,876 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml' does not require AuthnRequests to be signed
2020-09-22 12:03:26,876 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-09-22 12:03:26,876 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-09-22 12:03:26,876 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-09-22 12:03:26,876 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-09-22 12:03:26,876 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-09-22 12:03:26,877 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:03:26,877 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-09-22 12:03:26,877 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-09-22 12:03:26,877 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-09-22 12:03:26,877 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-09-22 12:03:26,877 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://api-gateway.dev.smartlook.com/auth/sso/v1/saml2-acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-09-22 12:03:26,877 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-09-22 12:03:26,877 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-09-22 12:03:26,877 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:03:26,878 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-09-22 12:03:26,878 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-09-22 12:03:26,878 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-09-22 12:03:26,878 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-09-22 12:03:26,878 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-09-22 12:03:26,878 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml
2020-09-22 12:03:26,878 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-09-22 12:03:26,878 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-09-22 12:03:26,878 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-09-22 12:03:26,878 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-09-22 12:03:26,881 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-09-22 12:03:26,882 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-09-22T12:03:26.882Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-09-22 12:03:26,882 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-09-22 12:03:26,882 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-09-22 12:03:26,883 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 5a026bad3ec21d292fb2d4eec979221fc11c1891ab06003f52d8c7274894efe7
2020-09-22 12:03:26,883 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 5a026bad3ec21d292fb2d4eec979221fc11c1891ab06003f52d8c7274894efe7 to 2020-09-22T13:03:26.883Z
2020-09-22 12:03:26,883 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: No active authentication results, SSO will not be possible
2020-09-22 12:03:26,883 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-09-22 12:03:26,884 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-09-22 12:03:26,884 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:03:26,884 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-09-22 12:03:26,884 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-09-22 12:03:26,884 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-09-22 12:03:26,884 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-09-22 12:03:27,075 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'Smartlook'
2020-09-22 12:03:27,076 - WARN [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No height available for https://content.smartlook.cloud/logo_transparent_160_26@3x.png assuming a fit
2020-09-22 12:03:27,076 - WARN [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No width available for https://content.smartlook.cloud/logo_transparent_160_26@3x.png assuming a fit
2020-09-22 12:03:27,076 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning logo from UIInfo, 'en' (null x null) : https://content.smartlook.cloud/logo_transparent_160_26@3x.png
2020-09-22 12:03:27,076 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Acceptable Scheme 'https', returning value 'https://content.smartlook.cloud/logo_transparent_160_26@3x.png'
2020-09-22 12:03:33,987 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-09-22 12:03:33,987 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2020-09-22 12:03:33,987 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-09-22 12:03:33,987 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@397813688::identifier=rick, context=org.apache.velocity.VelocityContext@5575ded0]
2020-09-22 12:03:33,988 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@397813688::identifier=rick, context=org.apache.velocity.VelocityContext@5575ded0]
2020-09-22 12:03:33,990 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-09-22 12:03:33,990 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-09-22 12:03:33,990 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-09-22 12:03:33,990 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-09-22 12:03:33,990 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-09-22 12:03:33,990 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-09-22 12:03:33,991 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-09-22 12:03:33,991 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-09-22 12:03:33,991 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2020-09-22 12:03:33,991 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-09-22 12:03:33,991 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-09-22 12:03:33,991 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-09-22 12:03:33,991 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-09-22 12:03:33,991 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-09-22 12:03:33,991 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-09-22 12:03:33,991 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-09-22 12:03:33,991 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-09-22 12:03:33,992 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:03:33,992 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-09-22 12:03:33,992 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@8823042'
2020-09-22 12:03:33,992 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:03:33,992 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml'
2020-09-22 12:03:33,992 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@49c598fd' with context 'intercept/attribute-release' and key 'rick:https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml'
2020-09-22 12:03:33,993 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1631792889139' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-09-22 12:03:33,993 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:03:33,993 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-09-22 12:03:33,993 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-09-22 12:03:33,993 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-09-22 12:03:33,993 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-09-22 12:03:33,993 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@8823042'
2020-09-22 12:03:33,993 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:03:33,993 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-09-22 12:03:33,994 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-09-22 12:03:33,995 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-09-22 12:03:33,995 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _75f83db68243e1112ac6debc5ed24b98
2020-09-22 12:03:33,995 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _75f83db68243e1112ac6debc5ed24b98 to Response _9b5c36c4d463728a4c797714a8403734
2020-09-22 12:03:33,995 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _75f83db68243e1112ac6debc5ed24b98
2020-09-22 12:03:33,996 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-09-22 12:03:33,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2020-09-22 12:03:33,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-09-22 12:03:33,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-09-22 12:03:33,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-09-22 12:03:33,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-09-22 12:03:33,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-09-22 12:03:33,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-09-22 12:03:33,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-09-22 12:03:33,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2020-09-22 12:03:33,997 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-09-22 12:03:33,997 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxrWNKsiqJaTmYTrkixryttEDJDES5+KKfCkQ5xOHaUfrrmz9emcC0MTGfKT5JX00lq0sZBkG/NrrkKPFh+v+9Zqk9EcHJq5uOsMFKnIsHCfdAZsIzvXbbmRB7McHCYn8NpwldGyPl88G92DPefbqLrtjSfbxtIVwKxwjgxj9n with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _847e7fa730864b9bba2a61f3c5be014dc1801a55e1
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://api-gateway.dev.smartlook.com/auth/sso/v1/saml2-acs
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _75f83db68243e1112ac6debc5ed24b98
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _75f83db68243e1112ac6debc5ed24b98 did not already contain Conditions, one was added
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-09-22T12:08:33.993Z, to Assertion _75f83db68243e1112ac6debc5ed24b98
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _75f83db68243e1112ac6debc5ed24b98 already contained Conditions, nothing was done
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _75f83db68243e1112ac6debc5ed24b98 already contained Conditions, nothing was done
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml as an Audience of the AudienceRestriction
2020-09-22 12:03:33,997 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _75f83db68243e1112ac6debc5ed24b98
2020-09-22 12:03:33,998 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml to existing session 5a026bad3ec21d292fb2d4eec979221fc11c1891ab06003f52d8c7274894efe7
2020-09-22 12:03:33,998 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml in session 5a026bad3ec21d292fb2d4eec979221fc11c1891ab06003f52d8c7274894efe7
2020-09-22 12:03:33,998 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-09-22 12:03:33,999 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml in session 5a026bad3ec21d292fb2d4eec979221fc11c1891ab06003f52d8c7274894efe7
2020-09-22 12:03:33,999 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-09-22 12:03:33,999 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 5a026bad3ec21d292fb2d4eec979221fc11c1891ab06003f52d8c7274894efe7: replaced old SPSession for service https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml
2020-09-22 12:03:33,999 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml and key AAdzZWNyZXQxgzaPD1FZvzUTZrnXIO3SscJ64t2ZkMmVoEY5AMPJedvjmYyUl2uFzUQwYa57rKFh6uBIxEXiv6cv4dFIxtp3uKfF3OnUnL28DF1Bnck1rO7T1AKcLdrrG1XFXXpK1aJGYff1p0Ot1TGTDS7pjdEw+WXcH8yd6hYLOY+n1uGb
2020-09-22 12:03:33,999 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml and key AAdzZWNyZXQxrWNKsiqJaTmYTrkixryttEDJDES5+KKfCkQ5xOHaUfrrmz9emcC0MTGfKT5JX00lq0sZBkG/NrrkKPFh+v+9Zqk9EcHJq5uOsMFKnIsHCfdAZsIzvXbbmRB7McHCYn8NpwldGyPl88G92DPefbqLrtjSfbxtIVwKxwjgxj9n
2020-09-22 12:03:33,999 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml was replaced
2020-09-22 12:03:33,999 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-09-22 12:03:33,999 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-09-22 12:03:33,999 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-09-22 12:03:34,000 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_9b5c36c4d463728a4c797714a8403734"
    InResponseTo="_847e7fa730864b9bba2a61f3c5be014dc1801a55e1"
    IssueInstant="2020-09-22T12:03:33.993Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_75f83db68243e1112ac6debc5ed24b98"
        IssueInstant="2020-09-22T12:03:33.993Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxrWNKsiqJaTmYTrkixryttEDJDES5+KKfCkQ5xOHaUfrrmz9emcC0MTGfKT5JX00lq0sZBkG/NrrkKPFh+v+9Zqk9EcHJq5uOsMFKnIsHCfdAZsIzvXbbmRB7McHCYn8NpwldGyPl88G92DPefbqLrtjSfbxtIVwKxwjgxj9n</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_847e7fa730864b9bba2a61f3c5be014dc1801a55e1"
                    NotOnOrAfter="2020-09-22T12:08:33.997Z" Recipient="https://api-gateway.dev.smartlook.com/auth/sso/v1/saml2-acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-09-22T12:03:33.993Z" NotOnOrAfter="2020-09-22T12:08:33.993Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-09-22T12:03:33.990Z" SessionIndex="_6122d7308241321655235d547f04e1af">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-09-22 12:03:34,001 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://api-gateway.dev.smartlook.com/auth/sso/v1/saml2-acs
2020-09-22 12:03:34,001 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://api-gateway.dev.smartlook.com/auth/sso/v1/saml2-acs
2020-09-22 12:03:34,002 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9b5c36c4d463728a4c797714a8403734"
2020-09-22 12:03:34,002 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9b5c36c4d463728a4c797714a8403734 and Element was [saml2p:Response: null]
2020-09-22 12:03:34,002 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9b5c36c4d463728a4c797714a8403734"
2020-09-22 12:03:34,002 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9b5c36c4d463728a4c797714a8403734 and Element was [saml2p:Response: null]
2020-09-22 12:03:34,003 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-09-22 12:03:34,003 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://api-gateway.dev.smartlook.com/auth/sso/v1/saml2-acs' with encoded value 'https&#x3a;&#x2f;&#x2f;api-gateway.dev.smartlook.com&#x2f;auth&#x2f;sso&#x2f;v1&#x2f;saml2-acs'
2020-09-22 12:03:34,003 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-09-22 12:03:34,005 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://api-gateway.dev.smartlook.com/auth/sso/v1/saml2-acs"
    ID="_9b5c36c4d463728a4c797714a8403734"
    InResponseTo="_847e7fa730864b9bba2a61f3c5be014dc1801a55e1"
    IssueInstant="2020-09-22T12:03:33.993Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_9b5c36c4d463728a4c797714a8403734">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>2/5ugn6rOOHhv7EVwom/jSyia+RU8nmwkkY/jprLAvE=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>mrzMrU2RVP7ywsiXMet2I/JiliE1Rf4QKzbR2XIPVjfH2WnkA7KiLGopDoKVGjKQu81dHpGRpJp9s2E4KCdbcyZNj1ifThy6USksqcVUKSGLG58nrqbogfih+e2VsIFLcWak9qHRrMIdblWxmiA6GX8f7vHGHVGxKAzxltySB6lGeeXvVsbQwPJmlLmilCMfAd91MOBFwjJ1+VRmzHE+39AUOv/IfWchDCY4Pzpbby8S7EWizRbZLXjKjs4hfyknV3A5TfFyueoKQ4K0oFNn6I+nyeYBuvTpCO6Lct2bqCpu0HA3SjpNWxm7N0arVvp66ZK+Bfzd8mlItdctmtPp4w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_eedc3efec441e9469e8da2c24e92e273"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_1bbf7ddd38f09c68adf0ced76f5fb7fa"
                    Recipient="https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIC+zCCAeOgAwIBAgIUdt7TAW8iuKXoYYg41+Ot7+7lMK0wDQYJKoZIhvcNAQELBQAwDTELMAkG
A1UEBhMCQ1owHhcNMjAwOTA5MTUwNDE0WhcNMjAxMDA5MTUwNDE0WjANMQswCQYDVQQGEwJDWjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALh8XIvE5iyEgPzEPuUCYKfQSh9kWrFxS+Kt
IJE9WjBicHDMZNA+GSS7A+wLiSBS87yGyxktVdYsZJI3lsAeUWtWiwTgKXgwqwwF3SOf89yMpnMz
WKUaxEKOHXo76oEHOra+zrk/W4b3hlFvMMSsOaUFLGC+58MLsp25jNM2FOxFTOrw2/Q2zOI1yqde
7rgTZQmLpcmOwLgfcC4NYaIBgQ20o3C+kBOpZpO64OMb+3DJshiBa4zcKzDkDNuBebTY7kxy4rTf
cymZiuw65DEFfl/CR3aXC+Z8qkjk0b7YHjquK1xmBC7nTsjLMaZ+wRNZWrlSOgE/SdA2fb2O73z4
RE8CAwEAAaNTMFEwHQYDVR0OBBYEFOAy6da3eHy34zG4rvhWtiK5yxp9MB8GA1UdIwQYMBaAFOAy
6da3eHy34zG4rvhWtiK5yxp9MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACj5
mg54pZwHGQu1EqputJC+mgTMsqrK0chWxcxvzYqpVJbcTVTl+YBffDAzdL8mSeJRLQwL7nWXOgAb
rXqiz6Qe9qWCYN+VokxCHIJ+QqHZCMHPLwEvAWNdILrFeaERweXPkenUROwg6ed7/su22l0IqKH3
AO6Uhqwmutcrau7+3LQt/blZYywAYDb3MFvtme+clg8ID0hgfBg4y2M3IOKe8RNKlVgc+c/Gq3L/
Pi+q3odUAnEgMuABLTErcgrWytffRQZdmXf9L/qV0GvVHdbCa0i99BiaAJs+Z6AvLzf1/WsZvuip
jiDvEvsoLqNC4nrWNkE+9vpy03tPE3fb+X4=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>XdPsjkrty/lNmlHZZXs9QSvjT7kqS4YKEDs7NfKasLxuNILaeSVuZw6UQYaeI/Ayhq2HCMjd7ZrlR3SmOguo8OO3Tmn2c3vwVLs/oS4giva5faStZnKOl+pve31DnB9EEAg6hU4mkKO7QbAWUtFwW5HX9EevX2UI2rcr5wP6N/eSseDinPH16nEAWaSdFSee1Q0vvINrRhCAhESFdglBpFn1MOcov0Wgv1sYlzmHwfGQBLzjt+sKklMnMmqCZBlvQ7pJUa/Fb28kr2mhv030FNrrlojKRh82Q4eYlQa5JVOpDOQ/8nE2BDvPtM3YLqtYv9vMxDMErRBWk9WPbiFTFQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>G6AF2lL4tp8S5xKlnwLFEZPNvP13Y/8ti1ASZm/E21lcZs2jb6TpSvfWOuKMcCLWE50kX549FY/svIZESZLm556oBb4v1rtAl3DgDhsW0HEeHZjqgtmDBPBgwT9E0HWalHu6mfd/lEDbxfRp7GwLW5HHf/Fp2tEr3mB77H42WQeTPuaEhU6O5JoHETa63cURQVjaUHgMpuAFm257qmy1a16TENaxF2nT7gouUcQdJv7MOZbz9TpqIF8KYY+r4G1q749hbFYJsa0CG/MF7Zz46JTLFrJBoo+VuafRpGvVNgjCBZNOStDhAt9sgb6bhNEdMh0sDAg9F23bqSTbbqQeNAMD55GIvi4U73zq6oFFx85tSHzuEzvQwbF/PQK6QTBShOnYsa/Vsryndxu4l6Hy6l9Ez+53fBAmxl6LaHYa3BmqUlZ0AL/kBMqecXFhZXZnUOm5+1AzGWRJAKdX2+BmSCAYvUKmYcIx+3uOWVci00kkgU7wVZeEWbwgRMh6nxU55U7D9BGl6DaI/CcBuz8LAqgjwfIqnJov3tyOtG87BqbVN+fvGNLOC5tOrwkqFcgGv0WSG1T9xOVA8LUSLTMgGtC12pu1O6VPWWcodqlr6T3k1urFFgwdkvxwd+NrPSin92mce7+HV6oOiKwyvoi/orfZC52wuV8Aw9Sai6JzfBSFkALtqX1DsjoCCCiCKI8a31zbHuEnFO460iL7rlHaDY9byTamYPE5MLsz/7IkknKMmsxYl/mcOsZ+TIBc5bHSGtUTy3f3RkWfRMcUO5Z5n6XyiLEL3v+DlqyvmcK/twlaEE3sn8jgqmhbp0uP3rcsqvSIpajBX7cR9x8TopyYaQHa1LXCpyoKeaGCWcmjjkGY/bHiotcyJRuGKkk2v809CPPRB3EG1UpEnQ6R/YEXqTMCWYPJ8yWadxXfXcvSDcgMDdEduoIZZzEF76c7rXuI8DTzaU7ajg4o9A5sFjZhH06I3GA0GgigeSm3e1Y3x6/E7CInBZP8s/FxgXF4l8QY6S713hAdzKEgDkhD0fM+F5rmGwlsZA0A1pxaFJayXPnGNCF0NUr9uarEhS8HWtDoo91PoHo2fNfY6uhjXqGcBt8DvBNrATjJ/WMNvU93OqT3m6hSIKoGybn4AzGQfZfT1IzGlfhMdwy3VpoEN41SRtedkz9Uzf6JG7uu+GTkDhWGvjikF2pu3eRGs1hq8i6zuaYJduLAnpX7hmsWJbnpjanFrK8BH81hexxOIea6w4oxxRn51niVZTCeTgjv0FHm2cZ9PBj/1wvePcRc2eQ1IVSrTqiCz4/CQB1YiM7l153JQ+FYhS/DmPL95muN1ciu67MeNXw/Ay10EzEaynfr+hTlON4/OXIIbe7xDFK69jzhdqcJEwXm5XzziAUDBFhDCLtBRVwhYuYM3BelHi5YgAy3Vsz0KI904JOrV5xYwEF5JMnXP4OzpIMP7sd8JFe6o5s5PSUhGrtluDO8bxCCOwBtTHa1nYU/POMzhNHbKbGD3hQkjLu0hmuoHFaJisl8oYXE60+hXApMiKflJtHEXPo95MZCWar6f5fqtLL8cEWUHKzqw1wwtl+VWViayUQ+Oheg5dKBgiU5Cs89zvd3sAmiMS+40KyD2eiTt2Y0gKAym0EpLN4mpTtJQ13+4kr8ohu6wmT3ELLZWJqn1rV4kElyc+P1j2PPztC4gDiG62Q8m4Dc5xzKbXJRcIgTNjywJTg7zBc5U2a7JvKyyXXesDbjd7pMbyJedjjNAFyAOeib9fWj1bHMTpVgOXOqOCrMGUeUG5y8PqjNsg8FKyu1PQhvAfGuKGccYOQRXuJRhqFewJP4Xg1ZV5e6GPvc9u5545Yt2olu2x+YeCdRP3TY0Yp85OGx9zWcAlQGYEtfdJ9zab6EUS6hW93skYa2pvgubh2rKOwQTaErty19YLmYhnsmiMCZcYMDYN7RfWOZENab57RPNSpSoSbiTS7SDvumru+2E3sgILyXRc++NCnPzCRiNnlMkVHByW4qKNyg+RDgwDwc8wSy1nVNcI/JKHSXl+erOyIR9fTRiTZ975WX2zjREm28ks2fogZr0voE2/mE8+a/TA8SBusqG/Ybs/iPvB6XFSkXwB5E3jVY+pdWcw5XfifbFrCtZ4cxUDBF1zikTMeuPLxI/JWCVo3wBvG2ddTxErJMfmyCgOCGaRshJzo7wqIfXeKhoMdZb1zn9ApXVlFyDXbcaM8A0WQ9Pe9UCIp3QPTdOhH5S43hR3yVobehQouJLxmsF4C2bbkKkP+E0hG9Iq10KDbOt2wp9yoApzUJSNw7rPdNV7wNyZipuz06c+SFqvRJCo4OhnHds/JDmIFu3oyR1FyQqpZFEtfKS+MWMbmcwzKWjAJSTvZ+joWqAiw595JKzTrbAYRJicYjTsl0zg8pJampuSl3v5IrBzsigjbUb55iVc46qmQu9T+9yCRGqvhqFE+mQtMfpnSyThMbH4ZPlaow5fYw69Rp/I7RT6rqCAX6Sr4moBm5klqS678cR7RTi5ECHGlCnsVotfX2dCdc8zrjZ6Tr3WgbmCc2TFmg3gfDjnhujfMX/VpBYY2yCCe1lVZyKe0UgDs2jGMq7FoeNKdggHC4rPsyE9waMOOMxE/VnnOypXexIY4Wck+uq50quUU5/0OaUh1l7Thnie0nk8zODIHzWRumCqrvHm4a7xg8v5B6jV5ZlcH0rcS5Szj1XO1GLJpBpsU56ba0g/SL8Nnog61AfkUZ+Vbpari8ldUDD8Ju30HAw5ee7/D4av95R8bg02QiW6eLGEAda8QtphztVUcptms4B+sLSb3AyE3p3FfhtZrKQxipMQKnR7LNc2H+Qj7SO9L3CVGq+p9r1BlNB/oIhMUiyssp27CCj2lsNUGzCqRQD8pW1/lutruGBQ4jq5tbujV4nGvZSS76HD/BkzvBvNeUKZjeJhn0qpoNHzwrXI+i/wXMILBvYimRgyDkrfVVM84aV2PUNpVXs7+WDuezFGeWb+f2lvqch+0RJagxwlrY2NH3V9H6A3vIZFjnLMaNKkIoEgivDuoeFrofEfdFkzOyRq06SUgqZSV0ni02xlIl5p4PUFxYd3o90XU2MsZG4w8HVQJSwezIpyv4hPEXrEw6ssSjxowXVQ8JRcMygWb47ndEptukQcwqI81dIaiJrW2FR3s2X8IbXfqvdy92M64vLCpEj6igf7g7p4E4uAY8lnaEfQN5jvvGy3XfYndzXRFQ9jCvOgoZvuQm2GFOmG9uJ1l7qRBWkpyVFako8O9NJaHhbMP0q6t+jwyNWsLAwjErkjc0Mgl1gyFgIj64VWt6sQ7B9TPzKdpepJAviQEh6AdwFYLAAJ0tqaA0w7RX7yLAThD9vQFvEV+mNsnd8K47Z8RQTZ2grX/ULhS6jNFYArsHzz0BgPep1MGtoagg0+jS5yZpJy1FX9ZURZRqrRRp/dE++zY+rYt15raXl1FGRS7jObsk6QVtNW7sEuU/FXNgiHKavcojwZCBB9ErIRcwaCxI63K++6ugt3/3PCUTo9KFBHdC8jC4iX/7SdV7CXRwnZpOeDgy/GV549FL/z6kA916sZDUfvWM9mMqHKYpacXoxLDY35bPJasgu2RN0ExkaexW0Jj5l56n8T+gEM9Bs6hnDUY5azAD10KaQJJUNIvHTU4lIaNtO9mFMTj1HjSNeOJERaxBWym0htbdJMWx8lDjv32PV9gpFza1xtVmBDKj9lCKItZv2EZ/ocsmz8dVTBUVqUYcbseuAFz3phSL+MeGhqM2v+W3dkrA69vYjcuYUZZefR8C0zt+FOgsPKHb4VBeZazdGohGhMYGhxMwfyAxRThQcHQ3nDBKOjJg1tbsF3i/X33GwdnmE3Xp2ibGOIY6c3vr0lwvshl7Bgc9UxlIC4Kauz5wdHllRC5ckPRtLhGu7pIG/CxCPbdsXTjRhj6+2HeJ+O494gJT5WkD9jUv7ZPw+5NOAfp35T4sGqHgzbUwNmpaVuRtYzEZyLSIyFajNPZIs8PrHge563u0KLJEurkmjP/FbOhct9s02bmCu8c8bXLD8mXwIzHV8Fkw+250S08aS8qoGbh+YV6kAX/Vj0Jt5Z4Cc/dYjpALib0k6XKXU4mos/8SK3XAiIfzsNptI/cC52Pzv/GTVFjjsoHke6xo/hVs8+WEJRsdpKE5R17TcKjqoZk4sXsyaVGsAdOlBOjQ4QyV6wKfmLb2oAaAHoQOYsyXhyX1GCdh8kUAyJcfsiJndVRlTkx5HwaVNylcROQQtitkdWLcbFAGwj1CEHFJTXPfZpoDLCw5WHwwmh0HaaAaIxFmNijkOPlBcBae+dAzkVq6e8EPV8Hd9nv5ckFbP2w4xGIQ/F95rhjZ3ygTxw57a4461ZpCI0tGRpn63kpGEvaf2+ovqDdtvD3FzN1PAMScauoO6ucErU8WCamCs0friWvq3/4bFPvLPwZWt6tMksy55TRKTEi7vjU3p1KKfeVgfYKUcDkFw5ys63FbL5Z07JA6jIQ2lzqmsuxTAWtFTiazM7pnxDbQxwSr3Gvs2ovaPX33u6vycuAUcOfepqmMEYLA4qUa5X41Dan4BiF8rQrLu1tkTabrkJoWYXgGkl8hFJckV2n2s/rad3HOOrdjymV5sB0AtONM1gN0U9hPocNuvi03XIIgK88Xw7i2SOCzW3b2JtA+DdYcmEG1wPXlzUXteKh+IhLXax4SJYwiNkvQyjBu5VWp6ys18ju6mHlmzkw8KgwdQJwJ01WwY5zZnql5rB/s0FOWeLGP0aFtnhJ8aGjKJc5yFwNEpQxhel4NafuKsG+QxvCCDko7rYGVVGk/H31AaniIYXWWQS2vFa/inCX8V5QSdsaQMMzRi+6tHz8gMrBJdcwM4aVochBWJ9tAOJavnkpUgxHnDw9jMmyG246SUnkSu1YtOHiZNw6oIHK7ngyHOdIf82KDKjZd20VMcnkTv9MTyr50adzykU+lbxmymIfAnLGnCNv+rVGheewLdWo2GMAj6xd74bo0BmWz/YgOBbZC2QGPOYX2eFxKjryOlPPEDlyJdPG/yJHpEfb3hcIeEE4hsqiYoaYRO4Cnod0Aijc/rwuDEF26SIXG53VV58aSEIS6Uh22rb7BbtbqtXNdnCiGjAtggeW9SYkLBzD68ivsmtg70nZO/xAT0wjmbXH3oNQFmguhNt6EHh0o/zT91Lkps9BTfXPLgLrmb2ZMPlpSM2AIY1CwkiuPLks0a/bRlVqukD523KnI1ahxFMO6YQ==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-09-22 12:03:34,005 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-09-22 12:03:34,005 - INFO [Shibboleth-Audit.SSO:?] - 20200922T120334Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_847e7fa730864b9bba2a61f3c5be014dc1801a55e1|https://api-gateway.dev.smartlook.com/auth/sso/metadata.xml|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_9b5c36c4d463728a4c797714a8403734|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxrWNKsiqJaTmYTrkixryttEDJDES5+KKfCkQ5xOHaUfrrmz9emcC0MTGfKT5JX00lq0sZBkG/NrrkKPFh+v+9Zqk9EcHJq5uOsMFKnIsHCfdAZsIzvXbbmRB7McHCYn8NpwldGyPl88G92DPefbqLrtjSfbxtIVwKxwjgxj9n|_75f83db68243e1112ac6debc5ed24b98|
2020-09-22 12:04:25,212 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1600776264_cb2a
2020-09-22 12:04:25,212 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-09-22 12:04:25,212 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-09-22 12:04:25,213 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_938e1941ab45376b3896c19317c14163"
    IssueInstant="2020-09-22T12:04:24Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://services-sandbox.sheerid.com/Shibboleth/UK</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-09-22 12:04:25,218 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK' from origin source
2020-09-22 12:04:25,218 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-09-22 12:04:25,218 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-09-22 12:04:25,218 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-09-22 12:04:25,218 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-09-22 12:04:25,218 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-09-22 12:04:25,218 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-09-22 12:04:25,218 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-09-22 12:04:25,218 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://services-sandbox.sheerid.com/Shibboleth/UK
2020-09-22 12:04:25,219 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:04:25,219 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-09-22 12:04:25,219 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-09-22 12:04:25,219 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-09-22 12:04:25,219 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-09-22 12:04:25,219 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_938e1941ab45376b3896c19317c14163', issue instant '2020-09-22T12:04:24.000Z', entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:04:25,220 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://services-sandbox.sheerid.com/Shibboleth/UK' does not require AuthnRequests to be signed
2020-09-22 12:04:25,220 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-09-22 12:04:25,220 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-09-22 12:04:25,220 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-09-22 12:04:25,220 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-09-22 12:04:25,220 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-09-22 12:04:25,220 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:04:25,221 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-09-22 12:04:25,221 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-09-22 12:04:25,221 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-09-22 12:04:25,221 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-09-22 12:04:25,221 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-09-22 12:04:25,221 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-09-22 12:04:25,221 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-09-22 12:04:25,221 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-09-22 12:04:25,221 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-09-22 12:04:25,221 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-09-22 12:04:25,222 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-09-22 12:04:25,222 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-09-22 12:04:25,222 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-09-22 12:04:25,222 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-09-22 12:04:25,222 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-09-22 12:04:25,222 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://services-sandbox.sheerid.com/Shibboleth/UK
2020-09-22 12:04:25,222 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-09-22 12:04:25,222 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2020-09-22 12:04:25,222 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2020-09-22 12:04:25,222 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-09-22 12:04:25,225 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-09-22 12:04:25,226 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-09-22T12:04:25.226Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-09-22 12:04:25,226 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-09-22 12:04:25,226 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-09-22 12:04:25,226 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-09-22 12:04:25,227 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-09-22 12:04:25,227 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2020-09-22 12:04:25,227 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-09-22 12:04:25,227 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:04:25,227 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-09-22 12:04:25,227 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2020-09-22 12:04:25,227 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-09-22 12:04:25,227 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-09-22 12:04:25,391 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2020-09-22 12:04:25,391 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-09-22 12:04:25,391 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2020-09-22 12:04:29,072 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2020-09-22 12:04:29,072 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2020-09-22 12:04:29,072 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@152930365::identifier=morty, context=org.apache.velocity.VelocityContext@3606689d]
2020-09-22 12:04:29,073 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@152930365::identifier=morty, context=org.apache.velocity.VelocityContext@3606689d]
2020-09-22 12:04:29,082 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2020-09-22 12:04:29,082 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-09-22 12:04:29,082 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-09-22 12:04:29,082 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2020-09-22 12:04:29,082 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2020-09-22 12:04:29,082 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-09-22 12:04:29,082 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2020-09-22 12:04:29,082 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session a893395f30072112a9ef38e08cf15f806b1016f40eeb928dd09ab9b6ad6550c6 for principal morty
2020-09-22 12:04:29,082 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session a893395f30072112a9ef38e08cf15f806b1016f40eeb928dd09ab9b6ad6550c6
2020-09-22 12:04:29,083 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2020-09-22 12:04:29,084 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2020-09-22 12:04:29,084 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2020-09-22 12:04:29,084 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-09-22 12:04:29,084 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-09-22 12:04:29,084 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-09-22 12:04:29,084 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-09-22 12:04:29,084 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-09-22 12:04:29,084 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-09-22 12:04:29,084 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-09-22 12:04:29,084 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-09-22 12:04:29,085 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:04:29,085 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-09-22 12:04:29,085 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1b7311c'
2020-09-22 12:04:29,085 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:04:29,085 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:04:29,085 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:04:29,085 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:04:29,085 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:04:29,085 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2020-09-22 12:04:29,085 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2020-09-22 12:04:29,086 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-09-22 12:04:29,086 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-09-22 12:04:29,249 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2020-09-22 12:04:29,250 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2020-09-22 12:04:29,250 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-09-22 12:04:29,250 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-09-22 12:04:29,250 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-09-22 12:04:29,250 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, SheerID, Inc.
2020-09-22 12:04:30,029 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-09-22 12:04:30,029 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-09-22 12:04:30,030 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200922T120430Z|https://services-sandbox.sheerid.com/Shibboleth/UK|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2020-09-22 12:04:30,030 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-09-22 12:04:30,030 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:04:30,030 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2020-09-22 12:04:30,030 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-09-22 12:04:30,030 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://services-sandbox.sheerid.com/Shibboleth/UK, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1632312270030}'
2020-09-22 12:04:30,030 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2020-09-22 12:04:30,030 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-09-22 12:04:30,030 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2020-09-22 12:04:30,030 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2020-09-22 12:04:30,030 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://services-sandbox.sheerid.com/Shibboleth/UK]' as '["morty:https://services-sandbox.sheerid.com/Shibboleth/UK"]'
2020-09-22 12:04:30,030 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1b7311c'
2020-09-22 12:04:30,030 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-09-22 12:04:30,030 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-09-22 12:04:30,031 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-09-22 12:04:30,032 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-09-22 12:04:30,032 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _b155d5a2c01b357ec1d6b0d73d446020
2020-09-22 12:04:30,032 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _b155d5a2c01b357ec1d6b0d73d446020 to Response _bec80b7b6022cc192484eeef477a5086
2020-09-22 12:04:30,032 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _b155d5a2c01b357ec1d6b0d73d446020
2020-09-22 12:04:30,032 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-09-22 12:04:30,032 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2020-09-22 12:04:30,032 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2020-09-22 12:04:30,032 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2020-09-22 12:04:30,032 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2020-09-22 12:04:30,032 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2020-09-22 12:04:30,032 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2020-09-22 12:04:30,032 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2020-09-22 12:04:30,032 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2020-09-22 12:04:30,032 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2020-09-22 12:04:30,033 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-09-22 12:04:30,033 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxHJbGKSTtWSHYFRIPA0LryVLWdTKWmj0WOtHUlAwf+HlobbqEk9zRni+k1FYXgvlEoMemwi+RQhJTDRhFRMhLAQdA5zo3A+IMUBYDSUscQqcLEqL2gXxkmEsXpWwlmO/YWBXbdii2SaILR6hwn/x+xlo0FB5CJw== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _938e1941ab45376b3896c19317c14163
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-09-22 12:04:30,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-09-22 12:04:30,034 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-09-22 12:04:30,034 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _b155d5a2c01b357ec1d6b0d73d446020
2020-09-22 12:04:30,034 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _b155d5a2c01b357ec1d6b0d73d446020 did not already contain Conditions, one was added
2020-09-22 12:04:30,034 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-09-22 12:04:30,034 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-09-22T12:09:30.030Z, to Assertion _b155d5a2c01b357ec1d6b0d73d446020
2020-09-22 12:04:30,034 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _b155d5a2c01b357ec1d6b0d73d446020 already contained Conditions, nothing was done
2020-09-22 12:04:30,034 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-09-22 12:04:30,034 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _b155d5a2c01b357ec1d6b0d73d446020 already contained Conditions, nothing was done
2020-09-22 12:04:30,034 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-09-22 12:04:30,034 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://services-sandbox.sheerid.com/Shibboleth/UK as an Audience of the AudienceRestriction
2020-09-22 12:04:30,034 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _b155d5a2c01b357ec1d6b0d73d446020
2020-09-22 12:04:30,035 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://services-sandbox.sheerid.com/Shibboleth/UK to existing session a893395f30072112a9ef38e08cf15f806b1016f40eeb928dd09ab9b6ad6550c6
2020-09-22 12:04:30,035 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://services-sandbox.sheerid.com/Shibboleth/UK in session a893395f30072112a9ef38e08cf15f806b1016f40eeb928dd09ab9b6ad6550c6
2020-09-22 12:04:30,035 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-09-22 12:04:30,035 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://services-sandbox.sheerid.com/Shibboleth/UK and key AAdzZWNyZXQxHJbGKSTtWSHYFRIPA0LryVLWdTKWmj0WOtHUlAwf+HlobbqEk9zRni+k1FYXgvlEoMemwi+RQhJTDRhFRMhLAQdA5zo3A+IMUBYDSUscQqcLEqL2gXxkmEsXpWwlmO/YWBXbdii2SaILR6hwn/x+xlo0FB5CJw==
2020-09-22 12:04:30,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-09-22 12:04:30,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-09-22 12:04:30,035 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-09-22 12:04:30,036 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_bec80b7b6022cc192484eeef477a5086"
    InResponseTo="_938e1941ab45376b3896c19317c14163"
    IssueInstant="2020-09-22T12:04:30.030Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_b155d5a2c01b357ec1d6b0d73d446020"
        IssueInstant="2020-09-22T12:04:30.030Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxHJbGKSTtWSHYFRIPA0LryVLWdTKWmj0WOtHUlAwf+HlobbqEk9zRni+k1FYXgvlEoMemwi+RQhJTDRhFRMhLAQdA5zo3A+IMUBYDSUscQqcLEqL2gXxkmEsXpWwlmO/YWBXbdii2SaILR6hwn/x+xlo0FB5CJw==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_938e1941ab45376b3896c19317c14163"
                    NotOnOrAfter="2020-09-22T12:09:30.033Z" Recipient="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-09-22T12:04:30.030Z" NotOnOrAfter="2020-09-22T12:09:30.030Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://services-sandbox.sheerid.com/Shibboleth/UK</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-09-22T12:04:29.082Z" SessionIndex="_1c975077ccae5c57606f106b12b195e2">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-09-22 12:04:30,038 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2020-09-22 12:04:30,038 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2020-09-22 12:04:30,038 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bec80b7b6022cc192484eeef477a5086"
2020-09-22 12:04:30,038 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bec80b7b6022cc192484eeef477a5086 and Element was [saml2p:Response: null]
2020-09-22 12:04:30,038 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bec80b7b6022cc192484eeef477a5086"
2020-09-22 12:04:30,038 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bec80b7b6022cc192484eeef477a5086 and Element was [saml2p:Response: null]
2020-09-22 12:04:30,040 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-09-22 12:04:30,040 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;services-sandbox.sheerid.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2020-09-22 12:04:30,040 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-09-22 12:04:30,040 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'cookie:1600776264_cb2a', encoded as 'cookie&#x3a;1600776264_cb2a'
2020-09-22 12:04:30,041 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    ID="_bec80b7b6022cc192484eeef477a5086"
    InResponseTo="_938e1941ab45376b3896c19317c14163"
    IssueInstant="2020-09-22T12:04:30.030Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_bec80b7b6022cc192484eeef477a5086">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>erpOWCAN7t9wPYp+gudzCvIRl8OoeeWS63pZkS+MHIK7dKt6OXlAx9S82PPw9iKyE2/JUox0mG0jFfCSeXqspw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>d6l3NIOLVSwJGc/U3gqpJ2WTMLWxbXhA6w/YeAJruK9mYYvBx+ZvO06LXZLa2rsnqkwUjWhP3XLkAem/XhHozC49IvyGri/ZvwQbIYYtC40Y/yqF2hj/zDl2gULNH63FWpYepfaMNe5m81cof0y2PbjWY5Sp9BBarcrrO8Zwa0jE/wgWdUHWXGYaFda3UOavwDWhkQdnu3VQZ5YpbfGgtv93LPm3A5ynXidS8ho5Nkw5QMl4u2WXKe6Y1QlnuFjSEkuj1GjARQQOgBe6z0E8XgEjOiXGMWuIUXP1/RBR6PZKVPUB9xdMwtQodx7lcKr/Lhz7bS02hYzHrPzS7h58fQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_7f756883f55ba324ca4c9bdbcb2580ed"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_5ac135bd9f4b1d95f5efa4750218d760"
                    Recipient="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDaTCCAlGgAwIBAgIJANNSqhQs7XD0MA0GCSqGSIb3DQEBBQUAMC8xLTArBgNVBAMTJGh0dHBz
Oi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTAeFw0xNjA4MDgxNzA4MTFaFw0yNjA4MDYx
NzA4MTFaMC8xLTArBgNVBAMTJGh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZUxCXQ9C05W39KdufUi1bOJ4VRIbGEqA7c
vy3SXvcADhTb4G5LN3mVC+PcviQFDhTd+oNCqwFOinx/kfQRrumSsIHIcN4h50Mw9xSBK6G9dG/j
A9y6BWKVpN8boOhcAmGdR0CQus0qBzKcJZKUBMLjvah1XNCLbE7At7Z8tl4mmFeYdqpLNedr57TG
xBL5dcP7nGEYsTs0xUSA7yR9bbm0HVYAccJoyCmG3L2vHeAeUa2jRFxSWLqBOYzTLqhE9osHabXI
sYQefmmxCdb6OONW1JwFBGvDSAWQT9IWgoS0AjDBDpxyzCKF6xrFkVQ4zh+yoJVqXLc+czmo7JMl
jokCAwEAAaOBhzCBhDBjBgNVHREEXDBagiRodHRwczovL3NlcnZpY2VzLXNhbmRib3guc2hlZXJp
ZC5jb22GMmh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbS9TaGliYm9sZXRoL1VL
MB0GA1UdDgQWBBQXZ3r0gtUr5tZZDwCX8vvufbyOQzANBgkqhkiG9w0BAQUFAAOCAQEAAs80tndG
r5u/k57rCoVuJWqNCBQtzqExuoMTtAICMHvmNCsBioy333vTgJrCm3z6dnlR8BEiyFsD43lOw15M
OnLqK/+QkuKis+8MruMJD2x+cZQgBcXbzHhebdtjMYAd1tGVmHyp6EoQ3+C8xnNORotJmJM3Wp+D
oztlycBFLrZXZW+VBhBEcZnF9wLXCYH4bYegJkk8ClMmlgUu7G9Vlextabe4xNOSBTV8j/CMnmEU
GpQ8vUAotwUO3TkcPEd9dAmzW7Ah4RvMHtLwPUdkNLk4/9zZPSnHdWFlnecZ56ESPTX8mN29Rotb
q3/LSmAnyGz1Q6LEVrHgUn3ud+34yw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>mr0b3is7tBmte5vfYnY+814HjNruhe0WdIjUEv1ccIC1MklzacrPBZtAZU49HrPkVaaVufgWQKmZkjTtiJcbUyaTsQNdBbMSRxx5ZtHc7qthl2+Ql4TjpLjD9mq/0+AjBkRKTwZxH6Ie1eMjBNvy6TnGlUqAy7QaenXS4m/ZKT2j75CDcWis9W1MrjBONPnCkPEblJIXQL+Z0OAJNIlnsnJ8xbmq+NxMrDjKP9GP4ftM8GUey8+jx4OwKe/3gbvXWGSR+FJUGeVvzCWzylnUhNzalzw8LvkTblPgQP2Qw5VoXxFbUXyZXkOTk/UCDe3vsC0gBbMAxArl7DuPChsW9Q==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>YJwOSLXDQgzs7Z7dF4NKKNnqV3ZqxgSUOu3XXVo5F78eb2M6cIJddIYo868i7Q/qje0eN0UhSADWDau/8iRk2wzzgqJ3Pe2g9ASVHbTA4tqJtpRaTFbIVNzKSME+1CN8sLsd0olPjA4bmRTnwXiWRD3Fvdu1PAghPxPAGFjFka1PEVvnvRuBogshtqBasPsQ2dm1q7o4yYT9sfuzfIJZP7Qp2HsGxg+GUarv3Dwe9/ZJZOigDAlC9UB2s27IkYvPDtmgzNzpbG/lbs/Ay6sHo5SAlnnuG9JuuB1D85VAldsB0nq+kCU6iw9Ct21Dcw2CCfXpjrx3VLQgrYyolR9AzVWJ6+WIDfEBqUIrDcXBzHkh0m40wO0qFDcDCdvFmca3rJeU9hE78RHT1iH//Ph5sQeF7/4FkzvfsRN9Ukd19iyAfYiGInDg5W3I3hlmdlTW+Yyw8X+96cF8+ziSdSmWO3KcwLKsP69lInN5RetVHKL5SCM2sPvYBGgokPa39TmQeMAxyGMMouMaq0orZOfBvtiXOfgdR58DYdfjCjS8IxSIpoBK4bCXdTDctBtGhRDL/nvscFtCL1uxvhTt8mIz9C1Qme7ya0I0P3Cf9C6+x0qG2vuKzv61AFJJzDAUWmFtAfh9PRPNyEX0/VAwxfcZPBkuLUVaGd/dVlVleNIoWvnA9cfY2Bz7OOo2aIcU7yFm1ZQXpX4P/TsY9B0E1XoNDsYwUYZwzxd4okfBvp89GqwBiJBDzcI7J46vRp91+TTIsMf03WOcJsss6IwdX4+cnAqzFtavkFSsARa1dV8Jr5sCohO24B7jN+cClBugguY5DVK2rsz+g8gw3fyrj/I5TfKaXDw+USi8oHRxUgEIJDU2ZU9UsTbyky4h5atZhbHZOsS3eUzxv1amSBYgoRi9wytRrCXLO0wKllYDyG4FHGzHzbKTgLxPIIU3imDL9YBYJ8Bg3xg/7jlSw6jajPvplDYmqqESiw4pvRFTUqZnSqtE6ZKAZ/0hZZHd12um6Dslx4Mag/5tr9c/ExpTQP9pKhXcVdM8e/ARXCbjfsPX+uh0YxnLHNWBS1eO3FrOXzlNnFPyceVddm/XctTNT+t4KR0z0otFY5jQ2szx+p3jawMdYXkTdpT57x7xVWIDChHS0KgmfK2dz6HViRw4cU5ug6Wweta/db9C54AxfN/uspsQtRkEIi8r6xPQr8ZAe00Gb2ssZXC9VY+gO4E2fDTi27I0J4faisGPNzJvIdiKK70Gk9JXFh4CmeriecV2qn1zHZeQZ5KIw+Hwhodm7TF6GUpP2K0HLxZROmdf7nFsFTOxev3S7d8uSIutdyQDhmnDYoxxJZiYnz2hMizLr9lTKsrLVpq/LOlSz7aMcwE2xReduKYZD0MTZqz+8+76FURb/TjHsrgblrjy3jGwCih6+xooksHm8hSdh1RxTe/mgbmsN4PiJHPy1AdeFjgUyxuN9r0AUskkh99yVp5q37RQ8z3VBINcHt4Aql0rXO9H0O7jDroEBzr1q/YzkIA2eJ+ZdGImkudE8LTowIImGxKPs7mxwbforzDrJK5jZd7enlCSu5LHWE+P4t/8TyxZAiwHElc+tO6S4fsTa+0Y5MKt7GtKRJK0LOR9BpaVBpyjJJE64FOdLGS7R4JWihslLGiQzxp1ki3cIp9D06qOeYpAglUzaCiRDIWwOw6TWj77zAMB7OrEZ27bLrIjq+5FP38fDua8jymlWmaNqs5a2zQglu+xi7UM44H1oAxfjPaWDVb7br1Jt8IrkvOBO0wH9tE0I8rvl9W/Wg0/avPen/dnvU7P3p/KwETb/JmjMXgi+BNsm9I9gL7UEKombGjVJWXHj8EkFLRhtkXYKNTOH33XKSHW1/nVLrSd9cYV5WCsfDYxdcVPiL+bUlhRPzR5cNO8XjFyEVgvJm1DkAp3EwFANSgpQ5lcENCW0/UGp1kHK90IFuOF4qP5wHR6KLwQsD4sNzq7LN7Dqu1L6IPrT7T1BPnR29XBfkiVXpa1zXpBmSGLdyorzDmHP3MOdujl9bANN7on8RnRuD0pRON9sBR5UVEcugUjBwxoFUYaHcP4nVIvkLNOVpbdV49kn4ytnXQUxiPvfMzfww5eauXCSOKZluQcZBt2lcxqf5VAWjIu1xOS3jGcGWUvsza++q5WLF0VZv+fNtbBssyamgLEAeiCq5/6nQbVRA6RwHzIy2f8YOYs0RNhb4SdxJF9LVjfupDRDmHdFCQbFOuPlAi6ARzmJ4Gy/T+qwNTSNbg3gNq0g8KVBJXgPvi9fSVt1a43rwSclJtbzlj1A2hx49DJVH/8aZRRp18g8txwusCUKlkEZ+r2l9JGHgqg5yzMuC7cEUu+w+tOPzuWnf2VX/TFPIzTzAWKZCuctXbPXaDssMoZUuRF91x32+I4ya/R38u0/6U2rUIqQCCac9ugECqMBl0Rf912Ban4UEDrdgOO31ChkOyaHHza9ikCu9yLAQ8kqCm9zBg/fXCe5uBf5FZdQChaZM75ABO7palyDjq5blvuy0t07teibGMX0tbS1E4dr5tgDIhuas5OHen7GQWlUxy9uUEvuSDHi2hhN7aRAIohT57RSFkujRFIGcfXUl3ctrrp78qSud/6gfVeDHuoslEr2VQWEd73/4+TWPLVbWWk0CtwU4STtqfNJLQ/R37EYtwWP2AbSRwo/bW2rn++lbTglRC12iXLKARCCb1dlqdi1NfCHaaRLeNLrqg310Bkd/0NCZoY7obAR+5xQLas//5n4FrZ10LzROQQNB8EgMn0GTXoRzJ7dfBOyk+TNpf2sBPQ+FKfs4kvRy60VmUngy7v0tGsO1FHuXaP4N5zXEWK4V43oN5aXdfJR9jOGqaA7XLr6re8akJHT6JcnPgUlV9Y1X9mLofZLnJJ7H6UQneugvMg6T00Gy04pRHysHtQNtMptIRsJj0UnZ4kcHWkRcMk5xWdf4pY/sW+F9indjkkhoPhSVxmlp9rwW4tqdfB2mP9deYegq1J2DKoAftGTCTeVABSr4XWITkZOp1UOqxkK1dIGB+1We84E7Te2QrtnFa+N5Jvba7kPqQAwKaM1DvIWj5RPpjbpbL7Hm/H+c/KqzHaTfhLpVXeuBqwqG/fGTt9PJfbVwP1n9EldWV0QV7MUt0LzTDb/Aqdj80G3yS6BCEj/LQOP1t536RU+O3aqO6Z/NHp8+CSc0/u/CN1xV9vBDDl8WiTOTH2Vj2hw+ZwSHgUGrXhCsIXp2WWLzXAHGNgcTfVPQ5aX13thUsttfJoO3afZdasOVVLc4jTRIclgI1kGTZn7ljyYntEThPypPZsLUThoxOeAQXKcTgyMzMsEDzp45ZXXOg8UJGAk9NBsC1/mVsN9O/pUaaBKL1AMll76TwCV9kkL/rgLfOC7p6u2wvPoNiw7ukHFD6G+cmIwewxKRYAY+AYKe3mqYWET3KYEvkCKCbL95KeaPES85/llKa3jN2In07M6gS1Lr2/YztPtfi0D+8Xj6W7lRp/7ovWR6BFEHC64YQYqlrGlP+uS3KByg+dY1yRQqFfykwPnJp/dvozB88aDQYBYHEyXBe2hw21WvcnslBUjm65IklEkHz8Zr9JtEzLhRR6mvjmaJkZi0LJCMZaW1raLOKUrybCr4qb7YVBxCIeCaxOsS771yj+Jn/7kpGDOYsdneqSYKNmE4Q+N1Pq6cDPEVKmuxOgC2PtDEYo+VOuFU1lyjuSwc+H+NskGMNR9dAt2SCiY6rDfg93h+/zw8Sk80LVI9wQZIP37G6zJy5WzgJRonRDo+AxdzxBmUmz387tOr/EFyjaVG+YdlzOPZiqmWPP13ulZPaT3eJMXuJR7JWwM+C38/dGSKKYn0C9gmdvCT9eYfE9+2Dvb39IufQr5ryasv+N1gHCK1/RrTxEkDmM6DzEnB3kYp4Xv7uQv7Ueo4WyWq0NeYnlj+NZdasrGULB1eaw/Y248BHTsdNmrVUT2e8p3wYrFWHirZYPDOU3enLQm2nTGdnSFMVZQxEgd9fWOhZdN+aX8qPqYcZLaCwgvPXphB3GFgLXlsT3M0ZOt0P41479Ejm9hTHXzCI3Mk9tvQNOumfvE8HOLtsSpMwlQZTF3C513urdvNpE5HmLmay4j0bdxxGPk1HwnY3kI1cECAVN4f3br+FQgWiL5LLIcsWOym59tCFS4WpYSiGcaE8GGsEQww2QIJuTCXULiPuYNPrlOiRpSxFTCEP+173yGX3fqEu6GY2f7vxLDw6KJ5UyYBbX28+2ujxAMiq9WF3BWtQ5ULVxLCYfDMFz9b2/8OZCaJZqAgYgBWDQnJqDAuS0EvBsXETZQHzB6Cxih+mW0bCT/uDwfsxweuEma23gjcbr1VmqqQiuJS8c/FKAvXx4TA7+p3TaPm9dbAombtengkRzTV9o8A0brwilgdTGXUBWJu3LP6/v2vyx3Vyem1+J/Q31sJGf2VppsBRBGNYXdSNJZloAjEahmUCZSQEwWV3532t5934GKuH3Db1Hrf2B2XvPUPWwaUwniGha+WJTMsMDMMrxCV2AIU5NX6uBrzWsDG7C2Id2v00fqVuLUU34ELWfxdeQ1oBjtEpU4ytqBEm6NVOZDFRf+tp0Xb1+IwyGRRAFKaKH9WexgHqhxk/590WUOxIAPMdVTKw0wgpH5A0cAYjzEwiferu+1YQyrCa8jUjSt6gH+Cn4kO5eWlSjC3VRfqfk1s/wJZFxiLx4v4UjJdOcINWbfvXuQO6N5OQbPFnwt+2hHPgzjY8P2gvg5oL8ptTroy1/rK5/g5rxXmIGAe3bsyzDF0bUoRnIYuJmB4J7R1cstTmbz+DG7UhaQx1I1GEenn7hI0EOcKmAgqI2vOK3DUCLpkhqYfh3iJXaH01eX3Cvg8qey/Weeoq9YPx2cUgKRZjgb7WBjiNJfuqiDXw+bv76WUKFIus6wmVpX5TfchCZxih1riTSt7UpKOiaoSnwDFDJOGCY7Urf8FDVEdv8qWPK5Bmjyjc8HBohUxar5NhYrnOdLxVVd5jZBcG+ju22J/IQIxQQ035RsjmsUqhPaCudj71PBNFYodPgwDxERex8LMfmpxsdIWzx9pbHQW/dbIsepmj555Luxg1qvWR7vIPy3AoeQzjNaedyX8Kd3QqRQS47/DiFhDy3bbRWOML1ItBcJSRI4kIdBh4=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-09-22 12:04:30,042 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-09-22 12:04:30,042 - INFO [Shibboleth-Audit.SSO:?] - 20200922T120430Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_938e1941ab45376b3896c19317c14163|https://services-sandbox.sheerid.com/Shibboleth/UK|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_bec80b7b6022cc192484eeef477a5086|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxHJbGKSTtWSHYFRIPA0LryVLWdTKWmj0WOtHUlAwf+HlobbqEk9zRni+k1FYXgvlEoMemwi+RQhJTDRhFRMhLAQdA5zo3A+IMUBYDSUscQqcLEqL2gXxkmEsXpWwlmO/YWBXbdii2SaILR6hwn/x+xlo0FB5CJw==|_b155d5a2c01b357ec1d6b0d73d446020|