2023-09-24 14:00:03,110 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: SSOT_1207722087
2023-09-24 14:00:03,110 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2023-09-24 14:00:03,110 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2023-09-24 14:00:03,111 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<urn:AuthnRequest
    AssertionConsumerServiceURL="https://www.futuremedicine.com/action/saml2post"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_-492853911081537157" IssueInstant="2023-09-24T14:00:01.760Z"
    Version="2.0" xmlns:urn="urn:oasis:names:tc:SAML:2.0:protocol">
    <urn1:Issuer xmlns:urn1="urn:oasis:names:tc:SAML:2.0:assertion">https://www.futuremedicine.com/shibboleth</urn1:Issuer>
    <urn:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</urn:AuthnRequest>

2023-09-24 14:00:03,135 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://www.futuremedicine.com/shibboleth' from origin source
2023-09-24 14:00:03,135 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-09-24 14:00:03,135 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-09-24 14:00:03,135 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-09-24 14:00:03,135 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-09-24 14:00:03,135 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-09-24 14:00:03,135 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-09-24 14:00:03,135 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-09-24 14:00:03,138 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://www.futuremedicine.com/shibboleth
2023-09-24 14:00:03,143 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:00:03,207 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-09-24 14:00:03,207 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-09-24 14:00:03,207 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-09-24 14:00:03,207 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-09-24 14:00:03,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_-492853911081537157', issue instant '2023-09-24T14:00:01.760Z', entityID 'https://www.futuremedicine.com/shibboleth'
2023-09-24 14:00:03,209 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://www.futuremedicine.com/shibboleth' does not require AuthnRequests to be signed
2023-09-24 14:00:03,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-09-24 14:00:03,210 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-09-24 14:00:03,210 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-09-24 14:00:03,211 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-09-24 14:00:03,211 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-09-24 14:00:03,212 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:00:03,212 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-09-24 14:00:03,212 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-09-24 14:00:03,212 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-09-24 14:00:03,212 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-09-24 14:00:03,212 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post' not permitted by input criteria
2023-09-24 14:00:03,212 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://www.futuremedicine.com/action/saml2post using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-09-24 14:00:03,212 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-09-24 14:00:03,212 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-09-24 14:00:03,212 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-09-24 14:00:03,212 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-09-24 14:00:03,213 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-09-24 14:00:03,216 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-09-24 14:00:03,216 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-09-24 14:00:03,216 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-09-24 14:00:03,217 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-09-24 14:00:03,217 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-09-24 14:00:03,218 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://www.futuremedicine.com/shibboleth
2023-09-24 14:00:03,218 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-09-24 14:00:03,220 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2023-09-24 14:00:03,220 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2023-09-24 14:00:03,220 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-09-24 14:00:03,248 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-09-24 14:00:03,259 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-09-24T14:00:03.259Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-09-24 14:00:03,260 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-09-24 14:00:03,260 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-09-24 14:00:03,260 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-09-24 14:00:03,261 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-09-24 14:00:03,261 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-09-24 14:00:03,261 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:00:03,261 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-09-24 14:00:03,262 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-09-24 14:00:03,262 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-09-24 14:00:03,262 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-09-24 14:00:03,430 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'Future Medicine'
2023-09-24 14:00:03,430 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-09-24 14:00:21,877 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:e82495198a2bedae760a1c165621c5c2a9a3f2320f75f34110b32e94ed6cb0fc
2023-09-24 14:00:21,877 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2023-09-24 14:00:21,877 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2023-09-24 14:00:21,877 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://samltest.id/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_ad54f891c6be901394c8ca96725af5f7"
    IssueInstant="2023-09-24T14:00:21Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2023-09-24 14:00:21,884 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://samltest.id/saml/sp' from origin source
2023-09-24 14:00:21,884 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-09-24 14:00:21,884 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-09-24 14:00:21,884 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-09-24 14:00:21,884 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-09-24 14:00:21,884 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-09-24 14:00:21,884 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-09-24 14:00:21,884 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-09-24 14:00:21,884 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://samltest.id/saml/sp
2023-09-24 14:00:21,885 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:00:21,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-09-24 14:00:21,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-09-24 14:00:21,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-09-24 14:00:21,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-09-24 14:00:21,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ad54f891c6be901394c8ca96725af5f7', issue instant '2023-09-24T14:00:21.000Z', entityID 'https://samltest.id/saml/sp'
2023-09-24 14:00:21,886 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://samltest.id/saml/sp' does not require AuthnRequests to be signed
2023-09-24 14:00:21,886 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-09-24 14:00:21,886 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-09-24 14:00:21,886 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-09-24 14:00:21,886 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-09-24 14:00:21,886 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-09-24 14:00:21,886 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:00:21,886 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-09-24 14:00:21,887 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-09-24 14:00:21,887 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-09-24 14:00:21,887 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-09-24 14:00:21,887 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://samltest.id/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-09-24 14:00:21,887 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-09-24 14:00:21,887 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-09-24 14:00:21,887 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-09-24 14:00:21,887 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-09-24 14:00:21,887 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-09-24 14:00:21,887 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2023-09-24 14:00:21,887 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2023-09-24 14:00:21,887 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-09-24 14:00:21,887 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-09-24 14:00:21,887 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-09-24 14:00:21,888 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-09-24 14:00:21,888 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-09-24 14:00:21,888 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://samltest.id/saml/sp
2023-09-24 14:00:21,888 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-09-24 14:00:21,888 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2023-09-24 14:00:21,888 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2023-09-24 14:00:21,888 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-09-24 14:00:21,892 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-09-24 14:00:21,893 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-09-24T14:00:21.893Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-09-24 14:00:21,893 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-09-24 14:00:21,893 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-09-24 14:00:21,893 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-09-24 14:00:21,894 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-09-24 14:00:21,894 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-09-24 14:00:21,894 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:00:21,894 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-09-24 14:00:21,894 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-09-24 14:00:21,894 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-09-24 14:00:21,894 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-09-24 14:00:22,184 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'SAMLtest SP'
2023-09-24 14:00:22,184 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning logo from UIInfo, (225 x 90) : https://samltest.id/saml/logo.png
2023-09-24 14:00:22,184 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Acceptable Scheme 'https', returning value 'https://samltest.id/saml/logo.png'
2023-09-24 14:02:08,764 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1SaVJKMmlHZjNMVzdOaHFReEZsUFM1Mm1Ld0tIVDFraWx2N0t1aUduQ0Y0JmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1zaWw1aTBxM1RIJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy
2023-09-24 14:02:08,764 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2023-09-24 14:02:08,764 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2023-09-24 14:02:08,765 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<ns3:AuthnRequest
    AssertionConsumerServiceURL="https://global-login.sandbox.streem.cloud/samlv2/acs"
    ID="idb681fb95250f43b4a79525b926254d10"
    IssueInstant="2023-09-24T14:02:08.406Z" Version="2.0"
    xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"
    xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns4="http://www.w3.org/2001/04/xmlenc#">
    <Issuer>https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942</Issuer>
    <ns3:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
</ns3:AuthnRequest>

2023-09-24 14:02:08,776 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942' from origin source
2023-09-24 14:02:08,776 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-09-24 14:02:08,776 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-09-24 14:02:08,776 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-09-24 14:02:08,776 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-09-24 14:02:08,776 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-09-24 14:02:08,776 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-09-24 14:02:08,776 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-09-24 14:02:08,776 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942
2023-09-24 14:02:08,778 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:02:08,778 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-09-24 14:02:08,778 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2023-09-24 14:02:08,778 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'idb681fb95250f43b4a79525b926254d10', issue instant '2023-09-24T14:02:08.406Z', entityID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-09-24 14:02:08,779 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942' does not require AuthnRequests to be signed
2023-09-24 14:02:08,779 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-09-24 14:02:08,779 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-09-24 14:02:08,779 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-09-24 14:02:08,780 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-09-24 14:02:08,780 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-09-24 14:02:08,780 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:02:08,780 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-09-24 14:02:08,781 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-09-24 14:02:08,781 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-09-24 14:02:08,781 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-09-24 14:02:08,781 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://global-login.sandbox.streem.cloud/samlv2/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-09-24 14:02:08,781 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-09-24 14:02:08,781 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-09-24 14:02:08,781 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-09-24 14:02:08,781 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-09-24 14:02:08,781 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-09-24 14:02:08,782 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-09-24 14:02:08,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-09-24 14:02:08,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-09-24 14:02:08,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-09-24 14:02:08,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-09-24 14:02:08,782 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942
2023-09-24 14:02:08,782 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2023-09-24 14:02:08,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2023-09-24 14:02:08,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2023-09-24 14:02:08,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2023-09-24 14:02:08,790 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-09-24 14:02:08,793 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-09-24T14:02:08.793Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-09-24 14:02:08,793 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-09-24 14:02:08,794 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-09-24 14:02:08,794 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-09-24 14:02:08,795 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-09-24 14:02:08,795 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-09-24 14:02:08,795 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:02:08,795 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-09-24 14:02:08,795 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-09-24 14:02:08,795 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-09-24 14:02:08,795 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-09-24 14:02:08,893 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'global-login.sandbox.streem.cloud'
2023-09-24 14:02:08,893 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-09-24 14:02:08,893 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-09-24 14:02:20,180 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2023-09-24 14:02:20,181 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2023-09-24 14:02:20,181 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@879107427::identifier=morty, context=org.apache.velocity.VelocityContext@22e4a37]
2023-09-24 14:02:20,190 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@879107427::identifier=morty, context=org.apache.velocity.VelocityContext@22e4a37]
2023-09-24 14:02:20,192 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2023-09-24 14:02:20,192 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-09-24 14:02:20,192 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-09-24 14:02:20,193 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2023-09-24 14:02:20,193 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2023-09-24 14:02:20,193 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-09-24 14:02:20,193 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2023-09-24 14:02:20,193 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 664c9548eaf575ef753f745259c83424f3e3060f66206a398af79f8cd9591fb3 for principal morty
2023-09-24 14:02:20,193 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 664c9548eaf575ef753f745259c83424f3e3060f66206a398af79f8cd9591fb3
2023-09-24 14:02:20,194 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2023-09-24 14:02:20,195 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-09-24 14:02:20,195 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-09-24 14:02:20,196 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1ca62937'
2023-09-24 14:02:20,197 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-09-24 14:02:20,197 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-09-24 14:02:20,197 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-09-24 14:02:20,197 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-09-24 14:02:20,197 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-09-24 14:02:20,197 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2023-09-24 14:02:20,197 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2023-09-24 14:02:20,197 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-09-24 14:02:20,197 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-09-24 14:02:20,292 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'global-login.sandbox.streem.cloud'
2023-09-24 14:02:20,292 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-09-24 14:02:20,292 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-09-24 14:02:20,292 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-09-24 14:02:20,292 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-09-24 14:02:20,292 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-09-24 14:02:21,036 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230924T140221Z|https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1727100141036}'
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942]' as '["morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942"]'
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1ca62937'
2023-09-24 14:02:21,036 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:02:21,037 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-09-24 14:02:21,037 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-09-24 14:02:21,038 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-09-24 14:02:21,038 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _a2cc55b611bb0d5f437ab2c42a4207d1
2023-09-24 14:02:21,038 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _a2cc55b611bb0d5f437ab2c42a4207d1 to Response _f6268d06c7c5669079b5e483fc82f30d
2023-09-24 14:02:21,040 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _a2cc55b611bb0d5f437ab2c42a4207d1
2023-09-24 14:02:21,041 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-09-24 14:02:21,041 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2023-09-24 14:02:21,041 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2023-09-24 14:02:21,041 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2023-09-24 14:02:21,041 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2023-09-24 14:02:21,041 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2023-09-24 14:02:21,041 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2023-09-24 14:02:21,041 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2023-09-24 14:02:21,041 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2023-09-24 14:02:21,041 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2023-09-24 14:02:21,041 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2023-09-24 14:02:21,043 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-09-24 14:02:21,043 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:02:21,044 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2023-09-24 14:02:21,044 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 40.76.107.170
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to idb681fb95250f43b4a79525b926254d10
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://global-login.sandbox.streem.cloud/samlv2/acs
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _a2cc55b611bb0d5f437ab2c42a4207d1
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _a2cc55b611bb0d5f437ab2c42a4207d1 did not already contain Conditions, one was added
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-09-24T14:07:21.037Z, to Assertion _a2cc55b611bb0d5f437ab2c42a4207d1
2023-09-24 14:02:21,044 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _a2cc55b611bb0d5f437ab2c42a4207d1 already contained Conditions, nothing was done
2023-09-24 14:02:21,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-09-24 14:02:21,045 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _a2cc55b611bb0d5f437ab2c42a4207d1 already contained Conditions, nothing was done
2023-09-24 14:02:21,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-09-24 14:02:21,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 as an Audience of the AudienceRestriction
2023-09-24 14:02:21,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _a2cc55b611bb0d5f437ab2c42a4207d1
2023-09-24 14:02:21,046 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 to existing session 664c9548eaf575ef753f745259c83424f3e3060f66206a398af79f8cd9591fb3
2023-09-24 14:02:21,046 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 in session 664c9548eaf575ef753f745259c83424f3e3060f66206a398af79f8cd9591fb3
2023-09-24 14:02:21,046 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-09-24 14:02:21,047 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 and key C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U
2023-09-24 14:02:21,047 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-09-24 14:02:21,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-09-24 14:02:21,049 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-09-24 14:02:21,049 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2023-09-24 14:02:21,051 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://global-login.sandbox.streem.cloud/samlv2/acs
2023-09-24 14:02:21,051 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://global-login.sandbox.streem.cloud/samlv2/acs
2023-09-24 14:02:21,051 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f6268d06c7c5669079b5e483fc82f30d"
2023-09-24 14:02:21,051 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f6268d06c7c5669079b5e483fc82f30d and Element was [saml2p:Response: null]
2023-09-24 14:02:21,051 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f6268d06c7c5669079b5e483fc82f30d"
2023-09-24 14:02:21,051 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f6268d06c7c5669079b5e483fc82f30d and Element was [saml2p:Response: null]
2023-09-24 14:02:21,053 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-09-24 14:02:21,053 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://global-login.sandbox.streem.cloud/samlv2/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;global-login.sandbox.streem.cloud&#x2f;samlv2&#x2f;acs'
2023-09-24 14:02:21,053 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-09-24 14:02:21,054 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1SaVJKMmlHZjNMVzdOaHFReEZsUFM1Mm1Ld0tIVDFraWx2N0t1aUduQ0Y0JmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1zaWw1aTBxM1RIJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy
2023-09-24 14:02:21,054 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1SaVJKMmlHZjNMVzdOaHFReEZsUFM1Mm1Ld0tIVDFraWx2N0t1aUduQ0Y0JmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1zaWw1aTBxM1RIJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy', encoded as 'Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1SaVJKMmlHZjNMVzdOaHFReEZsUFM1Mm1Ld0tIVDFraWx2N0t1aUduQ0Y0JmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1zaWw1aTBxM1RIJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy'
2023-09-24 14:02:21,057 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://global-login.sandbox.streem.cloud/samlv2/acs"
    ID="_f6268d06c7c5669079b5e483fc82f30d"
    InResponseTo="idb681fb95250f43b4a79525b926254d10"
    IssueInstant="2023-09-24T14:02:21.037Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_f6268d06c7c5669079b5e483fc82f30d">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>xvaDqzPiJg3I3Pca5U79ZaL1jOGVHT/CFw+wIaAZZJY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>dKfm9v2oaDpLynG7LPxV6WS6hrW989cD8pnZf5TS2I8dXMYlzz+HjRy/N/iy4D8+D6Cv4Zpsufmm1WPRBNcL8aIsERWIHqHkCIyPQGfs5b/vPAENWx6d+Ds+VI6R660TmHo+imb0e/Lp/6R9CyZRWVbMR5W8aBpziuCpytannooJ0D+7gU410SRAmtoqZeS4qEKyvapG0OZNc7lJCnSP1pXnAPVTEosOlx2K/psiTOtTYWHvUWRTnwBGI3Kwdfml/CvXUTRP9hbLb/e5Y4FSLAR27csP4Zg5+x4Ak/fE0r7TH6ari7f6qGYI/w6mnU9zckDLj2fxARpbjyvy/BbULA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_a2cc55b611bb0d5f437ab2c42a4207d1"
        IssueInstant="2023-09-24T14:02:21.037Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="40.76.107.170"
                    InResponseTo="idb681fb95250f43b4a79525b926254d10"
                    NotOnOrAfter="2023-09-24T14:07:21.044Z" Recipient="https://global-login.sandbox.streem.cloud/samlv2/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-09-24T14:02:21.037Z" NotOnOrAfter="2023-09-24T14:07:21.037Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-09-24T14:02:20.192Z" SessionIndex="_322d30094c493b15d0ce8aea58bfbd1a">
            <saml2:SubjectLocality Address="40.76.107.170"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-09-24 14:02:21,057 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-09-24 14:02:21,058 - INFO [Shibboleth-Audit.SSO:?] - 20230924T140221Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|idb681fb95250f43b4a79525b926254d10|https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_f6268d06c7c5669079b5e483fc82f30d|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U|_a2cc55b611bb0d5f437ab2c42a4207d1|
2023-09-24 14:12:57,574 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2023-09-24 14:12:57,574 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:?] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: Shibboleth Authentication Request message did not contain the providerId query parameter.
	at net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder.getEntityId(BaseIdPInitiatedSSORequestMessageDecoder.java:128)
2023-09-24 14:12:57,575 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: UnableToDecode
2023-09-24 14:12:57,575 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2023-09-24 14:17:55,301 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-09-24 14:17:55,302 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622"
            IsPassive="false" IssueInstant="2023-09-24T14:17:54.622Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-nl.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>4jkapLgb/64oPpQjnb4ZjjvqOBo=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>DBrPSQLj4FT9db56awynX/R2IJZfydnszbRxj2XiK9mFQU20x0e71Z5BteVLHRxZTWvEpNXCPTWtFHC0d//aMV0d+XM4FGoWeci+6tiyqr2AMNnxQrgyslYdDJlf7EkxstkeRLHI5Jobm9v5OsGQ6jh9zFecxwck9UMHD7RePk1Ilf93EnHT4kYQJteTAxvOVJzeEC71z4tZzcXFgD0qxvHYayADuGVSvC1LmgulJUXP6mIJI0HXDIOuUaS0B7CgowptpSxDLZEvUcNZesn3Mulv3rgVyh+yDxc626TT3nbHLrGWr2S20Q3M8LgNlf+tP4vQBXNThhJM7ZTTirz8xOw73R0auyZqbT6rjEdjzgxoVXusqiy6EpSLKdtf4RyTiajtilV8ly/MSsbw3dq3Q/PmSyigjlT8waE0pbsNl+6+qoDeEZV1MmZCqN3T7XVET9XbJ03ciXOiR/exCR+3Pqz053MicpVEObFcHXFLvpjkcZIkBt8jX1EeGj6hDiQWPf45VUw9FnniUftBWpZn7y6IigEKOAoRD8G3DTKGOKtKcFhQnJ7VPT4QsoVTlkUN05Wr/L8cuwRHsQBKRiuF1nRs7em6lagfuxW8eBQNmPu9epS2XmERj+t3+gtrfZWIoFrgbNDxlFDk4kzAUqzC2Yo5xa92ca2h8oCW0JeYOds=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-nl.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2023-09-24 14:17:55,310 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-nl.otc.t-systems.com' from origin source
2023-09-24 14:17:55,310 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-09-24 14:17:55,310 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-09-24 14:17:55,310 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-09-24 14:17:55,310 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-09-24 14:17:55,310 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-09-24 14:17:55,310 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-09-24 14:17:55,310 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-09-24 14:17:55,311 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-nl.otc.t-systems.com
2023-09-24 14:17:55,311 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2023-09-24 14:17:55,311 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2023-09-24 14:17:55,311 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-09-24 14:17:55,311 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2023-09-24 14:17:55,311 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2023-09-24 14:17:55,311 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-09-24 14:17:55,312 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622', issue instant '2023-09-24T14:17:54.622Z', entityID 'https://iam.eu-nl.otc.t-systems.com'
2023-09-24 14:17:55,312 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-nl.otc.t-systems.com' does not require AuthnRequests to be signed
2023-09-24 14:17:55,312 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2023-09-24 14:17:55,312 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2023-09-24 14:17:55,312 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-09-24 14:17:55,312 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-nl.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2023-09-24 14:17:55,312 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-nl.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-09-24 14:17:55,312 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-09-24 14:17:55,312 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-09-24 14:17:55,312 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-09-24 14:17:55,312 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-09-24 14:17:55,312 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-09-24 14:17:55,312 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2023-09-24 14:17:55,312 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2023-09-24 14:17:55,312 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-09-24 14:17:55,312 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2023-09-24 14:17:55,313 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2023-09-24 14:17:55,313 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2023-09-24 14:17:55,313 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622"
2023-09-24 14:17:55,313 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622 and Element was [saml2p:AuthnRequest: null]
2023-09-24 14:17:55,313 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622"
2023-09-24 14:17:55,313 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622 and Element was [saml2p:AuthnRequest: null]
2023-09-24 14:17:55,313 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622"
2023-09-24 14:17:55,313 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2023-09-24 14:17:55,313 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-09-24 14:17:55,313 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-nl.otc.t-systems.com
2023-09-24 14:17:55,313 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-09-24 14:17:55,313 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-09-24 14:17:55,313 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-09-24 14:17:55,313 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-09-24 14:17:55,314 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2023-09-24 14:17:55,314 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2023-09-24 14:17:55,314 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2023-09-24 14:17:55,314 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2023-09-24 14:17:55,314 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-09-24 14:17:55,315 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-09-24 14:17:55,315 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-09-24 14:17:55,315 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-09-24 14:17:55,315 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2023-09-24 14:17:55,315 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2023-09-24 14:17:55,315 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-09-24 14:17:55,315 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-09-24 14:17:55,315 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-09-24 14:17:55,315 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-09-24 14:17:55,316 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-09-24 14:17:55,317 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-09-24 14:17:55,317 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-09-24 14:17:55,317 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-09-24 14:17:55,317 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-09-24 14:17:55,317 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-09-24 14:17:55,317 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-nl.otc.t-systems.com
2023-09-24 14:17:55,317 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-09-24 14:17:55,318 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2023-09-24 14:17:55,318 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2023-09-24 14:17:55,318 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-09-24 14:17:55,322 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-09-24 14:17:55,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2023-09-24 14:17:55,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2023-09-24 14:17:55,323 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-09-24T14:17:55.323Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-09-24 14:17:55,323 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-09-24 14:17:55,324 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-09-24 14:17:55,324 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-09-24 14:17:55,324 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-09-24 14:17:55,324 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-09-24 14:17:55,324 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2023-09-24 14:17:55,324 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2023-09-24 14:17:55,324 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-09-24 14:17:55,324 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-09-24 14:17:55,324 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-09-24 14:17:55,325 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2023-09-24 14:17:55,325 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-09-24 14:17:55,325 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2035089485::identifier=rick, context=org.apache.velocity.VelocityContext@759dce52]
2023-09-24 14:17:55,326 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2035089485::identifier=rick, context=org.apache.velocity.VelocityContext@759dce52]
2023-09-24 14:17:55,327 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-09-24 14:17:55,327 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-09-24 14:17:55,327 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-09-24 14:17:55,327 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-09-24 14:17:55,328 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-09-24 14:17:55,328 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-09-24 14:17:55,328 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-09-24 14:17:55,328 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session b2976757427d4e786aedab71141908e928868d748b4193ec52211ea3f0d7f02f for principal rick
2023-09-24 14:17:55,328 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session b2976757427d4e786aedab71141908e928868d748b4193ec52211ea3f0d7f02f
2023-09-24 14:17:55,329 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-09-24 14:17:55,329 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-09-24 14:17:55,330 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-09-24 14:17:55,330 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-09-24 14:17:55,330 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-09-24 14:17:55,330 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-09-24 14:17:55,330 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-09-24 14:17:55,330 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-09-24 14:17:55,330 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-09-24 14:17:55,330 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-09-24 14:17:55,330 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-09-24 14:17:55,330 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-09-24 14:17:55,330 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-09-24 14:17:55,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-09-24 14:17:55,331 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-09-24 14:17:55,332 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-09-24 14:17:55,332 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _cb23a4c3e4b455208062efe448f5944c
2023-09-24 14:17:55,332 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _cb23a4c3e4b455208062efe448f5944c to Response _8bf459746111b014e8b70820d29aa779
2023-09-24 14:17:55,332 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _cb23a4c3e4b455208062efe448f5944c
2023-09-24 14:17:55,333 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-09-24 14:17:55,333 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-09-24 14:17:55,333 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-09-24 14:17:55,333 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-09-24 14:17:55,333 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-09-24 14:17:55,333 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-09-24 14:17:55,333 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-09-24 14:17:55,333 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-09-24 14:17:55,333 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-09-24 14:17:55,333 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-09-24 14:17:55,334 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-09-24 14:17:55,334 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:17:55,334 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:17:55,334 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:17:55,334 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxixDXpIngZ9I68DUpVqekNwysZgxbkIdJ4o5CqypUEmnoJj0aPGGFz1t1VNj9Rlp30rQ9y2AzAuTQC7mD2N5Qtd8u/G8Dl72K4hl3xxeIc6HeJI5sAhbTyfxWQr1PJ44WjvxtP6qP with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _cb23a4c3e4b455208062efe448f5944c
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _cb23a4c3e4b455208062efe448f5944c did not already contain Conditions, one was added
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-09-24T14:22:55.330Z, to Assertion _cb23a4c3e4b455208062efe448f5944c
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _cb23a4c3e4b455208062efe448f5944c already contained Conditions, nothing was done
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _cb23a4c3e4b455208062efe448f5944c already contained Conditions, nothing was done
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-nl.otc.t-systems.com as an Audience of the AudienceRestriction
2023-09-24 14:17:55,335 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _cb23a4c3e4b455208062efe448f5944c
2023-09-24 14:17:55,336 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _cb23a4c3e4b455208062efe448f5944c did not already contain Advice, one was added
2023-09-24 14:17:55,336 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-nl.otc.t-systems.com to existing session b2976757427d4e786aedab71141908e928868d748b4193ec52211ea3f0d7f02f
2023-09-24 14:17:55,336 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-nl.otc.t-systems.com in session b2976757427d4e786aedab71141908e928868d748b4193ec52211ea3f0d7f02f
2023-09-24 14:17:55,336 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-09-24 14:17:55,337 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-nl.otc.t-systems.com and key AAdzZWNyZXQxixDXpIngZ9I68DUpVqekNwysZgxbkIdJ4o5CqypUEmnoJj0aPGGFz1t1VNj9Rlp30rQ9y2AzAuTQC7mD2N5Qtd8u/G8Dl72K4hl3xxeIc6HeJI5sAhbTyfxWQr1PJ44WjvxtP6qP
2023-09-24 14:17:55,337 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-09-24 14:17:55,337 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-09-24 14:17:55,338 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cb23a4c3e4b455208062efe448f5944c"
2023-09-24 14:17:55,338 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cb23a4c3e4b455208062efe448f5944c and Element was [saml2:Assertion: null]
2023-09-24 14:17:55,338 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cb23a4c3e4b455208062efe448f5944c"
2023-09-24 14:17:55,338 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cb23a4c3e4b455208062efe448f5944c and Element was [saml2:Assertion: null]
2023-09-24 14:17:55,341 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_8bf459746111b014e8b70820d29aa779"
    InResponseTo="api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622"
    IssueInstant="2023-09-24T14:17:55.330Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_cb23a4c3e4b455208062efe448f5944c"
        IssueInstant="2023-09-24T14:17:55.330Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_cb23a4c3e4b455208062efe448f5944c">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>ggDdHdipogz5UQNFPY8f3SIKpRPSxyIUi6sqV8M/p/Y=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>hHaJiUtACm3NQGXfu31BTk/EiN9BqDBHB0ttJ/tM3KaBK/VbaCIjmAtumb8qDUTOdWiMwkjN6pYRrGaDgqAJFMpqrJyBU4u6sSBVlLZVDDV7toODf7YjlEHxQjWO1VJKww4GdMrA0XNXCcJYMryvqnIx+DiyE8eUppSh9C7k7S6m9bPNpZIeO0o7KHdBgYinaHUa/lMH9MQF6Xp6HuD2zBs8eI5xOty0rruy7/rRNid4+LVNEcKsrNGr1UsZH0fJZoEnCdxI2YgPTxRYlidfPc8dtLK+kkdfXDD1zri6CbFN572PDmlI4xwyS5Sp6FATtFzAg7IkRTypYMp/s9SJaw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-nl.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxixDXpIngZ9I68DUpVqekNwysZgxbkIdJ4o5CqypUEmnoJj0aPGGFz1t1VNj9Rlp30rQ9y2AzAuTQC7mD2N5Qtd8u/G8Dl72K4hl3xxeIc6HeJI5sAhbTyfxWQr1PJ44WjvxtP6qP</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622"
                    NotOnOrAfter="2023-09-24T14:22:55.335Z" Recipient="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-09-24T14:17:55.330Z" NotOnOrAfter="2023-09-24T14:22:55.330Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-nl.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">rcNYuqx62jmZN1NWe3LsXiiIYp1ucyCZ5DGjEDHrKvE=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2023-09-24T14:17:55.327Z" SessionIndex="_dd16736496428368d884ff65ab3abf54">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-09-24 14:17:55,343 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2023-09-24 14:17:55,343 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2023-09-24 14:17:55,343 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8bf459746111b014e8b70820d29aa779"
2023-09-24 14:17:55,343 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8bf459746111b014e8b70820d29aa779 and Element was [saml2p:Response: null]
2023-09-24 14:17:55,343 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8bf459746111b014e8b70820d29aa779"
2023-09-24 14:17:55,343 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8bf459746111b014e8b70820d29aa779 and Element was [saml2p:Response: null]
2023-09-24 14:17:55,346 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2023-09-24 14:17:55,347 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">rcNYuqx62jmZN1NWe3LsXiiIYp1ucyCZ5DGjEDHrKvE=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_8bf459746111b014e8b70820d29aa779"
            InResponseTo="api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622"
            IssueInstant="2023-09-24T14:17:55.330Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_8bf459746111b014e8b70820d29aa779">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>/gRvQr0UcyTLZoIHWm/g6UM+EOgvgXtLXnNPaKG8bsY=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>ZmbDU6oufcsvdNYLw5Zke/E0DfjPCGGqWZItWZRGMQqE8SFB+BaKcwxyMn56+rr/OPTdpYJeoDvPwXvxVrYg3lqtwbZjW5hY+wIQGe3CYVs5chSYL23wjEeyI4r9as4hnSvwjLNzLskCSng26FF21DOhcsoyZw4REhhm4s0wUHrlAwOJ/f1aIeuv47PoxVfJ2F+qUul9smuHzIMOX9B2ebMba8n8/Xy/+QqJ6PP3Kyw7/JzQpuBrG5FWO/LK2papVnUjbvKE7trpdSzrU66K4Fo+UxA/0jjN88bTEjrfZU3k9NVfybxoiAJ16QYoeO0bG1UxfUDdw36BZlilm4CwYA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_575cd75a1688a4bc357c5ff7e7270dc9"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_67776538f6e65c9d315bcfac7f510eda"
                            Recipient="https://iam.eu-nl.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>A4KrNoIL319tswhfcxdNGRDnbWo+f2/z6nWx+iyFgbnqO0NTbYndzGI67ArPrWUEYpF+oynoHHX0agb2S++4q7MB9aUWW8rK4pUh8cy1z9ofJlauLYJIv60PdgR7bt3AUatFLTROoDr9YuTAxnoC1O0iJyygSNdntF05Ec5fWA7KpyeLBIHpCm3yVmbF9IowAu4PMXPUEwZvFaMWR9qAKTl7PAY502IDIZ2VI+Sx7muPEMP2DjKD0ntLddjET2D4+7y8HkbrJpyWJG7eJpv9hIoqrkADfJQtYX1IWITUlasr/qlG7GTb2Hy8jnTErTkPlF6KkkKN3L+Aqt5w49rJqOsfaIWCurJP3DZ9yIo32DDP6+eQJnukqGgZKgunnPq7sm8sw9zsN+KZM/XRWU+ftlX9ZgkhGmVG5VcWODIzu4xY0EyWxg+/cfJ2iX6PAHnhTH7N6J+XqySrG+D9DJkOVNTI+fvZ1/NaSdd6E3H8apcZBp2T/D5wCmi0AY80JLvH2auEtEYW4C/UpFT5s4J3YPhm9T4D+qKeX6P4YDqtiJi7lP4E/gBmYKOe259geiHNHsuwkG2TYTBTzaQxxER3vb648orYeQYTYZzFizIILVnCnn/hef+4Tp93v5HOUBJnyCVvCVdHkxzVYUleOPlsq6P3MmrULg3qLjuFQa0J1ok=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>VNJnakH6t/GxfsOShdR2gKf2BqXnaS0XmGnGZ9x4VtKW5PXhyvmgnM7yNPZZfQWR7dI//xaL/2R2HC4Gd12aPLeIe0rDXrRbektfV1pkEPbUkEY0WWEbw43foCARQwdT8g5hrhfR7b06921l7v+P7wNiyvhWmjLyxI3ho6B612vvXd0OWLTFxpAdMTyp8NClDWTaQzXqStJLZ1z8ODE28IySLfRaM73FkyKm+vZgXBnCWzD/J5hHn9rDXzVtoMCJ0R+56z9/PVX2OG8vTA13OQ8d0At1zKESbKvJNwy3hO09x7JgbUtXBhLm719GH/nNBND/RE9fQdqPrvOJWiH+ISrmTrrcwiG1CtyqpL0P/H30D8LUAwiGHuQae1Rk4sXEaLsJsrR41rHCgNFCIG3MilTUrFrX4Iw3Z/s21qGdu+/FOhjZpcxkZ5tRd1JXYmgOUqNALQQX6/si1SWv+BaVSFQm7ctY3+lzlSfAADGqBTUvdekaiZmxGons9y6s5X4EpKZlspoK6JzkHkWBpH3KyOcJw9/NJSafsvJAVmJ6ffwqw3UiPlMA74dqb4+6IgKcJjYbCaBZ7isDJ36Zl4haRAyOa1A+ZIlXDZzoWQ62yMqRBdeObNOq52b5jYi8fp2NX9dpLFlgtDfQFSL3jerNXw6qVYLHlxUuS/DqUVmoy8JAg+jY4Zm1ytnOrtiLsye+qRKPcncKgzMXeyGLpVd5tZjz43aqryGA0cg1qNMNa2HvbRrhgI4IA6bI9BrswUYaiBvs5a2Bo8xftQ4p65vRUxNPBzJD7MJ7Js2aQ7yTZNkCy475yRAy77mCn6rgXzODXscKx0CM8N5IZQhqNvFMdXEzJxtKsuVP2gDv1xD/P0/GEED3x0TNLslDmK5Z/zemgXpczdmeTrbrNAzsY92HeaAM8myupG3NuOjIhPX7AyrtGY8bfQ0yK/PVyYFwiQZCEA8V2l0CinP8f9KgAcPDYmaVIaikOVTxjq4e7wy9WAJzIkL224xloZvHh57lieb60qZXQsLrUK+pg7yyxlW5rjPxuEGtB0GcmZUDb44/y9cl677eI1IJKiz4lihNCUhdEvV8bTUfIDUdbWooqEJkA4sJmzLmJHMPgT74SN6WmXqy2RXx9dX55z34DftlRJ9XW5tUmOvAzjjWXg/1cMqXrJ+hphpTpRERE7+AE37jMBc/9T3H9YaFneEF1clQR7kaFBJGcXDMOICIeTtBECQI2LXBghL8iS8JS1Ayp7fANydZzb6sNQ1P9a0BhY+uAvzRLxZOJmwacF6mQ6DrPAwRamvZU2UOp7R8MKk+21lBTfZmSxqBeVIVlsASDvVcrjBf3yc4W2+YgICoWVt7sm+S19Ur4yhnrmLE9NPO27PsS9D6WROBexGjU12DIUkjRNyYh4IMQT4Jh/RITrXz9BCbg/tHRuZ0z5xLm9Dl1sICrW66MKUXZp08hxP5DBwh7wdCBdM9Zo3vqBukVhqyaW0EJGwRsUb4BDAirHMUi2H4jdmPmFJWHaMxvZpzEKb6OKhokE7cHbB3DYoskuA3+j3QOG+ALpFYbV5yu/Qae6fyugaxe6QwKeFcvTWAa4qOoc0rcAw3eoSsQqn3dD2ut4rX3Pn98Fto8Ztd1G1enTa8kpbdKXQHCzcj5KQ6uqteCNUAvDwsNVrHdeF0xw8enkdvSnHSdiXu+9QlFtdomxbhRYa5t5OutJHRnebNim78lfXD6t4qbck7xIPNv/pqUecHQv1IedGzYiUeldnMiE5bC5/TlYrlfdmF6tftngi3Qxh3fbqpdVNS8Q5tTwPieslouPdMawxYxGdnRf4hPcq6yLvLgUYYByxDsiN4/TFydevVy24F6N90KOLaEKvrhB7ZYrIlEWdJjge0+HTRwQfp1t/VJFSnv9Fx4HBZep2efLg/P44nTC2kBbVtJcgc56VuCLA+pob2kRgb+kPBeej7E+VIl/0fJTIF620yq41RbRV0dvMkez+cSFIZd4B3N+ii7qJvK2oA0Owgm5ncMmiUjOFR2UudqE32zrTTlJDB+HARE+nn4/yxJS1W/YXma1FWGojBkubIAY4e9/MPpfENyT36IACWMP2mpM3b02SXUtOx9fuKxNjoVuHkmuQdB5XLcgCEOHyj3rYYtAqncB70fWZ1XRRihxRxk/HagRFh12+UYFoIG4y9t/MnsFtrfFHimdBcV6VcX+L8wRRGSb7l8fpNDajhR6E8sVqgrI4C2akIDaJl4PgTNoxyIKVOxk4h96n5twNU9Iiq/vB6nhJYPwE/ABBIE7rq2Qt1fS/LMMQ60km5cOzeLguujmmqqb+TPPRlJVSk/IC+JL+99Sw4isv70xvJAEQfT9XL2uGViDCNVFXi29myDDULD8zZaMYwjY9Pg7qmBD85XcIgPwWgzS0xJ0DyZj8kfF7muTyquhB5HqeoYhsVBKF4Kv/vfw/2K2wdWGZY0YbAoWF1OCGvvgevQjMg6DeHGedCCeyj7oBbjRw1nCFeIelwq3AMIbXM1avzMQUN0jpuW6GrdHp1V+CRU0tmRF2/NkkmK3/8PU+fq6lcX7f50UW5SOrogJ2D8sNeZSGQuUrKIjBhaRzfgeSozjM7uW63SSPzKKRj5M+Ib4Ndh3KGCBYOqpyPO5O0mm7wdSFcaURVvETMSIha+4bRveJgXJd7vuevxp5I+A2Clm8DdOVw99itpga9D3vIPxocZ97zTCATbDK5Jr0yhb+pEeOyW6Suymd5sqzr3+5aCR3/yBSN0sYItTm9DR70u88+LNO32MwqYmgaQLumEzjavXUmIMErPk9rELHeuXUWUldjdlH2aa4HrrD5aFOtB7r7PRdGDKo7x237+qV94TbfMaAsAZuVvGmRNMGoDoguhTBobCDoVx+KXsnUDIF7qHda47KI64JdUOD2HiOwNgoQgK3XDdWZVMfs1jRJUDhyDppE9BN/aapGv09YrGYK78JdpdrMB7W/EZBaJ12TOocx8mWIjsieWn1NcK9OjT7ocObBxFR3slCzXyNFBcnIk9zZfgsJ/OirXHCG/VRaFRSF5wBSrlpvr3gd6NcMiCOL6j0m8CpX5FnPOzmCwkQ3tnXv60TT8MK145DYY2G4TIJ3N4ca76RQzmAYd5yT5eZK8hlqcbShgN9/bZxp9gIwsLazTpZ2iK6jKwZzlW+qlejw5Ke4gF/zKSGQ3faGRLy99llbbFV1KxcxPsYoWs6FCGdD8QN4xhNNKjgwmLw+SJJUJE8qd0wMB+VQBXtCqliQP7THHi7GizqRlZE3O3se/F+qjCcn3O6qXYp1vvaqVF+jIDhe4dEmhuwesUjY+Khwnl4mtWvbiu4t0G7mMNHAOVdhabZpS9PzIz8b5SzOYg3GDR0TINlrjeA4d8HXw5zs3MOZgsWvNxEtXQ+QK0H1RpS09P/W/QB1KF66O7m2rO/C2J+QgiQOKXVs2sufzj3em5TbQN+QGS6h79HsaB7xqo6CgJdVckcdEYDO7tFrf08vezDfefUdlgMM6SJvIMHNKMMIR1a2/U2xX1GARc5YW3Y5DjpGzR2AZkQmZ1IyB5OJG/Owp3ZUmnQlry6fa7dGaTRuzNbZ1Q+vxjD3K+sUHOuYmdCwXYADQfrjm22EhW3bbW9f2qt0ppRRjq/O/+sXeDzvXLzWaZ4a26nKg7mFH5/7lVo1ZF/UBtmUc/nsAyC44rpC+U2VqedpYGCSbcztwDiJvE68LtACKWDeIJm3C+sei84fyJU6eHf7JfEMM5+Ei0shEzxeFZwbs2lZWMyHeR46VL344o16iw1IHzfHf/Pkk4E21Gq5HPQvlacSWJMNLNfG0aKbC0yxVeS2UZjrzPFjxOQi8idYQOXaDS9F7ue7pvCc1fweSmmd/HdIVPN7AnMm/G4UdzVYi+Pjyi8EuOD+ldgdLZgDSii3jvPzKPkk6Ozb3uHAEyLf8sU+Y8wew1ejGGkdABvuEaeOmPf17yx1b7Cv7N7LyI74Z1gsyBAbC0UnHktRpVFUeFZbRMydzJwgkXleelJg/q8W9ul5ylZJW+6wMd63oNUqHlMROB//mNp0W5+hJdvdCq8Fvs4hziA/NLVyWzavcHQ/VfjP/PA+4R7S10BCaL7BAD45v3CotxpEKQiZZduA1tyANZ9apMYZECLScYaJKHFvG5zTPAlBAbtRdhVQs4wq4anQ3n1Ejaaou3eapZ9FylP2dRVmuC3WZWfQNdrsmQUNs2DPybXwzgnC8MEsKEdmNbJktx6VJ9Lto53KSoGkO82P+3XIMalq8UANj57Ya6K5gMdq3XqrUv22n2euAa8iUGpGylcd+p2r3QIm1ZSgcvwGk5Hn1hI2y2NuHSgZ5BZpfOGZ8hHpiBfVq2kpOPdh3MYoSW0wLQU54HylB2R/AM4OgR1eRA474t1pI0y32IeZAfkQeir82gLfxco/6fFNIjQ1fBX/O9B0f1Jhjg8289KovRZ2cARy3XdtBMLlM/ox9jeYdikGNQsx8mxEFj5/czso7nsJt1D4qF05H3pmsMpFoOyBjqKA1nr2h49sDT++Zqpd/38k351MLt7HVui0y3+TTOtVk7bYWw4LnNdsWvdLYhIeIXUoiytDw9+02y2KinpDyKfFx9rYhnUwiCAnLKKeGRrgMdaTYzNSOfvc32+3WrYKjPVg44T7HfHESRIOuaRRNyDSQnFJSCD2oSmKHrQl+VZuBi4bedFEbMWbtiuQlA1Ij19zZxPsyZ+55ucA0LInNEQv2mZDakLkKXRuox4/giiyCeYyUYw2cw07P2cGAg29VR8feJUBDtcZE8BcdC9i5usRiqutTdIMCSA89LZ27s7hQNNYV2jASXRAwD+vo/R1taqTRP9/5Dknx8zD7OHinEA2p1EUsFGIzj08VpuJjpXj8PtW6SYLkRNNS2oInRYAh4lbWh98JL9PoIXr3Omb+CKeCP47i0s6Pz7Zdld8cJPZVrPEc+76Cw7AYBsBMQ3EgT4NsG6M78PrhVXg1QH88dvvOKukKPvfWQnZfGOmtMdA94FDYlrC1627dVAQhWKefpAxjItRN04exm+QrhsByIrFH3mr0PiB6CF1dz+OMnLMxEaanWTEwnWuna0SMD2Uvh8fTmB+sdCN4pFJ1kS5aUzakLJ+zZ69tL04jYNC/ywZMelZ/wKFLbXyC5fuN8SfhY5hVQljCJbZ/pd3EAFC59//y2T2ptL7QDKV2c7p1iRGKv/SG+580HgXSg3CdNHqOAaVz8Pjw1Qo4ckSxhjNb23oOuVvgpkXToX1CILv8Ud0cqiR5WJ5EoSytkmtsvnaOzWO+YYbYFlC8Jg41K0h8aSr3tdVg67K3Vg44vilPgYDqkARpJCYFoUfZBQ0U0zuwAsLBvSIzMMzwCU0Kd3Vii/r7SqzSzaWbAsir2hWDZODbNqeRw6en47oDMaiHuZ2U68PaZYOTrnydVPwBej+rdVCazXvQAijcG5iwBrSgHmiYiINGBAfTWPBOvL7T847tP60/W0EWWba7hg9aY2oNMd0iHu6M3ESBxBL3jpfmq1beGTKhhGj5XzDYlQDB4s3mUFLyukeSGr3Ti/UXHHiFnU745qzlthBE3qitiLNQOnNLo5FlLI/NOWfybrkMkT0tISnoHBdbZ2h9FFgc4Na81GdTnXqgObgPjlsLE70d5DMAQpAAMb9QbV/23r/EW5c0QbWWxrYec5btuPLehya72ldW4hRKr1jfhZp7j6jeP0mdolxJPOVVQjvj5fDhbS9VfCbW6B6dijP0skVRxQoBCXyLG9+JqMYcsY/qKchsRMq71yTW3FaucII+UxOk26cAqqOv7JBLV6LmqOjCLy27p7eYfLLL5OddZQ6QFIRox+wmWJVgwXhaUlEJqavlBrNh78gXpC7ux0hx4JdEGWg+LQ4UmOhDgFsIfIJdlFI8ckA+uwxq+d9Lri+o4W8U6XmDwOB5moZTWc066HZuO8MbiL+sddVZDCwxgU+77Ny4gxthqawylB2w8bpX/tOMSk6X+fjEpBvU8OW/u+1WivbNTC6XwVURwce79ywl9jZomQMb22sIAYEGvQsOt+o65nEF+sG/M/nrG1PL2E4wg4jQ60Na8/H/xNBOTXpXHhGPm7KNcqbFtLyrZ+5lCZsu9gQkQkzHaJORkIfUEF/ROrSA+oPaW6E/UtPXPY4CsrKUN17WWCqpIgY87A8Vc/Y/dPK60gKZOTj7zYpXqzbkxN6gseBh9ewC2tNIiYuIcpw4KyS6JIaqTWliRtrqtOhnI2P8Mx244fDHGLVIuuN3rO4uUzJv+21OYoJuDORa+0TdWMMGXW8BIUlejPMPN60UqAufPpvQrp1cHsHCji9qKyj3tQCJrRJeCVp/6mN/87uRL09VNzJN78G04UwYA7rKvure/I2WUwXUXt3VOd0WjXureaXXVaBmHgqEXpQmnOLWmYVGD/aaCMIhxfGvIDahGZooX2uEBtoy6w74hEay/Q9de2Eqh9jDNQrmqUhkNQSxHBSH4KswWv9N7lubI05RLk8TEVCdX1x1TvBrJoS+Pk2CdVeso/UZOm8pbYMSJ5ZtRXu9ZDIhKJy/5H3BF227+Bx+OsI+vB29khFsLFQjozIHcQlv1m+LTzxpZ09nkqE0/YYr7qT0AbQ3jLh3vajx3ouNulbxOQdM6umVKEbLwkEeytjluueMFUxNVPJRe/MKWtj4RXL1cizejdR9NguijXJXLD4Xu4hLPVkFuIyjE1ZexwASPZmFq2JF2eHGxjKn2sv788MCByF0aRq/jFAU1FdFG95jsXc7rpu5No9o9klgdwjzeAq/v0rhxiZurD6tLY/KC8t/l81jimbq/SPl7pxD9wS7doe8d9nKdct0AyJetuA9pBLLdk8+DHmiO4WmEg8yF6y82VjZqJ2ASRxBiKfiJde8Uuq6PjG680hEytlZZiif8GXlNZm9+iKQnILsm18VgNSphJ3ViHZNC5iZ1tzO0pTKtMTk/zr6mnYSy0a0E9rQhBsMN1FE7YokAkoh0oFHKkVIIZrnQ6lj6VmomhBshbRkI0UmeBjNzJpfNVB0ISYYuTT5Kfhe2fqBy2SI8MklMNugqv0NVuZHIE2+n6nr0Jmx4DVY00V4SnYjucgHGHGCbqZn2mOBQkiYyWqFHMpI/1Lb0yi7RkaVdaFjPAdhrMEw81SkgSsxG2yef+F6nqLTqWTTlsXu/15nMhbPYCZPA4NK7aj8xsF8LGxxVXxkwjqJBN2/kV/A49vbJvE2j9j8ImrT+psJc0ZAn+bUDbnfOMsy5HR7jYA6YsiKAHTf9d6gwU/R5udHF2p3YgfSJBb0WSwZiAgGqflz5x90rjEpVZ64tIJv+phR0BHk+L8S0zHHPEHqRNVZ9RomQpVSHs6fKXpiG9UWw4/cm5+FW+gjqCJFJJntSAcl/gni11gEVi9l2SoOGxz9geQ1NwAwIcLDK60NJ70mnd/nlgUqINvmfHfQzpPBHS2/RiwdNrunfrpxuwRAVQ4w/aiCd3bLO6fIKI6GaXwYZpoTUZsPkJEGeGNwnyAAqzV0A1Tn7xAYnEg8Kk02+UcV4mOj1SUzS8mKT07fiQWkyZMFhY+aYGFH4ABjX7Ntd4xHhwKUdMBWKKsfNmAXZKjdYTxq2NFPOMRFhw6gUArIECz3waumPMhJ2c2mCq/qDincISQmlnFw8bVcP9R5SFjmlTSKFTQyVAgFKGqFRRAm8+fLKXui8o7nJt0XRUXm+pG/UtpCR8Aa5pqqF00+jqnI0IqyeV426AQiHJFy3d6mypfySSzCWEp0Ab/5JitscNYS8kY9Il9P9ncD8f2vRrUXcaBNQPdKbbHNoGqjrrlkQ8jwK6xVlE1nxdWUrgrt5HhWDMYF22cxUbL233DK7Tj7M+dgGAwhKOCuXzqDjCNNSNvO8e77L9zLR65XF7fET5Gbj53zT9BW/KFw8CQR1W5uor89/p6jQAcbqMI7Hyyr/YLIFNDAea4ySO66YL/lGTysWB8VvlxSw1rRLNCRplE9Z4e5mWJMh1cxxXseribFEoevcaqSynAJM+LCM+SpiDrHUGytJyeuH4qADuHd3xSggQjNtL8Lb2hzdzKlK9a1YccORf0efYRZ9ObKf5soT1e260IiWo6rklvNLpaLsELlUx1Lr8SGMQYqD6YjL5uTttzVLEalpEUv32nECJ7LqfmBsvYPdYoA8e/7vjvpfIeJTmGkBBssQNXXec0soaDFRl4XW8N9mYVp3k0Rn46UHr27kPPqcJhgEqYZUcMgSa308KrvacP9DN5gyFOLXRYtl8Z1oGxFZlQ90zm1YeqdqVgUZQRmBhowcQ3W2GTla6P8n24X/BnSfxRAX1Oc4SP1ILTjMTfKsE6cQBkNJSmIAmcHC/ZD86lWBXki/yE2xaYRWzHTS6PxKEu5ZFGUuO3Azuplyw03KbYnAOvNjdZIUFMijUNModJmrCpBmZ1/4KgUy+fiKywME6ZId3PzZJkl/Bd/UchTURkzkTfN0bQwig9fktD0QlBy0vHUHP0yQ5/tDIYRB/CkuG8nr42pnvVGYTdwHofzua7ppy170rrWBbqGo2nug0PFCd1+PZrszKrwDhorjdBoBRFVlO89xN4ubfFlnajtQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2023-09-24 14:17:55,347 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-09-24 14:17:55,347 - INFO [Shibboleth-Audit.SSO:?] - 20230924T141755Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|api_robot_idPcreation_c65d27e3e06e49f6bbcb6bf5d1636e67:s:1695557874622|https://iam.eu-nl.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_8bf459746111b014e8b70820d29aa779|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxixDXpIngZ9I68DUpVqekNwysZgxbkIdJ4o5CqypUEmnoJj0aPGGFz1t1VNj9Rlp30rQ9y2AzAuTQC7mD2N5Qtd8u/G8Dl72K4hl3xxeIc6HeJI5sAhbTyfxWQr1PJ44WjvxtP6qP|_cb23a4c3e4b455208062efe448f5944c|
2023-09-24 14:17:57,429 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2023-09-24 14:17:57,429 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2023-09-24 14:17:57,430 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-nl.otc.t-systems.com, acsURL=null, relayState=null, time=2023-09-24T14:17:57.429Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_1c59246c-f8fb-4896-a424-d6e9190a0ee9"
    IssueInstant="2023-09-24T14:17:57.429Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-nl.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2023-09-24 14:17:57,430 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2023-09-24 14:17:57,430 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-09-24 14:17:57,430 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-09-24 14:17:57,430 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-09-24 14:17:57,430 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-09-24 14:17:57,430 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-09-24 14:17:57,430 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-09-24 14:17:57,430 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-09-24 14:17:57,430 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-nl.otc.t-systems.com
2023-09-24 14:17:57,431 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:17:57,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-09-24 14:17:57,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2023-09-24 14:17:57,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1c59246c-f8fb-4896-a424-d6e9190a0ee9', issue instant '2023-09-24T14:17:57.429Z', entityID 'https://iam.eu-nl.otc.t-systems.com'
2023-09-24 14:17:57,432 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-nl.otc.t-systems.com' does not require AuthnRequests to be signed
2023-09-24 14:17:57,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-09-24 14:17:57,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-09-24 14:17:57,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-09-24 14:17:57,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-09-24 14:17:57,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-09-24 14:17:57,432 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:17:57,432 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-09-24 14:17:57,433 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-09-24 14:17:57,433 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-09-24 14:17:57,433 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-09-24 14:17:57,433 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-09-24 14:17:57,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-09-24 14:17:57,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-09-24 14:17:57,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-09-24 14:17:57,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-09-24 14:17:57,433 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-09-24 14:17:57,434 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-09-24 14:17:57,434 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-09-24 14:17:57,434 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-09-24 14:17:57,434 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-09-24 14:17:57,434 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-09-24 14:17:57,434 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-nl.otc.t-systems.com
2023-09-24 14:17:57,434 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2023-09-24 14:17:57,434 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2023-09-24 14:17:57,434 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2023-09-24 14:17:57,434 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-09-24 14:17:57,435 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-09-24 14:17:57,435 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-09-24T14:17:57.435Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-09-24 14:17:57,435 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-09-24 14:17:57,436 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-09-24 14:17:57,436 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-09-24 14:17:57,436 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-09-24 14:17:57,436 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-09-24 14:17:57,436 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:17:57,436 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-09-24 14:17:57,436 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-09-24 14:17:57,436 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-09-24 14:17:57,436 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-09-24 14:17:57,612 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-nl.otc.t-systems.com'
2023-09-24 14:17:57,612 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-09-24 14:17:57,612 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-09-24 14:17:57,963 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2023-09-24 14:17:57,963 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2023-09-24 14:17:57,963 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-09-24 14:17:57,963 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@865422796::identifier=rick, context=org.apache.velocity.VelocityContext@e9a0039]
2023-09-24 14:17:57,964 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@865422796::identifier=rick, context=org.apache.velocity.VelocityContext@e9a0039]
2023-09-24 14:17:57,967 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-09-24 14:17:57,968 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-09-24 14:17:57,968 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-09-24 14:17:57,969 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-09-24 14:17:57,970 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-09-24 14:17:57,970 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-09-24 14:17:57,970 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-09-24 14:17:57,970 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 9c23841df76721963c08e134feea235a2206d1196b9f4347a292bf4c86930d57 for principal rick
2023-09-24 14:17:57,973 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-09-24 14:17:57,975 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-09-24 14:17:57,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-09-24 14:17:57,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-09-24 14:17:57,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-09-24 14:17:57,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-09-24 14:17:57,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-09-24 14:17:57,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-09-24 14:17:57,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-09-24 14:17:57,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-09-24 14:17:57,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-09-24 14:17:57,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-09-24 14:17:57,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-09-24 14:17:57,978 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:17:57,979 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-09-24 14:17:57,979 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2c9d0789'
2023-09-24 14:17:57,980 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-09-24 14:17:57,980 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-nl.otc.t-systems.com'
2023-09-24 14:17:57,980 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-09-24 14:17:57,980 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-nl.otc.t-systems.com'
2023-09-24 14:17:57,980 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-nl.otc.t-systems.com'
2023-09-24 14:17:57,980 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-09-24 14:17:57,980 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2023-09-24 14:17:57,980 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230924T141757Z|https://iam.eu-nl.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2023-09-24 14:17:57,981 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-09-24 14:17:57,981 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-09-24 14:17:57,981 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2023-09-24 14:17:57,981 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2023-09-24 14:17:57,981 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-09-24 14:17:57,981 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2023-09-24 14:17:57,981 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-09-24 14:17:57,981 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-09-24 14:17:58,157 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-nl.otc.t-systems.com'
2023-09-24 14:17:58,157 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-09-24 14:17:58,157 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-09-24 14:17:58,157 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-09-24 14:17:58,157 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-09-24 14:17:58,157 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-09-24 14:17:58,336 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-09-24 14:17:58,336 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-09-24 14:17:58,337 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230924T141758Z|https://iam.eu-nl.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-09-24 14:17:58,337 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-09-24 14:17:58,337 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-nl.otc.t-systems.com'
2023-09-24 14:17:58,337 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-09-24 14:17:58,337 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-09-24 14:17:58,337 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-nl.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1727101078337}'
2023-09-24 14:17:58,337 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-09-24 14:17:58,337 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-09-24 14:17:58,337 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-09-24 14:17:58,337 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-nl.otc.t-systems.com'
2023-09-24 14:17:58,337 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-nl.otc.t-systems.com]' as '["rick:https://iam.eu-nl.otc.t-systems.com"]'
2023-09-24 14:17:58,337 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2c9d0789'
2023-09-24 14:17:58,337 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:17:58,337 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-09-24 14:17:58,338 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-09-24 14:17:58,338 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2023-09-24 14:17:58,338 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2023-09-24 14:17:58,339 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-09-24 14:17:58,339 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _b39ff49f065df3b27053f6b8d9f97e52
2023-09-24 14:17:58,339 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _b39ff49f065df3b27053f6b8d9f97e52 to Response _077b28813c17915864936216dafcebe6
2023-09-24 14:17:58,339 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _b39ff49f065df3b27053f6b8d9f97e52
2023-09-24 14:17:58,340 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-09-24 14:17:58,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-09-24 14:17:58,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-09-24 14:17:58,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-09-24 14:17:58,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-09-24 14:17:58,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-09-24 14:17:58,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-09-24 14:17:58,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-09-24 14:17:58,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-09-24 14:17:58,340 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2023-09-24 14:17:58,341 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2023-09-24 14:17:58,341 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx7UgW/7xySS4tYwA/ngCePctpIlxETJ4mbVEmmUphiH/k/ogRGiOiyZ4UnHcUMw1CedNA77QIJmn++mP/yRM18rVBi90PthLJTULdRFqkuK2vnQkHeI8IEHhkyJPKSbw1aHx0L7aa with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _b39ff49f065df3b27053f6b8d9f97e52
2023-09-24 14:17:58,341 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _b39ff49f065df3b27053f6b8d9f97e52 did not already contain Conditions, one was added
2023-09-24 14:17:58,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-09-24 14:17:58,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-09-24T14:22:58.337Z, to Assertion _b39ff49f065df3b27053f6b8d9f97e52
2023-09-24 14:17:58,342 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _b39ff49f065df3b27053f6b8d9f97e52 already contained Conditions, nothing was done
2023-09-24 14:17:58,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-09-24 14:17:58,342 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _b39ff49f065df3b27053f6b8d9f97e52 already contained Conditions, nothing was done
2023-09-24 14:17:58,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-09-24 14:17:58,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-nl.otc.t-systems.com as an Audience of the AudienceRestriction
2023-09-24 14:17:58,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _b39ff49f065df3b27053f6b8d9f97e52
2023-09-24 14:17:58,343 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-nl.otc.t-systems.com to existing session 9c23841df76721963c08e134feea235a2206d1196b9f4347a292bf4c86930d57
2023-09-24 14:17:58,343 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-nl.otc.t-systems.com in session 9c23841df76721963c08e134feea235a2206d1196b9f4347a292bf4c86930d57
2023-09-24 14:17:58,343 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-09-24 14:17:58,343 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-nl.otc.t-systems.com and key AAdzZWNyZXQx7UgW/7xySS4tYwA/ngCePctpIlxETJ4mbVEmmUphiH/k/ogRGiOiyZ4UnHcUMw1CedNA77QIJmn++mP/yRM18rVBi90PthLJTULdRFqkuK2vnQkHeI8IEHhkyJPKSbw1aHx0L7aa
2023-09-24 14:17:58,343 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-09-24 14:17:58,343 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-09-24 14:17:58,344 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b39ff49f065df3b27053f6b8d9f97e52"
2023-09-24 14:17:58,344 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b39ff49f065df3b27053f6b8d9f97e52 and Element was [saml2:Assertion: null]
2023-09-24 14:17:58,344 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b39ff49f065df3b27053f6b8d9f97e52"
2023-09-24 14:17:58,344 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b39ff49f065df3b27053f6b8d9f97e52 and Element was [saml2:Assertion: null]
2023-09-24 14:17:58,346 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_077b28813c17915864936216dafcebe6"
    IssueInstant="2023-09-24T14:17:58.337Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_b39ff49f065df3b27053f6b8d9f97e52"
        IssueInstant="2023-09-24T14:17:58.337Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_b39ff49f065df3b27053f6b8d9f97e52">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>qZLrHOx32m3aHN+lSq9xtYGLN3JzUxZQgJAJFd6zK+w=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>AXz3E0F1r2C1DiPzp4ygHnknf8GPp3AGD4wTGEkHwZyY5/ZxNZ01gdPypvToLreoRhqP3yw7/kqjtPQ+NXDlOfIQP/4nJS6n7537YrmHVp+HXeaqJunwloUOa7xfNNHuP+LH/Eaa27RPuPbllKriNikWY7Vafv7MjTa6UwoQ6XJ/UypQEx7s+2Zffey8JQK7Fbz9FKMgWHlqtRdbTi6D2S4kuFNH0Fqt8lrAT4wiZkRwrCm2O9nb73A63dyLXjDCdAxbPH/ENq3MeXqtfIRZP982iAdgEQNJl7VyGMaj5+jhiiV3e3tVqsQxikMZ3OuDtybHUxuMfHz1xz+yuW97Xw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-nl.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx7UgW/7xySS4tYwA/ngCePctpIlxETJ4mbVEmmUphiH/k/ogRGiOiyZ4UnHcUMw1CedNA77QIJmn++mP/yRM18rVBi90PthLJTULdRFqkuK2vnQkHeI8IEHhkyJPKSbw1aHx0L7aa</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2023-09-24T14:22:58.341Z" Recipient="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-09-24T14:17:58.337Z" NotOnOrAfter="2023-09-24T14:22:58.337Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-nl.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-09-24T14:17:57.968Z" SessionIndex="_63a96c9a3ec590d059270d0d6dfd97ac">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-09-24 14:17:58,349 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2023-09-24 14:17:58,349 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2023-09-24 14:17:58,349 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_077b28813c17915864936216dafcebe6"
2023-09-24 14:17:58,349 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _077b28813c17915864936216dafcebe6 and Element was [saml2p:Response: null]
2023-09-24 14:17:58,349 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_077b28813c17915864936216dafcebe6"
2023-09-24 14:17:58,349 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _077b28813c17915864936216dafcebe6 and Element was [saml2p:Response: null]
2023-09-24 14:17:58,351 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-09-24 14:17:58,351 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-nl.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2023-09-24 14:17:58,351 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-09-24 14:17:58,353 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_077b28813c17915864936216dafcebe6"
    IssueInstant="2023-09-24T14:17:58.337Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_077b28813c17915864936216dafcebe6">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>IKF1/mtowvM0weT9Iw0Xni+wcynkJgLkZ9vXVluxU9I=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Lql6QMoP2vRj6P3JO1S7tt0oc9zFiO7q1zG4Q7QZK0Hd+rbJedP5XDC5noeTYdlfOuIkMnQosAB3QofN3wMZT6QYDqsfH8rZAdPgFLV0FOtaNoAQMcgPIokRFiIe1H16P/YHYiCzzdN8z7kSgh3YJhKyOVwmt3dVhEHCn1deg+AAmHGGXtKEXsO1tIfSk0267SomYx+31Ww8IaXuY6ysd2Ok8eH8dmB0vfAeOOmO8R9mp0PRSM1jzBK05g1oBQFejQ9TakEH+pAJgOScnrchRFrC0XTEK8xHl1TFggb3e87ZrmiMKEPPopFOyzY919QG8I+hlBwWPy8ACGzgJU0qGA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_773d6463322e939ff8a09659dbc215ec"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_b17ef0c73e45d83f5fa0ba01e8f3f859"
                    Recipient="https://iam.eu-nl.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ltyumspDaN/hkd8LbGLusipoeJCNjujOtXfQSuNAh3C5CRu0nySM9s7SPJncL+zdhFVGKpj51Uczf0xTnd54Zw1PdK3tPA/vjOdVkAKpZ6qTug3EYVLM/iifbV/LOw5O2XJZYHts4IdA2imTFHRWBhQ58mdWP6Fk5If70A514VPGuJaw7VAGRAuSAcv8Nq8s1ObzpIbN2Qd5TDukKZ4wb0CG3i/pKxl3KdjTKVFCq8LjE/e3S88BXVjKWnctnmMXHAKGvBJDapaHDEMr3xq08Xlsnb8fODSGM7AD9saXJCt3U6lJUU+1yUXVGEnl3msidhMgOFNxA7N6azVIBTqQTzuta8NkTm5h2LmsPpOC5ZLjTDCBy57P5e06frNnkkg3153Ax2KDBvgYi8nOdXzK1VvpAX/rVpnGab5YREutJXbbycfVMh/GC5MqyLEe2oTThF/O0NbEgYfU2+dZB67Zyge00LNfq0fbrmoOI4WAHy8blofdYt0sOHDBkSEk1lOAqsH6bwoHqoIBFlie0i25NWn+61zB4yE36pcqOMu7rB3PTfrQh2JlBpXhvp+xI/8JYkJQdsTQJIfO1vtK/8k/QCqLQP3T6L0s7FMK/zJwOvSlQrWxgELBVPDazDVaVMXPkATIxMNayIf1/uc2SC/Q9RILRsM6y26edCkMqDZqfJk=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>OR8viop6VrLwy2nMOdRWvePyaKwJ+2Px/LbW+7gh/2hslOdBfVSBVVZiFYs02W1H/mAZSf9yWiFt78OdgUCfZBPhSlQnr+Vti3WihsrsM07tAaUN8yABZASM36IMT4mQ8RgHCV6s9V4gWDSPY6mPg6RtRsPy1won168ec0S/hFyJITzr+zGIdpSzw5Prz7QOl5BkW6Lt7vdSVHmbcJ+XDEM0E47WP5LcdVE6FPtnABRJpVaWIPOph8eRFNFbXLPojKxto5VH8D3mw4IT3NvLGDEuIIOCncL95GgwWRdSwkC59bfrtXzfqrK+S3RkY3wmGywmaKJRCWbK+N5EhdFujc46Faq9DZ3LqvTn8GGkiQwuNuA5u7rgjVSAkhsda00A6c2SFcySqcgISIUIgEs3kz5qKElNCYp2l6dC/1JgTNmASz9SdNugFP7PdXCxZ6Wfh4+Nnal649gFHp70FvT00zkaR0hGUfJUEHNJG3Ka3phbeYkiDlZWjyS8fv4bDAtPP1qS6SgpqBn2VNBbDmo0qo908OKpQEsJPcyY98pORr3mV1oOASQGRceHBPg2K9qABC8OLE6/+p6V0Qe1/WJ2NgTjXtTiLPnU+Y769Ggsg7bBgoS4ZmvIBeY212kGLisl+UYqMIptFOsm5ifcU5FhndnNDKpUwdU81dX/zegs/qeZlm1J4Tyeti/W6WK6LW22p7DzboAE4YoQlStMeXa9Daygl3iAqv+QZ147YTKUQwdqmQo4FBq4xga4lDehFdTkrmuDV108H0gJYltirFpb/6evyXrfRSLAGyCB9T9N3owB3+m+lhUbcsk7GKdjbIvr0eT3+Dn70+sZxxW30CWRQFnicpTWQv4pYv8HkEINYmorYRroTYX5jsJx2Pnxz6HZnnzUdHlLwrgbBIQGfmhDco35QlyPy/R8+cUcoceFXd6BaF469xdQJYlI6lhLsVIhlZj4Q5MD26TJ/SEvvErDbiax6Dm+JvaRtqMlxn/bFH14XHbO24ANCD5yRLtgJ9nBNn/e4oxXcLsquC4UzgwX/P1jn1CfBy1DkOfXW2+7JC3VziA9mNvr5K7cKe8iyDFRvAoZ45yTQ9GfrL9w7+mp54fH4SORbbLRY2pEVDI+uhZxkF1zrYgdVLY9stL+Ulfhc6XyzwJX6sULB4x3xZ1BxzOwpp9cfjAD4hvgjtsHwzNNENfEcBYA0/vpEgbbSCC0P4ccT1rt9cEs2NJtc+wNy71hxl2ItFxp2jvkYvd4hOBZb60810yRoEzsbOfyFvxOl+qg763oetfqXnPRPD2K/Z3soW0cjoJVVF7qcdk/DQ6qBoMlnJEdK9Rl4fsvotCyNJfp92gCeZWtW5Go8P6WNCokID0DCxY9TYDZWfvnZuxHNBS3u/epkG5ukiX+y/K8QZeq+ekB9J9hTJWM6C5pLSXYR4J/5EY+sDmqoq5tECOnORF9U+/Scl19tTRX9dMOLI/CxqWOvNHWsouZvMYm8T5QICJ4KYH9r5jXn/cqlywUoZcidHPEwHWFygpDvzMqz4Jt4R8o5ZIG7+lV4nYLBZ702WIYcSHU2WPk641ws2i/18ieddJYEer3nkctfFxhh9iHCJ6ENVaIIuS0IP5YciKqTvEizrJrl5udeqvq0I//oTa6BmdNmQ5SN3ziV7SnEaieFXU3DZo9fZV6Dp1V0JLalRXjM07oADiNrH4INmRvxfHuZAZuK+16EvgZgTLcWD73JbdUnh58VmFlraIXzFRxV8ex40tOReNf7LAa1N2r2so/z403SN+LajpG9JgaCUWP6Mfh1yzG+YXO0OOIygPqouzUXrL1Lk5R59t06/ZCA4Tj6ARpQ55xoFk+IXRhhE/rtaiOobg9O54j/EeqRjSDaXjO/cDWLI/3METRUbm11qATgXc6kMhVWWOTEqEAxzskcKBQtB0XPp8RXFE3KxgUynyzPGKhZjGzh5sIiLj8ceQv1VNbMnFOsmDF7TE7NbMLE3x1wp3VROYXQPdLIIZtX55hPlmkYQfxSyCW1trgDgmY19wdDu7tcacJRiTfTOrI44tn6b3SFEgekQIlWfB3i0HODtLlmif/+85jLropnN/cWQ5Tarx+bgK0wzbtjIBSfIxoFlTCuq8Uo0xGRpwzOkGuA/9PFyQx7leDzQSYRCjgXUiDNV5z7DvFyebtJsB2fAO/u0obbICH/KesiYsJT1kXE9TTurd+ILy5jb25MEbPaJtILRk2nN/ObvjQm3Xzikub+SsbzU8vbRGwfJwGT4u3D81KUYROvMPdzRKu2kUxmjOB76Lo2shjimBh2csUE/jR5oM2atvDfUK1MFLnucDew/bBA9JnwnCNNpwl5UfpfTE4uVaoWmJT6/3Zx1vV5iRyKp3bA3B7KYvXudq0lTf8esmlvdZ9BQhVzebWD2bkmYNFi87MKjfTFe6lTt51ygdYh4G3kokcShjyDZSfp/tmQ5wX3j7yd87kqRLqpR4sff2BTRASTsRuz27i2fnKvzWm3ImFgaNHHQdqVvXWm8d0ibYzCl0stGLMClWfNKX+Q6we5QkS86c9ORKerEIYFheE5/QNsEHzXAd1fNW+tAUptSpdBDdKzJjk+aFNDhPJ0reQEGyyvMil/quZ45VZgIMFSyY4DjWjYLLqi2wJUbsnI6kBfKiSzwJ+Ei5Y+gwf6ohH8e2RozSv9jg0pNV7KP6q8Tu4n726PY93DnF3F7NxvWaaLOH0HsSTMPtOvpBgbCfu7TyI6a/Jovos92QtTnViKd987i4gzAK/y2Gcld2BT1+yx9VQrpdSsSDLjPH7frYbZH9YpHgMHPbAJgZ+xbfycEvsRzEi6vznCcT9IBBrVysJtnliiltOi2HlN9Ys6eLI3f7iHSr8z27hizDwTyiDJ5IqjjXAmQN6Juoha7/7V3cQDHHBa5u14ZtkTkN5fMS1xAg9Q0qahUKGkNuNeuSlG5wjfmVQwm43O0nw8J8Eeb5oPddwkXD9zI2jfd09kQKKyfRSg+/mQgDZPctpx+cb0UkVF5zFWet/fcGsIAWHzgRvEQmaIg8F/BHyHjgmtzlE1X0yPYzuvqYhG0M9qMQ4e/4Y9h3NBkMVtc52ke32UD40qZ3Q6iZLQLo4ChXbUYzcoBJfTuGXZUxTj+zV4yHrUm/FgJ7+MuJUNOIhxnSt4lTW8eN5Ydvxwph/0amP6/W71wYGnAoHtXtoUrV4LL0+I6YqOAeqL2htrmnZSiZV4+rXheJWalSnhtMLzXuyoDEpAAKjcWv2lIj2M/FO//YumeMflEaWQYtmurrguFuR8uiaQbWxCtLEK8Ofd66VYLmooMQg63/fIpv0b8kPT/qUOzNa1pziljkBh9+AOwbXP5Q5c3x4CSEfXCjHiJdC3FvJ8GVmM8ALufX/nxCFZssX6ejY2AvjMzZlG1phnYA50uCeautgPATmkdBgFxOvVFrHoU80FdP66IUNFaJNyY0S6G8v9fh4+1hZUA/NrD8Mc7nsfugZYDfZFZoaxP0hRozr26SAZjw70lyPdrwIPxPyHD3/XcBLhgdSNSM8N87aGdD8C7GW1gkzYThL2lNec4aBcL5Bg+QFjLczgP1+C0vwaqW5pjVoh8EjxTS+qg1wkglXyr+zCSJSDLLGSAGqRkv3A+VN+798Eb9p5NmIakpHN+kAMRe4HN/v/pqPOJoZXZ2Nlqs6r0u77vXjm1Ia99ivdwE42gs/kKoBegMz8OZMJ8bGzIZ+FSULznKAiYjA0X7r6deV5hWwH1xw9xuIQLJbfK40OmT77tmgdlauavLOzmXyASD+3gITz2glTDcu+TCj9B4Ej//BlIsVsQ9vk4tDRaVusnCt6SdCekL4Fid+rnG/E215q3Jbd3oFpeFYzk7HnT5FBDiSoJTf+VpO/jXs9I3Wdl73pJW1MMHgNPceRh2gwD5kYwuxp1s57XNRsxGNTGrfZX7MVO8/PKWcE0PH9lEQHei1fsUtV/QK2YpbCcVyujmbEt44kkuX+gQAMRvOVd0k0MSM8o6SwaVajn+MK03Gd1l0uEHVmjcsjogdHUiOF1J1Eu7AP/TIIZfPnD3BcD9wrKdRhD5RVKARAU2MTVDkBswiD2n0KZgtw0Dxp+ndBt3kZcVk+xioCJbX4ju/40No1hBokv7Rb2gBI3cAiAPhZrnq2zJMU5rqf51Pw9vq5lChbqNYfJ6KvuxUtS+1ao25bT+3QhlLHaHo0PUYEUorm/JYjrxazLqMYLRaYcR7PHJumwT02DgBsglpt6k2cT+9Xy++1l7+7RWk3Wa3b9+VX3vlR/Nb40vBD3cw23gFnyp7qBMcAh67gdGZvCljO0OQE7RrhSgnX4mynnT9ac7AXg374CWi1PlY4skfBj6mhj42mi1IAhTBKpQLwM6Roopqs6PgpiFYZxg1XMBHNad8Phj5EosKY0L0bRTqol0ayR90s5H1P+JL0I+gR3oSLEKUahCDRGJ6nRmUZjnMVQh5XxW6lUB0rhk2j7U3sOZf6f4FBjYJlds5+zNjYsHJ0d2/b0S44PHDovhHr514wIDl3l7XsgSjPnRSWGcT3bAsTlIAV/6h/x96j0C6FrOQb7gmNSKtM2ffqhd1nKckJhlbrqymCphYSzy17eyFR6DJbFrHmrQpdyGH8JsVybKz4YPLFBBUi/YL/Ii0qR1tU7bcvuDF2MEIvHm3tjyJOpP038hZOH78LihvSNT3CGvvsYYOXzhu1T4jllt6a04LhGg4WW+TH+U4uhQLXk/RXybmm8b/xiAk8TMrhvoHgex8WHs6bCxh7J1Kyzwz4dbRs5qWHVP0D+8F3d/PRZk8qJTj+02A8yOEUfZ/HMSVXf1yOtFmm7+JvY7UYYvbzk0//9CHEv7lsFyAIjoh3pejbyjGX+EdYLyiYGPS8rPgZHq+Oj0JmBEdrrh+NLWsTymA6JpXCeCVwwakzjSAlIBu4w2jQgeVHo99UUu80kvDn+Wel8nIGCIWqwuuywyEp9Sqh2FjBpUs2uOt9IPwXqev06yPfPeLvxjroU73doH7yjud4xtTwrJikaIwBA/vJuJ8tP1R7ABkbzNlCr+64NKV7PepkLFqc2mqDOfsCoT6NPj7GnzxTQIIap9z+tXJUr+Id6wXyZUTir5t9z9IJDsODyWYI+Eed/IzEMzQ+I6U6eXRAYUOTNXXQfSw688ju/mB+hgNzZXBYix/oN4mN+QayktrWWPZ7bNFGTRU6KKRJtjtYV8b1URdSkS7VhjVkTc+Gob2tEyLTJH4y/OhHgHuo2Ee80oDGAnyiUKrTxO721i0UJ4B5oYSxDPLxZeJOrZZJ/H4qGwqcg8J+VTLikcC/RsMXJKGAQVrljdAhWuHUN9ZEJZzJ1MvVOH4inGajgSb562qcSYYzlI42X0pTHnnhyd0EvoS09U2z2DjQcoerKqPIC6ss4BE8Gi1dYn9NMAcryFB16TLBO3H4D+Q/BvLWZR+YxmFgqvfJfOcMgSlFuO3+Yjp+GAxug/Mry43ecumTDcOSSc5oYdPMb1dcTlcJXmsd+roGZ2PkXX2d4gtDbs8MqFztc6HF9W4V3eSsfHNtyum7qyGZ3AaQYvEt7NlntkFcu9CC0xCv0VOBItPPVdflN2++nSCILJjFEADUZA+1/pqUm1S2oEYwABEfcmrFkinz5Dsn4Sy47JDr3GVl2PmDp9321GeyudNKKJ2UDPi7KPHniMv/rd8Dxz12UiLsUjW++nhS3KdNP089b8dMY86argKjseqfyw3jNTqJR9c+XtOg4TaTHptM9kRwVt86cL+xCBAKseGla/gJg2aotAg6ytFNHfzgIBq5dWjVUFuRtSbhte4309hS6WjHyTXrtv3O+AAM4pERtuHTO5Z0fa6I00WpwN9lB3zlocCaDxA3Dqljsxg+pk/63fOaZKbFvaXYzHxOr0Y57gyK17C09HB6zaBwHhnZfGkxCx9jP3J5wMmbEVyoNbOqG0V0ybpkB6WBEOGmC6M2QaVB620zwr2Nk+QhJloW54cvj6l4kLBx06grKDSyXpxm2/paQxQOMaIFyQn5PvOIgqIdn+4g7SACa5ps2X5ECfmaaE/XndXywx8FxhsMXWBVcG2Z1P6hGJAooFjJyr0t+Cn3+JQwcecIuG8wgJ+Arbm2Znv9Z//Srk4eNiCGzQEbBmhStUsL8GUHEzaBXC8z7cvuOwQGvaj84ax3R3uX4NzxiMkoLxWEWZLKdNdvauYhAemMihHzY/m2pYVgi+b813DvQ9FxDan7WnUGjZr6Kvfx5zB55M6bqIbAQGF6uBA5n83Unjs1dHyuzOrrRG+W6/KrsRrTnNQtTFE7dvXOfRFMrkDiPcCiReGYVJQgnAbJlF4k4t6subtuOB1aRrOLD+UeKqgW4MBOS5USXlCRa5QZFywGVzSA9Ze9gUw9IGYW1kGdDzrCUYBRDRpv41m5c9ihzEdkdN+MeJP15pOhJDGlj9UasTqonmtiobOt7aBjRThZfyDRx2QG7O4gCej1SQtf4/ZnWdJaypZefs7s+AVndkCzvDhJE12kLXyI9LRaq0JCsRFWU3A7GV5z86ziTGb78PkJH9/s6ssgS4JB6/JkTC4hSZzVk6k+IUSmPtrtUKWkShlvo9hxXofR5aEkyscuf+EnfsxyDBwjYBAFn47RdmZKLr+DVCdfUV2dM3TTtRMY/iLqzG9o82xcY5/78WcK/L1T7fiZHZOEsXC67MPfuuNoo1+mjsI79hZelzYR9TMrz8Gm6lKBS92vpVZw/ZN2vqzEEo7+bwAJpkmLeztcubmKgisjY8A1ji0PHPbCWOKJlHj0XsvFCEm9o+EU8SAAzdZzOVlDxl+jTbDL5J7p099aJTVYGolCPC5CaGf0Mi7vPQ+eynOfgjaXxapqUb1XSJ4x3rhFVYS4qb3PuKS0C3X8y79+cd79lvlR/RVFP+RN4FycWh07NAfDzwP0QJLwf9lDGtwHEAXRGogNXZNGGW4I1ayj+xqaC65wIvEsuWO+6SBmtpnDz6oyBpVEhA/UpUy1rqXMGvDAvJ9jqU+LjTm3u0V7fdggqESFwk8K9YJZloz826RopTsKCbS8w1yN+XKZ+G14kW8KJzfoKXZbT2AZkDC0y0FijcwcUXqD/TiImv+8O/Aw390rt4qWoE8euih/QdSzNxErprUj/RvIoLTd49tf01iYENljQZpDBMUjL2/n8i6TUmORDuS4xcPLzeUkBn6PMPbFXGk/6ePa26gRtuU4O+UeuldIkliZhZcuJVnGzPMd/ABppfmDamKHaROYHvMyGO4N3jZjqDkLckc5LsfC/mFSti1482Xf/6yxzuvBStNKLrWd3YsrTEHIn1MC1szJA3vO5Vf1JIr8pGY4paT+Qdn6/bq8Z+aSzTnsG3A5tJBi+7eZrIeXpCIa3JXmeY/wTPcLhvkidzA2qTha/MOPlKPxtekEtdFdsxexrJD4jnrVJzaohYIuwYHX/MbiF9V+wd2p6ySg711lr7zXGVdWJkBxDq3bEnsM5qn1NSoYjDJJ59K93wCM9SjzpV/1cjfly8tQKctbWI8wizYE5TRPsta/BqaXZV8g27RDP1au+epk8nyIAe/3K0t/2D27iPkYit+UfR83ZcUVE+gsC8i3QDWftQWjNe1OcSV1QRdHgIsBPjuQ9CzJ0WXlfMgh7xI1vuV3j3fyRv8pN41KuAEu2eS0exd+hmMwKeNxRrfQT706IdIXkbGnLA8a3w2zze3JYR6YLP3TfC4JEFqe5PBmS75CzctAhf4UyzF/Xm9faxVkOcV/WSATsDBIbdRafUXB0fwzpvgAVYVg718ptDkKRL+zyP6IdypcajziNIo3pBwWIF9t7+swGiS8xXZG50TcqswYGZ3wZ5nlEKdmWyQSf7mfIA4IIJqzhI/SN8nYO9QbjuqsGtXmWf1MOdkH6xYlwyrXWG5c0OUy2iw+msXKOT1+hZMr3iVHTMrSpJukjdvvABxsSCyOOjr2/BMCJ3VtouFrvYjEOjTEkvE7ghFofQWv/W1XJh8OWItBwKk9FT+f91n17u4UQGtG5GoJzgcZtHZUQvzZ+/qhhUeCracszcw3h/iEsaNNIRS/aBmmPfSvxZRIhHMEmauRg571Wmi7lHbX6XuHj0wpOMFlVtRRYEp01gEf0oKQNiOaKTkrRCwEjIZnp79XgfSAlmqDgYpniUf9cmm/6Dr4kFnzvAaAzG+kjTpifRVKp1qSof70shi61MDgrloF34zpu0AYUUAFnH1JdWpP4oKK7rcxQJRqzn/58xsDMcrCzOJ61IuddR6ZMIQagDMkA==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2023-09-24 14:17:58,353 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-09-24 14:17:58,353 - INFO [Shibboleth-Audit.SSO:?] - 20230924T141758Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_1c59246c-f8fb-4896-a424-d6e9190a0ee9|https://iam.eu-nl.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_077b28813c17915864936216dafcebe6|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQx7UgW/7xySS4tYwA/ngCePctpIlxETJ4mbVEmmUphiH/k/ogRGiOiyZ4UnHcUMw1CedNA77QIJmn++mP/yRM18rVBi90PthLJTULdRFqkuK2vnQkHeI8IEHhkyJPKSbw1aHx0L7aa|_b39ff49f065df3b27053f6b8d9f97e52|
2023-09-24 14:19:11,801 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://portal.sp.local/saml/login
2023-09-24 14:19:11,801 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2023-09-24 14:19:11,801 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2023-09-24 14:19:11,801 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://portal.sp.local/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="ONELOGIN_fb1ba131df6af335216aa9eee1e61c50d744fe9a"
    IssueInstant="2023-09-24T14:19:10Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>sp_portal</saml:Issuer>
    <samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
    <samlp:RequestedAuthnContext Comparison="exact">
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2023-09-24 14:19:11,812 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'sp_portal' from origin source
2023-09-24 14:19:11,812 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-09-24 14:19:11,812 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-09-24 14:19:11,812 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-09-24 14:19:11,812 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-09-24 14:19:11,812 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-09-24 14:19:11,814 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-09-24 14:19:11,814 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-09-24 14:19:11,814 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer sp_portal
2023-09-24 14:19:11,815 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:19:11,817 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-09-24 14:19:11,817 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-09-24 14:19:11,817 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-09-24 14:19:11,817 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-09-24 14:19:11,817 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ONELOGIN_fb1ba131df6af335216aa9eee1e61c50d744fe9a', issue instant '2023-09-24T14:19:10.000Z', entityID 'sp_portal'
2023-09-24 14:19:11,817 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'sp_portal' does not require AuthnRequests to be signed
2023-09-24 14:19:11,818 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-09-24 14:19:11,819 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=fVNdj9owEHznV6C8E%2BPAUWFBJAr9QKIQkbQPfTkZe9Oz5Nip1%2BnRf18n4Qqt7vBLlN2Zycx6s0Be6ZqtGv9kjvCzAfSDYTjnShtkXXMZNc4wy1EhM7wCZF6wfPVlx5J4zGpnvRVWR%2F%2FR7rM4IjivrOlp280yOuw%2F7A6ftvvH8kRPnE6oLGe8nEweEjrjfA4AFGZUPIzlu%2Bm0hDnvqd%2FAYdBZRkE2GvRqiA1sDXpufKiPk8loPB8l04JOGZ0zOv7eUzchrDLcd%2FQn72tkhLTefWjEShIlaxLylUoDaa0n5AhSORCe5PmhF8ku%2Bd8rI5X5cT%2F2qQch%2B1wU2Sg75EUvsnoZx9oabCpwObhfSsDX4%2B7qrLbOcx1jHWsruO6cEi4wSjuNRfvOuuwuxfqxhy%2FIbfkKrNk%2BuNtuMquV%2BN3V2%2FPRuor7t0PQmHYVJUdlB2WNwRqEKhXI6K%2FMSmv7vHbAPSwj7xqIhuSfj19WDWS3eCG1h7Mfrm1Vc6ewvQ84c%2BEv0a7xbuFrHbboCGV6d9EEEy0ulLPweLZOtjcWrhBk4XgwH8Z0GdKr4r1rcsd2Onhp3%2F5F6R8%3D&RelayState=https%3A%2F%2Fportal.sp.local%2Fsaml%2Flogin&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=arCY3Zr9433S1HsiokssBAIhYnrnW1j3CWcdgiMl%2FltAsWJSTK3jzQyQmPFKKiHCt67Fl0aGA9suBzIMNoc6XP81YrUKNrRLyLCmtSMetTwhSQ9NGB2swpY7teW6gzx0M3bKtO1JtT0RtUS8kwnXLU8inqKHms44lQtmUQsqhH4vvC0kMMaFlqrPqFybmoyZossyDwghuSVq0XJTjVogmBsNEIK7hKQaY2vUECcmLDyyz93kWbYuHJomHaCiFuXCBmMhOrj6XZJdHuUpKLiSmIVdaTg6KxmwU0Kj0WWIRmM%2BweR0M26PnCX7AB5PCMK1%2BY4YaldzPXDnt4A7hVhz%2BQ%3D%3D
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=fVNdj9owEHznV6C8E%2BPAUWFBJAr9QKIQkbQPfTkZe9Oz5Nip1%2BnRf18n4Qqt7vBLlN2Zycx6s0Be6ZqtGv9kjvCzAfSDYTjnShtkXXMZNc4wy1EhM7wCZF6wfPVlx5J4zGpnvRVWR%2F%2FR7rM4IjivrOlp280yOuw%2F7A6ftvvH8kRPnE6oLGe8nEweEjrjfA4AFGZUPIzlu%2Bm0hDnvqd%2FAYdBZRkE2GvRqiA1sDXpufKiPk8loPB8l04JOGZ0zOv7eUzchrDLcd%2FQn72tkhLTefWjEShIlaxLylUoDaa0n5AhSORCe5PmhF8ku%2Bd8rI5X5cT%2F2qQch%2B1wU2Sg75EUvsnoZx9oabCpwObhfSsDX4%2B7qrLbOcx1jHWsruO6cEi4wSjuNRfvOuuwuxfqxhy%2FIbfkKrNk%2BuNtuMquV%2BN3V2%2FPRuor7t0PQmHYVJUdlB2WNwRqEKhXI6K%2FMSmv7vHbAPSwj7xqIhuSfj19WDWS3eCG1h7Mfrm1Vc6ewvQ84c%2BEv0a7xbuFrHbboCGV6d9EEEy0ulLPweLZOtjcWrhBk4XgwH8Z0GdKr4r1rcsd2Onhp3%2F5F6R8%3D&RelayState=https%3A%2F%2Fportal.sp.local%2Fsaml%2Flogin&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: sp_portal
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: sp_portal, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'sp_portal' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID sp_portal
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-09-24 14:19:11,820 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-09-24 14:19:11,820 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:19:11,821 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-09-24 14:19:11,822 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-09-24 14:19:11,822 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-09-24 14:19:11,822 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-09-24 14:19:11,822 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://portal.sp.local/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-09-24 14:19:11,822 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-09-24 14:19:11,822 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-09-24 14:19:11,822 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-09-24 14:19:11,822 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-09-24 14:19:11,822 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-09-24 14:19:11,823 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-09-24 14:19:11,823 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-09-24 14:19:11,823 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-09-24 14:19:11,823 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-09-24 14:19:11,823 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-09-24 14:19:11,823 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: sp_portal
2023-09-24 14:19:11,823 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2023-09-24 14:19:11,823 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2023-09-24 14:19:11,823 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2023-09-24 14:19:11,823 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2023-09-24 14:19:11,831 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-09-24 14:19:11,833 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-09-24T14:19:11.833Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-09-24 14:19:11,833 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: RequestedPrincipalContext created with operator exact and 1 custom principal(s)
2023-09-24 14:19:11,834 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-09-24 14:19:11,834 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-09-24 14:19:11,835 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Leaving existing RequestedPrincipalContext in place
2023-09-24 14:19:11,835 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-09-24 14:19:11,835 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:19:11,835 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Specific principals requested with 'exact' operator: [AuthnContextClassRefPrincipal{authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}]
2023-09-24 14:19:11,835 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No active results available, selecting an inactive flow
2023-09-24 14:19:11,835 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Checking for an inactive flow compatible with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2023-09-24 14:19:11,835 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2023-09-24 14:19:11,835 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-09-24 14:19:11,836 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-09-24 14:19:12,147 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'sp_portal'
2023-09-24 14:19:12,147 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-09-24 14:19:12,147 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-09-24 14:19:36,206 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2023-09-24 14:19:36,207 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-09-24 14:19:36,207 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@430989346::identifier=rick, context=org.apache.velocity.VelocityContext@10e5d56]
2023-09-24 14:19:36,230 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@430989346::identifier=rick, context=org.apache.velocity.VelocityContext@10e5d56]
2023-09-24 14:19:36,232 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-09-24 14:19:36,232 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-09-24 14:19:36,233 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-09-24 14:19:36,234 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-09-24 14:19:36,236 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-09-24 14:19:36,236 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Checking result for compatibility with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2023-09-24 14:19:36,236 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2023-09-24 14:19:36,236 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' in authentication result satisfies request for principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2023-09-24 14:19:36,236 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-09-24 14:19:36,236 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 509f11a6f15b515248fea5e4d8e8efb803db8f710db9cfa3fcbff6d713bee64a for principal rick
2023-09-24 14:19:36,236 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 509f11a6f15b515248fea5e4d8e8efb803db8f710db9cfa3fcbff6d713bee64a
2023-09-24 14:19:36,240 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-09-24 14:19:36,245 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-09-24 14:19:36,245 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-09-24 14:19:36,245 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-09-24 14:19:36,245 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-09-24 14:19:36,245 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-09-24 14:19:36,245 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-09-24 14:19:36,245 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-09-24 14:19:36,245 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-09-24 14:19:36,245 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-09-24 14:19:36,245 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-09-24 14:19:36,245 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-09-24 14:19:36,245 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-09-24 14:19:36,248 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:19:36,248 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-09-24 14:19:36,248 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@fd20eaa'
2023-09-24 14:19:36,250 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-09-24 14:19:36,250 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:sp_portal'
2023-09-24 14:19:36,250 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:sp_portal'
2023-09-24 14:19:36,250 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:sp_portal'
2023-09-24 14:19:36,250 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-09-24 14:19:36,250 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2023-09-24 14:19:36,250 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2023-09-24 14:19:36,251 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-09-24 14:19:36,251 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-09-24 14:19:36,561 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'sp_portal'
2023-09-24 14:19:36,561 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-09-24 14:19:36,561 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-09-24 14:19:36,561 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-09-24 14:19:36,561 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-09-24 14:19:36,561 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-09-24 14:26:59,822 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-09-24 14:26:59,822 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-09-24 14:26:59,822 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230924T142659Z|sp_portal|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-09-24 14:26:59,832 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-09-24 14:26:59,832 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:sp_portal'
2023-09-24 14:26:59,832 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-09-24 14:26:59,832 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-09-24 14:26:59,832 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:sp_portal, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1727101619832}'
2023-09-24 14:26:59,832 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-09-24 14:26:59,832 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-09-24 14:26:59,832 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-09-24 14:26:59,832 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:sp_portal'
2023-09-24 14:26:59,832 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:sp_portal]' as '["rick:sp_portal"]'
2023-09-24 14:26:59,832 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@fd20eaa'
2023-09-24 14:26:59,832 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:26:59,832 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-09-24 14:26:59,833 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-09-24 14:26:59,834 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-09-24 14:26:59,834 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _7ce0058b3e6f346487e631db85a65490
2023-09-24 14:26:59,834 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _7ce0058b3e6f346487e631db85a65490 to Response _2d36a97b0ba6286f12371b084e6a8ce2
2023-09-24 14:26:59,834 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _7ce0058b3e6f346487e631db85a65490
2023-09-24 14:26:59,835 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-09-24 14:26:59,835 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-09-24 14:26:59,835 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-09-24 14:26:59,835 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-09-24 14:26:59,835 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-09-24 14:26:59,835 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-09-24 14:26:59,835 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-09-24 14:26:59,835 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-09-24 14:26:59,835 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-09-24 14:26:59,835 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-09-24 14:26:59,835 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-09-24 14:26:59,835 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2023-09-24 14:26:59,835 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2023-09-24 14:26:59,836 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2023-09-24 14:26:59,836 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxAOslYwdFP2lemnQqFHjrjcBfbjnj5Xl/Qvl8PLSG7wLeaNKrX9SVORPQe89gCm8Qh3UfH2NbWCxnM+aLfMsQTOJJwl8JRMmQFFQBxQ== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 103.167.255.93
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ONELOGIN_fb1ba131df6af335216aa9eee1e61c50d744fe9a
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://portal.sp.local/saml/acs
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _7ce0058b3e6f346487e631db85a65490
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _7ce0058b3e6f346487e631db85a65490 did not already contain Conditions, one was added
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-09-24T14:31:59.832Z, to Assertion _7ce0058b3e6f346487e631db85a65490
2023-09-24 14:26:59,836 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _7ce0058b3e6f346487e631db85a65490 already contained Conditions, nothing was done
2023-09-24 14:26:59,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-09-24 14:26:59,837 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _7ce0058b3e6f346487e631db85a65490 already contained Conditions, nothing was done
2023-09-24 14:26:59,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-09-24 14:26:59,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding sp_portal as an Audience of the AudienceRestriction
2023-09-24 14:26:59,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _7ce0058b3e6f346487e631db85a65490
2023-09-24 14:26:59,843 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party sp_portal to existing session 509f11a6f15b515248fea5e4d8e8efb803db8f710db9cfa3fcbff6d713bee64a
2023-09-24 14:26:59,843 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service sp_portal in session 509f11a6f15b515248fea5e4d8e8efb803db8f710db9cfa3fcbff6d713bee64a
2023-09-24 14:26:59,843 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-09-24 14:26:59,844 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID sp_portal and key AAdzZWNyZXQxAOslYwdFP2lemnQqFHjrjcBfbjnj5Xl/Qvl8PLSG7wLeaNKrX9SVORPQe89gCm8Qh3UfH2NbWCxnM+aLfMsQTOJJwl8JRMmQFFQBxQ==
2023-09-24 14:26:59,845 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-09-24 14:26:59,846 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-09-24 14:26:59,846 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-09-24 14:26:59,847 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2023-09-24 14:26:59,850 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://portal.sp.local/saml/acs
2023-09-24 14:26:59,850 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://portal.sp.local/saml/acs
2023-09-24 14:26:59,852 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2d36a97b0ba6286f12371b084e6a8ce2"
2023-09-24 14:26:59,852 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2d36a97b0ba6286f12371b084e6a8ce2 and Element was [saml2p:Response: null]
2023-09-24 14:26:59,852 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2d36a97b0ba6286f12371b084e6a8ce2"
2023-09-24 14:26:59,852 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2d36a97b0ba6286f12371b084e6a8ce2 and Element was [saml2p:Response: null]
2023-09-24 14:26:59,875 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-09-24 14:26:59,875 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://portal.sp.local/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;portal.sp.local&#x2f;saml&#x2f;acs'
2023-09-24 14:26:59,875 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-09-24 14:26:59,875 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://portal.sp.local/saml/login', encoded as 'https&#x3a;&#x2f;&#x2f;portal.sp.local&#x2f;saml&#x2f;login'
2023-09-24 14:26:59,877 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://portal.sp.local/saml/acs"
    ID="_2d36a97b0ba6286f12371b084e6a8ce2"
    InResponseTo="ONELOGIN_fb1ba131df6af335216aa9eee1e61c50d744fe9a"
    IssueInstant="2023-09-24T14:26:59.832Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_2d36a97b0ba6286f12371b084e6a8ce2">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>0UHTue5YZ1Grs9eZ6JOpnKhKwQTM23nHhdN+Gw9Ie6c=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Nm/SXTILPSMdUXTZRKr6VvC7//Gzx6AwLd+pxWo6mKXJpX3GAUUkFF6K8WvunIdnJm6k/cPm5rkmrJgsurhcsPAi2hZMLwqRn0NIbswbtMEtAPPawVvkedtzp9bbSWvfsur+TX6bYZQP5A6Yk4N3IdiUnmb3OHeV7xndhvFMxLyqUrYTjUUm0CS74Ql+FkaS0pMFHLYZi0CQq6oB40LuXbtO8LGhyeGR8pHjTPiOcax6SkMj6WHJEJQtZQ73uUkc55aS+wkmdokEZsCzmICfbZpT8pd7Nezxn8PmkqyPNdXxA0Np4dFRQUQG/7IOTLPONXgeD04Ri5xEMNa9+e2eiA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_7ce0058b3e6f346487e631db85a65490"
        IssueInstant="2023-09-24T14:26:59.832Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="sp_portal" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxAOslYwdFP2lemnQqFHjrjcBfbjnj5Xl/Qvl8PLSG7wLeaNKrX9SVORPQe89gCm8Qh3UfH2NbWCxnM+aLfMsQTOJJwl8JRMmQFFQBxQ==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="103.167.255.93"
                    InResponseTo="ONELOGIN_fb1ba131df6af335216aa9eee1e61c50d744fe9a"
                    NotOnOrAfter="2023-09-24T14:31:59.836Z" Recipient="https://portal.sp.local/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-09-24T14:26:59.832Z" NotOnOrAfter="2023-09-24T14:31:59.832Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>sp_portal</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-09-24T14:19:36.232Z" SessionIndex="_48887d2a50dfbad63fa93479b2f90486">
            <saml2:SubjectLocality Address="103.167.255.93"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-09-24 14:26:59,877 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-09-24 14:26:59,877 - INFO [Shibboleth-Audit.SSO:?] - 20230924T142659Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|ONELOGIN_fb1ba131df6af335216aa9eee1e61c50d744fe9a|sp_portal|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_2d36a97b0ba6286f12371b084e6a8ce2|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxAOslYwdFP2lemnQqFHjrjcBfbjnj5Xl/Qvl8PLSG7wLeaNKrX9SVORPQe89gCm8Qh3UfH2NbWCxnM+aLfMsQTOJJwl8JRMmQFFQBxQ==|_7ce0058b3e6f346487e631db85a65490|
2023-09-24 14:27:48,308 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2023-09-24 14:27:48,308 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2023-09-24 14:27:48,309 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://g-e8fda214e4.grafana-workspace.us-west-2.amazonaws.com/saml/metadata, acsURL=null, relayState=null, time=2023-09-24T14:27:48.308Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_233f1691-119a-46c3-90fa-d6eb5414c005"
    IssueInstant="2023-09-24T14:27:48.308Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://g-e8fda214e4.grafana-workspace.us-west-2.amazonaws.com/saml/metadata</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2023-09-24 14:27:48,309 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2023-09-24 14:27:48,322 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://g-e8fda214e4.grafana-workspace.us-west-2.amazonaws.com/saml/metadata]
2023-09-24 14:27:48,322 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2023-09-24 14:27:48,322 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://g-e8fda214e4.grafana-workspace.us-west-2.amazonaws.com/saml/metadata in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2023-09-24 14:27:48,322 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2023-09-24 14:27:48,323 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://g-e8fda214e4.grafana-workspace.us-west-2.amazonaws.com/saml/metadata
2023-09-24 14:27:48,323 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://g-e8fda214e4.grafana-workspace.us-west-2.amazonaws.com/saml/metadata)
2023-09-24 14:27:48,324 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2023-09-24 14:27:48,325 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2023-09-24 14:31:18,986 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:?] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: This message decoder only supports the HTTP POST method
	at org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder.doDecode(HTTPPostDecoder.java:82)
2023-09-24 14:31:18,987 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: UnableToDecode
2023-09-24 14:31:18,987 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2023-09-24 14:31:21,003 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:?] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: This message decoder only supports the HTTP POST method
	at org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder.doDecode(HTTPPostDecoder.java:82)
2023-09-24 14:31:21,005 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: UnableToDecode
2023-09-24 14:31:21,006 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2023-09-24 14:31:23,211 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:?] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: This message decoder only supports the HTTP POST method
	at org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder.doDecode(HTTPPostDecoder.java:82)
2023-09-24 14:31:23,212 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: UnableToDecode
2023-09-24 14:31:23,212 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2023-09-24 14:32:09,494 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1pRGZVNTRYdHdWazlGUTlYQWg0WnVVa2YtdVVvcG9NNllNeWZ2WXNKQWRJJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1mRkEya0dKcG9JJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy
2023-09-24 14:32:09,494 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2023-09-24 14:32:09,495 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2023-09-24 14:32:09,495 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<ns3:AuthnRequest
    AssertionConsumerServiceURL="https://global-login.sandbox.streem.cloud/samlv2/acs"
    ID="iddd6948f5cec94d32ad219e1a71a10019"
    IssueInstant="2023-09-24T14:32:09.117Z" Version="2.0"
    xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"
    xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns4="http://www.w3.org/2001/04/xmlenc#">
    <Issuer>https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942</Issuer>
    <ns3:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
</ns3:AuthnRequest>

2023-09-24 14:32:09,502 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942' from origin source
2023-09-24 14:32:09,502 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-09-24 14:32:09,502 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-09-24 14:32:09,502 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-09-24 14:32:09,502 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-09-24 14:32:09,502 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-09-24 14:32:09,502 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-09-24 14:32:09,502 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-09-24 14:32:09,502 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942
2023-09-24 14:32:09,504 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:32:09,504 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-09-24 14:32:09,504 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2023-09-24 14:32:09,504 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'iddd6948f5cec94d32ad219e1a71a10019', issue instant '2023-09-24T14:32:09.117Z', entityID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-09-24 14:32:09,504 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942' does not require AuthnRequests to be signed
2023-09-24 14:32:09,504 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-09-24 14:32:09,504 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-09-24 14:32:09,504 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-09-24 14:32:09,505 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-09-24 14:32:09,505 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-09-24 14:32:09,505 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:32:09,505 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-09-24 14:32:09,505 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-09-24 14:32:09,505 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-09-24 14:32:09,505 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-09-24 14:32:09,505 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://global-login.sandbox.streem.cloud/samlv2/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-09-24 14:32:09,505 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-09-24 14:32:09,505 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-09-24 14:32:09,505 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-09-24 14:32:09,505 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-09-24 14:32:09,505 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-09-24 14:32:09,506 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-09-24 14:32:09,506 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-09-24 14:32:09,506 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-09-24 14:32:09,506 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-09-24 14:32:09,506 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-09-24 14:32:09,506 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942
2023-09-24 14:32:09,506 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2023-09-24 14:32:09,506 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2023-09-24 14:32:09,506 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2023-09-24 14:32:09,506 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2023-09-24 14:32:09,510 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-09-24 14:32:09,511 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-09-24T14:32:09.511Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-09-24 14:32:09,511 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-09-24 14:32:09,512 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-09-24 14:32:09,512 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-09-24 14:32:09,512 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-09-24 14:32:09,512 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-09-24 14:32:09,512 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:32:09,512 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-09-24 14:32:09,512 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-09-24 14:32:09,512 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-09-24 14:32:09,512 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-09-24 14:32:09,608 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'global-login.sandbox.streem.cloud'
2023-09-24 14:32:09,608 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-09-24 14:32:09,608 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-09-24 14:32:20,814 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2023-09-24 14:32:20,814 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2023-09-24 14:32:20,814 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@407013677::identifier=morty, context=org.apache.velocity.VelocityContext@1546c3d8]
2023-09-24 14:32:20,823 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@407013677::identifier=morty, context=org.apache.velocity.VelocityContext@1546c3d8]
2023-09-24 14:32:20,825 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2023-09-24 14:32:20,825 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-09-24 14:32:20,825 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-09-24 14:32:20,826 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2023-09-24 14:32:20,826 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2023-09-24 14:32:20,826 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-09-24 14:32:20,826 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2023-09-24 14:32:20,826 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 128425355646c516bda329ce7f283149ca817f88aa17b14d46ecc4a297b245ca for principal morty
2023-09-24 14:32:20,826 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 128425355646c516bda329ce7f283149ca817f88aa17b14d46ecc4a297b245ca
2023-09-24 14:32:20,827 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-09-24 14:32:20,828 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:32:20,829 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-09-24 14:32:20,829 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3e3ef18b'
2023-09-24 14:32:20,829 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-09-24 14:32:20,829 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-09-24 14:32:20,829 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-09-24 14:32:20,829 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-09-24 14:32:20,829 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-09-24 14:32:20,829 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2023-09-24 14:32:20,829 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2023-09-24 14:32:20,830 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-09-24 14:32:20,830 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-09-24 14:32:20,924 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'global-login.sandbox.streem.cloud'
2023-09-24 14:32:20,924 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-09-24 14:32:20,924 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-09-24 14:32:20,924 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-09-24 14:32:20,924 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-09-24 14:32:20,924 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-09-24 14:32:21,685 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230924T143221Z|https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1727101941685}'
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942]' as '["morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942"]'
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3e3ef18b'
2023-09-24 14:32:21,685 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-09-24 14:32:21,686 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-09-24 14:32:21,687 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-09-24 14:32:21,687 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-09-24 14:32:21,687 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _7b8b41a1511cc24f79481b54b878f31a
2023-09-24 14:32:21,687 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _7b8b41a1511cc24f79481b54b878f31a to Response _43b61f2b6695071b29df621bf681a151
2023-09-24 14:32:21,688 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _7b8b41a1511cc24f79481b54b878f31a
2023-09-24 14:32:21,688 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-09-24 14:32:21,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2023-09-24 14:32:21,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2023-09-24 14:32:21,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2023-09-24 14:32:21,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2023-09-24 14:32:21,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2023-09-24 14:32:21,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2023-09-24 14:32:21,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2023-09-24 14:32:21,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2023-09-24 14:32:21,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2023-09-24 14:32:21,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:32:21,689 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2023-09-24 14:32:21,689 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 20.62.248.141
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to iddd6948f5cec94d32ad219e1a71a10019
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://global-login.sandbox.streem.cloud/samlv2/acs
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-09-24 14:32:21,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-09-24 14:32:21,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-09-24 14:32:21,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _7b8b41a1511cc24f79481b54b878f31a
2023-09-24 14:32:21,690 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _7b8b41a1511cc24f79481b54b878f31a did not already contain Conditions, one was added
2023-09-24 14:32:21,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-09-24 14:32:21,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-09-24T14:37:21.686Z, to Assertion _7b8b41a1511cc24f79481b54b878f31a
2023-09-24 14:32:21,690 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _7b8b41a1511cc24f79481b54b878f31a already contained Conditions, nothing was done
2023-09-24 14:32:21,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-09-24 14:32:21,690 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _7b8b41a1511cc24f79481b54b878f31a already contained Conditions, nothing was done
2023-09-24 14:32:21,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-09-24 14:32:21,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 as an Audience of the AudienceRestriction
2023-09-24 14:32:21,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _7b8b41a1511cc24f79481b54b878f31a
2023-09-24 14:32:21,691 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 to existing session 128425355646c516bda329ce7f283149ca817f88aa17b14d46ecc4a297b245ca
2023-09-24 14:32:21,691 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 in session 128425355646c516bda329ce7f283149ca817f88aa17b14d46ecc4a297b245ca
2023-09-24 14:32:21,691 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-09-24 14:32:21,691 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 and key C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U
2023-09-24 14:32:21,692 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-09-24 14:32:21,692 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-09-24 14:32:21,692 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-09-24 14:32:21,692 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2023-09-24 14:32:21,693 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://global-login.sandbox.streem.cloud/samlv2/acs
2023-09-24 14:32:21,693 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://global-login.sandbox.streem.cloud/samlv2/acs
2023-09-24 14:32:21,694 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_43b61f2b6695071b29df621bf681a151"
2023-09-24 14:32:21,694 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _43b61f2b6695071b29df621bf681a151 and Element was [saml2p:Response: null]
2023-09-24 14:32:21,694 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_43b61f2b6695071b29df621bf681a151"
2023-09-24 14:32:21,694 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _43b61f2b6695071b29df621bf681a151 and Element was [saml2p:Response: null]
2023-09-24 14:32:21,695 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-09-24 14:32:21,696 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://global-login.sandbox.streem.cloud/samlv2/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;global-login.sandbox.streem.cloud&#x2f;samlv2&#x2f;acs'
2023-09-24 14:32:21,696 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-09-24 14:32:21,696 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1pRGZVNTRYdHdWazlGUTlYQWg0WnVVa2YtdVVvcG9NNllNeWZ2WXNKQWRJJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1mRkEya0dKcG9JJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy
2023-09-24 14:32:21,696 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1pRGZVNTRYdHdWazlGUTlYQWg0WnVVa2YtdVVvcG9NNllNeWZ2WXNKQWRJJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1mRkEya0dKcG9JJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy', encoded as 'Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1pRGZVNTRYdHdWazlGUTlYQWg0WnVVa2YtdVVvcG9NNllNeWZ2WXNKQWRJJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1mRkEya0dKcG9JJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy'
2023-09-24 14:32:21,698 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://global-login.sandbox.streem.cloud/samlv2/acs"
    ID="_43b61f2b6695071b29df621bf681a151"
    InResponseTo="iddd6948f5cec94d32ad219e1a71a10019"
    IssueInstant="2023-09-24T14:32:21.686Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_43b61f2b6695071b29df621bf681a151">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>6gclykFewZYvsVrDzktf/jOV9dAsovSBQolM8PwQJ58=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Qf52VmsFA6zqTjesEhw0NPd9YQ9s42N0vbdS+ZMuAuvLOPtF/mcwHNnwmq7RlV27fOaTm5azlpNYF+5+FIsvVlPgkQVbjsemrFlC7RNPw9uVT53wRPL0kp29Q9rsJA2WjZujUUzGAFjjZj5zLMlaOuQLpNyZQ9bRQswWxfYnJtf6yBdWpVQh3K3kg04nlknjgmjByBllFT3lMbrvSYQcFzcQjRFrmGqE6ePq4NcHOVsD6ECkZEIFEifgs7wjljqiHQ4zNPI9pw0Ebs5G39iEB4dspTwKN0T32qLvIkC/mQHFjKjckGObUwotjkXdgiGdl1J+LawQAML54VajHE1YIA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_7b8b41a1511cc24f79481b54b878f31a"
        IssueInstant="2023-09-24T14:32:21.686Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="20.62.248.141"
                    InResponseTo="iddd6948f5cec94d32ad219e1a71a10019"
                    NotOnOrAfter="2023-09-24T14:37:21.689Z" Recipient="https://global-login.sandbox.streem.cloud/samlv2/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-09-24T14:32:21.686Z" NotOnOrAfter="2023-09-24T14:37:21.686Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-09-24T14:32:20.825Z" SessionIndex="_6159ddba649623ed698ffb75bedc323e">
            <saml2:SubjectLocality Address="20.62.248.141"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-09-24 14:32:21,698 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-09-24 14:32:21,698 - INFO [Shibboleth-Audit.SSO:?] - 20230924T143221Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|iddd6948f5cec94d32ad219e1a71a10019|https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_43b61f2b6695071b29df621bf681a151|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U|_7b8b41a1511cc24f79481b54b878f31a|
2023-09-24 14:36:35,560 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: G70Q9fpXB3tTQIghFlkjF4eIeMjjj8dE--tLNKF4qwj7BJmk5enyZ0Ua
2023-09-24 14:36:35,560 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2023-09-24 14:36:35,560 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2023-09-24 14:36:35,560 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://acme.track.onestepgps.com/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-b9e9213383d1d729235dfed689ef2d95cb5880ee"
    IssueInstant="2023-09-24T14:36:35.047Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://acme.track.onestepgps.com/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2023-09-24 14:36:35,569 - WARN [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:1195] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Metadata with ID 'https://acme.track.onestepgps.com/saml/metadata' currently live is expired or otherwise invalid
2023-09-24 14:36:35,570 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://acme.track.onestepgps.com/saml/metadata' from origin source
2023-09-24 14:36:35,570 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://acme.track.onestepgps.com/saml/metadata]
2023-09-24 14:36:35,570 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2023-09-24 14:36:35,570 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://acme.track.onestepgps.com/saml/metadata in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2023-09-24 14:36:35,570 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2023-09-24 14:36:35,570 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://acme.track.onestepgps.com/saml/metadata
2023-09-24 14:36:35,571 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:117] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://acme.track.onestepgps.com/saml/metadata)
2023-09-24 14:36:35,571 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2023-09-24 14:36:35,571 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally