2020-01-28 07:00:04,362 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:12386fdc32aa8131165e90e44cecf88d44fef30d00f13394977942803e854d75
2020-01-28 07:00:04,362 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-01-28 07:00:04,363 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-01-28 07:00:04,363 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://ca.prairielearn.org/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_1816f3ff43d58f29d0b566c911d2ad73"
    IssueInstant="2020-01-28T06:59:59Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://ca.prairielearn.org/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-01-28 07:00:04,370 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://ca.prairielearn.org/shibboleth' from origin source
2020-01-28 07:00:04,370 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:04,370 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:04,370 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:04,370 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:04,370 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:00:04,370 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:00:04,370 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:00:04,370 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://ca.prairielearn.org/shibboleth
2020-01-28 07:00:04,371 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:04,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:00:04,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-01-28 07:00:04,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-01-28 07:00:04,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:00:04,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1816f3ff43d58f29d0b566c911d2ad73', issue instant '2020-01-28T06:59:59.000Z', entityID 'https://ca.prairielearn.org/shibboleth'
2020-01-28 07:00:04,371 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://ca.prairielearn.org/shibboleth' does not require AuthnRequests to be signed
2020-01-28 07:00:04,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-01-28 07:00:04,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:00:04,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:00:04,372 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:00:04,372 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:00:04,372 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:04,372 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:00:04,372 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:00:04,372 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:00:04,372 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:00:04,372 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://ca.prairielearn.org/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:00:04,372 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:00:04,372 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:00:04,372 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:00:04,372 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:00:04,372 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:04,372 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-01-28 07:00:04,372 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-01-28 07:00:04,373 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-01-28 07:00:04,373 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:00:04,373 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:00:04,373 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:00:04,373 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:00:04,373 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://ca.prairielearn.org/shibboleth
2020-01-28 07:00:04,373 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:04,373 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2020-01-28 07:00:04,373 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2020-01-28 07:00:04,373 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:00:04,378 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:00:04,379 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:00:04.379Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:00:04,379 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:00:04,379 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:00:04,379 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:00:04,380 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:00:04,380 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:00:04,380 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:04,380 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:00:04,380 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:00:04,380 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:00:04,380 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:00:08,801 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'ca.prairielearn.org'
2020-01-28 07:00:08,801 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:00:08,801 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:00:13,269 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:13,269 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6" IsPassive="false"
            IssueInstant="2020-01-28T07:00:12.536Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otctest.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>JaT8Z668JssnrTbWDbxGdgsx4Hw=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>OzKZ4duKeM5wMlmp/7ODqwQREFiWxB3gomYXsonue4/WL7K3u91v7nsQI6V5NJ51DCb7a3iLIRHYKUYgVarjAohxO0vYK1qWx7hjdho/8sE4RjQFCE1WJ2kERjSGXhPs8PtxU6jZ4xuZb/czRd+xmmHmBq2oK3lJVVU06f2LS8CXaX6BiT0j1kqnIHM13KPwb3q3TzoVacSif13Seb0fvb9wtG8tq0Rdsece8O661x8HH8equRHceGbaD+KAui5Ivwbod/MdRenkBqPvcZDR/36RaIcPmeUbnzsa31IE3H2pLkdcW5HDaXHblqDPHaohxmT7jFptR55II9T7EY8IPANQQ5YpVm0WUjCf49cmVY5ZZiHvtpdvJEQEOTU0bRyOS93RbX/BArtrRzCpZy7H4HxoGA3+luJpc+PdolA3MvbJGvHjQSg+g3x58jbjsC0hdHb7iuv+R3mjgWqdXgWevj+mCWLqNz8YOpJoCae082W8S1tGVXUDRnCgRLdYbME0/oXShPfBgeAtvTllkN104PuoSwLRY6sUkhFgwPKCXxaqMiAtkqtzBqBdFLMt1j8NXWPI0Cf55h/6khWdjAw+iU5cOA3sAtMlVj3l3XLhFy2sI+JMSMuPSUi9VHoHbV+y4u/Kg1N9XGwoy7sRux4uXXhuFanyXBbQltjIHCi953Q=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIF2TCCA8GgAwIBAgIEMALy4jANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVt
cyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lUIERpdmlzaW9uMSMwIQYDVQQDExphdXRo
Lm90Y3Rlc3QudC1zeXN0ZW1zLmNvbTAeFw0xNzEwMzAxMDI1MTNaFw0yNzEwMjgxMDI1MTNaMIGc
MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFp
bjElMCMGA1UEChMcVC1TeXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2
aXNpb24xIzAhBgNVBAMTGmF1dGgub3RjdGVzdC50LXN5c3RlbXMuY29tMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAiP/plDoyfhL71EusJ5OW2z9kPRLgtTrESIVJZX7lxAciSOTpHO5e
73wv0sufXOj3WK+rN044qQd7NyXPzr7+r1xaIqtWmmj5VWr8/GDQSu/cNQMBNzrzR3kaJOI0b/PI
bJjinRjAGGH6ubHN5IDZUGmTVwBBQrX6s1uhaidi4izUdJw3DjRsdQ+CvNrZH/ptUsjbZvsMXOHv
Hp4f9RItjQsQ6XJiVgI7Y3WlU7ydlJVLMvDF4HjF2aKLryabSXQH3T33DwERW70UTn8ibXP1fKCM
0m6orEffBMsqIUaaNiL2X6tU52Ohev7y590mnbGBv5r2JVKMCXldS23aXXbgpwWfqTRYMKlGCMPT
O2kf//GBHwU0+AdBYouRfIqX5hpX4aD8rH1b5N/UsW3YgptRJ2ifTcODcxi9dnKGPUXZ3EijOGP+
fAwpeNOkGfDLh1rPH/7DRsYhVnHXkVAcLVzoIyhIKw3owcsBSPG6dKjSn3Y6+InN5QkVrNJJeJuy
O1dixR5PzLJZ3xzYp84CsvivVbiYQUAA25yqVUAJeP+UVw2gZf0wKNMPWlcS7W6bAR9ccP1VEn4w
riA53ceeQGYncp3Waqq2XhpVUAAD4l4Z7J192rFCRJQ55MeaKDCpZqF624GhmKnhN5AB/3uu1VVN
VML1BHmpW1zOH8T81QNWp2UCAwEAAaMhMB8wHQYDVR0OBBYEFG9rJ9jCauVzkB86t3Ygp06vqptr
MA0GCSqGSIb3DQEBCwUAA4ICAQAndBou9ZppyXFwaW+dZ4MwIVqpXMzBDfecfoHtdvzJAHmXKO1g
/ZM5s+qOt/CFy90Qkj+S+4Od2x3ef8XzARzY/1W7nGkEOWYfs8+N5HLMI66m9mzVnN8WQx15Wfkg
75REb3bCL1KjespFKlYGi5p2lVfGvVxZ0mBs06sZilGlnT7aatWAwMWFn7yhktE8bpuTSGkSzfVj
LEVTATQw6Lvjc8EfnHEoj4rmaR4w+uVjxSfnfcIyL/Z3tht5wqYnuL5fooaZEP8XKInyBT5is/IA
VkTEozrYNooM7n8Fj7R7PD2p8ecw78nu62UEY3NQaoMyu3vr84Fg4yNv9G66Oi5PwXFAlVDMfms9
gawz5kqoiEEWupBytg08ok/1mseqzUCDRwG/DC/tG7Xf+PBVDNXHYuG1CiaRw5HGC1r0vnZgHPwp
ipvz2EigNJyJVI4LUjLn8bsWkB+YWRF/bQGtvOjA6KwNNHCmjm8OUVzYG4IRqHYs58fMCguOXdV6
RGwO4Wc/fqiKaeczgad4JKDB6BqVuo82+GWtl/1TQ6Kug5MbHiWZ50v9oxF/fBwwEYnTqu/5r6GQ
jbaXMBsEXcv7xiewSJOQkg7UUXhgEE8fDl8CL8k1bgLDr7Fs1ZrVaS8uBUCx52InKXrdFwMSa2bX
ys/8r8pohSInId/RNObb8bcD+Q==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otctest.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2020-01-28 07:00:13,275 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-de.otctest.t-systems.com' from origin source
2020-01-28 07:00:13,276 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:13,276 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:13,276 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:13,276 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:13,276 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:00:13,276 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:00:13,276 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:00:13,276 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otctest.t-systems.com
2020-01-28 07:00:13,276 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-01-28 07:00:13,276 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6', issue instant '2020-01-28T07:00:12.536Z', entityID 'https://iam.eu-de.otctest.t-systems.com'
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otctest.t-systems.com' does not require AuthnRequests to be signed
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otctest.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otctest.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:13,277 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:13,277 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-01-28 07:00:13,277 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-01-28 07:00:13,277 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:00:13,278 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  modulus: 558909841602715300853386431854256443582788191008825420675229761154683371758531971314168116589305799189542636640769238391788496151983865308912511899302135693073548611588716587861337563495871385604985361331701068928003959762896224193776379955968899997745116500971634996008058773081067392649583956488496520904383960474482950406873759803679074608903027366105911426638306915948276332938791715312029635185243678997045596357233924095288029129896693277017385386712444938742497620968863383210766704204611514541932410400196822984132046043121403024403284685084374310151354609578649256252424587289717881285068512824112696686851030244835582845824694723812822409283822050926334669269216118808292983784744157424372506712070880900544808423423944800415908126689702555365281418033366879992673487698840550668699161183649233395652798929497077523285038863927724189224577753885192595486614080320977593681256275737088929131087687948049111350769906242902003698697402638404033013917935980946640135769278536738613242267222159112907239446742140237473765218295502979562882475411534565836393655870785924761164526112155615310450228349783601285276809848076157830247476710442674795839837415004279427216801877250611158202095975120888227576878835465006286654844348261
  public exponent: 65537
2020-01-28 07:00:13,278 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:00:13,278 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:00:13,278 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6"
2020-01-28 07:00:13,278 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:13,278 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6"
2020-01-28 07:00:13,278 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:13,278 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6"
2020-01-28 07:00:13,278 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:00:13,278 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:13,278 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otctest.t-systems.com
2020-01-28 07:00:13,278 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:00:13,278 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:00:13,278 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:00:13,278 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:00:13,279 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2020-01-28 07:00:13,279 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2020-01-28 07:00:13,279 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-01-28 07:00:13,279 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-01-28 07:00:13,279 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:00:13,279 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:00:13,279 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:00:13,279 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:00:13,279 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2020-01-28 07:00:13,279 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2020-01-28 07:00:13,279 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:00:13,279 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:00:13,279 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:00:13,279 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:00:13,279 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:13,280 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:13,280 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:00:13,280 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:00:13,280 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:00:13,280 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:00:13,280 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otctest.t-systems.com
2020-01-28 07:00:13,280 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:13,280 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:13,280 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:13,280 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:00:13,283 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:00:13,284 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2020-01-28 07:00:13,284 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2020-01-28 07:00:13,284 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:00:13.284Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:00:13,284 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:00:13,284 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:00:13,284 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:00:13,285 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:00:13,285 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:00:13,285 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2020-01-28 07:00:13,285 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-01-28 07:00:13,285 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:00:13,285 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:00:13,285 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:00:13,285 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2020-01-28 07:00:13,285 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:00:13,285 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@805995892::identifier=rick, context=org.apache.velocity.VelocityContext@5c410f9e]
2020-01-28 07:00:13,287 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@805995892::identifier=rick, context=org.apache.velocity.VelocityContext@5c410f9e]
2020-01-28 07:00:13,288 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:00:13,288 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:00:13,289 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:00:13,289 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:00:13,289 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:00:13,289 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:00:13,289 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:00:13,289 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 5d27bf54718243d77d5dd72e7543f9709e792f9f9196079913c0a99db13f97a4 for principal rick
2020-01-28 07:00:13,289 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 5d27bf54718243d77d5dd72e7543f9709e792f9f9196079913c0a99db13f97a4
2020-01-28 07:00:13,290 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:00:13,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:00:13,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:00:13,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:00:13,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:00:13,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:00:13,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:00:13,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:00:13,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:00:13,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:00:13,292 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:00:13,292 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:00:13,293 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:00:13,293 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _9668a11a7470e9903e9c02a6bba61f3c
2020-01-28 07:00:13,293 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _9668a11a7470e9903e9c02a6bba61f3c to Response _167127fd48a6031a5d432d05a3769a34
2020-01-28 07:00:13,293 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _9668a11a7470e9903e9c02a6bba61f3c
2020-01-28 07:00:13,294 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:00:13,294 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:00:13,294 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:00:13,294 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:00:13,294 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:00:13,294 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:00:13,294 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:00:13,294 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:00:13,294 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxU1aJpt8NRyMu5/nn6XwLZnpFYoWyEjuO8ZTSp03fnxD+/sNV3kyT3xdJ/YYanJwr8K+Z/VNZWA5uTXDnUXg3Axc7gnLhUBx5y/6DqBRx0H/vNyYN4Prp6oe8G2K54aNQgFHQiN+gdbJNcw== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.25.118
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _9668a11a7470e9903e9c02a6bba61f3c
2020-01-28 07:00:13,296 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _9668a11a7470e9903e9c02a6bba61f3c did not already contain Conditions, one was added
2020-01-28 07:00:13,297 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:00:13,297 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:05:13.292Z, to Assertion _9668a11a7470e9903e9c02a6bba61f3c
2020-01-28 07:00:13,297 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _9668a11a7470e9903e9c02a6bba61f3c already contained Conditions, nothing was done
2020-01-28 07:00:13,297 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:00:13,297 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _9668a11a7470e9903e9c02a6bba61f3c already contained Conditions, nothing was done
2020-01-28 07:00:13,297 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:00:13,297 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otctest.t-systems.com as an Audience of the AudienceRestriction
2020-01-28 07:00:13,297 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _9668a11a7470e9903e9c02a6bba61f3c
2020-01-28 07:00:13,298 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _9668a11a7470e9903e9c02a6bba61f3c did not already contain Advice, one was added
2020-01-28 07:00:13,298 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otctest.t-systems.com to existing session 5d27bf54718243d77d5dd72e7543f9709e792f9f9196079913c0a99db13f97a4
2020-01-28 07:00:13,298 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otctest.t-systems.com in session 5d27bf54718243d77d5dd72e7543f9709e792f9f9196079913c0a99db13f97a4
2020-01-28 07:00:13,298 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:00:13,299 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otctest.t-systems.com and key AAdzZWNyZXQxU1aJpt8NRyMu5/nn6XwLZnpFYoWyEjuO8ZTSp03fnxD+/sNV3kyT3xdJ/YYanJwr8K+Z/VNZWA5uTXDnUXg3Axc7gnLhUBx5y/6DqBRx0H/vNyYN4Prp6oe8G2K54aNQgFHQiN+gdbJNcw==
2020-01-28 07:00:13,299 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:00:13,299 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:00:13,300 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9668a11a7470e9903e9c02a6bba61f3c"
2020-01-28 07:00:13,300 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9668a11a7470e9903e9c02a6bba61f3c and Element was [saml2:Assertion: null]
2020-01-28 07:00:13,300 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9668a11a7470e9903e9c02a6bba61f3c"
2020-01-28 07:00:13,300 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9668a11a7470e9903e9c02a6bba61f3c and Element was [saml2:Assertion: null]
2020-01-28 07:00:13,302 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_167127fd48a6031a5d432d05a3769a34"
    InResponseTo="_vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6"
    IssueInstant="2020-01-28T07:00:13.292Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_9668a11a7470e9903e9c02a6bba61f3c"
        IssueInstant="2020-01-28T07:00:13.292Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_9668a11a7470e9903e9c02a6bba61f3c">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>4WcrmkUJHGDrKHDss8uPwXVwLb5Dzv7KzEcXAJzkXXw=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>PulT78froqi0E0NAi1YRB/g2hD1eSyZuw8oTfZpikwm8jSl1uhOb6LwX3Mj8vMvcJmHocdHf6YIFTffJiCPWxxGVkGHqY3mo6gxOIk6GIPWqzdNgAUJMVtpSWDFKRAs89oGT4vuvUBldZw5Oy0urZKToITlT1O+og6C+4jzi+Rd8uQCC5o+a1JBPtbSmPaQ7u7E9ryoe0wnImvsDBsioTzCVoHuCH4bjdx8Y4UjNUZHTDxsn1yRV+icK5Z5/SnRmETMasGSn5gpgXKneT1whrvTV4wqWKpw1KE4iN0iuE7gBYaBEuHt27MPn14Y/FP2Mbxy7Qgfn2o7TcV8+RWoLoA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otctest.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxU1aJpt8NRyMu5/nn6XwLZnpFYoWyEjuO8ZTSp03fnxD+/sNV3kyT3xdJ/YYanJwr8K+Z/VNZWA5uTXDnUXg3Axc7gnLhUBx5y/6DqBRx0H/vNyYN4Prp6oe8G2K54aNQgFHQiN+gdbJNcw==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.25.118"
                    InResponseTo="_vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6"
                    NotOnOrAfter="2020-01-28T07:05:13.296Z" Recipient="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:00:13.292Z" NotOnOrAfter="2020-01-28T07:05:13.292Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otctest.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">TJYBMhcsYHuCFUMo72BkDxKEw4XbBUUZbhQ9tb2xefI=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:00:13.288Z" SessionIndex="_7d93cddd1df4a217ee69510648238e99">
            <saml2:SubjectLocality Address="172.31.25.118"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:00:13,304 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-01-28 07:00:13,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-01-28 07:00:13,311 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_167127fd48a6031a5d432d05a3769a34"
2020-01-28 07:00:13,312 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _167127fd48a6031a5d432d05a3769a34 and Element was [saml2p:Response: null]
2020-01-28 07:00:13,312 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_167127fd48a6031a5d432d05a3769a34"
2020-01-28 07:00:13,312 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _167127fd48a6031a5d432d05a3769a34 and Element was [saml2p:Response: null]
2020-01-28 07:00:13,314 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2020-01-28 07:00:13,315 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">TJYBMhcsYHuCFUMo72BkDxKEw4XbBUUZbhQ9tb2xefI=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_167127fd48a6031a5d432d05a3769a34"
            InResponseTo="_vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6"
            IssueInstant="2020-01-28T07:00:13.292Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_167127fd48a6031a5d432d05a3769a34">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>V3mBOuUg3Cm09tzVvsTQNJPl1//z+GwpAWwVU8+jQfE=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>VKzR7MDUwy/gK3QuYG9xWKxuzbnyr2NFz0WUdsJ5U/qHtJUBisvbQ54Iv5NPjpdbXaNw4FRNAvUpDpz//dmOZJGPY5a2vjW9jujLIdYfieY4BIXwQ5EjPCz+ygJ6zbMtBXiJ9NiPzRkUfslc+KQ0RuR+ycQV6cuNRLMcpT4NSMki2grCr7i9kc2Sa0zF+fjvTt3YuepRMvKXRpnNX7+FBrfcNT+xNl+2AAvIwizlLHmXSfLvL3kZDCn+DWZalDDzHa1WFfDznrZcFe/HVcFSuV5YoypKpoU2+WDXO1Of53CpG+dy4QK0PF9wb67CWFYdyRAWWkWnvSyNJE48Vd7x8g==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_2176e4953ccc997af74df326d63656e6"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_fe2913029cee745f10d6cb975e99cdb4"
                            Recipient="https://iam.eu-de.otctest.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIF2TCCA8GgAwIBAgIEMALy4jANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVt
cyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lUIERpdmlzaW9uMSMwIQYDVQQDExphdXRo
Lm90Y3Rlc3QudC1zeXN0ZW1zLmNvbTAeFw0xNzEwMzAxMDI1MTNaFw0yNzEwMjgxMDI1MTNaMIGc
MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFp
bjElMCMGA1UEChMcVC1TeXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2
aXNpb24xIzAhBgNVBAMTGmF1dGgub3RjdGVzdC50LXN5c3RlbXMuY29tMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAiP/plDoyfhL71EusJ5OW2z9kPRLgtTrESIVJZX7lxAciSOTpHO5e
73wv0sufXOj3WK+rN044qQd7NyXPzr7+r1xaIqtWmmj5VWr8/GDQSu/cNQMBNzrzR3kaJOI0b/PI
bJjinRjAGGH6ubHN5IDZUGmTVwBBQrX6s1uhaidi4izUdJw3DjRsdQ+CvNrZH/ptUsjbZvsMXOHv
Hp4f9RItjQsQ6XJiVgI7Y3WlU7ydlJVLMvDF4HjF2aKLryabSXQH3T33DwERW70UTn8ibXP1fKCM
0m6orEffBMsqIUaaNiL2X6tU52Ohev7y590mnbGBv5r2JVKMCXldS23aXXbgpwWfqTRYMKlGCMPT
O2kf//GBHwU0+AdBYouRfIqX5hpX4aD8rH1b5N/UsW3YgptRJ2ifTcODcxi9dnKGPUXZ3EijOGP+
fAwpeNOkGfDLh1rPH/7DRsYhVnHXkVAcLVzoIyhIKw3owcsBSPG6dKjSn3Y6+InN5QkVrNJJeJuy
O1dixR5PzLJZ3xzYp84CsvivVbiYQUAA25yqVUAJeP+UVw2gZf0wKNMPWlcS7W6bAR9ccP1VEn4w
riA53ceeQGYncp3Waqq2XhpVUAAD4l4Z7J192rFCRJQ55MeaKDCpZqF624GhmKnhN5AB/3uu1VVN
VML1BHmpW1zOH8T81QNWp2UCAwEAAaMhMB8wHQYDVR0OBBYEFG9rJ9jCauVzkB86t3Ygp06vqptr
MA0GCSqGSIb3DQEBCwUAA4ICAQAndBou9ZppyXFwaW+dZ4MwIVqpXMzBDfecfoHtdvzJAHmXKO1g
/ZM5s+qOt/CFy90Qkj+S+4Od2x3ef8XzARzY/1W7nGkEOWYfs8+N5HLMI66m9mzVnN8WQx15Wfkg
75REb3bCL1KjespFKlYGi5p2lVfGvVxZ0mBs06sZilGlnT7aatWAwMWFn7yhktE8bpuTSGkSzfVj
LEVTATQw6Lvjc8EfnHEoj4rmaR4w+uVjxSfnfcIyL/Z3tht5wqYnuL5fooaZEP8XKInyBT5is/IA
VkTEozrYNooM7n8Fj7R7PD2p8ecw78nu62UEY3NQaoMyu3vr84Fg4yNv9G66Oi5PwXFAlVDMfms9
gawz5kqoiEEWupBytg08ok/1mseqzUCDRwG/DC/tG7Xf+PBVDNXHYuG1CiaRw5HGC1r0vnZgHPwp
ipvz2EigNJyJVI4LUjLn8bsWkB+YWRF/bQGtvOjA6KwNNHCmjm8OUVzYG4IRqHYs58fMCguOXdV6
RGwO4Wc/fqiKaeczgad4JKDB6BqVuo82+GWtl/1TQ6Kug5MbHiWZ50v9oxF/fBwwEYnTqu/5r6GQ
jbaXMBsEXcv7xiewSJOQkg7UUXhgEE8fDl8CL8k1bgLDr7Fs1ZrVaS8uBUCx52InKXrdFwMSa2bX
ys/8r8pohSInId/RNObb8bcD+Q==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>N5T7jL6l8CIBAltkCSX3g65a7J+wviVFp60q20yiS+UjsPyjfw+/Mon0XI08R3dO0FQ3uZDo5x1ij2LqoT4357apOJcR4L0jgRCTb4U5D7XZTzrpHkzr7qhL+uXR0IBX+ESage+iAYtEN6UjJlJJxeCJlvZrwJia/Hk9xGo06mQYQjkQZ+Ta7VBpKHVfmjMADEB0Nw77Q5/w1H/s5p+27KHAagcoxVRbGG3dxEaHBaopmkSE1vARYTZa7Ts5q2qBpX5LRysLyJWgEqyq3gYFtiWtbuolO28fOH08J23tFMjSdsdKGHIxQIuv+0cgmsZXd2K0zjZjAuvjVj3k2fjaDAuRn4WNA4zh8E3QIxa/BNJsLr0PHMV/IX+fku+JUCF+ZBNvyCJt5F79PxbYF31gMeLiQY6tiH81znW601+yQQ54hoEfrkKkqvKLyT4JyVkLcDKbZ/PtlTVLhDEjwPJUra3qLekJ+u6jncOs6qwOVzt3mLPx7ARfGbisJDJXjLAzbvPhIjwT/synQsU64TTSL032EbG0kt5/qTPGYl/ZHLBDYXzRD5qpIKZMauTxxz9QVKQB4AxIrxbcYnMrn6qyj7Ehx+u+sBVmK6qyUruFWJtyRGvoWq8lh3y/5aa5fPQrBYQWAr/p4oyhYj2opga5z+Gm9WMWryBppVkhryJBae4=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>fiWfBA3vkubqLjeSn44hUv4j2FQulszsBzt12U0GlZn4QEnGFckBaC1bYY27fHEmnrD3esgg/CMbpZW1jeMszO5mIm3Z5E8jeD1fS4O9qk6/SQC9NvLBH3PHmiUVlSjpZAydJOoOvqygPzkhaDe51QNbfZ4Hd8q2hRL0b93vtZ5pB8BGkIFalFJOJmhgZqPcFtjHNwV/sEaiiA//qLtfbc3pT2VO7DgUR25uklBZ5X3JA+/HhuD3qUpCOPrI54zt6ZDxFsc/ZKOTb+xPD2bKdghEcpCGjuVtjRC+3pWtzp59+KP6ObpBWh9zljzTOdPJqzlqIp5cLKvP51HJFg2lvezrS7seVrStcQ+Ts8a7wd/WDE6SEswCnl2SiJgcusZ6G/DCBsl1ogyDKElingRECMmK7t306VmJ1YbEWlaKssSZyyDl/L9d5ExGLdrBC2pXKwm3IMyyB8PDeUutGJbU7wZ4mI/KzKOAyfZUyjqPxKtDCS91qhXongR/OR2GEXs5rqx5jU7I/C876REJuSRP/JO0QHPEIY6NZO3umx5aTyf54iKrCpqLeL3pA8SOA7+oD7pF8VkqXGsv/oN4kLFGmyIMf9oWMzV5ce/BaN1HO7tAbch9xdWV7OdksjRy/06wOKkp1K5Ol+6INBSUv7YVqb/+O7L/HigeBxdTbH1Kp1Xj7Q0fh5H418zOaNeWbInEC1dPludI8zQvSSDApAfAgJkcUjGy8u31hgRccjiJXvWrW+6dOwFJbzuj/5YbsHB7OyeRHkxvsk6se3kpGCCWfkRxYfiBvwZEPwfDHsqRMPYSOFedwS7uJSOlJHsQgswmdPgDjCGXs2o0URbJ7FbOCz0lzgNJZYl4GAfbd0D4+a6eAIi7fl6c460UOogre7eQLDi3T6OT+q9HOqsyCiqM5RPYjJUe7owcueDG7oB/Kck3vXh3FR8zixZcPQ4cFaGdI6rZy4+vel7d0dXIVwUoekMixYuf5Yem9Rscr8D2s9mCEkZNhnSJozv5nNz4BjK4U4dlAXew0Iw3y0ZM3xKRxe3raimf/9tzqvNGnPlaJ2z4i431CZ6f9bkKaA+no2xI9c8Ct4xBnlHAP43JRxSlNUzBtXfRSIHF72VnmZkUckofO+jPR5ArHhFOpX8ixvG6puf8ewMmarNt8Tu44EFlQiueVz5STQdYHXqiiMKabM/PwK/M2mmLisBny/0Fjg7nWJutzF5mOWgIntHJwV6dtGj3Rl9BaUalVkrCYnMmBjhX1ISaYaFhSjCny1KlF4R1NO1ARnmHNLT+K3bQGeAIepnDNZ78lIbqJW3UplC74YWkqWaUUCLqQLFlDK4eMr5IpaWrDOXcIfvkFrp1Igd73vK70ZBQWUL9l5CLoFrl1/ur5TcIQ+ofWKqEAGSAOxvrDcSvZdQNyP6Qc/8fuAYDOvRHLJGCDnh/bbpmToKFfVUIJk/0iTmxLoVbXawF30hkRDDcWGLQuOqA0GVrMXhyYKtCq46qxI7mvB1ys9XhTGW/+dO5FACNxDInQZGai3qgSxK9MMQL+WqslohrSWFObIkgXc4Ui1MvyzCUwmDcu+XuqNGIy1LWdujQ6f+/JdIp3l0X3yMTES33LzWJUv8JJTokE0SHSPYcf7XTWjr3xYHZsNdjgRmkkPTJU8PJCaTDoymZCS4rObu7KyTL1BHzekYrS2YkakbxGivdiAzqLCq/SiteqnpBwwQLquPpFig5WG0zzIMmpfdmjFv0V7Shrkow8Koz5Mz3bhE9uGkDhgkEYuxm+YXUIFv714/d4aM61dVuJKonJ2Hp3fp3emVD7u/wvG/lBGC79+Lur4YB9ti+6Do6hGgLb/s9biD+9N2lQe5EYTwY7CtBrXG9i+ZBJrv1oNu97MW0VZoR7eL5BjAXkXotg3DzFLfe8sSJQXV408rG0B++NUCjLC+z4p8o7bQrSB0fHZz2aXY89oOOyswwnM8371/zdbTqzYocxKpYq1CFbcWfUVYA4OeOxOXoEeBjSb4NUxgCbyOcdJ9yUXEzBvyAIwaliHz2Q1guLXeVVtGnEJWWCHTJcQ86n8XJw+yWLD+OqyqdQ3Bda4CxEftWMREThK7jyUxfZf5CMsJzbyAIi//DK1PsDz3wAABPd4Wxkahg96EMt+NFo2aw6M3wAdQ0R2dK13HuNidufqQIP8E+JpLBDlu6UsdrDRUd0Tvx9YhHTP/yBtbEwwlUuFeduDAhqn89wdzodWBzkeK2AlGFNBUCtQQfm7tVkAB9mxXf1tLRYFv+bT1Zjj7duHth7GJgkzx1NrCfyEjyJ5ttA5vlCsDj671vLJxGkGX8HdW0kjZe2aLIcLxRiljdViziYDDul3tC80L7CIbOurtw8GlLdCyiVFicEyexipxOTjngZXup6+hx8pWlPGkYKD16jXdZrcta70+I1m+vwIULfP9BZJ1VZqT3ag3PuLHuGPRpqmIF5gIoLPtj7/CGJDghOaG8LwJpdjMrZvowVcWGBmM9eSBR3AjH8u3Mvl3Ts8GmvWwZT3gyaaSzov1rKYgW1rBsZmyqQ6rAGlfwUr7+qbxph31jEVYD5lXKX/uLVFmjkOyqIMniStBrAClEx2shqdJrD5LM7onFwD/m5h1q+rsSm9PbPG9c9UoZotk8ddXIOQnC2eNHjJh5G4fiD/0W2Nz+cGtFd9jg6DCTi9ooVx9uMtvHwQOiht0Fb84wwj1wu5FzmgDblm50mMg2sXIpEy1uOzvIi/ABz6ibCjV0vkdorq67ufove+M2mayCK63VMxZ0VcbYfmzztoITNr6Oa/aHaovYyj7WqG3HnSNnydxdXW4rgPj8ngguURI4z/ipyR2V9O74slZDxzlrSjfnubjQcZA1MXzYsFnA72CI2l+iAysfCe3sTadcPVF/yGyxmVBor+KX0tJ5CmGsx4fjt7tVDwvPCuKET7cqnn9oxDhUL1BYCqwu2Y1pN2dcIKLz/Hn5/NG60BM96g4+zcuVToCqAOeOPmJ4UTvaK400K+RBssMRwQCahXsZ5NJiAMpEGzpCZ30gIf5/qN484zSy9hmvj4pNY2ouOnbXsq3FnLNqy0kotbIJdvODB7HCsx7cKXkoerho8j0mqXFGburi0P30KD5ZxOLQEM2VYYlBOdCzt8UVWnoZ7U0hcCOBfpxp+1uG86bu4PRAjWIZf5mB4j0p0jGget6QT/Oke0X0gNygjcRZmjAkUTT+nVlHlX0X3SddfPa0QXcZZED+92pM8DoN53zN1VGxGW5GzyXAb7q61p8fy0/RUII4TqC8XhmckkqlIKWmNCZYgb/k8n0v3BVv3Gm81kMbe5tRnzmASW77YdMSGj+LuJDBEM17QVoxfg1lRz3PG38ny0uHz7IZna+nReG83bBxBNeMJuEcPUU5CAP6VJf6IT3rZwQTlFTqKnfxh0io0zkSENY2NNo4Aq0iZZHq0lWYBn4P8MhkTVEqWpaPyGs5ScK41qaCVgprtSzPE4MTToSVlLajp6N/ncqSTcCq5bf36zVR7+VQoC4/NlYp8KlIaNUw3E177NAZUQonTMn4fygaicpwu+YeBrFXQpFZiMLLl5oTXQ8opcY2e3J3x/nxk/PL5k632cGsKp/cEKjOd7YV5QdrGGelNzcvucg1SBmiOg+wQEpHiTvsOFQ8DdxQw0c85dwKjbomEpjoAdLOhdMsg7BBRyls/r32KtWhuf8BZ2nGSXM0wGb5LLjANw4A+PMnwFvlbG+hqYnEI/c732QupvjKJ+m6x7S81YUEYTHG2OtoTQLSYyuyMNgTwu+Ec3z8v/2Qf7lfdfmZE5hBYH1qygjYIQKp79VhAOmcdzVwlTC4QtaqUGidwc28JWEIikn62sZVb2EzxYLArjZTkN8uo78oAs1ajmGOAgkkUWQftYK8z+Tyd3JuuxK5IgzrlI6oG0RtIg41+c/bf5S/51MmFC+GNtYjf2XlrP1jcK+FpiT0SGgRbbGBd9UIKB1Tmx/9gAozHWcBo/oeOCbRYKGYqezGJE9kTTP5K5yBYuKTcdjjsyzlnROqPXuXSlDayWO2iODcjOdSeHPrBm9WjZBVzRA/zP0bnmxvwtNud6btnwPrpbfQZKSkPNVt7f1kMdZM4Z7DRRMmp5SkI2DIhAbOtGDEtkfZfnrwZmgvZ6GOU8fHgSMSMFGEWiDl0BOPXkPiKly2jbzMOUNGtL78p66B/TKHt4eX4to6gDlUBfLEAQYgbtXuGck4tm75rBqftjfy2jPJMqQ+bVS47rwQiNlo65Oc4oR7pizxBP9wec4aFCn75V4l1CcItZVB6SyQM0VdN7rFMsNfkpzcmtb7is/rpVJ8zQl5GCk1B/dgiDzzKr1iLhkE4JppNb6jPEvQfZMw/FdQFm7y9F+gvofO4SlVfJK/fS29W1JQJR9ufOX9BTRC2LKSeK7Wh66HGza4m2Nuuf38wEOP28VKxCt9beI1sUL6H1Z6FWh1eThUVFOTV/UceaDEq2eXP3wORBv50fnnylfIEbZ6hMB9P/UnJQ4VoIvUZXBoBHpsPdtluks5xV8ck4GsQmodcLsNwOJgzxtxP5AYLIYpGCILKAl+7fPrkraU1WJHSMsVGZg0E4HjlmIccftuegc62IR+2EkMQ14qZE/b7LUvc6InJVuzqpDZXYZMHCZv0b1qojsgUcJB5TXvOR0o7aJd0JEeZYmWPtjkmWbqr4NFJQpMP6XMDKRcmkHDMlYjaotHdKGZLFHjvr6By8waQnHcv5gij4YAqvEUdXpBk/rMP/j0rdhzDw3inZkdUmRmSzEQnxzSndJ8BJSWFmvcfSQaBO6rbwwCeyvvtOjobPVQ/q6KqY8mfVZKDho6SV9IuhhKkU0o/7+3QSIVXhj7A1Ob++6O4sPcGfw0OFvbjemqEXG1OeacNUnxv20x58JsDLlUtBrWz8b1tiXI4r9HOMnMH87yFtDIw4caNOezEPBR7oZPmao9amSrH4R4OBVvACjokK5l1rsMIn86FOWImjm/Q/CzpiTrnLZaXCG0CmMga/DBf5Ic5H99sDFEQosveU5ChRnJuudvtSMgO7mdlWgeW0d86xKb2YZoHHHJoUDYNN/E43Uo62XFXx2KIpsgip9HnQpigKQNECCrJOFESgqw3ylXvOY1v+f5OgtpqBoaSL66E9Q85UK5bZj+wsvJfCQ0QwurUGtcREPA1O6Lyal2k8fPHdXqZU9UOIWPnCTv7c1c/rGGwk5pvDxIBVNmS2Sv2z+e1xBGckE1pZHjmjcUE/hwCfvEaHPVaRG2KxAhBTUPF7XlRC2QFWqLZT/4rll0ePHy5fXmuHMGvtII0vl4uR12o6WLurx7l4XCx2EXrWP/wqVyxk4c4mFFCpVwCIMwAr0NLzRZOCaX26h2Z8IQ2McB2VVlDzn/jKS+ON4Bxg+Eopy+R7KQJ1y++xEKGlsD61Gyp6PuX1ClyK1PYXvEQG6V8uTi9gVXspL331kwU4LzRQ6AIdADNUL0ge91m2yVkgNvfKTYT8PpP+Vu9ZvCwvKawpwrG18udguO2zfqoWA7Wna6NNw1yJllCupwf+MncJjLXlLSEvLE3c+2ECTazc9HMDYrv4cNhCnKozHoBSjw3bZobTA/XZ7wWO+XzbgzvEeN3BGjR4H0vS9BtLp304fH8nP9SbE69hJ9ctmqb9R7wopl0dZopmoej2bi+zsnMtufd7X97nyrTNLpUfrbci4/Vfno89H4aqzel74Vfe237fE5HiC2umVoyCVAybMWampO4qao8IZoMhUlxwP/EsCB2I75JkiX4h0CjgDzw7UMtVNBDUBcJQkzXvfMpwqwgMwnvjfUEjKvs5qgR5w/+8FTjRAZqMnljPfp3pgx4Q+dzLoLSxLGHW8IWpP3sulFj9dLBUK2dL7uy14K+BNMQDnf7RUPdvaizoux0liOCW5j/l5sNhrKzV+X2w0odDPemUQExy1If77k8k4MN7CZGlGTUPb0ux4cTI9+eVnr89I+SDTf0wGRc/mV8t2DKqhCsVCL8FyQQsvTfCc+xIEHUTl2P/Y/rY60t7AzyFX13hEq+FSisSInfObXv9ObF0GI0Da9Z0tqOtJC7qoUnpLfnrwD5lg1ue1Ke8kWVNff7iNzgyAL/FLq5C+DmJ2Yqs1XHMVZ8pTAGkRh/zKBObcaDWEnv/1rggsZZH3yRkByisiNK1OQQUApEcw/e9HaKl1ZN3tHsuCVmmcc6PGMxxnBRaHtEkrCtTSdt11B/wIHOoNEQ7vXs6Djw46I5jHQR4mYRKeBwhTJtW80za3z0kfXlAnlAiifRxph+4qv9CsJekrSxfN+optabRCJ0tFGQEz3V9yxmpgmfIWFUVyplRxd2n9++d5ENdxgnEJu/AgsjPfk/loPAJXpyVHAoeUcX1qaXh4nRtoDLmhZAiFR7rAC0QDvwC6mGtrJVG7Ska43TOo4u1a3hrE+rJixOJpBZ7caIiql0cFUSYEl7+4RRASkWegOIs5y1ct0sNgb8RJGB6Tp709v+dpDaRpPYbetgUfG5Z9LbAGEk42dvjN1BImRVQcdRU6PFab2ZMOI8QoI8S/cd+6NNsDurMDHAOJbeXFu315KS7Y+Ew1WsjVftEDnoyLRrHPgwscA3tp83goGbmA9U7R5ocKVW7FOnn/ZYULUdYGG376jP/Kekibvw7m0XtqpYr2dD/RscsyNGeHk3fi8GsOTyvebi/VJm6e+mk5t/1KByMmg013eSWOVzyOBkWqk3f/MRdU7Spjk1SQR1LptYdJAgYtH45w8uSAwMMHSu/Qdgyzl1g2aotPaX3hdQHrS44v4WGKPL+tmpWaxrD6IbWFVDk/u0cXBGc9+jUhhM5Bt9TaSghYLY9ArKluDc12NQQiSJRyNHkuD/BiBbA1KOfDp5zbizlMJ1K5LPl8sBQLyrlBuxZqTktgd6GEdP590CnXhl2J/PovJtGql2N4+WZ91ypTdpbM1WuPoS3zLJRuKwX4taTVM2H0nph6/sHya5hpbXbYzgWj5v/6fn4zvQ82lOM0Dq/jWdvI0rTEIE/t1Z+ErEDZm9s4Ox/WsbKC2mQnpb/vQ1bk4R9EqgYMduWRZjxrSAhDtEL0UKY8NJXvZ0o9bBPcuhG87esPmKa4rDsYFuTWhoIjy/2mOFZ94sOxuxbCYJ8Uy42raIyZD3TCgQysQdfyVyEBTxKxlWHbgawVpfgb2sQbyja6fO9aebl7Bo6WUPCw6419ONnCrK29uOwGQ/Vod/6cUB7ZRXWkCMFPx41XR2TkgzB3WpGt+eHUs4razhUxYsn/hwoJ3UwAuBlkbVXu9lM6Uci5+H8cmc4CgIq8pk9eUZqI7Kk6cKi/fmLoux9pFJbkovLYJUdueIqLK+AAfzcFH1ArpDsmF16vqrs8K3V6UvrLmZxYG9bbju+jfEB8tT/BxR6fbaQBlCXayHDmtsisk71JVs0V9v7uAf3MWutrxPoznU0J+Cs/Yk+lwhVFbR7WsQnJ7RQrdtw+fy1Ls/46/VealcAbK+OYctxt4WoM+sNnyNkyJPt9mG4s+sD7c2XngukSdRpwczrfZ+eBZTg4sochikVbJghrX5Bth4bpvvHaVLx4xkQbCYMjLCZT5ZsRlVXUJe63mHHuLjD62cl4nV4Nkt/USV4FVHtWSud7OXNUj9rtzKG5ou3NOCKCfr9D5IafjNMholYPcCDYrxPgwC9YhcXIDWXTqxQWYhwRfkbC1drSS6lIPDGrHGEVFOnrbxdHzL9x3dnokGWl9nmvvcdSmK2Kq+TdDS8S8Yzgz9EaruSTJLEP6mgpip/lWq/cmBCcpv8SDqpb+NAtaTMnXZdcQU2EUtDKEc/CiEsExTUBLIZdkjKufia5ikcWQbCU2Csu4dptyTjNXFmXfzxjlED52a0etRENLnVhem5dfPVGKI/8g9k+ddRF33U71DR0nWLLfmz/Qhp1xsMEdQdL87gdIB5qL2h6Yfl2fN4gk1TLGkuVa2XlYkxm5ecwkbNAL12a1GUoX1DoWjVX573E6zOYbRuDoPCcXFj6ybC9X2uz5oelQdZYucuMACNDziQC6DZNriquh6YKam/y9C4wctd17Chkj6DW6XuH10ZyZz/xRLUENgrJYTStss20pjOpUMHAQb+97a95qdetqDIw+TePm5mbKkR06+YPH1f2ky5VC9tqjpLCznFQQIJnZc1YJYxtSp3dNClkVE6yLtKt8AKdxWWMH/KOTKjuo/pdZ5vKhT4lZCKXWFvG5tS0zZoOYv3wFG2hK7ZhR6mEcRaIL</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2020-01-28 07:00:13,315 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:00:13,316 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070013Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_vt44io9jtipjaorwbwqnvu3ypcvt9jg6amo6|https://iam.eu-de.otctest.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_167127fd48a6031a5d432d05a3769a34|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxU1aJpt8NRyMu5/nn6XwLZnpFYoWyEjuO8ZTSp03fnxD+/sNV3kyT3xdJ/YYanJwr8K+Z/VNZWA5uTXDnUXg3Axc7gnLhUBx5y/6DqBRx0H/vNyYN4Prp6oe8G2K54aNQgFHQiN+gdbJNcw==|_9668a11a7470e9903e9c02a6bba61f3c|
2020-01-28 07:00:14,774 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:14,774 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_rz5emqbvupc8ka1i3yo6tivuphtipd89uldj" IsPassive="false"
            IssueInstant="2020-01-28T07:00:14.073Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otctest.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_rz5emqbvupc8ka1i3yo6tivuphtipd89uldj">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>HRmCt1O5XwJ6N+8VlyLTb41jqHA=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>I8titQKGhnSWUwI/t4WjlZA8BhZqusay86Gp/MITlEdwW7iFJDlML+P3GfItQyUAYgfP1o1e8NtGIAdGqQVlrz0qYn4yoC6+wZavHajoMSEVA6El2A9v0zu1MYNwE7QtcM6QPHIofpO82kU76M2lpEfIWwWRCQCqpOhXlOLYxjOu2MxhVxIWhTLdQX2th6HjCYPM4L0EONJwnffTsFqyGwL6I+p2gETvTJAv9L9yzsTO3qvLbEaWzjLtFGy1dIG2hgba2IaY4v20wybETt+htpeYOAMJ36gr43rIP4S8l/LgcS2wvrq6cpNc3lOUwKDrxbsJE/Tamm19Me40EgUVe1UwtsxYZClDNiSWJ5Lsoa22+D3xaLk7M1Wsy62DQN8+iw91LnmNma9RGmU4PeX7PGGoI7jGLe/2MiqYfclHCToS9XcMcGdiX/X4YLsIWpnqyOxFwbjMlBpUPokMAXDCyRTixFTi6U++RU8LZYSSu30xH49iJnWsGsjypbix67t09Jr7EXxEEUppka3yl/IQHbcFvczaJkCEjDdhLI8zxTX8YAmu4RMWZZ6VAaErLJTRaygIeqUKU3V4jZO2n5K55p+z1ZQhELKsOz9TKMTP1UI+Le1YrfeT1zOaiGYPKXP+7ZbJjCPcH2Y+yH3Vv6HRD+0DMV9ysDKZL5o7KqdOmRw=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIF2TCCA8GgAwIBAgIEMALy4jANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVt
cyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lUIERpdmlzaW9uMSMwIQYDVQQDExphdXRo
Lm90Y3Rlc3QudC1zeXN0ZW1zLmNvbTAeFw0xNzEwMzAxMDI1MTNaFw0yNzEwMjgxMDI1MTNaMIGc
MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFp
bjElMCMGA1UEChMcVC1TeXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2
aXNpb24xIzAhBgNVBAMTGmF1dGgub3RjdGVzdC50LXN5c3RlbXMuY29tMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAiP/plDoyfhL71EusJ5OW2z9kPRLgtTrESIVJZX7lxAciSOTpHO5e
73wv0sufXOj3WK+rN044qQd7NyXPzr7+r1xaIqtWmmj5VWr8/GDQSu/cNQMBNzrzR3kaJOI0b/PI
bJjinRjAGGH6ubHN5IDZUGmTVwBBQrX6s1uhaidi4izUdJw3DjRsdQ+CvNrZH/ptUsjbZvsMXOHv
Hp4f9RItjQsQ6XJiVgI7Y3WlU7ydlJVLMvDF4HjF2aKLryabSXQH3T33DwERW70UTn8ibXP1fKCM
0m6orEffBMsqIUaaNiL2X6tU52Ohev7y590mnbGBv5r2JVKMCXldS23aXXbgpwWfqTRYMKlGCMPT
O2kf//GBHwU0+AdBYouRfIqX5hpX4aD8rH1b5N/UsW3YgptRJ2ifTcODcxi9dnKGPUXZ3EijOGP+
fAwpeNOkGfDLh1rPH/7DRsYhVnHXkVAcLVzoIyhIKw3owcsBSPG6dKjSn3Y6+InN5QkVrNJJeJuy
O1dixR5PzLJZ3xzYp84CsvivVbiYQUAA25yqVUAJeP+UVw2gZf0wKNMPWlcS7W6bAR9ccP1VEn4w
riA53ceeQGYncp3Waqq2XhpVUAAD4l4Z7J192rFCRJQ55MeaKDCpZqF624GhmKnhN5AB/3uu1VVN
VML1BHmpW1zOH8T81QNWp2UCAwEAAaMhMB8wHQYDVR0OBBYEFG9rJ9jCauVzkB86t3Ygp06vqptr
MA0GCSqGSIb3DQEBCwUAA4ICAQAndBou9ZppyXFwaW+dZ4MwIVqpXMzBDfecfoHtdvzJAHmXKO1g
/ZM5s+qOt/CFy90Qkj+S+4Od2x3ef8XzARzY/1W7nGkEOWYfs8+N5HLMI66m9mzVnN8WQx15Wfkg
75REb3bCL1KjespFKlYGi5p2lVfGvVxZ0mBs06sZilGlnT7aatWAwMWFn7yhktE8bpuTSGkSzfVj
LEVTATQw6Lvjc8EfnHEoj4rmaR4w+uVjxSfnfcIyL/Z3tht5wqYnuL5fooaZEP8XKInyBT5is/IA
VkTEozrYNooM7n8Fj7R7PD2p8ecw78nu62UEY3NQaoMyu3vr84Fg4yNv9G66Oi5PwXFAlVDMfms9
gawz5kqoiEEWupBytg08ok/1mseqzUCDRwG/DC/tG7Xf+PBVDNXHYuG1CiaRw5HGC1r0vnZgHPwp
ipvz2EigNJyJVI4LUjLn8bsWkB+YWRF/bQGtvOjA6KwNNHCmjm8OUVzYG4IRqHYs58fMCguOXdV6
RGwO4Wc/fqiKaeczgad4JKDB6BqVuo82+GWtl/1TQ6Kug5MbHiWZ50v9oxF/fBwwEYnTqu/5r6GQ
jbaXMBsEXcv7xiewSJOQkg7UUXhgEE8fDl8CL8k1bgLDr7Fs1ZrVaS8uBUCx52InKXrdFwMSa2bX
ys/8r8pohSInId/RNObb8bcD+Q==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otctest.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2020-01-28 07:00:14,775 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:14,775 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:14,775 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:14,775 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:14,775 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:00:14,775 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:00:14,775 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:00:14,775 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otctest.t-systems.com
2020-01-28 07:00:14,776 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-01-28 07:00:14,776 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_rz5emqbvupc8ka1i3yo6tivuphtipd89uldj', issue instant '2020-01-28T07:00:14.073Z', entityID 'https://iam.eu-de.otctest.t-systems.com'
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otctest.t-systems.com' does not require AuthnRequests to be signed
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otctest.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otctest.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:14,776 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-01-28 07:00:14,776 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-01-28 07:00:14,776 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-01-28 07:00:14,776 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:00:14,777 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  modulus: 558909841602715300853386431854256443582788191008825420675229761154683371758531971314168116589305799189542636640769238391788496151983865308912511899302135693073548611588716587861337563495871385604985361331701068928003959762896224193776379955968899997745116500971634996008058773081067392649583956488496520904383960474482950406873759803679074608903027366105911426638306915948276332938791715312029635185243678997045596357233924095288029129896693277017385386712444938742497620968863383210766704204611514541932410400196822984132046043121403024403284685084374310151354609578649256252424587289717881285068512824112696686851030244835582845824694723812822409283822050926334669269216118808292983784744157424372506712070880900544808423423944800415908126689702555365281418033366879992673487698840550668699161183649233395652798929497077523285038863927724189224577753885192595486614080320977593681256275737088929131087687948049111350769906242902003698697402638404033013917935980946640135769278536738613242267222159112907239446742140237473765218295502979562882475411534565836393655870785924761164526112155615310450228349783601285276809848076157830247476710442674795839837415004279427216801877250611158202095975120888227576878835465006286654844348261
  public exponent: 65537
2020-01-28 07:00:14,777 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:00:14,777 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:00:14,777 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_rz5emqbvupc8ka1i3yo6tivuphtipd89uldj"
2020-01-28 07:00:14,777 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _rz5emqbvupc8ka1i3yo6tivuphtipd89uldj and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:14,777 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_rz5emqbvupc8ka1i3yo6tivuphtipd89uldj"
2020-01-28 07:00:14,777 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _rz5emqbvupc8ka1i3yo6tivuphtipd89uldj and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:14,777 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_rz5emqbvupc8ka1i3yo6tivuphtipd89uldj"
2020-01-28 07:00:14,777 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:00:14,777 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:14,777 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otctest.t-systems.com
2020-01-28 07:00:14,777 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:00:14,777 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:00:14,777 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:00:14,777 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:00:14,777 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2020-01-28 07:00:14,778 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2020-01-28 07:00:14,778 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-01-28 07:00:14,778 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-01-28 07:00:14,778 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:00:14,778 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:00:14,778 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:00:14,778 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:00:14,778 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2020-01-28 07:00:14,778 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2020-01-28 07:00:14,778 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:00:14,778 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:00:14,778 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:00:14,778 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:00:14,778 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:14,779 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:14,779 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:00:14,779 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:00:14,779 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:00:14,779 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:00:14,779 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otctest.t-systems.com
2020-01-28 07:00:14,779 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-01-28 07:00:14,779 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:14,779 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:14,779 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:00:14,779 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:00:14,780 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2020-01-28 07:00:14,780 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2020-01-28 07:00:14,780 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:00:14.780Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:00:14,780 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:00:14,780 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:00:14,780 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:00:14,781 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:00:14,781 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:00:14,781 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2020-01-28 07:00:14,781 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-01-28 07:00:14,781 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:00:14,781 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:00:14,781 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:00:14,781 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2020-01-28 07:00:14,781 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:00:14,781 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1053137670::identifier=rick, context=org.apache.velocity.VelocityContext@2a26653f]
2020-01-28 07:00:14,782 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1053137670::identifier=rick, context=org.apache.velocity.VelocityContext@2a26653f]
2020-01-28 07:00:14,783 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:00:14,783 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:00:14,783 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:00:14,783 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:00:14,783 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:00:14,783 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:00:14,783 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:00:14,783 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d09f43b3bfe2ac4d255e14c64a4d790ad7470e9f7fa8c83e467e2f003351000f for principal rick
2020-01-28 07:00:14,783 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d09f43b3bfe2ac4d255e14c64a4d790ad7470e9f7fa8c83e467e2f003351000f
2020-01-28 07:00:14,784 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:00:14,785 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:00:14,785 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:00:14,785 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:00:14,785 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:00:14,785 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:00:14,785 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:00:14,785 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:00:14,785 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:00:14,785 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:00:14,785 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:00:14,786 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:00:14,787 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:00:14,787 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2b8ce6e15c5873a5add470c39a45480b
2020-01-28 07:00:14,787 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2b8ce6e15c5873a5add470c39a45480b to Response _f60b4b34453ada683e97b5a16cdb8e2c
2020-01-28 07:00:14,787 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2b8ce6e15c5873a5add470c39a45480b
2020-01-28 07:00:14,788 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:00:14,788 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:00:14,788 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:00:14,788 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:00:14,788 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:00:14,788 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:00:14,788 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:00:14,788 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:00:14,788 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxpmH2nploseARyP2227x7V6xCbpXYT/o883K8V4xBqQhjBx2wdF8ixSOdojbsJM4oVQHY5WJhJQ6hHU9IiIvscgjqYoHQ33NOT4cn+EovVr9Tkq6HFKaiHE9UflOdY4UVjE1nufquOglItQ== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.25.118
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _rz5emqbvupc8ka1i3yo6tivuphtipd89uldj
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2b8ce6e15c5873a5add470c39a45480b
2020-01-28 07:00:14,789 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2b8ce6e15c5873a5add470c39a45480b did not already contain Conditions, one was added
2020-01-28 07:00:14,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:00:14,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:05:14.785Z, to Assertion _2b8ce6e15c5873a5add470c39a45480b
2020-01-28 07:00:14,790 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2b8ce6e15c5873a5add470c39a45480b already contained Conditions, nothing was done
2020-01-28 07:00:14,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:00:14,790 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2b8ce6e15c5873a5add470c39a45480b already contained Conditions, nothing was done
2020-01-28 07:00:14,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:00:14,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otctest.t-systems.com as an Audience of the AudienceRestriction
2020-01-28 07:00:14,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2b8ce6e15c5873a5add470c39a45480b
2020-01-28 07:00:14,790 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _2b8ce6e15c5873a5add470c39a45480b did not already contain Advice, one was added
2020-01-28 07:00:14,791 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otctest.t-systems.com to existing session d09f43b3bfe2ac4d255e14c64a4d790ad7470e9f7fa8c83e467e2f003351000f
2020-01-28 07:00:14,791 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otctest.t-systems.com in session d09f43b3bfe2ac4d255e14c64a4d790ad7470e9f7fa8c83e467e2f003351000f
2020-01-28 07:00:14,791 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:00:14,791 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otctest.t-systems.com and key AAdzZWNyZXQxpmH2nploseARyP2227x7V6xCbpXYT/o883K8V4xBqQhjBx2wdF8ixSOdojbsJM4oVQHY5WJhJQ6hHU9IiIvscgjqYoHQ33NOT4cn+EovVr9Tkq6HFKaiHE9UflOdY4UVjE1nufquOglItQ==
2020-01-28 07:00:14,791 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:00:14,791 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:00:14,792 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2b8ce6e15c5873a5add470c39a45480b"
2020-01-28 07:00:14,792 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2b8ce6e15c5873a5add470c39a45480b and Element was [saml2:Assertion: null]
2020-01-28 07:00:14,792 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2b8ce6e15c5873a5add470c39a45480b"
2020-01-28 07:00:14,792 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2b8ce6e15c5873a5add470c39a45480b and Element was [saml2:Assertion: null]
2020-01-28 07:00:14,794 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_f60b4b34453ada683e97b5a16cdb8e2c"
    InResponseTo="_rz5emqbvupc8ka1i3yo6tivuphtipd89uldj"
    IssueInstant="2020-01-28T07:00:14.785Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2b8ce6e15c5873a5add470c39a45480b"
        IssueInstant="2020-01-28T07:00:14.785Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_2b8ce6e15c5873a5add470c39a45480b">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>ZS/93NcMvN5JVIgt1L1ab0j61aqrkFXmjum7aYqdvAo=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>RSSXzmsI3KE/mYkza2C3XL/D7mZoc6/ecgMTcVrxOdqp1PdYWnVIPQi6lPc1GroWvDHlZZzvU4+Rld7b9wTvRwV9XUEZi/TiF0hJ6l/DuWvkoDPRyfR1lJ56r4hl4wpZG8T9ISBVh8wR3DQ+eAxbHG2B37SUIbRNQmrVWcWG8QmvdB28pyXpjeO0whnxlkPSbHqZBpYc8B3YnyK6goy6iom56Dc56XTZy26TCK1O+9c4XiEWGXrbZHAODuNNm5WmT5e/15/nPDa5QcpTWRn8r9txwA8Yu6Jlw5MIq0KlJXBgcEzaaG+nuuOAKLQSazYNleZobdExVBIUadQESV2D/g==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otctest.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxpmH2nploseARyP2227x7V6xCbpXYT/o883K8V4xBqQhjBx2wdF8ixSOdojbsJM4oVQHY5WJhJQ6hHU9IiIvscgjqYoHQ33NOT4cn+EovVr9Tkq6HFKaiHE9UflOdY4UVjE1nufquOglItQ==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.25.118"
                    InResponseTo="_rz5emqbvupc8ka1i3yo6tivuphtipd89uldj"
                    NotOnOrAfter="2020-01-28T07:05:14.789Z" Recipient="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:00:14.785Z" NotOnOrAfter="2020-01-28T07:05:14.785Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otctest.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">JTrXLTmFEWfZoMeMCOBNn9r+uniTrlsnPnJ+XGRqhfU=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:00:14.783Z" SessionIndex="_56d339ca65c55407288703b59b1546b7">
            <saml2:SubjectLocality Address="172.31.25.118"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:00:14,796 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-01-28 07:00:14,796 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-01-28 07:00:14,796 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f60b4b34453ada683e97b5a16cdb8e2c"
2020-01-28 07:00:14,796 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f60b4b34453ada683e97b5a16cdb8e2c and Element was [saml2p:Response: null]
2020-01-28 07:00:14,796 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f60b4b34453ada683e97b5a16cdb8e2c"
2020-01-28 07:00:14,796 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f60b4b34453ada683e97b5a16cdb8e2c and Element was [saml2p:Response: null]
2020-01-28 07:00:14,799 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2020-01-28 07:00:14,800 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">JTrXLTmFEWfZoMeMCOBNn9r+uniTrlsnPnJ+XGRqhfU=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_f60b4b34453ada683e97b5a16cdb8e2c"
            InResponseTo="_rz5emqbvupc8ka1i3yo6tivuphtipd89uldj"
            IssueInstant="2020-01-28T07:00:14.785Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_f60b4b34453ada683e97b5a16cdb8e2c">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>EsZh/BZixfl4+eFiNQ0+mOGVn7hVuHIN/tVtHozCdyk=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>OWc9MVYVPHXE5bQdPJ1IIEFD6dcSfaevK0g0luxXBmnvZPpiWDvAKosv3G3dSV222QQ77CODXi9P7UKwRZLNq3STBLmhKlxEkrl+XZVZgt6xglgLlF7nd2nd9RSigcJf4zfRVt/hXH4hyUcuT+NrhpRKAm842vo4f77w9+ZSWzZNkWTZs3+YFxKHvWiWbgPYhANvsBqjbz1KBsRzPbLEUni6TfHKHpKhIdjR5UosZDYlB0qPX8Qls17umaVHenLac/L0ZLsTCr28lHGs8nHbsN68soNiI6f6+yOraiKmOouA72TH9biPc7evM28uva05Wif22gesdRinN4U/maowJw==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_5656846b96fd1d82e74daf675c3d8e4d"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_bd19c63a5ed1902c67c4b40aca7a0080"
                            Recipient="https://iam.eu-de.otctest.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIF2TCCA8GgAwIBAgIEMALy4jANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVt
cyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lUIERpdmlzaW9uMSMwIQYDVQQDExphdXRo
Lm90Y3Rlc3QudC1zeXN0ZW1zLmNvbTAeFw0xNzEwMzAxMDI1MTNaFw0yNzEwMjgxMDI1MTNaMIGc
MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFp
bjElMCMGA1UEChMcVC1TeXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2
aXNpb24xIzAhBgNVBAMTGmF1dGgub3RjdGVzdC50LXN5c3RlbXMuY29tMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAiP/plDoyfhL71EusJ5OW2z9kPRLgtTrESIVJZX7lxAciSOTpHO5e
73wv0sufXOj3WK+rN044qQd7NyXPzr7+r1xaIqtWmmj5VWr8/GDQSu/cNQMBNzrzR3kaJOI0b/PI
bJjinRjAGGH6ubHN5IDZUGmTVwBBQrX6s1uhaidi4izUdJw3DjRsdQ+CvNrZH/ptUsjbZvsMXOHv
Hp4f9RItjQsQ6XJiVgI7Y3WlU7ydlJVLMvDF4HjF2aKLryabSXQH3T33DwERW70UTn8ibXP1fKCM
0m6orEffBMsqIUaaNiL2X6tU52Ohev7y590mnbGBv5r2JVKMCXldS23aXXbgpwWfqTRYMKlGCMPT
O2kf//GBHwU0+AdBYouRfIqX5hpX4aD8rH1b5N/UsW3YgptRJ2ifTcODcxi9dnKGPUXZ3EijOGP+
fAwpeNOkGfDLh1rPH/7DRsYhVnHXkVAcLVzoIyhIKw3owcsBSPG6dKjSn3Y6+InN5QkVrNJJeJuy
O1dixR5PzLJZ3xzYp84CsvivVbiYQUAA25yqVUAJeP+UVw2gZf0wKNMPWlcS7W6bAR9ccP1VEn4w
riA53ceeQGYncp3Waqq2XhpVUAAD4l4Z7J192rFCRJQ55MeaKDCpZqF624GhmKnhN5AB/3uu1VVN
VML1BHmpW1zOH8T81QNWp2UCAwEAAaMhMB8wHQYDVR0OBBYEFG9rJ9jCauVzkB86t3Ygp06vqptr
MA0GCSqGSIb3DQEBCwUAA4ICAQAndBou9ZppyXFwaW+dZ4MwIVqpXMzBDfecfoHtdvzJAHmXKO1g
/ZM5s+qOt/CFy90Qkj+S+4Od2x3ef8XzARzY/1W7nGkEOWYfs8+N5HLMI66m9mzVnN8WQx15Wfkg
75REb3bCL1KjespFKlYGi5p2lVfGvVxZ0mBs06sZilGlnT7aatWAwMWFn7yhktE8bpuTSGkSzfVj
LEVTATQw6Lvjc8EfnHEoj4rmaR4w+uVjxSfnfcIyL/Z3tht5wqYnuL5fooaZEP8XKInyBT5is/IA
VkTEozrYNooM7n8Fj7R7PD2p8ecw78nu62UEY3NQaoMyu3vr84Fg4yNv9G66Oi5PwXFAlVDMfms9
gawz5kqoiEEWupBytg08ok/1mseqzUCDRwG/DC/tG7Xf+PBVDNXHYuG1CiaRw5HGC1r0vnZgHPwp
ipvz2EigNJyJVI4LUjLn8bsWkB+YWRF/bQGtvOjA6KwNNHCmjm8OUVzYG4IRqHYs58fMCguOXdV6
RGwO4Wc/fqiKaeczgad4JKDB6BqVuo82+GWtl/1TQ6Kug5MbHiWZ50v9oxF/fBwwEYnTqu/5r6GQ
jbaXMBsEXcv7xiewSJOQkg7UUXhgEE8fDl8CL8k1bgLDr7Fs1ZrVaS8uBUCx52InKXrdFwMSa2bX
ys/8r8pohSInId/RNObb8bcD+Q==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>c5rvAmF0bmzrzmncqiMgUqXBTUIgWQsRZbQ3BavenodYNQc0Ttfy53ulTbMAXiqc9IvTruLxeKkaZ/ek6TdqFWWShoyXQ97XDQdWAEm/K65+NbgBsVyTw8QtXrdxoLLNRfiEGCAZVYq3ycUVSUFf/EHfCTEeieTUzZqdloPTj5zy3uxybf0itclDZa6h8BlbKO3eSoO4EVRTwh9etBXb55WuOZl5aAVmxe8TofvY9NTZOB68ZR9r9eHkdNAaEgJqFYYEm9ezNBE1d5+m/GaHdTSJJKPrzSVsm8UxM5uOX3++rOYVlGGzMj6XTZlmAAHWUZLaGgq/Mo6jiWSy1i9mr69t2SPXVbBdAZWmMM7SoEZ5aZZP+2K4zZ1Ry//7F5USvpBWEgfQpy9oQCWIYGX3GP52SkVAmafcxh3LO5j8d7XGRZGyD371TBfCiNGxBzkY7NjEB1hJh4blb83Cu8Ex4zcvJWwPfxmukZIyr/4ucrjo620HSS+euoBMpSaUDMCWT0yZaKK3WeTZPrvLf/GYmbZTQlmi3pDPQZn7lVDLlGlfpwWAxYNoYdH6NKR5wTH74IlrCaBonxJLNfuxEhFLeNecM505ERvc/6KFMWxyZi9hbsutEs3F1rbf4QMncSQ8EqKwcIXEETUIu2fslv3V3h4oPzlvBSwv8WHUYCAliV0=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>HyQWd2Yvc63vqMyBBKBTvQ+bSYDelyH47BOZnnW6wbuB+PIA8iWnaizzrs10jF+aIcihbNu8RQ+JHNDgYCeFai9rfg3tTSe8dO2wzQMdgsFvExbQNaOZRr/+svOEPWTkavTMQBBBraKZ6ApWJ9K7Oqs0wE800DpvtLvIqfEiB940lppfI+M7oV9fHtczIPPNvL2UgfX+n4ehDtDEJdBzI4L08yQ/A+A1U1pkX6V4HmVYE9yDOPNgOmrA/dzcfrOOJ5d9+P/s6nny9b8c/y9jw/KhfXupGhiyBsMWJS/eNTBn2ozfU4NxmCC1nzNb0RP561Fe74eiW3lgBogPLumTe26xBene+voc/yg+OSHfbuLed9xX+X4QcN7mw37UOcLQFimThf40VFWdiT03r+N9ltyfXOxZuRd2HpkSYWHK8P+quwaSkJoYewSZZiQEuNaFkbHb9n2jF3Vr4JLXO9lApWRs9unff/8+dGsp7q4ZAuYI7af/X6WW9+3qzmtGs50+MA4HkLY33NjYljXKjwNZ2GDIqL07VNxUKA5tdoRpybfi0M2JOwMUizwy7XoNBWhicOujq9DuSGzJm2NScYT0Ewz3rI+Zzhrgy1UNJLqEOCjajssv1nTSUb4tT4uwzqmLSv7phWnFCmwtsAQcraCUD/ng89T51tgo2NfKSKuhN0Q9AAet0L9D1dyvxh9oBCBCrVJKSThDW5MxgX6vdRiGdefJmnpStHEf1fdNBCPc142acGAAObZiusRvLJQpY1aY13YRA/xFVrBhWWNYDn9ekmM3tBtYC/De15FIq1dSdRqrRKbGbHRwl4uLOk/WCmUiuhMhUJrx7oHBhPTrEZZCciPk5UngDt1FP8ig63rERAc4qDLK9CK6hp5FxjTfSUTYwzKnnHlCaz9AfxZFH32Ckq01RdAQdmaObrOp9r/yoObZGYrTgpO6grcwR92BD7WqZflJF+NZYn4Z9TWJbD06QgiZAul6Are6FscX1uK5r4Bz65RT/NtZmr4djJ7zy7t642s88KDt0Rh864d0GT8U8yO8JJ4oj9bHnAyel/AqR7MmqhxjzAU31uCMFRinzFXnbZl2dfsz3BpD1/p4l7ShsUEnO40XQhUjtk0JgKocWnturdnypI/82eTxgGaY4z8Gr0fr9ZS/aDDy3Xzo4dUKZtfHuexaqsxxjQ97zMhwqLJW8llPnfOtkPlFxQCw7gYUlPJJO9v0hegCGhWklt4CLWbTzo8dVOXRQyBEQ5rIH48BkkY0fnoGqJp14UuC2XWi1yr2vUwiS9b7tt+tnVuh122s4cNF1tM5d1fQoAaW9EEd0MZmDvwDe/ggXHVrgZGS5X5LzVpX51wtwacbWqASo2Y7xzo6ag+kTOpZeDgN1wOca+cTBdpWp84T98cj9dLhU8VUza5C5IGlUN4O9phck5fEjJGqd/pq66pYehH0u0CpK4q2R5iEk1k2O9ynrA5qaRo/TZQg8UHsWXYmdGXuWKRe8m2kNPP8wsZLDYMV9LtpNd5tQv22cXGRbCISXkKMklE0vvIGd0BhVXBnc5rUvatb/hLOiCw02OJ12jCqL+kjOdCYhRalGN8Fbq8yuMwxZ1BMBQ6AmhUetB5vR8rPqAQphTjRLPmumfLqP+8JSaopcxhTsaplAQa+qycAi+zDO+GVepClxlPRPi7zfoeiQ6cXTrL/zKL6RY7Q2nDylHPnzZh1q0y1yEjlJLQZAH6wD0rj3ZfPeReYT8AnZZniPpZRNPF+XiFdlv2jNHmFKDVTpwxum11m/6O8zvqtL3NDRd0Ef0d4aoQdgu3+nDF+AsmxTALd+dqAXXq5wjkIIx78YTl/bS/tX2nA6l+q4dMmsWq+i3j7cXhmD4GR1nvlF7y4x1N18CohGni7YONCXOXBtVofRP2toI4l72viOcbNWzwQKwJe0o1/yt/6+/ISWVQTzGdNN03egW8dR45qZVetpWGgceqCPzn3nKGsWDGvw9hY9k1FXjgdS4sRfFLZmTGquCvtnNHqits73R6JvZ7hP1hP9NxmZJNSi6n0BZq1zjvJ5QjYh4GOsKXt25HtDPOrGqkXxjjoZ0uUtuZPEnm/DMgsRRaqA3NefwMN6yv7g57W/qK12QtH5pBK7BsWTUFYMLSuY92R0ybHlN9aw4oBlgE45wGytCbwhvDPkbGLumqhCe6P0kVe3MbiJEeTibLT7PO7yhis8eZG/KVAh+zUkSsg4S2SgiMMab0+zucrfrVe/Guh2QbVH0kXjqb+WlQiSUW+50+DXd3FoBollDrdEenQI9tIMvknA1QNMGkcuqD1qX0pnAZdiphIeDpXbJHNLeajt0m9GOcgYYTxMvvxB5/C7gYZLhT3nYFMiogBkW3g/hCH0uGAkdr1yGScwwkNbb8+49hB1oKJFkiFkrJUmqRR+s9tIO7iLwxwQAaJ59fB7Mu6gwaQEvgEXehx2pJwZ8eCmJc3xRnSesMJCl4waEccB6CuPMTdk7pIu5ZZFtn5C9Yn/jrxbc3bzXv9vjUiEKZlFMIFrRYCfxRM+NzKJ1+HBUDWEeTX7sAIYokIKFjBKgmsf8HPqFvEjVJjWoRM0ZxPCsjgSOkHMXtsnWwZWn8nKGz6y6lP4TxO3FoN4uzi6KnjOP79T4DqwxSZlZmoNn0TcGpTHN5TJmbCLQHnX3YMnmVyzPo3zP0HnyMQmI6hGzT0mtGSoagBJymfts7fJkSbaV9lGXHHHmUI/8CemdZxAWoloalPETi1Cc8FNe9fW25tbSm/MpMU7FAmMItk65wKhFQTQFaeUYXaRv8oJFkgqXInSODJs+jR2UxaSXGPGAtrkMedmSmZvGJcmgE7tnViLW25j9HxTdzsRHLAo6E0czDprCl3xb9t4UH5jt38RKIFOFlq6s+qWqbdTpPHQ9FfYILwK9MuE3LebWEwTmjx79itq/FtI6p5VIUcYp8NfZot6dubNYzBRN7OHk/kbNnW7jrEZMfI/X1j/aDvDBZgiw2ZK222BslEe+1TwI02zlTh+dfHemTQofE2gjkwGgHmeYztQ3pnGspdT9/Msp8cAfuVMAa2Hig9tJoQSbkC/lKlgBCoVFmrN+5dM41HyTQUbXANUYl5GSCevVpGNtJ1BC/htjWCodUaJZGeX8G+ygKkxI6hZQv6T+xmmTACZgt/se3qmF7kj1VWPKA3pFQEM8dLxnmNVHxs9upeolpdbWsmxOiJdwA8gpVrxfw2KUKmWV5YvHhvKUWk6tgrvtdQI2aqzYYHBGD4+uSxEKrOO8SpmAZ3RQv7fK7y1p7vUdf0YsYn+xgCWaRpoDcxvcZ8jyCctmq1+crC64c+sv05LsAWsOoLJt1DhhmGprBRPsw02Tmfa/ZNONZGlXDI7HQki6TOPp5xHwy32i7G4OXCpBcXLqLhSW+xlngC/QKioHJGFZU2yocZsVeOleHs32FpGqh0hIh5CQb+iokMiCA8RGuOTy2iVNk4dWKkdIZgWIU3S/CRqu2OOWc0IS9CNzXDUGxRBBFzvSkhYU52ioFw303e9YQW5LdlP8aipY+D3uGWSlCkBQRkFgLhpVlaalx8t8NkaUhnv3r1imE/G3GL5mDJnKKqDQosyXGOuYpYcQInKH2XtKggStLepSVUWcAieJoqRKdJXLlkL6vFG+P6PVPL3vrkESHPtpVQEjsurc2AKNQ17qertMAy09gYKiJuN1epIjAiDjQL6dLdSC2dusGoxjDpg9uSiewS+wNs7T9Szv5gPzRtg31nC3obF/n47ZYvVccxy83Vrz2haN3Ni/SfyvUYif1mB4i7B51G2Cyf9yCSs38Lux3Y5fhVVLrw0DlDid5fAX/eRUnA3qfFY1/Uk0rz+BwGEatWC4aphYGp0TNV9kPsZljmNhpe75jwherKlOSHiHDfj5o9yR5nFDCi+GEuOukpxQ7oPCPfqNEFBohTA1nd/H2kFRpLWinuiucDP9P39VBP+shlslLHT6d+zk0lIMqUxDgD4N6imwXhDs5WzQR8OjTdQnmc05IQBPrTwVxpv7NzZiK45tr3UVLyKurimxh37QwUUMiTxjHhDvf/Ec6ZkgmiKlu6caXO2FrayarETKVqkvoucmsF4Tr7dHd5JrQ2woMPupTNrIq1CERzeOVp7TppFD7KVunEOhJyfIsshW+GhYamo4Ma2pLnnrNs7OMGmYt0ahQCDf0pY8REVn4HKPqdlQBV8IsbPPupdbOTkeyqbFseT0pxWnFzOZ2IL4ou5s5K/n1EYTKiqdyKlvDqsW/nhlMBH/KcVOsp8VJD1r3sPO3acfmaPSoC7I7qQzBZMjBkB+NUK9XxVOM4wO2EtEzxO1Rq6ca8WkY2mP6nSYr0GlmMp9IhbdStOGotakodQXN3UtQwSOU0guPXKJcR5WzSIKbCRE+lKtueUbGO40BeTGkZ4CWlvx9s5SzFsjwRxkf0+ePKX6A1pbOnWHyS2X722n5QD9hf66YZPIqUFb9lagnX7mr9/5X4i5Ijiv0PEk/hdoZJqfoYYYPsud2dw/uJj4gBRtlGsK3Syk3R92id1P4rz+r0zh4aJ6Ua0DhmHCmX3t+wuwk02nzNg1i/KVHvw3Lv1ucZxvvuTN9QNScLubr55HhjMGVgP8J6EcoqnsJ/Z147gXb6ZrGqYYWxMwOw/lOA7aN0+42TYX7URBlZtKOfMeKorMTQvlcHfPNp72W5YSazp4IPHn07smcUQ4NHenVHsQ/u9GphQDY7qfal/Y9nI/kfoNwDQyNvWXM8O+b+xl2OYmePUKhCHMdFfPK9hqRRWFuvUluFOASTYh65NTufuD7RcPDOKqGypXviOwjtya8sUcscs/PloqQTvaphp08QUsVepEDQ3sQKDWEveN6yJjz1uNqvciJ69QQJgWmMSYsYSfdPyHCLKNXkRVlO9wlsjajAuLIHKEJ19LqvBKAhup8TFmyhgs5O7TzNVDqAB8DxJ4arEM7Dh3PM70BwR8TixqF+O+RB9rsMM7dhvan3Va+2VwByXyRl6kunZY5hAqYl7/PgsWojhfO2+/RUMywG79R5dY5d8eIzKpf+5Yd+s5DhwdbFGqrxlUonFUM/aNaYGZDHqDkozo6o8Szy+wFAsmliN2oVCG70LTjJybqLQOqYHg3Kwf+gIZEaVueJkbNEakC2kJS+Qd6Lq+vuK5IoxtArFKAkUNO9ChLxLt1U6ex90jZr6QLYUTYltYMa1WVvxZBs5liqVXKXsIugaG/YNt/DUADMzeZOn6L+N8xXPkbEpFFOXW/60gcMMujC8R4+3CLfajgg2lWyWe4I4RKI6tsRvD9jv/GjHyUOFcGtY9mxWv7JD9EJrAn8K4m04O8JdOcbh4qNFQV0g8m6Uj2dIWpSNKNOQjJXfUW4e1GNlTBvM51BiRiJpVhLCzWvGFRQte8Ft8gCcV759aKK2XAjpqobnSDTSI6Oz+IgZ2ldqAdOQ7C0LwkHjuRbWgiZ7trvj4ovD09IlAoYDbv6/5ZGVtpgcLE82axKJVkKFBb+tftdhgiY3WFoweSeP37Dpls3Vaiv+Xzm8rQADq7IVLFO/D/Dm/qVas6BuGmKlzpiixv5DrU12A0l2+wiIWNgwiYEuHoIgUO0wk7DFOGYeppkqqVAgWZ+8/J82ltm6L7fIOHEK0qYZswEKxQgiy7WWTTMjYmn+ZFOPBngF/AMabNKz9rYWNYAbuozrs+ccF+31DlmWspcf/QHYXadV+8D9EfntGdUJ1pUlxnD0VHBqAAtfmlyNNr56pS0bDobGaEHRnFkD1sqydIjwl4lvBjaf2dqdx2Gw+SaDW+plq1//oGrJ1HvpGJOvackLmmb/eYH4cnTRG/oQEMjScHpz4qW+/qA5sHxkt2QR3BYWagyeMQHYurj6RlgEBCCJHt+cE9d46HH1IZAC+sFrCQRPBqC0HHufPWXJJ5Q0PsumY7royVYOTAUCfWx0p0+0WIm9plrSp4+fz10aJslAccOUSyFX/kfdXnbsVMtMSHYCNnZoGVRgyxp0zsrUwXMAyb0Z/sda47g9t5yfIYXfBfDr6YA5z6PQWsP6k5pv/BOwqqrpYv7BbRjizvkgg+lECFAv+ncrzPUwOBpgmdrVweQAlf2+KozdmtzOQYhdIlLK1/SedV3aGkuQFmRUUnRaPh5XML6+JFhff67CBNbMu1BdIp1c74g2/esiC1whRFMCKRp33tu0UalRn9+30BcfRx4U95dzZ9gPi2dGjqt2tsAjHG2d5ApjBTeQGpKhZXQwt3Z7hQMxn54Qxh2EDQLAgfakFjP67TJ6H8D0BKDPsTSCJ70avkf6TijoEKYDDqt7wFrBZ1wV8W8co6yXFWniqFUP0XdIPhKkkTIp/aTrZ80q0G3fpTLs4+wouG9RUXtPQsdcrmysSWW37W3WQoM0NUQfbpsH9Dv1wPBGX6XVKzhLtgUbIt1DWtxVzJUr16db49d4nzlvZ1y98i9dZp9+s5s5ic48SlfSONkeAZVZIl2cxL6H38Fj1AD2uH6SJsk77T6L8IjqjS9e/UiMW9wx2ij306LXG7nnjzRhQZVzE2Fu8+fnM3ruo7xElyqacmnBK1vWMYBaxBgdYjuyRWCjE7FdE5aDYvOgiNNFbqbzQozivtsoOvWvnDi+gLQ6sXsWq0pbLofCF+zEV9+WRr2hFgfCNtg0F6wXgaBPiGp8faLT8Hom9of9/gQ1Bwyj2w8QO3jHJWZEF/TmTUBjgMAL0qpQToFq+7HK2uRvA9mqWHvgLrXlQ2/aBcA1p3MM8Np3bzhM4piQ0AokGvbPpmAfo3NhcphFLPylMZPaJCeZmaAqqEQIKIaoiT7z3AnK72SqNwxnFAYk/QUiMVPFmNrUi37p+ksIjC7DA9SKY8QnVl3FEoOLDXxNBWWyMI7y/3uoIEMwNPMbnaascrCsIomFNmAWL2NbU28wl72b8Lpnv0GETPol6/10zX5qNOrcgtrm96RB4HxRIFJoBI8Svenc166JygrZi1QuuOgt4wKtisWoK2JjmF19NiFa806Y83YnLBnwe6is4xXdSHfcndhMOYpUJOP04QpqH/PYUMyxhAL6uIxtRfeDNAq8x1Uv4bwWODmh+LDj48DjPVRNHQjyYSxOnIZ8FZtsVMZUKRthgtP3T2skCRSjT8keSgjDRDdf+GGJBMYha1hHWReSUQgslNuuQq2TMkT0wgTlLGbeevP0BqRGM0uXvE0X9+RWs+JGETkLO2KLNLUAKlaEbeVKKb2IJIncBJk7U9SHDX7JhJ4E+TjcPoV19xYw+CRt/G/gMzt0+c2/odixp51YrI3HzG+PPXKY3CQfLRL3yvtB9D2re/GDvGwwiQYSH4YY159A+x7cq05uSNKejnLOilsTGYCSnXoTrbhlko1yJIWyZa/COnjm1n1fn1RY2dpFIwVFPOdy9zkyfyDJuAIKoFtdP1UJW06xWdoIYLyypDQWuc637hkrwVrk67ikAfqvMXv21/4EBsHFomBg33X5/zXd3r030QByUsAMFTFK234+Oau6rWXlHQ37XvWHETTvbpvljwE5uYK5eP6eVE0/H/MZdxcBBPS6W+54oRezpTmTlKU1WBHz6AR+txi1Hw6L3IoVVts7UtPOzIk1ZvHRQnFcq82zCsqotO9pMEVcmBQB5XuoCgNFZ5Z7ro4RLL5ib/isEGwcTmv7DrU7I8qll0xk6vx1efb576HTdZkJ2uR+OvMSpOzPh/Qq9LBlnDKb4Gui6eaCIVgEvXFh8o83GLCdFd16QHF8r3eNywemxFC9fwgpoksNOc2VVpO9ny1YszBrp+1pCcQHM2qlmsj9LBOD6dTCwYgJHVzIbaQUSj7Ah8VVjX2uwb3kVsR1OJS8WJVokS3D1m452NrZQma2Ze3iOMgCI4ymPof2T5rfP/Np0sEk1KFcifKpn5CFlxVI31DdLwKqwe+sD8Su9bniv2quQp2szjO/IuFRLeksD6DcGUiNlb47ZDc3O5hKwDopgE1isZhs9LAn9lLk4NzSAgK0jN/XhQSDX8+MjY8RpLmcmGstkZyz0r97/pHxEyBpDdbze+NzEnuhjTLbqoyj922AzfT/YX4z5JxDEPF/H1gAwYvZukrP7l0WgjlULzbRoHKsJf7gr3JvlMz9CmrabZIpuxLXfKR5FZK+fhOVxGrhNZuf+AJ2I/TGlj+BDvjBY5fhi8R01DExpo+zKm+hHVCIMjG7bdPuvWk4QVysiawIFXI8Huw/PP7mjfgrT5Q6KSg2D+eVr9iOn1qYlzpEl/c/qPRxcVj</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2020-01-28 07:00:14,800 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:00:14,800 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070014Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_rz5emqbvupc8ka1i3yo6tivuphtipd89uldj|https://iam.eu-de.otctest.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_f60b4b34453ada683e97b5a16cdb8e2c|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxpmH2nploseARyP2227x7V6xCbpXYT/o883K8V4xBqQhjBx2wdF8ixSOdojbsJM4oVQHY5WJhJQ6hHU9IiIvscgjqYoHQ33NOT4cn+EovVr9Tkq6HFKaiHE9UflOdY4UVjE1nufquOglItQ==|_2b8ce6e15c5873a5add470c39a45480b|
2020-01-28 07:00:24,817 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-76259-yKm3ZJl6--LaXmCrOXyMYowsnVIFhexL
2020-01-28 07:00:24,817 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:00:24,817 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:00:24,817 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5"
    IsPassive="false" IssueInstant="2020-01-28T07:00:23.925Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>ABYsq4UcsLuFc3bAtOyOk/C9blFu2CFuXVESjx85R6w=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
noxkK/xm9gNIBsKcOheSvvOd4haZLsyBo/HpdhS2xjY9zfBs+0nvdMSMgw87WaPTCpA7+HMnxQSd
h5QWndE9GuUvWCJT+9qcCk0un5dY4JP2AwDrSJKbHGAEZImm7BWM/t6jAVeEHyaTOKRUU4SO+XoJ
b/UgyJI/6WMln7ALQlXkFuHmdKBA9HgaGCCOTN+4gtLH0VliBhgkzB22+l9vEm8ZD4Ad02RJWpi3
sD0fWETUq2dP+LM1O53uEOAHE58QC3H50GvoVc553Nu+f/3JphEMSkR6u11ipTm3ShvpqOZAynDj
+cXjqt7pQp/b34i3HbsOYTKVqI6i08GhUrJXjA==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-01-28 07:00:24,822 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-01-28 07:00:24,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:24,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:24,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:24,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:24,822 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:00:24,823 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:00:24,823 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:00:24,823 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-01-28 07:00:24,823 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:24,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:00:24,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:00:24,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:00:24,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5', issue instant '2020-01-28T07:00:23.925Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:24,824 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-01-28 07:00:24,824 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-01-28 07:00:24,824 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:00:24,824 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-01-28 07:00:24,824 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:00:24,824 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:00:24,824 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5"
2020-01-28 07:00:24,824 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:24,824 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5"
2020-01-28 07:00:24,824 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:24,824 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5"
2020-01-28 07:00:24,824 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:24,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-01-28 07:00:24,825 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:00:24,825 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:00:24,826 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:00:24,826 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:00:24,826 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:24,826 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:00:24,826 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:00:24,826 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:00:24,826 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:00:24,826 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:00:24,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:00:24,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:00:24,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:00:24,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:00:24,826 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:24,826 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-01-28 07:00:24,827 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:24,827 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:00:24,827 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:00:24,827 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:00:24,827 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:00:24,827 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-01-28 07:00:24,827 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:24,827 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:24,827 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:24,827 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:00:24,832 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:00:24,833 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:00:24.833Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:00:24,833 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:00:24,833 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:00:24,833 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:00:24,834 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:00:24,834 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:00:24,834 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:24,834 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:00:24,834 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:00:24,834 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:00:24,834 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:00:25,001 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-01-28 07:00:25,001 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:00:25,001 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:00:27,093 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-01-28 07:00:27,093 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:00:27,093 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@633501149::identifier=rick, context=org.apache.velocity.VelocityContext@24030068]
2020-01-28 07:00:27,094 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@633501149::identifier=rick, context=org.apache.velocity.VelocityContext@24030068]
2020-01-28 07:00:27,096 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:00:27,096 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:00:27,096 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:00:27,096 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:00:27,097 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:00:27,097 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:00:27,097 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:00:27,097 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session f59863519696341e4c65886fc637ab7f4aad287a7c758fb1ca1eebfa3d9b6812 for principal rick
2020-01-28 07:00:27,097 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session f59863519696341e4c65886fc637ab7f4aad287a7c758fb1ca1eebfa3d9b6812
2020-01-28 07:00:27,097 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:00:27,098 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:00:27,098 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:00:27,098 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:00:27,098 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:00:27,098 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:00:27,098 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:00:27,098 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:00:27,098 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:00:27,098 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:00:27,098 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:27,098 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:00:27,098 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@65f5b742'
2020-01-28 07:00:27,099 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:27,099 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:00:27,099 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:00:27,099 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:00:27,099 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:27,099 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:00:27,099 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:00:27,099 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:00:27,099 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:00:27,266 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-01-28 07:00:27,266 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:00:27,266 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:00:27,266 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:00:27,266 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:00:27,266 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:00:27,780 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070027Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1611730827780}'
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@65f5b742'
2020-01-28 07:00:27,780 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:27,781 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:00:27,781 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:00:27,782 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:00:27,782 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _68b44ec12b103f40f8fd5f0939c10a85
2020-01-28 07:00:27,782 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _68b44ec12b103f40f8fd5f0939c10a85 to Response _7b2b3b7a13f4e923196c5f575945cd3f
2020-01-28 07:00:27,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _68b44ec12b103f40f8fd5f0939c10a85
2020-01-28 07:00:27,783 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:00:27,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:00:27,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:00:27,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:00:27,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:00:27,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:00:27,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:00:27,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:00:27,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:00:27,783 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:00:27,783 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-01-28 07:00:27,783 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:74] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-01-28 07:00:27,784 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-01-28 07:00:27,784 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxYLTBRTbO1CR4UBoEOvANBsen4b1Y2TFhhTDZGLrleJteJKM6WTVbEoFaijtUeYN52x5WNRBxm4+gbQHdmE75TfW8KnG/I0GSJIuaXConOk/bFeHDLiL1yj7Qd+cRShcmWrm0NFDP+LU5UZzerxKZCkWah5ebwfY= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.37.207
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _68b44ec12b103f40f8fd5f0939c10a85
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _68b44ec12b103f40f8fd5f0939c10a85 did not already contain Conditions, one was added
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:05:27.781Z, to Assertion _68b44ec12b103f40f8fd5f0939c10a85
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _68b44ec12b103f40f8fd5f0939c10a85 already contained Conditions, nothing was done
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _68b44ec12b103f40f8fd5f0939c10a85 already contained Conditions, nothing was done
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-01-28 07:00:27,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _68b44ec12b103f40f8fd5f0939c10a85
2020-01-28 07:00:27,785 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session f59863519696341e4c65886fc637ab7f4aad287a7c758fb1ca1eebfa3d9b6812
2020-01-28 07:00:27,785 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session f59863519696341e4c65886fc637ab7f4aad287a7c758fb1ca1eebfa3d9b6812
2020-01-28 07:00:27,785 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:00:27,785 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxYLTBRTbO1CR4UBoEOvANBsen4b1Y2TFhhTDZGLrleJteJKM6WTVbEoFaijtUeYN52x5WNRBxm4+gbQHdmE75TfW8KnG/I0GSJIuaXConOk/bFeHDLiL1yj7Qd+cRShcmWrm0NFDP+LU5UZzerxKZCkWah5ebwfY=
2020-01-28 07:00:27,786 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:00:27,786 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:00:27,786 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_68b44ec12b103f40f8fd5f0939c10a85"
2020-01-28 07:00:27,786 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _68b44ec12b103f40f8fd5f0939c10a85 and Element was [saml2:Assertion: null]
2020-01-28 07:00:27,786 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_68b44ec12b103f40f8fd5f0939c10a85"
2020-01-28 07:00:27,786 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _68b44ec12b103f40f8fd5f0939c10a85 and Element was [saml2:Assertion: null]
2020-01-28 07:00:27,788 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_7b2b3b7a13f4e923196c5f575945cd3f"
    InResponseTo="_irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5"
    IssueInstant="2020-01-28T07:00:27.781Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_68b44ec12b103f40f8fd5f0939c10a85"
        IssueInstant="2020-01-28T07:00:27.781Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_68b44ec12b103f40f8fd5f0939c10a85">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>1KcnRpH7wWeY17BOs4NL7y2GQUirBPSCcE/6W8mszdXEHyTz5FaIh8oAqIUdb8ThVxRNG0QVtjPooP1Sa7DrFA==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>ad0ch9ML02BS5DOuslrpzMTAVzG15JFZvxoQqJPHKnt8LE//NsRp5hLT0tcimtYhiCzBLPN+PMQaXeZ6YncqVMdu8tBnWqIfLM1UdLkv7nUx2+fOzSFUWSgnOOXazhQ8adZkWjQxpDW6Cb5UBORKF4yf5WAVCN4V8lZ9wQRAzW8DNn+4uhSxWPWyNq7dYc30AeTd9My/T0bOowT9x8Agmakzqf3OvCHvQtTb1M3xXd2AgtxL0HS8C71WT7ibq+wgweqoVqWhKQxzOiD35yQ5GEI/tVCtDMt0zQXhJ0ifnFEEC1aWqSc76Q6OG0id+uhC3wr4b/FBL+I0F/BhGN8bNw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxYLTBRTbO1CR4UBoEOvANBsen4b1Y2TFhhTDZGLrleJteJKM6WTVbEoFaijtUeYN52x5WNRBxm4+gbQHdmE75TfW8KnG/I0GSJIuaXConOk/bFeHDLiL1yj7Qd+cRShcmWrm0NFDP+LU5UZzerxKZCkWah5ebwfY=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.37.207"
                    InResponseTo="_irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5"
                    NotOnOrAfter="2020-01-28T07:05:27.784Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:00:27.781Z" NotOnOrAfter="2020-01-28T07:05:27.781Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:00:27.096Z" SessionIndex="_e02e2d731854f077e86e52e7d065bfef">
            <saml2:SubjectLocality Address="172.31.37.207"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:00:27,796 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-01-28 07:00:27,796 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-01-28 07:00:27,796 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7b2b3b7a13f4e923196c5f575945cd3f"
2020-01-28 07:00:27,796 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7b2b3b7a13f4e923196c5f575945cd3f and Element was [saml2p:Response: null]
2020-01-28 07:00:27,796 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7b2b3b7a13f4e923196c5f575945cd3f"
2020-01-28 07:00:27,796 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7b2b3b7a13f4e923196c5f575945cd3f and Element was [saml2p:Response: null]
2020-01-28 07:00:27,798 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-01-28 07:00:27,798 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-01-28 07:00:27,798 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-01-28 07:00:27,798 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-76259-yKm3ZJl6--LaXmCrOXyMYowsnVIFhexL', encoded as 'TST-76259-yKm3ZJl6--LaXmCrOXyMYowsnVIFhexL'
2020-01-28 07:00:27,799 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_7b2b3b7a13f4e923196c5f575945cd3f"
    InResponseTo="_irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5"
    IssueInstant="2020-01-28T07:00:27.781Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_7b2b3b7a13f4e923196c5f575945cd3f">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>hHluOljkZiID3RuVKVN6EaqXCLfv1wlMPGQeSGFh6UYIjCrOONZFpdwRUVt/mFdC8/OeTlhLxEtxNtcp49rtVg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>jcOyh8TFNxYhHQIZqc9Al1Qeg1RU0FDK8WrM61i++3YsgBwWasBKdafxMnyekFq+ZjsTJZ/5HosYYx4YbjwRO2bU5xHneFiSEUoI2pzrqYKzJ2HrPdoetSk1wOdLPST/IE3pzJ7p20wYy0bLXOGQYpfsE0DrB38xNGMXi5MP3ZkJGBlws2Vrzu237IPhnl+hmglF207HB2pvFDNEGeULcmqHSKcZ/lf6RPzV04mvg4mGzMHY1Z8dzGhLMnzuF7VOxlD9NXpkbCR1INyiS4Wq1w4Ih9LYu+6a/V0lnVra5C/CvjPN5g2FGBoKufO9XOdAH4k0KuCpRWtEHIH2d+MjBQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_b8c76ebf31493ca5d9c1980c5c2a7962"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_59f549ebe7b3179b30b8f7744a687ac6"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>nmxdA4dLiW73pwNbcP0h1/pV0Dar1DAVUeHLDUxvpweGynH3z1/dyWwQTClvwEOShIP6h8lITWoRHNCoHQtwhMSi4ACe4OXyg80JxzoZwSXuZEMuXDWjr3lH5hs3U1jW1k7fuPH+khJi99Lc55Ir5an2PdmPt5NjgRwTH+IFdWewXPFcRqdoijhoRcx36SvA5btRlJ2n+LYQxbU5Cf4MhRfVj4oa2W34CFneaE55W1OEvMN4B+eUvdaIt8BVddYwx2FbS68n4q8ZErTKSvtkXrsnXtQvfZjqqwUXXe9N4/aVyaIr0M+yE7xTdx05tG2mM/qvueCXpxuTJc9WGlO49g==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>jmtbnnEnuN7YMz2Tzl4Bp7AUX/1qvxAhydX0hCpeuNqvFQzU0eek/SKaU0C7rDhK6XzoO38p5b/GJ5vhZpqOylnf7DceIPSasqAM1eaFTDym5h1mVdolbwnvknJDqScsd1I4D6cVQTuc91B3Gf/faPPqJsjE6Ll3CBkIILD+/WYQNTQY236F2NrIo+74Uv5FnOuPISbvcajrog8wBHZ9FrpWWYWQ8jMZwxJz4PHRHNQ42K/z0K1tvQDmPIGZp7qdz0SbUAE8FXbZ9XgV/aoNRLQwDQt6VUkIJ3DjBru0zz560uDUnRWDgMQRDRiEW6j/of7mNB8MaWHRwDCwRwKPPoACd2SwrNg0wHaKLbtKhdv8tVPlRcAh9YLwld0Ed2+GsY/37jk22Q9NQYAF9WW0Pkv7ajUYrGd/btTC/be1oNWOoS1MptK5RnPVLVvJGBWf9b0l4lBc5MMU6yB9HLaQDaDd9el3J7YcHtFBMLSutleMHboSdi9AB0138BmzGK5XZs+6ri/d2mOGCh4xr1lpN2BIltA00FeATB8bgbpt511I5OK+VAMS8Njtu4UgguIHcTvD75LlIAPOJsQxWM7SAp9xB1ZXvk+NZUA99gTSpMfF6CcOB/pb+HLo2wpaAlaIFHlaBb22M0eyY0rw6GKxtF7fOJIASAA002szN9+LU+vCQbUSabC7Op/EQPmJGkwgpTVm6u2XvIb6RAN5vZ6wHBHqabNwjkEBHPb0jEP+ZjebGAwZJq0/59pYHk8uGeIFEncxrARmxmChnbKtN9nooJVeOgeghN2gKN8Pyk0tEl1D1TYkPDHQygije0WFCtu11i5fT+AdRAEz0pXEntDIJptu39eReRQEtody7t1U4NsFvc8SNRrhdQlfnXqk9U3Db5BMISBiSvOYc0h+a6KrUJrwh2tNUeXUzJ7/Gnu9naosXQf4fzXEgbAUWWWJFtqu0xQOmwtQjZQXKvi3mo/AsPhI8WJ9zjR8dDoCXdxMgmD3FOnyQifd30oGb6aY0M9+QyvHDLeE/oKXO8zHkw2CpuxIMtoaIuaup5LD5slgZs3MQlPe/gs+Cdoy4uxgpJ+cOQnILD/xQY+DFRoz5HAQhs4jYyzXxUJTy7s8x+ew36T4HprfpeMuUGtfNXQGAbKSULiZmm3XsZ6DklqoeDomXqR3ami5O9IvuC383bpoAZ1EEKiGVZoddP/qA0RhcOksJ6oAdWe0MG2qd1o3Mi3P+7aO6mfBr8YhOZDysSeISS2ctw8cMWCbYSmDD7VkmM9v5IeKQ6pprlQ21Xh5p1LOem7nnpe0hTA7TQtsBEiiskvjs+8F7mTRpjgbzBIJ7+7e+thSTZqYtUa3GrrUZqHQ5JUqhCdA37DyVLSEybqBH+lhBmG2jhlTZ5H4493vLIkSIek31xjisk4luG4GZC4pMJixuLSP4+UBKd4Op4X4waWQHJmoZ7yoHcx8f/ib/MKek/+s0hSWhvjRaorvMW9m1A8+sKEtPmAcIjVusLlSCOrbi+f9iPPnUY7sV7KSEdXBicezipbOt3jdPaqxDS9Z0jXPuwynsdzeTJKWgkSZCznbxBOf5y78hs5vhXzVb2TPtFBTZNSP/s2jB+gk+7VnfkXBdyevBte3NTNPbNz3mizKr3eO/bxO6WTXw1zpSx1XTFzc5fkg+N6DSR4k6zmX2ZL24/evaSqQRAMHDOw2jQLiyUQ1PW8Y5JsZ5LdTqVJPP1xM4sxMX0Em1tRw29P/y1HmKuworzBY8B5TqBqzGXOz3KF0tVc5hb4pvdeejY4utQTVIGMBemdBL9rscDIOXTJqsYgEnIrz6nn5q69SPgZs3xFr+fJ7ps7nF9uS881FKUqnvtikMBEBcxLgVQHkPOJp0KSScMXkH04Fy6bc95RT8vFljBVEuha+gly2rYZdzmxXJ289ByHnl13iwsT1KNf92+Qh4Sb7r+PfzeLcKzM3C6c9iNxDy5L8jmN/tLEjD4+idiverG7sDPjUrbbGBh3xTDHlp88kcy7MuQFk7/VHnsv9hi7CWZyC177OCzUhxXDcxtjCkjWLPLXAVA0KsQpu65pvjG2ddJ7p25HEN96wbVIpkPfKHLFxBQJ/jvpRndh7xIgRX/jvOg93R17W9vcajYKUYxRKL2/lOGnqiSYLzlatJmguH+71K0qH+iOJet8zcNPC1K2RiYjGJxYJJt/TTOPtqGS+sBndfT/V4pWtPHbSxZUzKlamDY2Du6by6mU/Y/KZfGwGN35HF44k5VRNO49Be64HBy744l1vBZbkpXchLG3NS2I5V46VO0IA3v+iO+AR4QD2uQClyF1rjZuzACZO4/Ua/iRm/koeCB6ZslH/DP4aJL6fgw4v6P0EPiVmp9M1BPFC0mXdlWfzpYDfN6cfUUC/bMdgmvvtOflGJlHpGAG3JPNr3WEDL3+6l4l+eaWkjTW6nhBbpIkJn/2/G/Oc6DScM9jQIqohRnbzGeQ1iC2OyUgGitkXOpsWYvJgYhqFLibrJ5qFx6UxCMO+maXDKoiBcQn43qVu6mwjagwQj7TnCa5hsrwYEct0Je/zoIFpY2OhdDYMnkTps5PzO2Q29e1KqcurdBfNUJocPoAZxxz4p510rWmpnVd3KKZc3UIbVcz+kY+AG2XiN16dnbTpGcjCUMp6R4DcuFoP1YIsKi4ZHOuiAhqpKBco68tncmVnJvf33fd5H8A99wC1DNaP3ivBjQscLn95PlHXuAQgOsBqwNwGOT6wabrnPLOB1Tme0khxdP1xDjV2FRjB6MZ/NnSgR67Wf9BWANEgUGZrL2acEfWDMo0HnW+NVf6R4jxgnyJbn7rXuixpq1RShbxvSrvCZjHxMYP4HHVZDtg1bmFtB6DdwUX0I6U6T0nyNseQh7MpsHMH48VyppQDWk0+tssoKnTvLv6dmJqhWsfRcqVtXZ0TF3qgJTTM4Cyu+34jE3vACrJfyOKO2iunBljIifN9Y9UdnkhRo7Z1b0ApHKLmMSogBMCCKGMniFoPVhGg+yk3Fqh9bbmEWqdG6nRCEALWs7mdLW7vcK5iIKC5FBs1nXxsaeuwNjcNc8Ghfp0FjgAeY0Y3AcWSWM/15BRQGfOBYs9/R5lLnhHSzqBrk15wx69KtDFnLS+9mNAEUzsb+Md/SMh+ujS1v7s1c0Y1L9KBLGrRW+hrG5nQrCsu0f5wySw5a5I7mYgVjQw35IgVKyeQc0JRGTLbln+i0b8iOrNp+s5h1HzNxICvM0SMPu3L58D9GXRg5vjEF0gp1bR5oXge0yOHwzyAa2IYJ1lTccGjZR/AQowNOCBwnz1yKcHS3yl+h5YuSG+tJDCETexhfSEZMRLkSWYJf89bBi6wPV3MfNEOpM2AAi1EiDNk4cqAi1myxwWKbIsz4uPifPNelQDJCNiq342tNuKgtOffgPcNPlAMSMYMFmBoKcxEuTgAZxIUAg4hfKdzrnvL7FmLOREUUsl979c1GgcH2r9xButrBduwgtWcC7j3QdHDE2CsvPJOQe8x8nfUvGj5xi3ml2xWS7ocecaMRSDQ9vhVIfuYMoP6Tw1PMnk9YjOHIYPQi8vGHd3ftHZGfGFlrsvqce3BlM8fvgTGtcLZlma2SAc8ce0mKdFP3GddQToikvH+CDH3KdI9FofmhF/JLCRWo3Ai21+Pf3Bic78/bBeAJZ0kQqAuNCYC43BGLqMTyiYc9DH8KHCZCh7UG0o2ZsI4THYI9eS+SUR2UVVfFhswPvmLiZ5vLF5Gz2uFriIyrbZxjzGJFspvuIhUosB38RQ4gG7CoEgaPNT8bHUL5IgL3PtrmD2NWYyrvt91mV3F2ICHQiNr8LMWwhQCebgHuROKe6iVcc2JDxcr5f3Zu+4jiPp+5wkINnmWQlm2Ypch96XVGRrq8avgj9GcCKkykxavNaVBNfF5oRIRN+5FTnpVsBWHdXOm85VP4+gft5fa+ray6slwFWEot3Q6I1DUySsKtYRqypTuondZXlOfcilGidJdBUiiOOeaHk2APcH4dqCM/GFAsRan/8+TXc+66PqIW2JcIuE87Snxh+R71I6UlurNeolSVcW3tosRq8XzJkE1Lqc1HmoW3JqK5IW2wuxRb2wslm5NrkjDd5mWWpxDH7C/1UTyA3eHl/C4CeUM6dKgMcyNeQlcUIncnCinwtqvtXvil6MteKICeqJOq/MyWfhPSX8gjy9J3J4eDaphGnsDni5ZQOUnsm4YI9Q2EGLT8IwSb+RccsLpG4edbAvoa8j9DJkQ9BauoQqjjsZ2PZFwnOMWJkNdZD5nNBYLbDpbcQWrI5NFY9m/xiuX8iO1HGmWeXhuGwJd9EtRlA8ej9cEY0h7uVsP6McYn0D+FDdg1+NrgV9UUxKKi4aUwY45ziFwW7R/BMZDqAqpNBZALZbLpmthLiK57FNKrpicRghmXz5H4H6HnwZ+BvY3hoqCDvxnbsqJOVZY6hH0HiTYGhfW6n9seNzQmiHQ55YqjObjC+0yFhRUJo7xC7KJ94fpl+YPRj67NA3I3clfleboN0GYqlXYFKMcVKii22Bx1OKqOJLnqf9d5veXQofuTu/bGkPxnZvY6nLD/s2j24Dn65S3Nsr6ofyvYbsQWflnEew3i1AfkympM9uBltHu81t/TABxZ9EcJ6q8afuSPKzgbWV/43qdekpRBgBtr9DNVBjXHqgs6elgjiaXEN3olYVaGlJJuBCDgEJOPRv0zBhHQE+2VgCdRECi7v/zCCBnM5N4n5DOFm8IvAALj440SrcfSrEquZXSEI+B25GH4ZPEnzGdmdb4ehGBkjScSH8G7TO4canvz7ZfJ+pOslzaAv8OHztQOO20QOKC0nWoAzqqZzqPJH+g/ZFYHkU8A/xiP1uJz9DQ+YZI4ZF85FXzdSCd6uiTniZj3BYah/6Fg2ZXizOLeMX9SFcrClHIMR4tVNMviiGvxTHQ0FsiBtIv3FGH921ToCm+/gtzvEe8462HjuxuSfGQSB5O9LT0WcuHwD6jOkQ1oxabPEldO9W7er+I5aNm/48TxWINp9SuAEXF8C4bFRyhXzchaNSFzLnR+gCxvn5OBtctNRohqoGWvCxhlryGrkpd1W3FDxtmGfpfQQyjapf3OzgiguzJmadybDD3G4DvjPAU1Tdi659Qm3el+smrDBxhb/SsNiUueu7qqXlDMBLlriE911R1gaak7+AG4CyiNLRQpZb3OvkAedjW9Wcdhv3kluEcXN2LVrNeX4HrjdCkExE9jhG3ohpTrAr9MRpLXmriuE9mvQkvxMdOhqxO9WsArFEl/TRAMNHpg/NeaclqdY7siBe+6DyVDF6tWHheuJt1ruLpwhPSYsX7ZQz1Zxuhdxgt61AJ+rlmdY4VnZgd/Jg0COqKAS7jkCDPMeoSEUGQ3BztSCp0NunUE7ruwHZzxVx97A8rmhLLPUMW6DV0WMRe6GisxuEKjVPLstzX4oxYjxBDD0LKIFNnurEIoK0vQIhs1YRUo2ihKkX3s0R7+HFlM2VuAC7MX7Led08MDc2wHvgg8HwfnkIFRksComgEdXdXYKraVW1bzo3iVLBfCtFbMGMlLrFImHJmY+fURkI2G4xdbi7QyXPstryyXFkYoHXPfbze7KVYv9itvVmizH9EOy3B8TuB08/6TzUwn4wqNalW/xuPZw6Vmj7T3A5uXN4qIfxh5LilM1iXW0RcfhGDNlcOwPj7kcW/1MVD/p1FiqN+UCG7+H0RDLPUvkPW4F4w87j27bRHWoUdVMyiTkUqwDzbTnXNFtVDpsCQk2HR/3aLGEIkBEm0YFP+LqY5PxCZGj6Q5ldgyouRZN6dHzJNqzwDRrmgxLie0buS4fInDmY4yF0U8wsaZGGoxMhACuqbd9KVRLq57WYUwbwCw0Gei7ObVz6E5Nft1S/COo1wxS1rU9QmCnLFpqgd/2/rzeov8SFU2jSw1uCKZ2M4VniQ6dzHUQqotbq7tgtEUpy64r4Hgtk2vQm7bPdfv80bvsbiww/fvfF4ra7ooBhhv4w5po9MB0xUfECzVylzBXHuFwMqjykDT/O4eNyZkcJOX1SU6uLzqa2WUAxeVs8v7a4TaCBVoXHk0uboW89502h65hGB88MVtdMN05tQ/Tz6DSFQZULGzikgKdpMgNiZQYeol6k3xga2V5vVnQbSi76a0001trAlarQ45zGO5nwun/kC6OFY0IHknA0xvYIWHvlICODbmzJH8oHeD5ZXmQsLz4ZSbGurFAIPdcVtLYvbfWYoTsf9Fy5k2NC+S3qU9YL10jvDofJbF7VBCWdPmhFiUCHl4DdRdNcSa3SaTHSCG8Qo+zLfGZ5W+iPpA700BuebdETzt3SdxIm9frN7eaxJ912o4Ck2FAY6+/LL9evi9lIrbh4du4qv6uQ4m/2rs7SzGAuqj7MA16p1TbJ2akR605d3TC3/jq4C4L06BOWGbMzbjPH8NyMjoqO6BOS91cg1HOnrfiSSXAVosMQKhwSnZyZx/7WQS0VHra6Zcr4WTDvl7xJ6SXJNBVvAJ0yDVEcCV9FHUYNauwQhwt0Nu4kwKgCznlH0MFUfh3jwJITkkZ3HnT243AEExPUAiue6nSWCt9p7litoFikI1VKyT6ovPpl7vxW+pM9H9axTYX8dDRs1lnimmlAHI0uWt4buhRm/c1ZIxcRNgG61fX3WIupEubfYTw4yxWuaua6PljeSX6BPx3EZOxJXUgxjjWIqi6oTIbrADe78MD3P8M7zAWx8sE9A7Sw08zS+mRM422TfglgpuUBIgDFVd8z227zk1VPvveSbwLhHbzoXPDJBjIxppTuS/K3nEmB1a+HbDMwzHEhY/8u62idT0Zjk+aKIOaQAdswcuQPW6gu53PY79rn0TOl5UXFp/9jD+4ANg4+qMTuNFcfgLDPSiTy6VHroRrCavlMZtfWD+BA7rjpOdD3phCCkOyk3YdEPibVKsbI8JF+4fG7vvmjED2K/T7AgZAJAHdik3mrD0O/eEqLhhNJtlP2rOFJhx/OIH6ZV0gKZxYpqUxy7bdz+l1rdPUqEaWOUnMvSoI9cyKhvm1wJl4sSVKr+YfU80un+fe5NJ3mWZeyclP11I1WkX1c9zFQ9TfX0eklEXZNrBRAcSEfGGasILvMfcP5cSh/n+5fXmT/4oR9P/cGlrM9NB7NQ8z4tYZq/ubF/4cKTmnbjQ5/rCZHTNk7S1D2uw1/UOYcvlGtDzyfP1fJlw8a3T6jLIM0C4Q8q1/wXADQWa+Ih7rqk6/d+HejKsgDkvY+btTbdcrZR2HzrCHBz5IlXkkz2n8eCxchSQduSFPkBzX0rz3Y/kY3zOD3HKOTpD0Eh0uJgO3ngVTWO6uFbNc2x0KUbNhxGeWvU9LCea1MLf4f/6ehBryroIMrts6K/VTobV0ecMbZataukI/LRV6WYgi3c1TXmU0/7VXvOwfRZZu0k9rP4rRvRpu68Y9tu3qSiHx4h246uGB+lGy0fM/u+AqXwhaTmCJlx0djNymupnN/iVNkOI9z7qkWxML4zn61GBKhvVnPTJQqWI+liQAcff3Wi40ZrR1btZqz4u8aeLhBKXn1JLsrpMAnwgFbM0r3OTzZQkM7LpGyCgIKvwCVeg8iobsxiw4Hxm3lb7hH9/rLoeLoEmDdrBEgcBqCrg9C9ATgppDplo8PcZi0ylSRmr1ogRKACrMhJwryjRhuTVTSL92lciZW4fYHcFpe/S75GpPADt+/LH1RrsNlqcQEBjYYjvxfmvdOrbS1kSpODKYo0o5g2YbN55Vt4ur1+2oHynQ1915XkzqtV3vOzzHCFwyIDK+ZAJqJZuQPSuHIdVWDz4u3CR4p8E0e+iuwkxFk2aNsJSs2sYteXa6xCNb0cMXFwgl94R4U6R8xK0AZw8gTma3uks/qjk3Aajdoc9ekZK9/8HGDRlTVs5nhMSQyEElBd8rGmwNY7ufkAbWhB3DQ4ACrqktC11/NxZmu4rbICpOvlX6hC2cthBAT6UGuZMO8s09zYflA35g+ePvu4T1jhjuQgoRl2SnQAVLbrdd8pnvlnnnRo6OYeh619LWitURaHtxRwmeRwgNgha+dwoxXhntgdR5n+nIzddMmp9IEQTmJ99yO41HRlUBpdr1z+syMSjJnlvWTUcnHP</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-01-28 07:00:27,799 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:00:27,800 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070027Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_irddqswlccetqz5cswd3zx19s7bnfehy5pb5ws5|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_7b2b3b7a13f4e923196c5f575945cd3f|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxYLTBRTbO1CR4UBoEOvANBsen4b1Y2TFhhTDZGLrleJteJKM6WTVbEoFaijtUeYN52x5WNRBxm4+gbQHdmE75TfW8KnG/I0GSJIuaXConOk/bFeHDLiL1yj7Qd+cRShcmWrm0NFDP+LU5UZzerxKZCkWah5ebwfY=|_68b44ec12b103f40f8fd5f0939c10a85|
2020-01-28 07:00:30,662 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: ActionType=Login,ShopId=57a1beb5-f03d-48e1-a46e-62f46f93fb10,LoginProviderId=8ce19421-3658-4ed0-8929-4367f401719f,AppVer=2
2020-01-28 07:00:30,662 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:00:30,663 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:00:30,663 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="idc8be1694f81d4e2fbd54aad01a53ab70" IsPassive="false"
    IssueInstant="2020-01-28T07:00:23.305499Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
  <saml:Issuer>https://academic-test.softwareone.com</saml:Issuer>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <Reference URI="#idc8be1694f81d4e2fbd54aad01a53ab70">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <DigestValue>oABNxXVdoI37De/QMKhMIdNcoLw=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>XN9AnJwPZ2zgIB1FoRyssbScvQlSnG41SfWn5E2kd+f4UThS8PvMOVmfR85+erHJEv+BiB8O66jPvKA5tdl1epBwZCyyH9nY9gRuorQbw6dGgIo6gXOLGjrvSvcXVgggbFaV7QtGcq3L+OkzAbvn2rbKLsyDEyRNZrx3fTGos3D6f8m1RRpWMyF6VrBuX0BA4dwqkzBHH/Gb1sr3qmGQB6S4x0rcr3+hNmKdyxZdgUttvzyRs1x/f5ft4SPKRBReNpLgqw2cjjfH8MTa9niDPdJh4LJyqatk9xe3jtiabOxaghJKBVFb3fEJDCcz8uItj5ai9RaeDwmGnGGMsx8VNA==</SignatureValue>
        <KeyInfo>
            <X509Data>
                <X509Certificate>MIIFBTCCA+2gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQ0gxCzAJBgNVBAgTAk5XMQ4wDAYDVQQHEwVTdGFuczEUMBIGA1UEChMLU29mdHdhcmVPTkUxDDAKBgNVBAsTA0JJVDE3MDUGA1UEAxMuU29mdHdhcmVPTkUgU2hpYmJvbGV0aCBTQU1MIENlcnRpZmljYXRlIChUZXN0KTErMCkGCSqGSIb3DQEJARYcZG9taW5pay5zZW5uQHNvZnR3YXJlb25lLmNvbTAeFw0xNjAxMDIwMDAwMDBaFw0yNjAxMDIwMDAwMDBaMIG0MQswCQYDVQQGEwJDSDELMAkGA1UECBMCTlcxDjAMBgNVBAcTBVN0YW5zMRQwEgYDVQQKEwtTb2Z0d2FyZU9ORTEMMAoGA1UECxMDQklUMTcwNQYDVQQDEy5Tb2Z0d2FyZU9ORSBTaGliYm9sZXRoIFNBTUwgQ2VydGlmaWNhdGUgKFRlc3QpMSswKQYJKoZIhvcNAQkBFhxkb21pbmlrLnNlbm5Ac29mdHdhcmVvbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOoXMJ4/psz07KbZSkXFfo66vYqf8Lrzt5kJOWKWlQ1zDJ29qzTKcojzk+iYDp16wwCn8c1XBgmaAcqQeSyPwg9DFgc297yDdUJ88SMY5L52Q1Bmx7+R+HyrMp9XQPD3yfdJGI5AW3tVRLmRwjJLgwKG9mJTiJ1i5equBB5/2K9i6v0Z55XhZoI19ZHrN+HpTLr1sDV4h0ycG7wIFB1cfNSf2lUkC4N+jFC0e5/KWBwYsneBCVNTd43CHhxWzgnjyzVPo+y168R2qdyH3upE40vNNmp/tSZRmtuIafrCSUluSOsIhZHk7CogSpJu47UpAx6WB7rjRu0H4A2cWMCv6QIDAQABo4IBHjCCARowCQYDVR0TBAIwADALBgNVHQ8EBAMCAf4wgewGA1UdJQSB5DCB4QYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYIKwYBBQUHAwQGCCsGAQUFBwMIBgorBgEEAYI3AgEVBgorBgEEAYI3AgEWBgorBgEEAYI3CgMBBgorBgEEAYI3CgMDBgorBgEEAYI3CgMEBglghkgBhvhCBAEGCysGAQQBgjcKAwQBBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQgCAgYKKwYBBAGCNxQCAgYIKwYBBQUHAwkGCCsGAQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTARBglghkgBhvhCAQEEBAMCAPcwDQYJKoZIhvcNAQEFBQADggEBAFSpWACPV5CHVfpfSMAovCO3Mjdf8aIAnQhSc9h70KJFbKa2yoZ0Kg6gmO76NAbaGqd8N+OpVeOoC6HIxKnawW7xUkW5W+yI5jJTJAwzXsV5BdDxCuU0jJdvlhvQ2m+TbK5Q1RF7fOJY3KI+/YV5SNh37WNGJeEVdg1ku0HD5xiyjYfct7++NBchjX7tzEikPbu/NhH58BRoXxO6IBkY/g7DruVKHCDnWSsiI5YZWEFt4jqgYjyHEuDw7Vz+vgvWX2J8dHUQ+42OukUccRKCLId5aW2rF4gfy5KG35UfRGvVTGCeRC/EFYC+ctQjPDVyqUJ8S/373RPLF2zWVZ9qjOo=</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
  <saml:Conditions>
    <saml:AudienceRestriction>
      <saml:Audience>https://academic-test.softwareone.com</saml:Audience>
    </saml:AudienceRestriction>
  </saml:Conditions>
</samlp:AuthnRequest>

2020-01-28 07:00:30,668 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://academic-test.softwareone.com' from origin source
2020-01-28 07:00:30,668 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:30,668 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:30,668 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:30,668 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:30,668 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:00:30,668 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:00:30,668 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:00:30,668 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://academic-test.softwareone.com
2020-01-28 07:00:30,669 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:30,669 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:00:30,669 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:00:30,669 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:00:30,669 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:00:30,669 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'idc8be1694f81d4e2fbd54aad01a53ab70', issue instant '2020-01-28T07:00:23.305Z', entityID 'https://academic-test.softwareone.com'
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://academic-test.softwareone.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://academic-test.softwareone.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:30,670 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-01-28 07:00:30,670 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-01-28 07:00:30,670 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:00:30,670 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 22333376044085653071417451972065694525684693636631234665984185897755291464762884695566603897510207719201459720714567578042566062832020488361369348206216420954819978010838364834016995499129947181341407278922832244112527366983270266528030630618429599434667537063835993751244030143563643531680170343443165909291668825139645561202380899160618155416854684714527329681649452758380097053259841423043896359985311237759220916989226851005323290782254799318083762849724881691532440531561332671478712314708270330336396276252227085994347562162947061086332277127438065660459815305556032000006929339423785467115861950970774411063273
  public exponent: 65537
2020-01-28 07:00:30,670 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:00:30,670 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:00:30,670 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#idc8be1694f81d4e2fbd54aad01a53ab70"
2020-01-28 07:00:30,670 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID idc8be1694f81d4e2fbd54aad01a53ab70 and Element was [samlp:AuthnRequest: null]
2020-01-28 07:00:30,670 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#idc8be1694f81d4e2fbd54aad01a53ab70"
2020-01-28 07:00:30,670 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID idc8be1694f81d4e2fbd54aad01a53ab70 and Element was [samlp:AuthnRequest: null]
2020-01-28 07:00:30,670 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#idc8be1694f81d4e2fbd54aad01a53ab70"
2020-01-28 07:00:30,670 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://academic-test.softwareone.com
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:00:30,670 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:00:30,671 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:00:30,671 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:00:30,671 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:30,671 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:00:30,671 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:00:30,671 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:00:30,671 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:00:30,671 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://academic-test.softwareone.com/_saml/assert using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:00:30,672 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:00:30,672 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:00:30,672 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:00:30,672 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:00:30,672 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:30,672 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:30,672 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:00:30,672 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:00:30,672 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:00:30,672 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:00:30,673 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://academic-test.softwareone.com
2020-01-28 07:00:30,673 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:30,673 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:30,673 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:30,673 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:00:30,676 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:00:30,676 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:00:30.676Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:00:30,676 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:00:30,676 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:00:30,676 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:00:30,677 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:00:30,677 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:00:30,677 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:30,677 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:00:30,677 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:00:30,677 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:00:30,677 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:00:30,866 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'academic-test.softwareone.com'
2020-01-28 07:00:30,866 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:00:30,866 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:00:33,987 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'sheldon'
2020-01-28 07:00:33,987 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user sheldon
2020-01-28 07:00:33,987 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@758603143::identifier=sheldon, context=org.apache.velocity.VelocityContext@6828eaa3]
2020-01-28 07:00:33,988 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=sheldon,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@758603143::identifier=sheldon, context=org.apache.velocity.VelocityContext@6828eaa3]
2020-01-28 07:00:33,990 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'sheldon' succeeded
2020-01-28 07:00:33,990 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:00:33,990 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:00:33,991 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'sheldon'
2020-01-28 07:00:33,991 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'sheldon'
2020-01-28 07:00:33,991 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:00:33,991 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal sheldon
2020-01-28 07:00:33,991 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session e79af97b0b4427bcadbb5e6899d7e67603481dca5d1d5d4a8f2493bc8baa02de for principal sheldon
2020-01-28 07:00:33,991 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session e79af97b0b4427bcadbb5e6899d7e67603481dca5d1d5d4a8f2493bc8baa02de
2020-01-28 07:00:33,991 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-01-28 07:00:33,992 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-01-28 07:00:33,992 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:00:33,992 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:00:33,992 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:00:33,992 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:00:33,992 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:00:33,992 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:00:33,992 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:00:33,992 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:00:33,993 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:33,993 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:00:33,993 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@18bca090'
2020-01-28 07:00:33,993 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:33,993 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://academic-test.softwareone.com'
2020-01-28 07:00:33,993 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:https://academic-test.softwareone.com'
2020-01-28 07:00:33,993 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon:https://academic-test.softwareone.com'
2020-01-28 07:00:33,993 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:33,993 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-01-28 07:00:33,993 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-01-28 07:00:33,994 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:00:33,994 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:00:34,182 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'academic-test.softwareone.com'
2020-01-28 07:00:34,182 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:00:34,182 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:00:34,182 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:00:34,182 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:00:34,182 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:00:34,699 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:00:34,699 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:00:34,699 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070034Z|https://academic-test.softwareone.com|AttributeReleaseConsent|sheldon|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-01-28 07:00:34,700 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:34,700 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://academic-test.softwareone.com'
2020-01-28 07:00:34,700 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:_key_idx'
2020-01-28 07:00:34,700 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-01-28 07:00:34,700 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=sheldon:https://academic-test.softwareone.com, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1611730834700}'
2020-01-28 07:00:34,700 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:_key_idx'
2020-01-28 07:00:34,700 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-01-28 07:00:34,700 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:_key_idx'
2020-01-28 07:00:34,700 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'sheldon:https://academic-test.softwareone.com'
2020-01-28 07:00:34,700 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[sheldon:https://academic-test.softwareone.com]' as '["sheldon:https://academic-test.softwareone.com"]'
2020-01-28 07:00:34,700 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@18bca090'
2020-01-28 07:00:34,700 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:34,700 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:00:34,701 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:00:34,702 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:00:34,702 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2d24b6d413622f3c0514bb4516602529
2020-01-28 07:00:34,702 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2d24b6d413622f3c0514bb4516602529 to Response _143650d52f8bdeeeb3bc7de0bfcbd819
2020-01-28 07:00:34,702 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2d24b6d413622f3c0514bb4516602529
2020-01-28 07:00:34,702 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:00:34,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-01-28 07:00:34,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-01-28 07:00:34,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:00:34,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-01-28 07:00:34,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-01-28 07:00:34,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-01-28 07:00:34,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-01-28 07:00:34,702 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2020-01-28 07:00:34,703 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-01-28 07:00:34,703 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxqSBogXTqFOif+ukTZC8R6SwYjyP7h77JfBhP6+PnsHmT5lMih1X+p9juel4DV6jXUXFhWg/jpyXzshpa8ppLdIV6oPlzCe2cS6oo5ivrYcz90nd7Tw/90CDBPntbmtUvpyHC2ODBCTqndxg= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.25.118
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to idc8be1694f81d4e2fbd54aad01a53ab70
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://academic-test.softwareone.com/_saml/assert
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:00:34,703 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:00:34,704 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:00:34,704 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2d24b6d413622f3c0514bb4516602529
2020-01-28 07:00:34,704 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2d24b6d413622f3c0514bb4516602529 did not already contain Conditions, one was added
2020-01-28 07:00:34,704 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:00:34,704 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:05:34.700Z, to Assertion _2d24b6d413622f3c0514bb4516602529
2020-01-28 07:00:34,704 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2d24b6d413622f3c0514bb4516602529 already contained Conditions, nothing was done
2020-01-28 07:00:34,704 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:00:34,704 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2d24b6d413622f3c0514bb4516602529 already contained Conditions, nothing was done
2020-01-28 07:00:34,704 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:00:34,704 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://academic-test.softwareone.com as an Audience of the AudienceRestriction
2020-01-28 07:00:34,704 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2d24b6d413622f3c0514bb4516602529
2020-01-28 07:00:34,705 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://academic-test.softwareone.com to existing session e79af97b0b4427bcadbb5e6899d7e67603481dca5d1d5d4a8f2493bc8baa02de
2020-01-28 07:00:34,705 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://academic-test.softwareone.com in session e79af97b0b4427bcadbb5e6899d7e67603481dca5d1d5d4a8f2493bc8baa02de
2020-01-28 07:00:34,705 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:00:34,705 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://academic-test.softwareone.com and key AAdzZWNyZXQxqSBogXTqFOif+ukTZC8R6SwYjyP7h77JfBhP6+PnsHmT5lMih1X+p9juel4DV6jXUXFhWg/jpyXzshpa8ppLdIV6oPlzCe2cS6oo5ivrYcz90nd7Tw/90CDBPntbmtUvpyHC2ODBCTqndxg=
2020-01-28 07:00:34,705 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:00:34,705 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:00:34,705 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2d24b6d413622f3c0514bb4516602529"
2020-01-28 07:00:34,706 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2d24b6d413622f3c0514bb4516602529 and Element was [saml2:Assertion: null]
2020-01-28 07:00:34,706 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2d24b6d413622f3c0514bb4516602529"
2020-01-28 07:00:34,706 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2d24b6d413622f3c0514bb4516602529 and Element was [saml2:Assertion: null]
2020-01-28 07:00:34,708 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_143650d52f8bdeeeb3bc7de0bfcbd819"
    InResponseTo="idc8be1694f81d4e2fbd54aad01a53ab70"
    IssueInstant="2020-01-28T07:00:34.700Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2d24b6d413622f3c0514bb4516602529"
        IssueInstant="2020-01-28T07:00:34.700Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_2d24b6d413622f3c0514bb4516602529">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>EYgr5aj68ZKFDKQc1fMypPSZ1kBnGKh4rUt1DMWSNCU=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>JZFILrshfIV71MtF4JIJdoe38t8TNiXTnpToN03aK+7i5CdqSHfFbJC0jVID8kHDdo4a7h6rCuxog/DyaXHbYHgL96XXI8XSSs2f+aew6vgpct+U1tZMUi+GIf3ICmOSP4v+Lp2ssUTYJrnz3N+zXQ3ZbJxspcO3ENMFPsWMQZlx+Afvw2JK1IizZD9embiVqFAGL5ziL2QaUkmEi6Ts+OZ64PomNAMM43NejPDP+xRvbzhEkTvem1iIu3WV3cbc+m2u8W8hZSkiJR59ngay/bx9wSvS8h3SeoNZu0XCBjsvlwquT1TcSnMo21g805KEYLBXpwC9Yhxi+OvIdjgTFw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://academic-test.softwareone.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxqSBogXTqFOif+ukTZC8R6SwYjyP7h77JfBhP6+PnsHmT5lMih1X+p9juel4DV6jXUXFhWg/jpyXzshpa8ppLdIV6oPlzCe2cS6oo5ivrYcz90nd7Tw/90CDBPntbmtUvpyHC2ODBCTqndxg=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.25.118"
                    InResponseTo="idc8be1694f81d4e2fbd54aad01a53ab70"
                    NotOnOrAfter="2020-01-28T07:05:34.703Z" Recipient="https://academic-test.softwareone.com/_saml/assert"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:00:34.700Z" NotOnOrAfter="2020-01-28T07:05:34.700Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://academic-test.softwareone.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:00:33.990Z" SessionIndex="_f6e05388df21d4b641a7963d32116d0e">
            <saml2:SubjectLocality Address="172.31.25.118"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:00:34,709 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://academic-test.softwareone.com/_saml/assert
2020-01-28 07:00:34,709 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://academic-test.softwareone.com/_saml/assert
2020-01-28 07:00:34,709 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_143650d52f8bdeeeb3bc7de0bfcbd819"
2020-01-28 07:00:34,709 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _143650d52f8bdeeeb3bc7de0bfcbd819 and Element was [saml2p:Response: null]
2020-01-28 07:00:34,709 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_143650d52f8bdeeeb3bc7de0bfcbd819"
2020-01-28 07:00:34,709 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _143650d52f8bdeeeb3bc7de0bfcbd819 and Element was [saml2p:Response: null]
2020-01-28 07:00:34,711 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-01-28 07:00:34,711 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://academic-test.softwareone.com/_saml/assert' with encoded value 'https&#x3a;&#x2f;&#x2f;academic-test.softwareone.com&#x2f;_saml&#x2f;assert'
2020-01-28 07:00:34,711 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-01-28 07:00:34,712 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: ActionType=Login,ShopId=57a1beb5-f03d-48e1-a46e-62f46f93fb10,LoginProviderId=8ce19421-3658-4ed0-8929-4367f401719f,AppVer=2
2020-01-28 07:00:34,712 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ActionType=Login,ShopId=57a1beb5-f03d-48e1-a46e-62f46f93fb10,LoginProviderId=8ce19421-3658-4ed0-8929-4367f401719f,AppVer=2', encoded as 'ActionType&#x3d;Login,ShopId&#x3d;57a1beb5-f03d-48e1-a46e-62f46f93fb10,LoginProviderId&#x3d;8ce19421-3658-4ed0-8929-4367f401719f,AppVer&#x3d;2'
2020-01-28 07:00:34,714 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://academic-test.softwareone.com/_saml/assert"
    ID="_143650d52f8bdeeeb3bc7de0bfcbd819"
    InResponseTo="idc8be1694f81d4e2fbd54aad01a53ab70"
    IssueInstant="2020-01-28T07:00:34.700Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_143650d52f8bdeeeb3bc7de0bfcbd819">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>/490ZwpYz3hn6iPpHQIHVYsH933CBDNYZYWtObS7sFo=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>KtnkrtYUmFFNH12VtEE3h0dml3cjPTcuHLDTjb+gZbOOWi9vRR/eR/YYUipJfqjCWO2ROPXWFOM++zlRd6Q/HzWYieO5ezqB8RT0uJ+shOVWr2JIUcVQBzCeiyrzXjzkMBmTl9EB2tkqXLbqqYccAAreLnsyG5qxVj0o1HP8rESnhrOPKzRt7T9N52VbA3DOneTZfVk5UAaoWejiaNHxYwEs4rj62/70nOwCMnAgLmOoB5O1DuizC9g6DYOrM0tEZQCU23kdjKcleBL7uz1vhRsVTPryDmZ4L7Rq3s4RRwvBtG6BAavz2u8RC+wJVki6PorLkXXwkY00QD+rc0xJHA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_891b8971b93f1721527fa98b8a8bda0e"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_702283398100b2bc7b07f9b138330338"
                    Recipient="https://academic-test.softwareone.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFBTCCA+2gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQ0gxCzAJBgNVBAgT
Ak5XMQ4wDAYDVQQHEwVTdGFuczEUMBIGA1UEChMLU29mdHdhcmVPTkUxDDAKBgNVBAsTA0JJVDE3
MDUGA1UEAxMuU29mdHdhcmVPTkUgU2hpYmJvbGV0aCBTQU1MIENlcnRpZmljYXRlIChUZXN0KTEr
MCkGCSqGSIb3DQEJARYcZG9taW5pay5zZW5uQHNvZnR3YXJlb25lLmNvbTAeFw0xNjAxMDIwMDAw
MDBaFw0yNjAxMDIwMDAwMDBaMIG0MQswCQYDVQQGEwJDSDELMAkGA1UECBMCTlcxDjAMBgNVBAcT
BVN0YW5zMRQwEgYDVQQKEwtTb2Z0d2FyZU9ORTEMMAoGA1UECxMDQklUMTcwNQYDVQQDEy5Tb2Z0
d2FyZU9ORSBTaGliYm9sZXRoIFNBTUwgQ2VydGlmaWNhdGUgKFRlc3QpMSswKQYJKoZIhvcNAQkB
Fhxkb21pbmlrLnNlbm5Ac29mdHdhcmVvbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAsOoXMJ4/psz07KbZSkXFfo66vYqf8Lrzt5kJOWKWlQ1zDJ29qzTKcojzk+iYDp16wwCn
8c1XBgmaAcqQeSyPwg9DFgc297yDdUJ88SMY5L52Q1Bmx7+R+HyrMp9XQPD3yfdJGI5AW3tVRLmR
wjJLgwKG9mJTiJ1i5equBB5/2K9i6v0Z55XhZoI19ZHrN+HpTLr1sDV4h0ycG7wIFB1cfNSf2lUk
C4N+jFC0e5/KWBwYsneBCVNTd43CHhxWzgnjyzVPo+y168R2qdyH3upE40vNNmp/tSZRmtuIafrC
SUluSOsIhZHk7CogSpJu47UpAx6WB7rjRu0H4A2cWMCv6QIDAQABo4IBHjCCARowCQYDVR0TBAIw
ADALBgNVHQ8EBAMCAf4wgewGA1UdJQSB5DCB4QYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcD
AwYIKwYBBQUHAwQGCCsGAQUFBwMIBgorBgEEAYI3AgEVBgorBgEEAYI3AgEWBgorBgEEAYI3CgMB
BgorBgEEAYI3CgMDBgorBgEEAYI3CgMEBglghkgBhvhCBAEGCysGAQQBgjcKAwQBBggrBgEFBQcD
BQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQgCAgYKKwYBBAGCNxQCAgYIKwYBBQUHAwkGCCsG
AQUFBwMNBggrBgEFBQcDDgYHKwYBBQIDBTARBglghkgBhvhCAQEEBAMCAPcwDQYJKoZIhvcNAQEF
BQADggEBAFSpWACPV5CHVfpfSMAovCO3Mjdf8aIAnQhSc9h70KJFbKa2yoZ0Kg6gmO76NAbaGqd8
N+OpVeOoC6HIxKnawW7xUkW5W+yI5jJTJAwzXsV5BdDxCuU0jJdvlhvQ2m+TbK5Q1RF7fOJY3KI+
/YV5SNh37WNGJeEVdg1ku0HD5xiyjYfct7++NBchjX7tzEikPbu/NhH58BRoXxO6IBkY/g7DruVK
HCDnWSsiI5YZWEFt4jqgYjyHEuDw7Vz+vgvWX2J8dHUQ+42OukUccRKCLId5aW2rF4gfy5KG35Uf
RGvVTGCeRC/EFYC+ctQjPDVyqUJ8S/373RPLF2zWVZ9qjOo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>WHd6aUAyxlJa9pROmJyhB3e+KTc/jb1JGlHXjJBtgUtJURceTnwX4LyzMUFeWeYwxn7qcdMvprRMWuItCfyqF+KzsDa4z5W4PGLg53WKqAzJWH7yG34PxSwzZtmnwNoGLpKay9xbFqzp2aVb2UfKs+lYLGsfKK2DRE1W1V0IRfXBlsXO9sNHCUF7FCU7vj3iIF+mzCDSh1OcxtK0jAkb5UXO7/7eSfjyH1uWIRFt+yRkjrYrL3LwST9vnVbYbxDfGwSYljhPi0tDXH6zgp77p3OuJTnOYl018Gzko4vRpjRWbMEZwzN10eOJRER4RX8nMF2ud4Z5nfGWEJP6e0Vitw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>ke+Dn3Imm7s0T8bm3Mh0Q5QlCsPEUbya+1Nh4mQNKZuhKIYg0GqorPLrYDpgaXbG/lokWiofBBQySnVx6lge1gw4QMl23coXDJg0Gn/ncBrm6n8Uhb8H0Rt2ygzps3vH34Ww/IuMKq8uxDUQkHCWBEX7FJC+v/Yux9gDcszfwyL64qXwTK4o2eR5M3pIeU+0vB9Q/XyT4IVAjFEgDbjEitvKFWzw6k47Wg8sZvMNpQzEGNu4bRCfcgwweP9Bp6UBDCAp1U3hhdiW6aZw89DdAWTmtt35ClQG97bcty+Z+kVZV+tn5wGfe8uN09dnTS4sqpGXrbpt95HS7KbWBmOeWV58oxCIHp1E2D6UhEnarPV++MNZb2IYja7B1HrfuyhiWWAMMXm4vAy3/7whVP2iJQyh8JKzEFgd/CqlRYCqp1PC21Q79uMuMPFzNOLZA485P08EXg5jqCHXrpYzdJN0GI4vMUR9NUwk63s3N8Q3h/zePIHZcbrdarKj7jBpV7PFpQDvEiNYMXFYhQRUuTkofZ7CumP6a6EADFGb1dQnOsm1ahI3WzBPCczUzu7LoTwz8NmqTnCrVUJISEApeAFsKRhaujof9vtwlMNW7nyCSmnBOSSW9H+qN5pj/dU2232m6AlEHUuyrKICPpbe+yQVcG22tibXOmevzMV42srOarv3M/psIUTm3X0wyg91sHkvhnHJo/qcmrgpPCWBpzPdwYhSGcZHHCiexJ4i4hH81l9ZloJmESUFKyWmNYGNiKEvdUtMQBGtZZn1j1o4ddpm3mn/ub+il+eWnyedH8qIJrgM0tzt2yRAQM4W1Brq1x75h248M5i4qwm4VPu302D9PqtxyXHO4dSJxcfsE9qkxqDy/1JR5Qqtjdgm7/SN+aZD20o3QO6g7wuuT1mGq/97Waw1LFisUp1QYIXr4g0Mz0A0fSQCBkg3RVuN9EhinfoQJ61KZkh7EXivk+VHU/4mM2y82GVmEIn7jmh9LevFtOtPOV0kSskS3hxCj8R+lX2+4Cydn8VSzgusUkrRh9OsFy3sNOQQcJtIrmdUNzlQmuLem+CU51ok6x8nxxYvoz4KBEAbGxq6c110zYjvlXTeKReFxJ9xhBOavdDlBMxqO4SFKXASY6XWZe52GbLRrlmUahFKe+W1mEC7POP6izTUvqpzsFtEiMW42pGbKt1UQMMGUTTxLtNwakqE54Rdk//dbHk7Y2OAfD4/81flN0t1y78L5sgFkks+9y2RACzal2KiunRHvxaWKLK44lM5gmo1voCU/G4cV+VGPZ4IZDGRfsG3YychOcxnaA20c3BNY8rqulPkOVlW9IcZTXlROEwdkPvW4r3uEeNiNk4Ull8J7lr/sR0PPEQPHIonJkSedxAnlxBHPCmCB2ZsTDDGSM0vubuDE5Z6TPusGblvFtNd9a6jecDwI1zjyFhC/Wr4fMBvaUU7KP60v2vIm9qVsxtMiZWLT7dqK65SQykNoL3Z2e0CDokrT45qwKz0Ze3W0jKBugTJBjsrasOrxvGehv0F26pUhlwU2+ry0ezXTmPEs9KebpYJo77IuoHu49+/cM9YvXgVCWtYBZTY+fDDq4Q5YmOXNNa9FUErCLf8km5FuMNxr2uk4kK0O5Ach0EITkJUrns2mYrR1rIGgv+Rt+3Ldu9P9vPvbwH0ZxD08SCUXEDRqQ6E8Eilh4OCQzU+uk/EG87g3oy3ovZcPnrnDnmiPUCc4qYh3qBGx2kwoiCoG7PyTggwJHJ1ZYAk/31Uw8TkaIO/O4b5UogHdmmfDRIwHS5Qfu0QMHa+Vg784p2vzdqR0+3ZiT0EEiXEuB0UGyztLiN1nMcXdXJYwuHclbLvHxyr96Enrp+vTeVtQA/U4aYZOzZHSN9CFGWVr3aioWgCJWxdAfBL0XWhr1bjUokwwqRq/iQFSYwILEqoqCuQxtMxwbCYfJgJj8GL7gJKBidXXH2UwPgWtjGlSqMnCRdast7L4KbtzTgmcPLpP3rN9iQsHfONZvRVaTRoKoeKKO9igDtsQSSsAxYzFQT3/hZYxgB+B+FYfPuTpjgkvjyUSProByWMuPlQIYTyaSL8Yih99zZjDn1QDeQx+bj/za9uSzc5Y7+EaGMasoLlMZxE3QRWeAyeVqrnLzEmxid10ypq8HP8LYHozBuqD3HvGO8WaJbQcWy2vZgFhBCgSWCEojZA0zUSXYaHdRIJwMOe9GkrBrOq+g+8q3nmkLNy5Cq93xz9T290S7ah4i+MCI4QZ/21NkrnCPJlrMhIlf4rqPdg1fSwGrcIKlJFlSwpb1mYsXWZSgXOR++HXs5jSVws678X5tatIC6c0tlZ+3Ia3ruC2Jbqwf1SOjnzJEQemiyGYix6miSxu2SjheQMfDrsB/52qO1drd0980TadhBltzRZ5Tg5uEyvzHYIbgBPeOmJn3ycQPem/6AkQxhDMefWqhBDeuDt5zXlfyoIms0CBNHhuAOrdFZkET6OKK8rB9bFufUdNn56H0y8lur4wkmRZLaYOwZF3DCUrhUUNWsypxGXcdRuIecU/0NA1vqWvug90ylETURdCEmpBFO9C9PVZryxhGl2hAEVd9epAw5SudvqtYlrCzsHjyi20C67Q3EiQ1ubtnR5dyEL9TV50xm5SuXxukbMS0jsL70nRPxIeFVUahtjZlSK0Wt0MoBlSVklVdDt5k49cyrR3lcpLDgp4r4IgyeDNehuxoNggvuN0hFJ6h4M2xglP11luRmZAmR6CzAhG4hI/iFWbnY5pfZiY7tnbMiAuZC+8OAZRbaT4sWdKagL5UAtcQWXpo476ZOwfjyiD+uo5OjBbLcaZFyf9NOMQC77uAE/8QH54HWHdMEA8rP+rzvk3jqRGNLKcFXBbalqmQv4gZ0VE2rcMI+FXhn7ZYlcFxuBR85a1aSwopQlSvdGF/4pgNdJxNNohqCem/0pzB0l0yWgYP1Iki7Umc356/vhnn1LGeF04gp4vpGg9N/9T0bEjl4CYcrn1khcpxUohAMPOKlUvm0Z4HHdvHaNVVopyNG11n+pD8dikT2wC7Kwt4Qaxb7kXOCeVeynr+NLUDmkXnnOGFCJWUXnw3/7/4ZHFdn2Sx6gNL+bd8g2SFmS9f038EfNbXbDj7jKdKcCXE/j9ttgA2Y9x99z2zXDOx1uPrvuD/k92GuevS1HceZUXymTJiMZpMezgzWRmpKbNa0p3Ys6HeaxN1RFDnKep+gTiieTRAk5dIxffAT50NIXkKOkIJxksFs9urPMT5jxH7jpjEBBVQD5CszgMyKeuRsSNKy56CMdu0HhfG4tmSh5VVZEsUxgRd/uYwrgkPpYyxXCj0Og59rypkC8f+xZDsjtQymo+5T4SOA+qN/hWqgnmDaRB9QO75Ia1qTuTmymBTYXAGxDqXz37dCS8Zm4kL6/XEFQKNjR8OSnvdhxfY/aglXu2wgsirfdFDm1JFRdam6zeseGr6JAWhVkjWDB+m2peZQMcNi1SbFi7NXj9thLJln0Pf9zhDMDsgJkp8JOnjehs70nguOS3ZRPUCw+R2XGLTGf6XaItQPzM0kb6OQg6NKtTteZiRW5YIuyPhKirZtJHq/Mje4vv2J09JqfVPLAO08bZsnA5aGBOz+xL4/hc/Zt3fPk6TW2bzZ6KR6nV5T+LIMhgkQMSJlgCPcUrpKsenZoGdbNm5PL9i+/UJxOXqGzpdQf7mQ67G/t78bhHBb3+5U7EKMSe0qK0SXzWBymtz6qMuZti36jDXb+TKRB4bW57jWLKoy2XLQQJ68MUpus9AdRegZpF9fCKzXb8Yi1w14ER5kGrCxBwPYTfCXHkxvQnBI6LHj1Bh0uKFXzQAt07X0lhrCEGHTVLxjm2os3D8Hz3WtUzlE8sarYCbTN5gmYjVDVCnaR1jhNZw/fjbevfIO48EBt/14yGyqgdZqkjRG1hF4fR3VnMNC3n6tUvQdP4XUNE+CQPtDR2S7k3q27BfzlFJ2b5BoEl6YjvpqvRz6/KDkLANQIhm0rHaeZzBXhx/gQmVCFC82SqnRWC49aOG74v5waxJkJPLUIoYqDLHTPNKuAJG3LSt8dIMvCox3j0Zk0t4YcJmW28ajdaQ4LyHG5CGL2QNC7WRwUctYwJYn/DLHOV+WbWOuIBl9b5c6DnPphfw99MFEn2ux+s+46p5O0UE3T1wwOugeP5g1Nq+rVTIjEWozOHe5sHOvvtgsC3XU+kRccoRkxnAunA6vFzNHwcJ5NH8gbkqVLo3bdJHGlbyzCsMtuitNs564EuddL0w8hW18EWYnnYA5pDS4n6EbR7+VWY8z5oH16uZ4ZSq2OB9nmR0EQvF9Kom4RVx/Pr3sQeSsApA6wUBnhoJUfG9cva7fvYPuPiwTv6vP+ObPwI9qr8iowpJ0b2BDMET6dCcT5IRPtmG9gCVAhmdaR7wmHpRHjMBvtZJR0qdbUQsDyHJQX49XWQTsZEV91bFwPFbKeFK2nHakmYdesJkIkBeqhOEtG8DOfsA6PnA7LRsxpUqFsOa6lwgn+NGrWlkUK5B9SlHiN+9XejsoPj3P9hHK+XlHEIKiuMhRW7pTQkdGcfH0sh5dUQFYZTS0rGuT3O2+lDKYE4KGqOkK3B31woLuvD1G+gvn5SMwPyh3h6/oBl4jZ+mnZHDJqrMPXKsPkIbc3K2Dl0LTan2o1xIjguM1KIiihiRMrJCf25X5e4TGcrOV9PBNHhMB603UQiYqrhkJxCFtfYO3uhQAY08sYsnMOEK0oQPsv4dfuXTM0NIuYVgTG1isAMe1dEn6PA1IuF99WW6UY88wKcMpk1VDSF9W/5XGvIlRwkcKFfEWcPuKQaA7gU1cvDwr1rGsKPPPnDqyZjKFuQqJTNWL8PDu9hfmCCD2lz2giv7bkA93WRx8OrGg9ca6yFWw6uS2tWDX8vfNzTSZ6G7c3EKMKQSCuhPVxZ8PsfTX8XgjQBaOGzjB/fvn9IfJDpMJdExvhi2i53oJLM+N7OcwySD11fvaOw3skHh88pMD09zZ3NsYim7uXyD4rbxDb7pjAqOTFWIDUS6PP47ooRP+hcNon8y5zs+vVovqVWyvh59xXYIIapGdb4/2SPyRAbwcQRlggnzYktDMjZfwa36WIxl76lvkO1/s7EYLR9p4rBc+03e4Do3IjKeiaU6hOTVDes2pI8PJ3oBo43q5/F9wyS8AgnqBv+MqAu6D9uR2uvtkbzfBQHMorRAm3tRG7ADgypyDNZM1OpdGYEr6FMlAcJfRZ4BMhtkB/lnlNAfVBbpvBgB+UuJm6cJVxBAjNJPVTUkG9Z/Q+ocglxmQiolJTdUBVCoz2BZ9G72xanzZhLwodbZkUuCbSn9MXlJqKZtsPLmuJOnp5wgfSkzN5aZgUSMA/bSjPpW4DtF4ZyEAyXSRMh5llS8GrT7zfxHcxQe3j08d4V7F7tqEmwrt8OKsqraUJzF4ze14jbEmssVebYHjAWRF3iCt7rmgMn6srehdkYHSDUHVk6e8oNs3vhl7NU9Sv5kzhmTNTh4vCXfkWoS4ItcYv4eOMOuhY4kwDtTeJOGPs4/CWn0lFO/dQXzSaa3bTX/Mk0jJgxJV7IBFAE0b80TxFABgVLSf3/DyQ1o+m9PBI/doydc4h5e9qWq/oqBaB3+3/5nHhtS1RH3S3he5OVLBlvcxpseJ9nnbV9G95jE0pXKgBj9oLVyWctizKZvrX3GqgVs9z8CFdM8MO3fsnHfasgPNenCzTwpSYB/2plYIxppEVelytz2WwnvrCPzd2dOu+CfVehpYnukUzTIMun6ThWtRMFzfO4kwbMIGO0zdyovTuWuBGsLZSpaHULs+mrGhDUW2FdzZ4yz9CqJ2LR+VUj1n5Jb9W8/Qd/K0ugnh1l58MmNX1u5ddDvfIMoOekzf5ehQ/BjmtjxHDcFZy0Dzh7am893vX3iIVisvz99TXhJ3Hh31+xW2S1ZXh/3fsLaize3fZnzWOJYrZNqR/Q4zGpf3UgAbBC5BrtksZVY9JuIXogYDNm5fCXdIHhLsm0vFJm+pj9/ILLiHqEOkAkI5NvX2d4eHhgiC9lMFLh2xYXW+JG5fulkiNCMwERSXARM4T0ZWEoSD0O00mNnQhoLv9jGArdtqDVzUWw9xv5gMd+kTVCtbWsP8quc0L2Fe+OMF7J9lM+z1xIOKrYMCjHK0GUlOzvi6vbRo5N7e/3zxa+X5fBzUFD2aJ/ikWyRtKlECywFTI2fakMpqYINtw9rvg+AtP+4ff+x88ZbnQIE7WH1Ak4uiAZrf63Or+0pBflOXzidHKP+0+5yZIkq4FVZ1+4ieBuBBPB+Oek/opoCWSIjZrBl8ZHdFZL/mSdWRCKiPSmBlYiwzfOez/5x1WZs0uwF/aSM8ECFphoXKPLGPOtnJcc9MRE0gmmxN+rnCpdsPh8OOITSGbjMLX7YXD5fl37yLwO8raXV9a2uwWgqBpjlDqRWnOvQH4/XRYuJ1ZXi5i4azEgMjav/6Y1rqIqVlQiMY3hYpVYcoOjrwcoW1uWZCRWhEYPTqtwTOoAOzSdxDCzziHuDTGJxJ2k9SS12ngNHZuBXXgzLbAfFKj52taCnux4EJmwNI3+B/KgKatfMA6i/MxkH4U/5Fa21wzcKmAcfc15ToEdXV0cIrmffZ/4xHEEBg/bnzMXdcEscdBXL7B9jshK2hZ5EOYMwMaosrRVjkDSJfqxdAhzM6lxzCVGRJZNmaLmo5VhqJyYJSlXmFRnXJi06eZCyd7ehiSVTMrL3wHhfpwrEt3bViwWV+hAU2+rOQqrfkpciAuw4q9mjDjOWiTpicRkl8g5+yL1jdwt60aiG4F01fyxneIteBjtEriFGsRPliCYcb9kmmflhwj6xSI/tVvpItGlFzF9RVdL71kS8/czD6LjDoEut3Cf+6hLcie4JRGmdymazl8HqJkYDa8mw5YXs4dSyAd+Y2EhMB6sc6adyx0SpsncandHhI7IIkYwukBuY0nhyveWOygIP87P8Sf+Z6NC9GlfG4L2LEn7D8KdwsBZw805thGuHNlIqrIeFtm0iKpqVwj3ZODX/Mf8oDpL3c3u9D308M1uG34nW52q+CiVziQBd3PaGqaZ0Mc5+fV53mi8WKxJG2AtMVJyeoHyRdIzoPJG6CNjK7Qobphj49Y/yctXXfdZ5L/PNSmJQ6YUp1qZJq64H/G12judzxH8vRXlry6fyi6f3gHHm6SAKvx4qNMHNCsdeo3wNe9OJMwvIHS2/j/LlYBe1g/wrq6/sjiq/lMkWbqpFYC7BJgWDKadh4N3c4v7jZjHn3GA1Q9b7yB1nFIRdjKnsyoi4HcpxwDvQzW3LEQJgd1rb4GK4qW828bG1t6GWROkE0HteUfwpNDTTg42cTJssn+Fm0pXsdv0550IzxqYaKbBebIuhqqeG2v/9924APDJ3MX39+D65oaV3QqAoudo0ZXDH5f4tYxPaEPL0AeE80bVjMOLMZpC2AcngteLevW+B8qAnSdWscl9D/xoi5TTe5ZlC+Gx2MRV7zxbbnInIgtI1zm72wrtwxNpkSP0/IX2RhhBr7he1odDdu4Wil1gMhtxQcmyV6CXWcoeGEMOJ6ohfAf2mSDiAs1JfBPBlNPmzSc+BaIVWtQ6XqUD1LHKUVaCDSoMfeKHfJEysqPkbnhks1vLMG4o4SVR7b4y1lQzNcjl9iyBD3g8YM7WtR1LIx18+3ZE/pMRUUr7KI8OGy180fdr/o7ztNlK3PLGBKGR7Gd1ZUBYrXvVYVvCjcCBjw+B7ydEtWa+WNVbHeoVkwK8QwgWNsZJ+kDNdvZH6gWDQJ1zVWJSoXsssFMygyHF4pcTmH/9k5nKX+mGaOzf04Il85JSvpLqJyyfvUWIeT4S8bvRRpsrcDI0J2bjNy30fXx1q8q2xoMq+jv1MRArJAzfCoeIH0La/FB10dY1uQCVgSNFdpIaQtH4D1xqFgwRMFnKUiSxjIbBWGKViqgtm1kvyuRMjSsIDM=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-01-28 07:00:34,714 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:00:34,714 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070034Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|idc8be1694f81d4e2fbd54aad01a53ab70|https://academic-test.softwareone.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_143650d52f8bdeeeb3bc7de0bfcbd819|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|AAdzZWNyZXQxqSBogXTqFOif+ukTZC8R6SwYjyP7h77JfBhP6+PnsHmT5lMih1X+p9juel4DV6jXUXFhWg/jpyXzshpa8ppLdIV6oPlzCe2cS6oo5ivrYcz90nd7Tw/90CDBPntbmtUvpyHC2ODBCTqndxg=|_2d24b6d413622f3c0514bb4516602529|
2020-01-28 07:00:41,400 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-01-28 07:00:41,400 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:00:41,400 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:00:41,401 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_5d33026e770c4d89a728eff392dee6c7"
    IssueInstant="2020-01-28T07:00:40.964Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio2.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_5d33026e770c4d89a728eff392dee6c7">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>La/g0hVKphQNHaAGG/Nw8UuWVTE=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>PZ+YxgTKEXE2MV1im8RRPq9YbbYF/LDoyyWIM3sDutGYyrifccMxlF2Fe75Dy9RgVvZ/tNl+pnQf6OajQOoS7s/3fTZqJQlXdhq+LHTYDHimOmq4SCeZegmNJ8+fQXIuCUIauQuUmYm9Ufb9TOnu2zqF8ATNt+wM9BDMYCN+E0bTiSZtoVCNqSdlmXCCUqs//FG+3wK+RLYqsTmYSuGcsoAEQEuYIStEkLXORFnoERZI8Z3KaGptq7OQIvwyAz1CKRSk4J6gC8dWqjK43qML4piyUGEmnm41OOMnUmY1NLafjZ3vkfGYHk74aqkg0qZpcHxS3utlNAS9tFz6JjEx9g==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-01-28 07:00:41,405 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio2.my.workfront.com/SAML2' from origin source
2020-01-28 07:00:41,405 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:41,405 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:41,405 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:41,405 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:41,405 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:00:41,405 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:00:41,405 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:00:41,405 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio2.my.workfront.com/SAML2
2020-01-28 07:00:41,406 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_5d33026e770c4d89a728eff392dee6c7', issue instant '2020-01-28T07:00:40.964Z', entityID 'infraio2.my.workfront.com/SAML2'
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio2.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio2.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:41,407 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:41,407 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-01-28 07:00:41,407 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-01-28 07:00:41,407 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:00:41,407 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-01-28 07:00:41,407 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:00:41,407 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:00:41,407 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5d33026e770c4d89a728eff392dee6c7"
2020-01-28 07:00:41,407 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5d33026e770c4d89a728eff392dee6c7 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:41,407 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5d33026e770c4d89a728eff392dee6c7"
2020-01-28 07:00:41,407 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5d33026e770c4d89a728eff392dee6c7 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:41,408 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_5d33026e770c4d89a728eff392dee6c7"
2020-01-28 07:00:41,408 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:00:41,408 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:41,408 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio2.my.workfront.com/SAML2
2020-01-28 07:00:41,408 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:00:41,408 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:00:41,408 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:00:41,408 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:00:41,408 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:41,408 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:00:41,408 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:00:41,408 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:00:41,408 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:00:41,408 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio2.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio2.my.workfront.com/attask/saml2consumer.cmd' 
2020-01-28 07:00:41,408 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-01-28 07:00:41,408 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio2.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:00:41,408 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:00:41,408 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:00:41,408 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:00:41,408 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:00:41,408 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:41,409 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:41,409 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:00:41,409 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:00:41,409 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:00:41,409 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:00:41,409 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio2.my.workfront.com/SAML2
2020-01-28 07:00:41,409 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:41,409 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:41,409 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:41,409 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:00:41,412 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:00:41,413 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:00:41.413Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:00:41,413 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:00:41,413 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:00:41,413 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:00:41,413 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:00:41,413 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:00:41,413 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:41,413 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:00:41,413 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:00:41,413 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:00:41,414 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:00:41,418 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio2.my.workfront.com/SAML2'
2020-01-28 07:00:41,418 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:00:41,418 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:00:43,516 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-01-28 07:00:43,516 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:00:43,517 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:00:43,517 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_5fa1931742c546d9932803d38686d4ce"
    IssueInstant="2020-01-28T07:00:43.108Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio1c3.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_5fa1931742c546d9932803d38686d4ce">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>xiBJAExOdsk2WLSZrL95SZ/3dPo=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>imlCX3ysN3uCTcmLSGv0/aJeCqXrIBRL8W3jBLfKysgEZGD0eOVp8KdlWY/3rTvojlcC6ER7O5N+FqKqIa2v1EFQ/0wnMX2tU4daQGgKjpwmLtc1OBsweKDJDnnZyK4GIV8I5F7CnXCv05mGo3eid4xtjyzh9cNpw5HOz/OL4ns/8KL4Vr5YXdjFb/bJZcNy3CM1YhluJMA09M3tCNEQJ3j/H7i9QgUXxUSYrQ8uK0n9qNIF39yroxu+d3Ho2Rkp+OvawnUwt2RfVBhaJtFGFfE2PnjcbilHUTn87cOwB046r6EElViYbBU9lq5cIhfnzn8f7Rjker4vNajon4WLDg==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-01-28 07:00:43,518 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio1c3.my.workfront.com/SAML2' from origin source
2020-01-28 07:00:43,518 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:43,518 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:43,518 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:43,518 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:43,518 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:00:43,518 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:00:43,518 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:00:43,518 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio1c3.my.workfront.com/SAML2
2020-01-28 07:00:43,518 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_5fa1931742c546d9932803d38686d4ce', issue instant '2020-01-28T07:00:43.108Z', entityID 'infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio1c3.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio1c3.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:43,519 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-01-28 07:00:43,519 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-01-28 07:00:43,519 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:00:43,519 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-01-28 07:00:43,519 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:00:43,519 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:00:43,519 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5fa1931742c546d9932803d38686d4ce"
2020-01-28 07:00:43,519 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5fa1931742c546d9932803d38686d4ce and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:43,519 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5fa1931742c546d9932803d38686d4ce"
2020-01-28 07:00:43,519 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5fa1931742c546d9932803d38686d4ce and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:43,519 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_5fa1931742c546d9932803d38686d4ce"
2020-01-28 07:00:43,519 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:43,519 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio1c3.my.workfront.com/SAML2
2020-01-28 07:00:43,520 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:00:43,520 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:00:43,520 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:00:43,520 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:00:43,520 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:43,520 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:00:43,520 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:00:43,520 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:00:43,520 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:00:43,520 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio1c3.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd' 
2020-01-28 07:00:43,520 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-01-28 07:00:43,520 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:00:43,520 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:00:43,520 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:00:43,520 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:00:43,520 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:00:43,520 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:43,521 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:43,521 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:00:43,521 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:00:43,521 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:00:43,521 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:00:43,521 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio1c3.my.workfront.com/SAML2
2020-01-28 07:00:43,521 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:43,521 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:43,521 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:43,521 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:00:43,528 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:00:43,528 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:00:43.528Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:00:43,528 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:00:43,528 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:00:43,528 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:00:43,529 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:00:43,529 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:00:43,529 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:43,529 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:00:43,529 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:00:43,529 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:00:43,529 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:00:43,532 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:00:43,532 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:00:43,532 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:00:46,968 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-01-28 07:00:46,968 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:00:46,968 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@612923229::identifier=rick, context=org.apache.velocity.VelocityContext@30522ca6]
2020-01-28 07:00:46,969 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@612923229::identifier=rick, context=org.apache.velocity.VelocityContext@30522ca6]
2020-01-28 07:00:46,971 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:00:46,971 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:00:46,971 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:00:46,971 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:00:46,971 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:00:46,971 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:00:46,971 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:00:46,971 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d71a04e5ee83efb5d366ba29261cd02589e88f764b5abdfd2280bf2451750f1f for principal rick
2020-01-28 07:00:46,971 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d71a04e5ee83efb5d366ba29261cd02589e88f764b5abdfd2280bf2451750f1f
2020-01-28 07:00:46,972 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:00:46,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:00:46,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:00:46,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:00:46,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:00:46,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:00:46,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:00:46,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:00:46,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:00:46,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:00:46,973 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:46,973 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:00:46,973 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7cb015a2'
2020-01-28 07:00:46,974 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:46,974 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:00:46,974 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:00:46,974 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:00:46,974 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:46,974 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:00:46,974 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:00:46,974 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:00:46,974 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:00:46,978 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio2.my.workfront.com/SAML2'
2020-01-28 07:00:46,978 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:00:46,978 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:00:46,978 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:00:46,978 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:00:46,978 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:00:47,036 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070047Z|infraio2.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio2.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1611730847036}'
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio2.my.workfront.com/SAML2]' as '["rick:infraio2.my.workfront.com/SAML2"]'
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7cb015a2'
2020-01-28 07:00:47,036 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:47,037 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:00:47,037 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:00:47,038 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:00:47,038 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _f46f00727c3bef3cf17c7afaeafa4b34
2020-01-28 07:00:47,038 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _f46f00727c3bef3cf17c7afaeafa4b34 to Response _b96bad45d339b919bfb81f00a5dd3559
2020-01-28 07:00:47,038 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _f46f00727c3bef3cf17c7afaeafa4b34
2020-01-28 07:00:47,038 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:00:47,038 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:00:47,038 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:00:47,038 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:00:47,038 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:00:47,038 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:00:47,038 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:00:47,038 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:00:47,038 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:00:47,039 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:00:47,039 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-01-28 07:00:47,039 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-01-28 07:00:47,040 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-01-28 07:00:47,040 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxuzq4kiH5sGV7JO9tF0nAvSfZqT2cCPwW6vO/GGttceaYmDHrkOsJRNYUxQk7lp2cjrkq2rEt89093lw8PdOEDeXNhILi9RvF8VEQmJYDM6FQXdBc8Q3AMtdCeb63qr4e2Pc= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.37.207
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _5d33026e770c4d89a728eff392dee6c7
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _f46f00727c3bef3cf17c7afaeafa4b34
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _f46f00727c3bef3cf17c7afaeafa4b34 did not already contain Conditions, one was added
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:05:47.037Z, to Assertion _f46f00727c3bef3cf17c7afaeafa4b34
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _f46f00727c3bef3cf17c7afaeafa4b34 already contained Conditions, nothing was done
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _f46f00727c3bef3cf17c7afaeafa4b34 already contained Conditions, nothing was done
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio2.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-01-28 07:00:47,040 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _f46f00727c3bef3cf17c7afaeafa4b34
2020-01-28 07:00:47,041 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio2.my.workfront.com/SAML2 to existing session d71a04e5ee83efb5d366ba29261cd02589e88f764b5abdfd2280bf2451750f1f
2020-01-28 07:00:47,041 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio2.my.workfront.com/SAML2 in session d71a04e5ee83efb5d366ba29261cd02589e88f764b5abdfd2280bf2451750f1f
2020-01-28 07:00:47,041 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:00:47,041 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio2.my.workfront.com/SAML2 and key AAdzZWNyZXQxuzq4kiH5sGV7JO9tF0nAvSfZqT2cCPwW6vO/GGttceaYmDHrkOsJRNYUxQk7lp2cjrkq2rEt89093lw8PdOEDeXNhILi9RvF8VEQmJYDM6FQXdBc8Q3AMtdCeb63qr4e2Pc=
2020-01-28 07:00:47,041 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:00:47,041 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:00:47,042 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f46f00727c3bef3cf17c7afaeafa4b34"
2020-01-28 07:00:47,042 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f46f00727c3bef3cf17c7afaeafa4b34 and Element was [saml2:Assertion: null]
2020-01-28 07:00:47,042 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f46f00727c3bef3cf17c7afaeafa4b34"
2020-01-28 07:00:47,042 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f46f00727c3bef3cf17c7afaeafa4b34 and Element was [saml2:Assertion: null]
2020-01-28 07:00:47,044 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_b96bad45d339b919bfb81f00a5dd3559"
    InResponseTo="_5d33026e770c4d89a728eff392dee6c7"
    IssueInstant="2020-01-28T07:00:47.037Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_f46f00727c3bef3cf17c7afaeafa4b34"
        IssueInstant="2020-01-28T07:00:47.037Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_f46f00727c3bef3cf17c7afaeafa4b34">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>GNiMGRovcXtgMHOeygfMdxrJhOMDOhgPtRuKNmInZNY=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>cJ5eFcqMVVdH/9mFKHTt/MgIBx/u77kIUn/2M90a/dLyqfZffMHgs72ehbDehuyJ/iOlLojilYzcrsZk43qxE2PNd0GIZ9XhC0BxQacvzwQlkGWYL3xpW0AiPxeK2Fmm7TP2jnC1KwgmOOMtrr4EFlvYwTnOwrtJU83zhnhIAxO1uR24d6833BPEuryFn/okJe9/Sep0woCpTccL3k/7LfNdGPlMl2TXKrXKjzNdLQr713GJYZ6V9vwTLUZgM1PAlVLVHmkou2Pl+LzbTQBFZu0WNPVd8z+2xEoi0dUls4MDqJnCSAZ0NrNPB0pS5sdhenXNG08MoyvjXMa9llmNwg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio2.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxuzq4kiH5sGV7JO9tF0nAvSfZqT2cCPwW6vO/GGttceaYmDHrkOsJRNYUxQk7lp2cjrkq2rEt89093lw8PdOEDeXNhILi9RvF8VEQmJYDM6FQXdBc8Q3AMtdCeb63qr4e2Pc=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.37.207"
                    InResponseTo="_5d33026e770c4d89a728eff392dee6c7"
                    NotOnOrAfter="2020-01-28T07:05:47.040Z" Recipient="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:00:47.037Z" NotOnOrAfter="2020-01-28T07:05:47.037Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio2.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:00:46.971Z" SessionIndex="_1e4de263ab5878b6bffc06457331f6d9">
            <saml2:SubjectLocality Address="172.31.37.207"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:00:47,045 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:00:47,045 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:00:47,045 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b96bad45d339b919bfb81f00a5dd3559"
2020-01-28 07:00:47,045 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b96bad45d339b919bfb81f00a5dd3559 and Element was [saml2p:Response: null]
2020-01-28 07:00:47,045 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b96bad45d339b919bfb81f00a5dd3559"
2020-01-28 07:00:47,045 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b96bad45d339b919bfb81f00a5dd3559 and Element was [saml2p:Response: null]
2020-01-28 07:00:47,047 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-01-28 07:00:47,047 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio2.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio2.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-01-28 07:00:47,047 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-01-28 07:00:47,048 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-01-28 07:00:47,049 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"
    ID="_b96bad45d339b919bfb81f00a5dd3559"
    InResponseTo="_5d33026e770c4d89a728eff392dee6c7"
    IssueInstant="2020-01-28T07:00:47.037Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_b96bad45d339b919bfb81f00a5dd3559">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>FeStappAk19+/i/VwW71UdkFonHfYEAmP0Y+IW7cbFo=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>jmRWH6ls8ks4K1atkB/ja5GuXIEvRxrbYWrl1YAoj1pV9ULgM2L0KtT6NzpPveo2qMTBzAxa2K/DCfTPZUIeUgc81/LtJBtZ5+dsGjMCpIHS0ooU0yuYoyHzIX0eh3Vw3SQmmEUIB584+KUwDJgj8K6X7626VsyW12ntffzPd3PYOuR/Ndgyqdwx+WM+3oMp3LlwIkIjaMIWYuppGCEHbpMzAQvr1NDOD9NMOa2wDgtsI3NR/dtZz2WmH3q37W9Vdd0PLNOdS94aq3X9GdMNf6AKTXPYapm12WY1oMsLvjZ/0gTDnxfYb3f+zG13t3gHrgnnoSSFhXaoFUkjP9H5Rg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_6f6b353617ac041efa61ba46ef7a1271"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_41e8bfb75d16bd733b88fe03cff99637"
                    Recipient="infraio2.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>d1VQWOkRVZdV4/lvzpXM3WxQA9sPHPlOGoK3Pm2DIaIBLrWyiFMXWQ8E2ZzaPnk2P9u9xyBeS2bT/G6beYouyA6c2m9So/X2J2pTsInP5madEP0QkwuHzJNX4nQCoGVjqYWhWHkmF21RkKS2mbfvtg0WdYHdHyVOReowiuidhTDDJagi8hvo8CsuaNDWdVzmulbfVVzHLs0dlMeLlB5B8vqsizLEgBpMeQSrVIhO3SXmw7h1mwJoYyUOHDHxFxYnWi5sd/LRayOWErrd2jZ8KBQMk8MCL5zqttpKAq9ztg7cgLjHSoMOCk9/qaylj534hxX/aR63bMfFcElpECaPew==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>LCtOeOnmegTGleiFcz1xhdYufWJl+ex4u58eLnkZUhG6azLVd0Xk6x7LXN3Fn7KSa53qM+HnLFSikcTmT5X2CHQmN3X1HP4/xq0rnRV8amh0+KMlI1DfYOfhA7x5AhBK5Nz+vfoF8eQJnxt86pK/nHMeLpLs5hph/iLRe82pFu4p5SpSbLNeexozMcHGnFkZxsqyxksx6ppAHugfXYMzMUUsACbuwJC1e5aOLBJjGqwgdUGbJraXMg/164QacwJF4HfE/zK3mCE2Eb7MzEPK4PTaLw8XiP8O9f508+UTC7NNSRvWEKyJ+DbtYOpis1Fj7mFeagQDp42sSznMSPe4ugfup2ChGM7Fs1Wu+iYQYfi8hMSbhE6J1tPHJfccuJS86+L/yIu/keN8JOrT1oBX5Bwjo+6/c2KcvBRgCQZbpOCisSYqKqZgv73joTQTxPDsJxFUBu4QGFV8MzI1RpX41ORXxoHLC0j5eA8enexpJPsqOa8egX5HT5MUIaiDWNZDJzIlO2kWDhD9enJgg+JA0IdGUkAvl+nMfjKZkjulY6VfxGf5C4errXyHiB5ZcstEFB3e8Sp2IzxFZH/w6hg5my48+EsCP2FngA9y+D9s3Wowi0q7jm4ukmJvy9Fap2kVBtjU2Crn39A3Xi8lbRbhLOrfkqq/PSEiE82rb6cQAxqmzqWfrNPJjjKZODhOhynIM/Wc9CVO8VxpeO+oeMcTE7Z3+pc4uTJl3+gTWHDOddLgNJo4OV17uuYkAOqULcYhzNXXv2G9E2AgKGhGrbXMWLDTf+uHhS3oy+TFTfhXsYF+BwjqbsMJ75gfeZ/l3hRi+1fZIVZvack7DHt7xRaZfErT/5c+c2ZfLlroBpRSMlJxz+EfGbl436mtS6BJbWij8TQJ//R7vDOjhbuKc04v/YopEvFerG1tE7S22sTt2W+NdaRXYQNcQVaC2A2n1e3FmE2l2GQU1x/TdvH0HRveA3Viz2FDSEB1blI9WWiuZNLvOvdhJEnaFmys+HaA9Tr7er7mmjA+oLfakOEgdQhzUe4BE9CsajHtknWMEKgprOESDhduUNKPgGjvacAx98gCSp4luD/MExwKayB+40h2vcFZH9nt4+HtttU66KOtq1SwhQ59FXiP6PqR7TzIRZujKv4mJiYFZqvMcJKgMnhobRuD7JC0wUO6o8cWNRRHAkY1uPoTkUvn7y40V6Il8shYQamOTV1nSg3ChXZKr/8q2pGFQhKqFsk40f1xxMM483wvdJKAtxBtgBhzffc4zk8EhyANY+0NgkKNm3FTs9p9XdypK5fG5G3BA6/eXjqvowiIbbZkVjO0q3e8tOLVcCpgJH7hIeh4Smga31sz71F85zCXfIA2LuMze5uFPG5RFKCAl3gMTVWaxneXx/z7ck3NnAIbyPPb2+pskLWUqtamaJ0R3oJaD50RW3eelR7e92eJLdfmkpOpiRqIMmaOPc+pc7Bc97XT4NHAsVBoD9S3NxUsL1byYEOiP+3ssyhl1l0BIfDY6/EsK9C45tTHN2RYHzO+VKsLGN4B1sG+MRbNhcrEQhFHtLyywTbucVdbs2w0CqD/yYc7Gx9MYjptLywMHXW7LJlvLFLJz4Zs1gzAhbHRq9WBdIgpXrzqWFZr91GoawQIc8hX0b3Jxo2zRwn0jgKWUzAyzJCbvq7LpEeR8WU3OHLpuBJdAQUVNtiD2KiQFpOX1Rt92xp+nUw6abIDXyuOBvPtHbq503H1GIqQnyFULKl74fZPFYd+xdS+97P/HKeZkE7HwsxYxoQdro1hEllkB114mN0SPaTmdeTFOv3NbEidVffBODz5nUwndvT5dHPTZaUn7ht/lypNDKlPhhd+a1Opy/aHx3YgJ6mh3+p8WkHtBSgh++uIJC23LwNw2BPMJc3ncPkcnC6Kc/RBah41wpDy7rsRETXjsfWcnt6+pxOPsCp1u/0bshIv/smq9aaLw2cp/Dj1A3PkBn06seW0R3l0/sv6P/F9JYhyL1fIeanpOHYImFnSJgB+TnBRHQD+H38QCx8cZfwcmMBfV/j1dyIEExRNBRXToH27hV328aplgHBuNDhgPgcMlKfFxv5uawajJyjRzE1q+4xZu1Bd3xsLm1IBRtYaSflzDJgQtcYQoD9Wo89HlL9g/Cb4iHdVcNVrqwBqAP+zeAzLy3et0Zsrw+kxN8s4Wy+HObbRgtK/GJjJMoBQQoTD/TDt9nusq2hPoMXUdeMl4CY/d/M+mLbGZt4P0LE6ujxw2PgVDt9t3rqUnWYlZcoWkHN139tbbibFjM+PuWNN0NeXeHCXLLVJHjnI2qqj4JA61u5jpd/XtvaRnR7iSEk/JBTZmxmm89t6Grk8O43FgyDT8TUNZhlWBCfFooZlmAKF3BC56Ev/1ftgRH/1x/F8+vDX8H6ETtQiAKrr8yg2uB2arG0pSXXoSz01AJco9Nsj5BNrusIdDJgDNUHx1Z7cR6AE6oNdxO0GrZV9nFEN9kIvwMERamKjvyjfqbYBRPJuyXtEA9kwjy/1afqbF9EZXQl7iVAAVNnnzsld7oXUhWXG71vyWyuU3pfTqpkWF+0GdPCUe9sK5vr18k/oJnfNBrejqVSUi+5obtBTA4FFPBUiH8/PTqYOKhySLVmOuVgwkxKgZi6hhCNVkp+BCbeDiFM8pHIwYhIS0wGmidpU614CTUxenapRGR4+xglhwOEhCZ0TDmOi5zRfiS1Ai7AYR+j561mJxnA9y4nmz/Vu2Zpfs3Gaba9j6ZoT8tpzOZdPdQvQEHjcG/deyU6VVthZwP38r8cxq2/dXUXm1BhSytX7MkhHBdmQKQAU023B6NJNtxaH9oYX4CsFHORHhiAF7bYRkGXVT59Qn9VfTUpNddyUjDYlqEoQaspRxFUKyTOixHuvPLy4BpHSoOfZtMZllKnH1TCudhTqJvLgdwCErSE/RRZ0bSNQ2RKZCHi6fUS1OiwcBMSEF5UWlukl1tFlDrXQoonzMlxsXsoRIZKChNKcmzE79JAtNc/Gp64kcyEagX6t/v2MpsWWxwimaVmevXhI5R2UwSWDdUWa6SGe1WZOo1LhPGV140e49D/PZFZehPOCIuepWinNgKYHLjfBJS0y120fQ8tAuupLaumPFXzIZGMaN6k1kStzRqCCZaMN5XoY7iw6Hq0N6XTURIGlYmEhc4zwMnuOhcl9Wk+Pjp6sZEsBIcZvkOdyhxLq1JHwkbxWhEHNcYwjcwG/a+vFoDzK6G6FZtt2uVz2kyzdJKwDsZuI56OHD705chEE9EHc+GZh6q+Vn8/PEzc8tuVdREZPnJwm9yboTdr8U5Lq+sXKFjzo3NUeOfcX0SZCIpWEZ4/PW0E5aoGsBohvILD5QPmAIIw9Vn2F7caQPV+o3ewEODBaF9OwFI1J/vKVe94daAUaq2gCUp+16tAuQ6ltv03wfJuRxlGxgv3pOCO/1swFgpw9rO4SqJjHUHw29gVt1QAo1rbBeVjRN+8t2wTCcHDKqZsm1hnXUkd3uk+VpB+gbT/vSVlUcbVjJ32JWEGuILpK4IeYxfZB+RHYHZ9nqJ21vLQu2hdnEiosjykngZenKCbQnj+IiVCFYDHTfRT8rXkhCikbiqqjcPWW5Ps3JPMHXcwy+F7090Q7305V3td3hJ2dw7tYmQjwcU2zYUyZPuw5nlQDXDHW+wzTIhTvBXg2Tu0k2hAD853+8riaiS+dUVlRXvsfxfCtJ/fuoFWXfjeKF4BIgCE356sOzD1VWCS69VsXJTTytNroswS6f3m9Tfc9/0GShjNZC7PpBHhXB2qrLf1s8I0zjCm+cx49UMIkmvqsTN7wT+FpMiM/vdztE6OSL9qWLyqaGcgY+4af2md8s1hPPchtE9m+EE4lev1Rp6Y5D27UtJItHecxVvLWLzHGOkO2XuUKrteXeAc+9IRrkmkYqUDyNKjFkRUwm2b2jhjBYCv+f7pppZSVAeeyA9dvSfy0FrpVokvPhOWXkyAfSPs3LnEKEwYdopLLcvHSR59wjYe8IE4ZPspN/pgrvaTdI2VQ1bJCqqlFNda4MQKX57WMuf6knBlgSe5Ela0BFTRV16nU72+yycvgRbvT0rF1Z1WHdR8lbAHa3mJ3gGrl5bEhD7A/GKKGTluD0sxOvUH8psUwXE4Ul2FRQSkqDCSGXKbejmb05w6mJRUOqiIsJJAQDJbV04QQNEgpdeoOLeGF3kN7HQXXtWt8xm0UTDfQB9rX4p1YSXktwfSF4t+k8h+Y2sUHUze55hzxwylQH/r3fVYQGHnoXDmuxAEodE2LOd/+u7T3v3qOCsJ80Txi1w3qd2EZ8ClJB6ud9zYriYPFQPPYe4i1Lvpavw92+eObxK36WC7PuWxhzolwbiqvY7xedbcAdWSBdYpDsZtwvPFrdCuYdgk2yuBarTAG4iphefTaZNJcVyeF0TawZZ93HAjTiUmIYT4P9CfMcGHAFC16AoTFrQ68Q6JFGTQLsTGnvx/RqcK5stOnsVy4ok1lqapXaGQIwA7/HFRVkl/YFEsVpLq4TtcfXi+qnXoV9zZiOtYpOYPTbGm5RSNXJCEqGMs70WfcvrAvrnOPe6JBCiyBVVRd7yv8KEYcayz8z7tLAq6Ru9IMKoAYbKvcuk8LTxk1+Ev3EWOheLBLmQyeYsivlLT/AN9AW8FcSFk/ooQeAUGgY5egzL4Kx48Rys1ESw+8V4DhLaYpsWe5sPZIpWl6LKBDJnI0JupJmM+RN+B91pEvqRN3HglypVtqq/ubWYmOzGrom+ckYONis6WD///MRfb9dkOByecn+Awoz9vcyUMNU7k0ZcKfYTohmLT9jdKyiykDXiQNHIGiuzcSsaeJXqJn52U7Dr7iIst5usYOqpcrXn3/IWrjdGIbF4IVpKjEPEdjn/gxXf5MwBabPGa9UWpIGILeFDBfF2IIsc7m4HEEDQqh353hFtNiW4tHMWbtFkOjLAF8KHepN1lDkMKHPhdu4GAT/kG30CDlOOS7iwrCC6AY6ysTobuvhv0/KnjIMvUo/oGMR5sOSplZmNZzZ6zfy6JAW2Y0P90dRQ6nvk3c0ep10JKzff8f7t8G2Z1Q2ZTotu9ZveynxcCtIXTkBl1XLqSLoP2NAXQc6G4hM12Hu54ZNDTDywYfX9Tff4TEwdoGRmnYYdmmpRBC8cNwLF1Xg0CyU3WeaPNSBmRzw5YwHztgxxUowyPTmEg2aasrUMn01QAv8MbluBfZlhacgIO4gCa/HQ6KGyzzOfXCocY9N0FHimWnDzQ7b7vI3pMH/LM0M46Hh4zcT9rSAlmBe/qIp8aC+k7gcjgqZ/9K2oqCrvZHkJScrZEMBekzhj7Jh7GFlY8BaL0BH0F5b9bsNae3KydYxiJ4Y532p0OcyGwLTbfJjypUBMEeWmK+3gmDVToXfzkRabb+lpm6fFLd0BLSASwsXo070UC6yYM9iosicACX2RUwdISho5J2zAi0W1Dy4Vg/FpAWP0pOoXPaml/SLy7JN2h6LAlcNLNFGxwINnlyypxvJ/sR6OxSGQ5Ichhwim8xF8bu6EmYrcWMeowo3sr29FQz3stshO9I/7caSAt4N6yx/3kh/80tOm5e06mgcwRLYwKigUvasGG0SaSjZyFS5Hlr7Ed3uVeBRjTXHDsc+kN2USzikpimSgk3SLJA/3AOD02r3kKJUYrM395BXU7xdNyXhI11bWsyH2v3AlA9hv6kZW7YyYcCb9tv0QRxg7GZyfSG6fvAOXVnYh5fT+R7bLE0lhngPEPC9B1PStTrkHJDBf7h5kr4lWqn5XqQg1u2KU8h3UViaDlmhesV9M+EHYmRbzrfEgz9npvVHeS44o8+WFmiOVESoEYMYJIM91Or3jLLYFrkNfYeBool4x6tcRZTW8mboNcgPzetFznGp3XMnfOC4/NlQiBSNq/XkD2XIba0xfddE9hNLILHyszBvftPuwoMlgATRKs4/MHBU9D2qPFFyr2CfmvuECylTYvmmZnpW4BmkRIBiVBcrkhUUWlrvNORt4E/8otdm4ImevJynkDAEO4h0G+qSR58GfX2VTbvfdRC3hcO8Sh3C9soMTJ/v1hqdBba/lNqb4CkA4L6gvX8bpNL2NEYC2jfJUwwiLwI4FagRinOUoTBcMbs4UImXPKwEXv90HUBq0PnL2jCh1HKwUrWbUddVUQQ8rk5sQ+kJLvToNa8FKleUZEmWFoPR/jTe0lKUFI/Uy5fxXfxKknY5ycD1uBHD8oHyXpc8Bclx6EpaFw4Kxo2fVuK92eY5nfS8WkLty/QK5jpd14qIC6cpDhpqzRBgq/ekhwk6JtGCselUBzSkJ6lpPyKTA0IkdJ9TtJ40xqiPtPtO/WAQJMIL3WF/IecH0voMGIVYGP5N9mOZQSEjucdBUN3PHBBby11NI5364DQbQ02JNd+yTjs74k7BU49b8EgKwmAKcOe8PmfCfxIgpesxoqyRExg8UbBVi4csBrO4Ga3rBXoQ0mDb0W7Z+tljjUBLnzMnQ3KHgUmX/JV3EmLsD40PaKdJy9Rn7pQ89Hbt5ZVVB4N+A9mTXNKje5lMO7NRs1I7F3F6PT6RwMs0EqIvLmE9BdsY364ljG0shDSX8UmeyopCsXewS5mbkjpVx3Utb+yY8u/sQBVfwNTSxcAJFIwhZOhEwXo9DUCzy046u2so9vSVRmMed4OdsHWKbnvg5Q4FASz73gI/e/dqIuXwJgMPiBEVpJtmLrPCVbYEpFJFFGTaNMy2Y6fjK3M7IKiwAfPnSf54/I5bYXXg4hpCCN5/PmZLmEO68F6bMqhKErqh33NipPezUd9AM8iGZGIa/os3rkdz3vWZZx/NGzqrIM7ufZ9Ja0YXdfHheGSTXDSMv4C6LqB8rOYsTqJ+sO/dtToQCyWPYhZefxxQXDsvmqC7oOl84jKQNtYOTXLUR+Wds7GsBHwCBOwxvvOId3DoBEe415Zl8mKC9sHe/RAmLTQt5Ag8ztR74GJnagX/L5brWTsQnhL0SgVyTEDbokMd4Ied82h+I+xTzzFBcbkjQJarkPlnCedxhdCZ6orQtb/g65ZG0KbhVbK86SdlS7iivOnXRskpNp1fsB/QJcCiqUhF0tRFtPh96WPVPbQPHvu5wHunneoA5nXOm9NjZhNIMFBBR/wHQuEbTv1JKrrUXaNx1kUCXpjNJNNw8XQVB83vh9Sbldqsvz0VosHLeYL9QoyEZUvEG4zteSCI5iGw2qdxbokhIOsxydgNePmQWKKD2+Tn6WWIzmwmDYFNJ3+eT9OUpQoWXcgk3B/m3O8nLhodWrB0GsYTD693KtMLbk6vRJEA/MTjhyxTyD8GPFyOiLPzdh9z/ugmDyW4GJ3BmRHzagb9VnwBGIwPyuHJOjw6Xd9jDIlW1j2Ih6wuRiBoOFETTg/zXOwaEbbQN+8ywocVqSPhFY1Gzoc9lJ5xugCH5Buomxt1jezj7TETe7Yjl7WiWnTs/MGEABLuuMvuttY6PNhCRtBBxtL+1mV2h08w0Nip+tAhpXayy1vuKvYsSxRrrSE1eSmnI49pU7MpCwang/U5Zvn2a/GsMWpYNAn4SjqLLqDJISnfq+GTHeJskq5JbeZaXnaszc6HocHmZbad4y3zUFFa1IakR3bT6DB9Aa9hjhpuOC1vehvWTJBM6wfYTVuw6ZmaN/ZhUzC563qOTCiQKKFBA12DtNXh/CaGJ+CIbAMhnb0xZvRDPcVG3r3WjlmK2pVXUU2XzTsH2iaFbTTaJIv8xtcLiBgaUtTIQ6t5mtuG3oeGglf5nBUpZ07jpMcUOWoDVC1BW/laOc1IqXnKDyUcUxR4q5fK+pa4VhA2SWLxI75qUT+a+wGHBqX9lEdOJFZAx7tpniuAuZke0RTADpDPlO+p7ttjX5B1kq401rmOcZiEpDjWV4KeexkEPw6kX0wZjNdPlMK0tVy2cvzzY7dctrdFcWkHe9eiSIha6GmnA==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-01-28 07:00:47,049 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:00:47,049 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070047Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5d33026e770c4d89a728eff392dee6c7|infraio2.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b96bad45d339b919bfb81f00a5dd3559|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxuzq4kiH5sGV7JO9tF0nAvSfZqT2cCPwW6vO/GGttceaYmDHrkOsJRNYUxQk7lp2cjrkq2rEt89093lw8PdOEDeXNhILi9RvF8VEQmJYDM6FQXdBc8Q3AMtdCeb63qr4e2Pc=|_f46f00727c3bef3cf17c7afaeafa4b34|
2020-01-28 07:00:50,641 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-01-28 07:00:50,642 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:00:50,642 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1961458399::identifier=rick, context=org.apache.velocity.VelocityContext@6a3d6581]
2020-01-28 07:00:50,642 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1961458399::identifier=rick, context=org.apache.velocity.VelocityContext@6a3d6581]
2020-01-28 07:00:50,643 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:00:50,643 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:00:50,643 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:00:50,644 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:00:50,644 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:00:50,644 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:00:50,644 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:00:50,644 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session bb984832ee0f8e326f1bd814fa7df2582f850a8d35dbf416e1cdce25d7fd70ca for principal rick
2020-01-28 07:00:50,644 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session bb984832ee0f8e326f1bd814fa7df2582f850a8d35dbf416e1cdce25d7fd70ca
2020-01-28 07:00:50,644 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:00:50,646 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:00:50,646 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:00:50,646 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:00:50,646 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:00:50,646 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:00:50,646 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:00:50,646 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:00:50,646 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:00:50,646 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:00:50,646 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:50,646 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:00:50,646 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@18d3004e'
2020-01-28 07:00:50,647 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:50,647 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:00:50,647 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:00:50,647 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:00:50,647 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:50,647 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:00:50,647 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:00:50,647 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:00:50,647 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:00:50,650 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:00:50,650 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:00:50,650 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:00:50,650 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:00:50,650 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:00:50,650 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:00:50,707 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:00:50,707 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:00:50,708 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070050Z|infraio1c3.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-01-28 07:00:50,708 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:50,708 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:00:50,708 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-01-28 07:00:50,708 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-01-28 07:00:50,708 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio1c3.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1611730850708}'
2020-01-28 07:00:50,708 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:00:50,708 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-01-28 07:00:50,708 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:00:50,708 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:00:50,708 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio1c3.my.workfront.com/SAML2]' as '["rick:infraio1c3.my.workfront.com/SAML2"]'
2020-01-28 07:00:50,708 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@18d3004e'
2020-01-28 07:00:50,708 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:50,708 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:00:50,721 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:00:50,725 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:00:50,725 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _ca9eb053a095af732c59dbae3c33d9cb
2020-01-28 07:00:50,725 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _ca9eb053a095af732c59dbae3c33d9cb to Response _39f77e31927a96c47c6f38a682032de9
2020-01-28 07:00:50,725 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _ca9eb053a095af732c59dbae3c33d9cb
2020-01-28 07:00:50,725 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:00:50,725 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:00:50,725 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:00:50,725 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:00:50,725 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:00:50,725 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:00:50,725 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:00:50,725 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:00:50,725 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:00:50,726 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:00:50,726 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-01-28 07:00:50,726 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-01-28 07:00:50,727 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-01-28 07:00:50,727 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxdPU/AL4fuHTA4omr9ju/SGl9joWrnCP69x1m8SXs+X+zr4Cca2q2J2gsbT+FiSsUZlw2fXl++s5mtaVNX9OHwHUIhMFQX+9gLREDGcbt67ZArVg2jUn9aSUIrklVJ8F9Oku9Wg== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.14.11
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _5fa1931742c546d9932803d38686d4ce
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _ca9eb053a095af732c59dbae3c33d9cb
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _ca9eb053a095af732c59dbae3c33d9cb did not already contain Conditions, one was added
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:05:50.708Z, to Assertion _ca9eb053a095af732c59dbae3c33d9cb
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _ca9eb053a095af732c59dbae3c33d9cb already contained Conditions, nothing was done
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _ca9eb053a095af732c59dbae3c33d9cb already contained Conditions, nothing was done
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio1c3.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-01-28 07:00:50,727 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _ca9eb053a095af732c59dbae3c33d9cb
2020-01-28 07:00:50,728 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio1c3.my.workfront.com/SAML2 to existing session bb984832ee0f8e326f1bd814fa7df2582f850a8d35dbf416e1cdce25d7fd70ca
2020-01-28 07:00:50,728 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio1c3.my.workfront.com/SAML2 in session bb984832ee0f8e326f1bd814fa7df2582f850a8d35dbf416e1cdce25d7fd70ca
2020-01-28 07:00:50,728 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:00:50,728 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio1c3.my.workfront.com/SAML2 and key AAdzZWNyZXQxdPU/AL4fuHTA4omr9ju/SGl9joWrnCP69x1m8SXs+X+zr4Cca2q2J2gsbT+FiSsUZlw2fXl++s5mtaVNX9OHwHUIhMFQX+9gLREDGcbt67ZArVg2jUn9aSUIrklVJ8F9Oku9Wg==
2020-01-28 07:00:50,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:00:50,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:00:50,730 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ca9eb053a095af732c59dbae3c33d9cb"
2020-01-28 07:00:50,730 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ca9eb053a095af732c59dbae3c33d9cb and Element was [saml2:Assertion: null]
2020-01-28 07:00:50,730 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ca9eb053a095af732c59dbae3c33d9cb"
2020-01-28 07:00:50,730 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ca9eb053a095af732c59dbae3c33d9cb and Element was [saml2:Assertion: null]
2020-01-28 07:00:50,735 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_39f77e31927a96c47c6f38a682032de9"
    InResponseTo="_5fa1931742c546d9932803d38686d4ce"
    IssueInstant="2020-01-28T07:00:50.708Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_ca9eb053a095af732c59dbae3c33d9cb"
        IssueInstant="2020-01-28T07:00:50.708Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_ca9eb053a095af732c59dbae3c33d9cb">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>yssQV3sHOE4taWkhVLHX9+Q3Zw999FLumqEwpurHJHM=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>MfWkG60dHDz9qPGnXevVBfFicLeTX0syIFN3AXXeigZNtMAFmDWWXMSiiLPm2/7r4Y4QJlbmu5mDZ3MJivP1EMf2lD5ESjftvHtFqW595PpgkhBr2AtE70gtMnj1gPU8MuwBpba6/uw1PzjZQk9f7NFX5E9tr6f285EQjgj5rdeqecTJz5pyo4UY/NvbG+gHvSeGfPnALReeIL58fm1PtW2sjcFGKmPww4Fp20yWVxgbOyJNk+ivL8u25uizFS8sNwVd/W1CN4edOuLslZhh96VtWMhZZNbGhUT9fePCtvuh0/4+cpA7/FCrLYfVSs4cxHK1jlX+5hrFbqvoVWFQSw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio1c3.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxdPU/AL4fuHTA4omr9ju/SGl9joWrnCP69x1m8SXs+X+zr4Cca2q2J2gsbT+FiSsUZlw2fXl++s5mtaVNX9OHwHUIhMFQX+9gLREDGcbt67ZArVg2jUn9aSUIrklVJ8F9Oku9Wg==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.14.11"
                    InResponseTo="_5fa1931742c546d9932803d38686d4ce"
                    NotOnOrAfter="2020-01-28T07:05:50.727Z" Recipient="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:00:50.708Z" NotOnOrAfter="2020-01-28T07:05:50.708Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio1c3.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:00:50.643Z" SessionIndex="_57b0d7459d7498f376d5100ba0622653">
            <saml2:SubjectLocality Address="172.31.14.11"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:00:50,737 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:00:50,738 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:00:50,739 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_39f77e31927a96c47c6f38a682032de9"
2020-01-28 07:00:50,739 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _39f77e31927a96c47c6f38a682032de9 and Element was [saml2p:Response: null]
2020-01-28 07:00:50,739 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_39f77e31927a96c47c6f38a682032de9"
2020-01-28 07:00:50,739 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _39f77e31927a96c47c6f38a682032de9 and Element was [saml2p:Response: null]
2020-01-28 07:00:50,743 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-01-28 07:00:50,743 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio1c3.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-01-28 07:00:50,743 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-01-28 07:00:50,743 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-01-28 07:00:50,748 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"
    ID="_39f77e31927a96c47c6f38a682032de9"
    InResponseTo="_5fa1931742c546d9932803d38686d4ce"
    IssueInstant="2020-01-28T07:00:50.708Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_39f77e31927a96c47c6f38a682032de9">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>JJl3qG4Xu7hI7c6+GUhGEv8Ayv5V1kpBpLQEOCm0pwQ=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>h55FzhgOTMm2Z6E5+W0yWJpqDtiWZRGcpj5Mz+fGRP4/zLnmLE4hZuvoUG/68Dn8KPkcjOXwwOcfn0PTFu0cFw0Mx7Y0gjk15xedmCXXKcFzCyhCssf8nEv8/7Ow/EGn7HbuTJNSEHSAiX0YFdr6Rd3HSKQvhwdel3k/KeNEEyZlQApBdSX2i3793wNF+8fhtWf25zRT8koh89D1Ft39zseTOL6kiYyzHlmKgbfN8YVIIIViWi9vZWuECXZUGIUoR85GcPRCAGtDVuEKPX6Gajq83wfraaRuhiwRBYn5IeVcprw4mbfmu3Kh3u24wVJ4bgXujgGa1jzhr+NrEJGGHw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_bfb796f5cb650898e3372b8e89df3927"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_03c7eb9f2fceddf094708fc69d71343f"
                    Recipient="infraio1c3.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Xc+EJu5p7KAnGcbR+rr0BXE2vXbcbPY+BI5HfiQbDb31DpkIg6QAnQ3M7hWc+wHKpfSMUoNWTXV562oZtX5ryTPy4siZ1AAEv34aKqIO5E+NGwSNzn3A4BiRtNljKszOHCdLstXFGvT+L5Et+4njsq+z/SgnUgbFXUyAOw8FpSCss5R8CFM3Fa4t2Og+MAjkCrSWxUn50vJpMswWhyJGqH3Qtt1kM5hKz9C0VsuQ9LGNMswDSqhY5aROyaVjuiwwJwkTr15QUaLFNRQsxkHbYoRimBJtevV/DgI2Ci3mFm1HSlohoS15fjM7vkTEYXohoPzKsmoBBUCJiSF85jNbtQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>rPWtuNF+LEfYMid4NPY5UDFWJPhTDXXs0ydN0UU8xZo+68ENoeYvXTEO9B+1lz6MQIekbF3EaGNBS662nFnZhwKy4j+vkAkNQvj+DnLtvChjvSJKSIwyOtuof5L+5YYZLSCBh0PzU7ECDH0j87VBvn9uEX1Fdv45LZBFQ6UzhD0qXecoNucHt7UEY/Fo2n+IeICELEwnEixnQ1Tr35i4ZzxoW1o8XQhsyCpKulbFolBbIj0mOgtrzzSSuiNx5xCC8soA/P4JSG8oyZyB44ToWHOSNg00UYVoYUY32PkbDirkBiMj0CRb0qi7Go3jodzk231sPzOtl2NGBQchTPZYZ4bm7Sfiafr5CzgVJVUc7zjnEjdENF6bx2OLYZBD4tl8AoKcPRNYr7vdvyeV8UT2wJ9VWxoAu4Z+8alsTTnYRFDDCQpyu8gS8zPTO0w6d3Cj7r0y48eAoI2yOmBvuR25/q/6xJRRd9D+5l/s2B3J7Anu6szOdeNEyUANphoSVSGPv+eQNeEpgo2iBp14jgtfCETu57BFh41WHYX/NWaP1SdT7NzAzp/ZbpZ2q6j5lXkvCyfHRIrIeNsnZ7++XPa+26TkbbWMm5qYFKLGWngNI6yuutGRWf0AlXl3cDAIp09g7LTIG2D3NeBJM7kc4obrAn1HDTb21agUgfaxHqaPDGCU93lgHbkLMge6NMX40Y76dtK92rN1GLSV3OH6g4xnPbQD46ZuNy+yPdICwsAkRmjJ3yGX4XDB3dVbuteIfXGwqzpRHpB3DScx/RsOhdVEr86xM3lb8dqXJaT3qg/5h4qycPvnbh5ZL+HPwXk4557PYHmhYO1A6cXSubwlF22xqKKzB/ztkB0IFbBTFpD/zaIRhquLDGxg6orVRXbk1NdpC3EkJwcPPiVnbQARAlN+y7ysU7kCtG0R53kDv8O6PqWTA7su7lKE5GnRzjlo7UXTGX+3tGDYQBUOuImHC3QEiFxYmN5bOpErm/QAOCoelSe0P7y8ZOmmCaSLYTzAJDH5Jrk8XMbIL0kvYVUgHnaY5kj/v6OJxWbuF2DydQVcNsWlSZnGOOSl7jY54em6Ne01KutqHHNVHWIoqgWrEx3if+KYZ9Vv9NfhHlq/vbP+xFqEjo3+akdkW/pV3FXNaojVQnYcn5ZuGYT1xsh6CuC46zeAUqd5PuqEKtVPFlqx06e4oBC5SCyaK+wf/+6/hQDAAd7qo0ief2vAyJPIr6ly84OSnm9Zw/T5Srl2ozezfy+1/2jKPNpU2/4+KOCw1xSTWghmNFMMuX6Pno0XS55w+YWJEkbBQtmlwZdxZ/GMP5JIwBx3FBmt3Bnv4AlY6322OukDtAJj/OCbqkxoGq6DtFYAhxSYxsudLJeAd+57IOz5qrHyk5MiMSFd25WBqkmL2YLqEott27j9Wynns44ABtlkB3Hl80onTJqrqkqJ3/D+lK0VASKenxD0gJ3hz7ColGFCDulbSyRko7tr733+Pm0gUt4FKiEo2CYTwiuB7Fv3lqFwmalOb9014vGmEZKuMp+VqONHSxrZ+H6A8T5hkEbrlockEoIjgXHrYXSDSZtjzxoG4KUIWis6KqpPp5aYt4J8yNZhEz7IvZkZbMEuJENLE7NKG0yTVXIUmGWbzlecOlezDzDG1JYOD0YMGTMBXUcwplojlL2cA6YpFJ4ay1ysFcZ6R8a9x+5Kr/8LkPjvuhCIWR1GbTARNoA3Dpc0cstbyKypDKvE6GpAtuQudtE2RUk7K9k7u1NnpkhHlYqZ1HSD0s955eUbT0Nq4l4p0D2zS2ODbKoiLm/VpWREVs0dRI9a7jluG4h1kFRJuIRJaXI5padSXBuVdGtfzXZufjNpV2K8PvQtw3rp0Qpkp7fY647YvMB59FVr/Yd32rdIUqZVzREz1bveZoEjMxlrQdi+QUaYWrmGzYrIb663LIjMozH6m6YstfQmEYH3+c2oxowS0WlN6RZYXKORP4s0LVJdO7E6SPV7xzSanO+I9rHQDfRJnjWg1oFlLIhKG4xU82FwU93KrIgDNpGRF8NWkLVCgWFl5cOQN29mOFnwEmakiDPcnj0nHvwTdWOZMVEjvi2/LpRIXItgWZujM13ASsH2KZeJsSaHYr/XDepQki0IOO+88ORt48w6hZS2hHNEAD580aIFf0mUaaGfjXp/KqucH964aL6qS/S7hKW9Yy/X49aypz5dwoFHhaXLw5w+ea9sUUJWe9nc2+4h+yHGQzq4kSvLm1ZorKwDSMfzH8DVEocjDERw1WyihKw8ysEvn3Czpn88gMb2eShy/HqAJXpAkRaIiGzugaiC5lRoTjSWj2nweMVkmFgD8FuqGejUS4BiXquo12MLmDwA3MuEl/drUvPZBc58rvKfiHjjjWaNr1/V+kgp/+BLcDlswYV7QPAz5kg9FtBameJt+zc+c1g3jnBB8Lx/ZY9BiADd7bd27wrGwLLv42zymsLRFc5S+DvA6kBa/CVcdE6U7Ya7Rm3e2ebldwFikwmqrlv0JP41yX8pBMphNBz5wP2z2cohmKc7pTmQt4skB9Q29gwVkSoX+/lzIXeodIQ25cSNJi9yCN7+H00fVAzwtd0trPalEAuKrjO+V4bq2WkOFWCcsjfafaMeypdP4TGAmFD3tiTJfMd9GpZZwg3Xb1zThPKWiu45I+fEC0gxMGrrW7gx6jZni5tRU273aqokoQEkjSnhizOWBKwUYB6pzJvgrUa4omigQTm72LrooK+8gblRXume7BAoS8PdwgrlLEDokR39TmmS2g46wYENLwP0kKtmosQnW0r2NgqmKjWgL5iAaCCazJuP8Ki/oe0ifrQwpcvP5TjzQDIWmTK6cXaI/dRk4+qYmvTcyOga8ytehizLb1MWSLWkDXlStf9Se70bNw6rbbqPx5GH9EjmYaArOUgtvLFMlFWedCxnfrZKj7PVhBtpv2hmHf7iCij5jvw5T1BiL1Usdc17QBfgpSekv9eYv7Vx7K4U8ul9ULHZS5qU8+H+OG8k+qirsrIH2rXNw9s4eDUBGb3hgjd6LCckqEPbD1HyBWqwkIvQJwQhhn/YGvBbIYYHUd/isWVPxqNXzpzTy2gb/MdMJyZpQ2EcKagdUe13/6VhUoHGL3QO32pTsxzbgnD0lPz3lajUsCrekC1Zcrmn5iIwRj/czoVX3am/zwxFisWINGxVqUGb4iPS+EtsLOwtYgDfMrKqRbzIVWkZcl0SXPdlek2JplCrRqUFpUiH7wXaob5TOkzjP/vu8B99AL1DxQz9WTm9pDRPDOvvNJPZa4qD9Q1zuQHwggI9ZSfOGOnPMjrPhZ35JbM3q0iN6/lTijmAeoXb9r/FcKTolO02TSBo8pGtHZeWCt1yCl7BanUTY0b64DIObYjUipAE22TWQIKNSPWKLtqy91BR4GWKdXA+ATyTpl/wV/4mIaCislokc79ygJxaHlf2aLaKUhvxBioG1xwNEL+1rQJz9oE1eZNoyQDUwic5JhVILL7g/0EcGNPud95iBAZnI+Rr4m/2T+tLicgmY43AN6I0URzgRTrlvy+T9LRDEVceyRsognKBwyrpe70/S0V/1/mO+z5mLhhN0fVvU5jqEPVaQ43MgTuxppyL2yvXg9JfySg87+3x/5ACgmZ6FnI7R3trOXA2wMZF/luqnKjZ7Dy41VthGUqziDVyXQVonxKVyHre2lmt8b2IE2cP5poQTe4LWJPbWN+aR/vNanDKLuS02Lpba83+4YivdlCTm1gmUfSiJoKvfN29LKZR9FzpuCXhnISniqav54pL+/+UGRj6d67UzWp3v9KuiEptcatbF6a28V/iuGRGL2BjK/0wCZETb0VWsLSyPl0Unu/BWcpjZBmERGGm9ipI6sW59gVIVWmnnWf96jWlvgZt2mv+bn8f/wthwacfsmsWeMCH8pkNnFc7Jy3YubLBxUqxhMH+e7PpXfNbS26WQnQtqIPW3BYsM+kz4zZDdCF+3gw85xi6SmyOTkLH6N5WGLCqyRyP5BSvflt2KKhSA4BUew62dQyonk64NIxdSW9KZKDDYtO3ZuOW9gi37M9DxcJH1JVh4zFi5CGYVnn0ne27a9qgCIRbBGiBih+5WJ1at6ZI7pl6wy8Hl9Vr2v7vifuHBz55Kv0Qx2uT9o9eX+nThL7Sp1sPYg4qPNkkEsmd+T7t1qzd8T0l4PibR4eZ8CIeB6cUKnTDplMH7mOVLMKn/2KoF8JuhLm8xN+cruuoxlVnl5/vUrjcGoQltcEOWW7Cf8riBwL8SzuGrgLUKHGkNPxTD285athySLmU0A0ao3EusDphRC3VVGEWsjIZkmGUs0pz1yD1jrekL13UzWCWl7nTYh4+EQ7Nf8N5vQbH+lrQJEUEi5GsXtVB4UPOihnYADbhKZFvDlcvhUQsh0CSAXp4ATeZbyb+dB/MLHTt8jR4ZPbJtfe5gsEIcPraXQJahiFcxy3D3nuKI6Ab2WEHdZvaUeDUEwDDhwDJyRsSUbC1KInj8L25JMdHI8ty7HS3z+Cm2SxESBPAoVbDNt0puDz9sD8DeMCERGgYRHETDTg1La7SDML03kXxYEM+Atjhflk/KpFiD1d6PQhfKiAdKNo8vMDqViNsr0Ph04BWdaMxAuOV7JjDMBE7ICndXO4DfLBGAh4/DTMwuTP/MVlQxcbxxEP1HPxX+fnGXsLs+RvMsf8CCQbmI/yBrIlPTcJEnv+ObLEmZIMSVVoDOObXVhrMxyXyMpYYHgJvSgHn9vp/DC/HgK+L58fSKiIn0OmP6mnPScB11vwNXBk1oWx8K6x2yjJviaWSxbo1ThZZFsrmceDk909kbSd9E8xIJ4KpHuy3zmEcgkVxUN5q7BgjJhhmbmJ0qPsOA8Yb/dA+wVbueOEN0s/RJWQx1fNsF2MIbJuKxmr6FoZsxsJo9+DokT/MT6xOfKoAH7SdiKuf5z6odYD6UmwIXG+l0lxdJPKzo5B1ogVdwwMeCI5A3LW8FrMHDSZQlMr7hHZiC2ibdI1pesdOPvpu9Xb/OT3SypixXmfxs75QymtJbz8/OkOLv9x/VGIB9bRAIiDbWCvD2j5RMCogQezYBU8AjhOmdPXTaM5MyIzBRahvp4DsNdt0aei/36Cebt0L3vamrbLqrP4zsc4wKTq1OPzCHBP/YNMACWz5X89q+LH9T+ZoY7gnOqSE3O2ANSXQbdQT2vx+JHWKGvgHnQbpAMelMstkgAiIUTZZ3YxYq8Sz8QX2xnOKlRskRemHRrHims26yvngEUaKT7vMfEbqIVNVVe49FI/SrfvEyBtAnj3Oe0AKJvepca1hBodtR2E4D5SLeBCt5qC33DylWinw6is4xGOVayKOzNnMl2hqR68sSWZyvtv0mDRHz6AxSJ3nZmvG3WPxMzLDABULa1yp+qAaFabMMw6N4m3JQWwMaS3/+TDK4NjwD2yAesq5SZJJ1LTafGXJpkrKdrf3L1teAimrT+IFpGx1OGmOBm4r6M+mstlm5x5hr6lQe1UOENAqTamgtfYYUPS3boYmRhiRNL6B9SCpjs+h8L/+K+gy9iqVgm9opgrZqWhHisWB10L95Wq1obEtjI3olTtbOXymsVzjVvdfExFHZ0X0YlvHTjRHlC9RAUCPTEip7ArnYh12HbGS473xmpVutbhDGEuVFKEimcO5I584ZjvDMVSdbNTmFSNRtVeF01t8HNBJKUFo0ZyMZy68eSZUtOGcHJlaNdO2JdyWEVSyTGeMmjdrrMu4t61+ua5Qpl2qEcIIq/g1AxPTM7zCoy7Qnh4OXQ1jzv6reLLgFjiQF8s+zbat/ceveHajyl7TuHh56QHh934vXPEhTN2VpA8Z5kHyl4nLHScx6aon9VTzVTGoZxhJFBqb42xJC7wdw3E1RURXJq/8r9wO80adWGC08eHTlK3gAEdhoT90NdNchVKdb/v+94CcVbHN56JeCxfU0heoUBT+l85ptEP+bR7+cM6MX+y6+ibRlB3Gp/bZ3sxZWYB+TIB4GlAc1CN6hMdQOckHAXO9iBgYjpNCHGFEHeGbZ6uvOW7EYYpixgACnrRiLgIenKMxte8iBx3GZ9WYQJI1rEh1MdYyZF2VClkufX+08MOaH/HM6EZG+OSEw9jUWToYh8iwwOh9rnG9N2E2nSFdOwbKzm0uihziyfhfWW0Wu6/BxUb++QF8g+38LoAmr6tyUIGMGooE45SFAup3ifAY3eZbgkH2NwdP17JITZBhSB6kueZ3fi5KQliXddEeWjfMTPkqzB6ancbr2SN4P1EjrTdwRNflpi+mRladc3bYk66SRVSPotLdwHfsM0SF5/zO42PpB1VSuFrIKW545CfFl0mlJAIvVYabqZdx3cSaIkkqEYE0AnP52taUFu5auwuxz/HANEaHbxDb52frtRIsAOrP1sSq53C+XTDPbZEkH7XYLpqlU0K20R66SdR2MGJPrbBFrBlRT496vbYQeP1PhkidLgVj5RyVVFNo1Pgfw7xAlWARBtd/mskg87XPmcuGGOzEgGZWdPbcspE49/mDWffWA8kTKuAbe1rsbgrAlxEqulBsuLI/zNpyDQEJie7rYn8px1phxIRq+iiY3/NvgqS5RfcwxTihrXiXIK9+JEY4b/Xpa+nQpaa+AcP2kYBpPTTzN/IWzMPi0A3qP29MoVgKLQPPhIJ7mbapxdJWWlCRyBmA0Tai/ACZ2MZCVzVKi55uyEX7d4BHQl01gta912UKHqFOMjC8C77ASb68ZJUU0jLhrNkaCdtDoZshHuyhwJuZSdFv4QwDTqAw4XOrdHkJ6uzppldBPFRrVnl9jlHOl78is3jm2C0MHTpiMNULPsgFTLsLf68TApqvPdYCJZPApEqiJYUGpIshIvQRo079iqnKahdGgj+pWnzvWO0/wEoJe4NXXDzApev86OMvxK1JV8aa2jBOjFyZGQ5fI30IuBv84aaG06ZpKCaW9wd297JzqETKG+rjYly/w3D9sW9CfleqyQiH2LQlcp8yYz7+RFDCb40Kem6Yc3UEiTpKhhXp1mPK3mkM18soI/8bOnM24SIWlV7T9bOqR0iGx69obvZgZKhEYE0PVmsj6Z/R8RpTLbEvjxQcgKHh2yXggWHQI6izA7KZHlIxsTPubbMPYb7ZFblaWdqFjLbba2d8FkhkiAQkwXst57bv5+YQKMzc0U80Xf+2Kext+Bh2qohfm0LeSU/XdkupeGZQgrCbtYOD3l9kp05+UWrScRGDoyope8e8gbyP+aYT1xlhEp6EKroOFtZwr6hiXTvsBfFmx9n8g82XsDcWYaoCpppQgMiSqzm9eCUe80zdVCFiMaEHe0T8U42zU2hzV+oRgtG1vU5Wfnm4Q39HOtpy96Fc+eGJhiY8pHiRZIzVi42QnnjbjFYKC/mcZfyX2IhVfrkADEOviRMeENiZMW4TjBSkndcarU/cvjbtJMVn5BebocBbO4h1lPJRTGcMyJDcA1u0s7J8Ch5MtbNcWwAgnkoGKSMp8+d5viws8KYE5yfDTAj1LCyiVjYYpt5PldRVG6MHufI+s2EvoS3liNFstvrdEFzYMQbTRR5DheEvaOtGzd9xiSSA+K/9YizPrCfnImklwSu2hfEVrR3Xp+5mVxGwdTq9EdLbyCK5vi9NNm6s7aRAio2VgjlT0UA8WKD9AYykpqxyea+DINhJhXtTsRV3CcxxovPfINqU8eJdNeMDfXfw0BrV80KD1WMUDGILs9vy3SVJ4zyUn35ziSuoNgXDBezLh7xU+ZTvLRLz82V/Wga0DQrBLD5Ll2MwWbk36m3DrIyGW8lR7JLCvlbgcfs8IhiDEduiFCNXPsVq4vwKwTH3Cz6PSD472EYg8jK//IDnD1NkIasfPSpq4dUcqYQBLRtDifZmGTFklvFKYrnFYdOMfrYjj3kNh7nzgptJb6Du+reXXXMJu//2JtX2qoCmfoKFAjfIyWqk3LfGJFDbsCtSrT+L1aPZsp20TCw=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-01-28 07:00:50,748 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:00:50,748 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070050Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5fa1931742c546d9932803d38686d4ce|infraio1c3.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_39f77e31927a96c47c6f38a682032de9|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxdPU/AL4fuHTA4omr9ju/SGl9joWrnCP69x1m8SXs+X+zr4Cca2q2J2gsbT+FiSsUZlw2fXl++s5mtaVNX9OHwHUIhMFQX+9gLREDGcbt67ZArVg2jUn9aSUIrklVJ8F9Oku9Wg==|_ca9eb053a095af732c59dbae3c33d9cb|
2020-01-28 07:00:54,052 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-76260-0KAmfuyY0XwxV33KkHOOZqnPRA07dk35
2020-01-28 07:00:54,052 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:00:54,052 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:00:54,052 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1"
    IsPassive="false" IssueInstant="2020-01-28T07:00:53.034Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>zulYTRpEC5uSi+uWrICLaZTan13qlgy8NwXzXiE1u3g=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
lKNaS/Sp0W29YhEYqNUc3dRqL0rfjIjyVWNci1+xQdFATOsKDJb0pyBdU7iBJEoGWC6J5x7LubWe
o3ee4plMdYeAv0mtWPIp16K2tXSc0VO2XoXS4DvMQCai7FV2SYvq+N1jzQzZBp/PXGfyP0KYifK5
b4Ug4JayZBbsZSXIfQK9V8XOG6n669tXemAXyctIQtZRDyKUMXT92twSvnPKhvdbeiLMkPFAZJP3
NPlg5s1ffSLAsFb0Rb+bWlq2kR1W0xjzlWN+Zwvg0t61jTGARFpFyeo3HJXTLGpWh4pHJMR45U1D
dh6WsD9iMCfJVS0p7HYnoD7PPzJcxqWEjVFaEA==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-01-28 07:00:54,054 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-01-28 07:00:54,054 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:54,054 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:54,054 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:54,054 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:54,054 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:00:54,054 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:00:54,054 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:00:54,054 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-01-28 07:00:54,054 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1', issue instant '2020-01-28T07:00:53.034Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:54,055 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:54,055 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-01-28 07:00:54,055 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-01-28 07:00:54,055 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:00:54,055 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-01-28 07:00:54,055 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:00:54,055 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:00:54,055 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1"
2020-01-28 07:00:54,055 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:54,055 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1"
2020-01-28 07:00:54,055 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:54,056 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1"
2020-01-28 07:00:54,056 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:00:54,056 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:54,056 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-01-28 07:00:54,056 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:00:54,056 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:00:54,056 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:00:54,056 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:00:54,056 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:54,056 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:00:54,056 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:00:54,056 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:00:54,056 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:00:54,056 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:00:54,056 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:00:54,056 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:00:54,056 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:00:54,056 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:00:54,056 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:54,056 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-01-28 07:00:54,057 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:54,057 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:00:54,057 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:00:54,057 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:00:54,057 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:00:54,057 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-01-28 07:00:54,057 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:54,057 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:54,057 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:54,057 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:00:54,058 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:00:54,058 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:00:54.058Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:00:54,058 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:00:54,059 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:00:54,059 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:00:54,059 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:00:54,059 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:00:54,059 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:54,059 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:00:54,059 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:00:54,059 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:00:54,059 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:00:54,243 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-01-28 07:00:54,243 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:00:54,243 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:00:55,780 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-01-28 07:00:55,780 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:00:55,780 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:00:55,780 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_9fc03b1436c74453a1c23b1baed98247"
    IssueInstant="2020-01-28T07:00:55.382Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio1c2.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_9fc03b1436c74453a1c23b1baed98247">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>D9RA7xNX6oWuueViXdAAX9jRTh0=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>kzLX39bPObK1rZuNgH47u/epp+xCnKWCGNGTCu6X3blRC0VrSkjGJHlJaHqn9jr+9MEARNWuIpkiOmVEMt4TsZp5uDkgRrqI1Q38Wzd7OGinGHd0eHWwEYZVDKN3lFMy2l4XmWbf9P4JeSiIp45u4nfFy6Uxtj8mvFlev16nPIn6F+u+K+2VLjbqwlHZLAAreQ3AuUqoLciqRCNZUN02k6uZo52muuH7lgYKsep9FilbAuUzF+rn0gx3XlKNjmont7kIawwtZxykxZiQJEgJbsw7f1giKt13H/F1bvSLo1CS6lSr/MEBif3mbfwecjCY1tdXqL0krGcXeTaXH7pBsg==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-01-28 07:00:55,781 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio1c2.my.workfront.com/SAML2' from origin source
2020-01-28 07:00:55,781 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:55,781 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:55,781 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:55,781 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:55,781 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:00:55,781 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:00:55,781 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:00:55,781 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio1c2.my.workfront.com/SAML2
2020-01-28 07:00:55,782 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:55,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:00:55,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:00:55,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:00:55,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:00:55,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_9fc03b1436c74453a1c23b1baed98247', issue instant '2020-01-28T07:00:55.382Z', entityID 'infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:00:55,782 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:00:55,782 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:00:55,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:55,782 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio1c2.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:00:55,783 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio1c2.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:00:55,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:00:55,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:00:55,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:00:55,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:00:55,783 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:55,783 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-01-28 07:00:55,783 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-01-28 07:00:55,783 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:00:55,783 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-01-28 07:00:55,783 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:00:55,783 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:00:55,783 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9fc03b1436c74453a1c23b1baed98247"
2020-01-28 07:00:55,783 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9fc03b1436c74453a1c23b1baed98247 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:55,783 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9fc03b1436c74453a1c23b1baed98247"
2020-01-28 07:00:55,783 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9fc03b1436c74453a1c23b1baed98247 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:00:55,783 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_9fc03b1436c74453a1c23b1baed98247"
2020-01-28 07:00:55,783 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:00:55,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:00:55,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio1c2.my.workfront.com/SAML2
2020-01-28 07:00:55,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:00:55,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:00:55,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:00:55,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:00:55,783 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:55,784 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:00:55,784 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:00:55,784 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:00:55,784 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:00:55,784 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio1c2.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd' 
2020-01-28 07:00:55,784 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-01-28 07:00:55,784 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:00:55,784 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:00:55,784 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:00:55,784 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:00:55,784 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:00:55,785 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:55,785 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:00:55,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:00:55,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:00:55,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:00:55,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:00:55,785 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio1c2.my.workfront.com/SAML2
2020-01-28 07:00:55,785 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:00:55,785 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:55,785 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:00:55,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:00:55,786 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:00:55,786 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:00:55.786Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:00:55,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:00:55,787 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:00:55,787 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:00:55,787 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:00:55,787 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:00:55,787 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:55,787 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:00:55,787 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:00:55,787 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:00:55,787 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:00:55,790 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:00:55,791 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:00:55,791 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:00:57,078 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-01-28 07:00:57,078 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:00:57,078 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1552419753::identifier=rick, context=org.apache.velocity.VelocityContext@6511be78]
2020-01-28 07:00:57,079 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1552419753::identifier=rick, context=org.apache.velocity.VelocityContext@6511be78]
2020-01-28 07:00:57,081 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:00:57,081 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:00:57,081 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:00:57,081 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:00:57,082 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:00:57,082 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:00:57,082 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:00:57,082 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 2180e3d3480503bb3a3b25209441be3940f824c0d73b2234b001e2072db64305 for principal rick
2020-01-28 07:00:57,082 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 2180e3d3480503bb3a3b25209441be3940f824c0d73b2234b001e2072db64305
2020-01-28 07:00:57,082 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:00:57,083 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:00:57,083 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:00:57,083 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:00:57,083 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:00:57,083 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:00:57,083 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:00:57,083 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:00:57,083 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:00:57,083 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:00:57,083 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:57,083 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:00:57,083 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5782180'
2020-01-28 07:00:57,084 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:57,084 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:00:57,084 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:00:57,084 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:00:57,084 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:57,084 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:00:57,084 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:00:57,084 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:00:57,084 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:00:57,286 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-01-28 07:00:57,286 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:00:57,286 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:00:57,286 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:00:57,286 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:00:57,286 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:00:57,852 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:00:57,852 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:00:57,852 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070057Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-01-28 07:00:57,853 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:00:57,853 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:00:57,853 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-01-28 07:00:57,853 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-01-28 07:00:57,853 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1611730857853}'
2020-01-28 07:00:57,853 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:00:57,853 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-01-28 07:00:57,853 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:00:57,853 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:00:57,853 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-01-28 07:00:57,853 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5782180'
2020-01-28 07:00:57,853 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:00:57,853 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:00:57,854 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:00:57,854 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:00:57,854 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _88e850ba9ee049335e9580ca76a79485
2020-01-28 07:00:57,854 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _88e850ba9ee049335e9580ca76a79485 to Response _f687b61a1f5882c28fe4b250876a82be
2020-01-28 07:00:57,854 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _88e850ba9ee049335e9580ca76a79485
2020-01-28 07:00:57,855 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:00:57,855 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:00:57,855 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:00:57,855 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:00:57,855 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:00:57,855 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:00:57,855 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:00:57,855 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:00:57,855 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-01-28 07:00:57,856 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-01-28 07:00:57,856 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-01-28 07:00:57,856 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxCqYMtcgV97TKg9L/VL5Useosnf8DgNSn2vLythZJ2IVg+b3l8nhQBVdhybC9DC2ZOi6beYNysHML1ovxMGAfhHGi8VHSZOE/h9StGzwIIsdACzYMnRPgms3phlTnDan0yh7l7b9YOYEzE5sFStKdfqd3GerxUWM= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.14.11
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _88e850ba9ee049335e9580ca76a79485
2020-01-28 07:00:57,856 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _88e850ba9ee049335e9580ca76a79485 did not already contain Conditions, one was added
2020-01-28 07:00:57,857 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:00:57,857 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:05:57.853Z, to Assertion _88e850ba9ee049335e9580ca76a79485
2020-01-28 07:00:57,857 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _88e850ba9ee049335e9580ca76a79485 already contained Conditions, nothing was done
2020-01-28 07:00:57,857 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:00:57,857 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _88e850ba9ee049335e9580ca76a79485 already contained Conditions, nothing was done
2020-01-28 07:00:57,857 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:00:57,857 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-01-28 07:00:57,857 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _88e850ba9ee049335e9580ca76a79485
2020-01-28 07:00:57,857 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 2180e3d3480503bb3a3b25209441be3940f824c0d73b2234b001e2072db64305
2020-01-28 07:00:57,857 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 2180e3d3480503bb3a3b25209441be3940f824c0d73b2234b001e2072db64305
2020-01-28 07:00:57,857 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:00:57,858 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxCqYMtcgV97TKg9L/VL5Useosnf8DgNSn2vLythZJ2IVg+b3l8nhQBVdhybC9DC2ZOi6beYNysHML1ovxMGAfhHGi8VHSZOE/h9StGzwIIsdACzYMnRPgms3phlTnDan0yh7l7b9YOYEzE5sFStKdfqd3GerxUWM=
2020-01-28 07:00:57,858 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:00:57,858 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:00:57,858 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_88e850ba9ee049335e9580ca76a79485"
2020-01-28 07:00:57,858 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _88e850ba9ee049335e9580ca76a79485 and Element was [saml2:Assertion: null]
2020-01-28 07:00:57,858 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_88e850ba9ee049335e9580ca76a79485"
2020-01-28 07:00:57,858 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _88e850ba9ee049335e9580ca76a79485 and Element was [saml2:Assertion: null]
2020-01-28 07:00:57,860 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_f687b61a1f5882c28fe4b250876a82be"
    InResponseTo="_ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1"
    IssueInstant="2020-01-28T07:00:57.853Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_88e850ba9ee049335e9580ca76a79485"
        IssueInstant="2020-01-28T07:00:57.853Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_88e850ba9ee049335e9580ca76a79485">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>l0Yd+Ane66TH1q9yCEfXYucNpJcFPcqjeWft9+T7Yn5etliGGIhrRlHwBI1x56b7K4sRD2ZVCdkoKYhCe5tyiQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>po2OJ3Q1wZ8tGF8drYAR9f/n+5ou4726PIvmrAdr6twWU5rPkYBZrUysvK+XCOZEPjy4NDH5rLiCXgUHyeJ7M4FQK6pwF9WhAUlS7K6wJbVgOQXMdoMmET3znAdojBVkiJPtoDoaKM8j8WPlAUnuN+NRFuBU0VkUB9rdIbSewanrXqEwFFKIK7Am/rqJV/mSpcQU3CP8zNpY5i31k+Y4qHZqX16LnGmtahB9I1oieEyA/EUh5hg3Bc2ZKiU969IKR+d+dR0MQDpXt2eAWWGP9J590z/+l0Sq4/dFfffBZkHB39T5G0Vfyb/E5hUOxosBzX/1VflGljSNzVzlbtxTNA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxCqYMtcgV97TKg9L/VL5Useosnf8DgNSn2vLythZJ2IVg+b3l8nhQBVdhybC9DC2ZOi6beYNysHML1ovxMGAfhHGi8VHSZOE/h9StGzwIIsdACzYMnRPgms3phlTnDan0yh7l7b9YOYEzE5sFStKdfqd3GerxUWM=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.14.11"
                    InResponseTo="_ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1"
                    NotOnOrAfter="2020-01-28T07:05:57.856Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:00:57.853Z" NotOnOrAfter="2020-01-28T07:05:57.853Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:00:57.081Z" SessionIndex="_0b6085c8d288e2fe781505eb90676e6d">
            <saml2:SubjectLocality Address="172.31.14.11"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:00:57,862 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-01-28 07:00:57,862 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-01-28 07:00:57,862 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f687b61a1f5882c28fe4b250876a82be"
2020-01-28 07:00:57,862 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f687b61a1f5882c28fe4b250876a82be and Element was [saml2p:Response: null]
2020-01-28 07:00:57,862 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f687b61a1f5882c28fe4b250876a82be"
2020-01-28 07:00:57,862 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f687b61a1f5882c28fe4b250876a82be and Element was [saml2p:Response: null]
2020-01-28 07:00:57,864 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-01-28 07:00:57,864 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-01-28 07:00:57,864 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-01-28 07:00:57,864 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-76260-0KAmfuyY0XwxV33KkHOOZqnPRA07dk35', encoded as 'TST-76260-0KAmfuyY0XwxV33KkHOOZqnPRA07dk35'
2020-01-28 07:00:57,866 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_f687b61a1f5882c28fe4b250876a82be"
    InResponseTo="_ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1"
    IssueInstant="2020-01-28T07:00:57.853Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_f687b61a1f5882c28fe4b250876a82be">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>HZP8lwtsuAdhEqXmTvtP8X5EaBvNUde59WPNQZvesh3t8gbBLkWcBbhKgIQlIEZtWGlg5HorXeGMEwIE6pd5JQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>TCtSJkBzTtpnvQ7Lm6uWf9I/ZJig2xTf5jQe6oZb77djiIfgERpuCa1FVn8tAbjApAGov5MjmYs9o3rK1EzncAduKiqPtGQigY1d1FgYdeMDD3eytBnnOKTQrhwKQD8xRAjudOThOkeYMoEttmHCcXerTDuYU6mzwqOkaUJm2T228KMgVoHUZQRPlkGg6FxheY39heqOootxJJ2IOeX7ZgjUbk+EjSctA1ePKGmnsMxpkiLzrl9E1QwTUMJN/D5Sd+9U9jgO7aCodXjG4xHvCaUB8h1H3TLXlszzrgXchF4PNzXCx5j0+yWQ5lJmlMaY2hTT+L7Z8eEi+AkhKpbA7w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_375d02b4a96f6096d34905ba84c556f9"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_481b4336b4b3299683bbcc0d1062f9ee"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>VIMPaBQe8p4J8ACyDV9OSn59/KH627QhyzBxLtBK20V8okZnsIn9CDfwSHbLHSJ8nWXNCXwijlRk94IKQVujfYE5IdLhJK2b3H36sRJ1LEc21K0KDF2KCIYHceT47lPKtIFG2Ije+GNnQ4/nMn6BpSpr8h8WmGWo12khIaDDOl3V/yM2UrXXznB2MXu8TLW3shP1w0AXiUvXdbej2VSlAKH/9jehZHy31zY8pBPg/m2lnRJh7RcszjqmPN1JTeL4KK5ep856NioCAIrOCRTgs0GFILLPGpkvdbI9PA9eXzXlETCWqQ7t3i6CXLn6CoHcKFTsGeQ4zwxLRYMnfZuzQQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>hZq43Wq+EozpNbhHEqmsgwEf1FIxSw3Qsi0htuHZ7Anyox5stmr0AIOPXXM8Vd5YNuTF7njFQ5JnZMHpLzBSJ/jTuGNDb1YLyi0ekYoSmZJlsiCFp6qqvYBAIvmqYcrZw12atthqZgXySRoQEDksWEHm/SYflaKtkxPcr5IfZz9+h9yhBknOp95hxGVcdIk3TdGzVUpF3JIPXJNTON6F8tHbXlTtGy5/FaPtNedwG8jXce8Cu+xBa5A7izpc+EoSycYKwpesKh5BmcXEuir/UzZq69oCKck4pXUjlWTUpvk36TXhFWrZxNo+o4vUClpLiuKqGaPXdoyn2DZDGXb3Di+UONvyi6gWvoieINmhThtdnW3tanMtj7LMjWxUNBC3dvEo6x6AePUIKuLbD+7/mNS5IOFmNamqEwVo1E2Co7aH2vJe3GJ09wd+lvQWmq0Wv14gKTkmxgiajVo/y2Cd66wZKwnLAgc06NzFzRaCah/YFgHxyiQb+hq8grYC5laPOgHbOfuF9hXC17cxumnWTRM6HiOWNvuptOh3Exic5bWnjJBfaNgmjrfAkePC2TUwyvvEjSzVir/r0/2oxbPuIuhydq1Lz5yi2y1X1vFFqVzcnqj8wjY6K0YMW6gfMjiFDHskfkjKF3Sl/GJN5MoYib0bR6tRqW7huXIuja0676Pb697aLg9u5BU6vSsk8mNoeZlq3nl42uiCrYsMUhNs9Aa85IlGs3CVVBV8QSgAFOomJoZ13fW5HruC0+15A5EtE2ttOpu3vVlM5HFYl0IcanaeQcr5HIrio6VfXHyD09iSfxERxywaVUJj11IR4nHtGXnNmNdOC26n7kZENToIYQJuPcvJQG+I7LGLSs7kF/oajlL09uT0En0NGLmW+JKlyu0MOp7jn8gN+GwHKjjluw2JMTU9OYMq2rK4f2MASTvsTosZCpkYl2oRSa6gnpTJgvL+x1HRXfohbt7MaBxodS/yqlcRZ2wFP62zrxuf/joOtP5V/GoHuUudeuPTBPk/+P3zgLubhY+Sl/9hbb2Vm/qh805HaHbTn4qliQTCS8WRf1GW+SMSJ8m7VzjUq6v5QBeOuwvtBII3OKIv1K3qxX+RPVdDPKfbq1d0KTFSp1SFFtn6gicCXPp7CqShAWd3/aBeYkD46W9aacbPqVA0m8OkTAoM8xLDa593DEf+dz9HDoCCnkT6vbKH/huZit8/eS5At4kxNP69lO8Cqua5Cxwh4CEf9LPuP+/rV2w4gzjntamlfeaIQLNEv4dfXCUyF+1abcIQcuiGoCHJIFUk2HLbhxtqvmsMPcGabvSRw27jJGUek8ASGrUnYPihYod6XGtuC52GaDqG2/lEKZTKKpp+7IPzIWoncy4ro7qFmVFRM5qyZ1jiH+nofeAg3sVhamEbyb+VX0XhklC06JErKhT5LgV3JuEl5DNEcNLKVhPEna1hQaHykv9ZfjShYofD8AITWPKnmoVuVv3kSG55ZH9LtavGZOcrdbL+IQ9+ZtK6/ZR2Oo1tSt/Xou2P2RHt2GgjVc+UOwSUxYpg+ms2tyJ5QIgqYeZElquWhf5KOEHZFu4qfqYhzFf+Z37kFc5KrPO86oIiAz455o+EBHxqOwgbi5AfCn4jnJdHzp33A4kVzSRoE/ZUkGVLkxxPBUkIc3h98xhnlg1h5ZXzim74/51O+ka2NS7RtgspExZtyIYzfiWkcLyu1ChLb8gnPDg10/6yuWe08q8AuUdAIK7NK2//ZUkDe7UOdjrXWZsJkf9iKtiHhxmP9onCwL7ZiIzq17wRzv93QO9hj48pmPEwE7tt3aEMup+S8D1hyh3Lqov8UPDzfz7F436ux/SFL1MMFz+7IBhN+x6djwHPEBy3Xpg1MqFAi5ph8IBOzstT/AxnzsnHZOYpm/4dge1BDltfCbMKFPgJSyszbjjqS0QsDZ+YC2pKtRahE4rlUlp2fHIMkCrb0iAX1ebrLzotsbZr/J3UDf2I8CkpDxoL1SipRYTpcr/vF+r4frRpt7tCwG0sik3SAMxm5CN7YGbH1TDvjHzipInk6ueujvtpSwm7eDNfPdatsjeK54zPpJR7z7pjyRyQgC9EspA9GCgVkJpHYn3FleMtBiyLCe/Rk3QbE1uQL/TYtNLnfeOoDDcyqwZpSltcsMAkHEPbS+IYrdHk9xL93EkoJqY6txJIyml+cBwzUCWiwpJbiFoFlSImiS6LUAEoUvHzr1cgGfYTGJODhPSsn8UT2qHJH44GnQA0j2HTon8bZ6o3OVPjipLYA9Wto6G1w5Zza6pExElFtgur4BkYV6mj3kioFENnfhg2mA0wgm2Ubb3Pi0EbNO9Qstmy0lzeS29xVu6lJy9jlL+GBkJYW2rAV0ET6moyB13N5Gdk77zqZ9ay4k4YsM/NbUnDveJIxeWMFSyOvY/3e7rHiBGrB/VpyPkHGG7T7EozNWvFRdg2eA09SAa9Mcv4qv2BmExikZE7vPeUwJDZGQvpi//9b8K5sN8EzB2SeFw7recncWONK1zFe6xGpzYMvnbopIHJ+UnkT8caxxGp5edJuDY3VtXPS/bCvtljyytJO4zNGHch8lUu7cJAEJactCjNP86YEfxwkoC4UQNBgaVXFK5iMdzwxlG97Dxt1VIPfbb6gCJviu+SiQXcCL20iEMGeREynQMF1yKYTj+QC7az3hswgHN41pB3OFMhtYRW1LGM1bosjJwYHVIFCt/K+s73h/5oCvIraX0s2X44+upWd/KLLjJiA0nxq4RizhvAdB4lSLCV3//MteaVwjp6IxNz9GoJZA0ievQ2YN8QAqZDXiswUG9uqcX/9gbuPi9g4eFdxjrMYBrYR/TAKJQV/6ZdpFjkZHE3ThbjlD1rEyM2crIaFqICoPlELgVSqc/UCZmgWvGcJB73T4N8SmXv81PheWztYWSzP3d/9ytWSaq1P+JFNR3UE9n0ruepBHx+wa0XwUKBM7yuwnho8wIUxWi8X9VcmnJXOJw9tMTq7wTTHewMswvf56GFo5YHRYIQChF27y0WFEOtFF56OaHWjMh42SINIo6a8bmli7YU6MX/RL4hVVfGcv50ja3agR2xXk0qrcadr5daH4WoXDYyBqCm++fG7OANH80kDi6BXzqAlFvLaokqRRFTYdHeGC0wcGJwHz8S4IHoyhbvlu0hZXSHIrmFl7RUhtZ8sFKvmVjbjJbxi/iFvDLqmu8tFmW55ahpVNzZnORu4KUWpMb5j+GgdCi2p1qw9ZgMsIHMaQcOZaFoNCe2SelzrKPD9MkemZbJmKw3Ny7CU6F7zikptqRhBzuMYsaB/xitFDhOZ5R9VkJbWhrI3MMyjjCHobjNhcmVnWhJJOWPI9HRif4MG2jIzwrw7fP3nMTfxgGUGrVYxzUUsl9DLeKLt1ThH5vwhBsljCK0xJVzKkP7Yx6RPDssaFJ9eKohpx1Xny4r9t/DoSl92/FFuOglpAs5fr82Edn7ubcnWPUXi3kwc3ul28c6g/FPuJWSB6lSAFMqNrLeQR/EtwnxmHP9MSv0XfGsZkIFjiYtCr6VScUMB6HzHM5roHWc4gO59pqj3p7Zm1+ao0/xLrUSsCUyGxvftkjySTZLu7EdY6+mQi8BN4DkOQOKmDhqoHqNqFuwsq7v9Bt2p0phZwkIgpmz0TQgzf9JyB6LnszAm2BG6DGw2q2g53eOudjw7mkavXmS984ezbheRXlVWKo3VCI3pkWa2xfM57sYG0g6ncyRU1IWZc//UjUrmqAd3edYBd88CDqUdELfBZcxr0w8U1ihFIuex1A6McOaWU6TM6FlXKPDasrWWsF+WnYUhECVBaq53GRDO+zaUm6Mi7W1ALEd4Lu8MIuBkYw5jjcsF9ckDqKHXaQLA/rtnt/hYb7//J5SRLhvgp63/1yJdD9V49ALZBHXf/wjN9n+94KWrfIdGTplrpD3QVsFi4XQrvQ8Pvv3DkFqAbR1vRCS/wesGhyH82DpHJMtiFH9cd9Rpnug6XOfMRn/nXiZ+lBZ9oPzy2kho16g9jKivmS8Vv06ZzFLqiKAaxwg1SpDZqZhhwGHYo7KO5P2fQdlUKUyCezyc02m+UOc+ar0Q5Wv+aXhr+D0X3G78+f9ugwhRUR08bHpZWPzQN+XEAmCoYxPPtNObCRbq4g7ouxokgHyUlRuJQH7jzlmJzPq2X2QEur4SP7UruzqphxQA5dn5H09JZbnegLct4O3a9wxUEZ3txYGctabo8w960O29jOOhSBf4qaht8iUKicBc0mlya5M/cRbQQBjT8hnzFOgSgshPWMevVRPZNFoYRjkv5TjBul1GPDJcVKFbC9JGhE1HBpIf68qxLWrX5LQ2vUffjP15zpHo/JVuZ/L6MnRWLN9PdQLu2EMeh3o3YWad7UCNrmxn3YmgWuhOYaOUz3sCYe4uQAMp3VZztDgtMvVPBMyiNJplqWrwX74fPNHRxv8ndZVRsVfsRgIUKp45UgZn7QseikPfm4m6fhAhGJFx8fEfuvT6OT5cp+W8bedPWGjIO+rBDJiW1SVm5A+jAX68/x8SwbHK40JlwEjleguFWHluSKX6v6W79pC6rXmMIfvL0lUmol4E6Iv/QskylJ38y2/YKQgIYEcEVF/BPCT1/THSMZcPoin2C8fpCOLQg6iC1Ojl8R1dPkgJL3BokrKdUOUPn7+SRb7/jFxK+EgUJkTNqZeTG32cxDg/7M4g1vdrVN/6MTjuT5QivJx6LBN3dhOds3/V/aN4l4LrSpi7EM7JVzBZgpdiIF+RRZ0N+C7g/ANkmCwd+WkKdTNMave85hFoCHE2sQXdK/kKYkExx7QR8bLVoqtHzqW+bBjEolie/N7CT2HD/3mmKDImvI3QEebz/x7gTpRKiWJoVDHeIYXPXN7ycfS1YCbNIDtWUBIKFLmudLXfAp0PODiydPgJkIe5dc7TgfSJOrM0S0Ev2o4Jnev8ZYo8ubJ92UhuDuGfMtKHAprQGWF2GMaldsqnZiqI35JSZ4QQvzbfIfiAXb9XZyTcbf+3Eypf8Sg4HWT39OFR4sTtL/sRWPvekSmS/BpF+9IPiw+x0GFw6vqIkS5VVusS0QR0GHtzWfV2qpB8xsLDs31S+/CC+/L47FmtyiesNYWwxl1bDy3ZqNGE7Hi/mftIozmMZQao/r94880TRAEJ6KT+5K5QCHo93WsduRRHvUJtUu6pyV5thupPdo8LMRpoZ4mciGkcVFPykSE06xElqssR5rfSw2BptbheGGQ6qsNd1DGCkI0QA1do6ZbOZXrD1L0JJWIUvfohOsUQUd3fP6YedcIZWpVWGzWaJuQhbWHEpieYPvDcvaDGkH79nHNoFg2nd8wx1ExrMJKOBf3QaDAbCo/F/NfGFRUCeSk62rFcB3qfxPCKqkTT0uWoMcy8Nj0lDqDrImJc9FzJgdXpB8mVDXpTnutetQ6VSLqi4zW9F07/StoV+FPCgnb87Kojdn0GenWj+lpHqz2ZpJ4ZmiKUoupnN0hrSO1paerT/Ofep+ExdO/Izh4+VDv4tC6ASlhjxpvY+b+XsAH7+MvUOnNdPsdaKUlM18Bx+Ze4xEUW30EcIn8al8WUMFUm4UnkSH3qUk6i2Prr7vSDNYC7e2KMJ/qNu9JaWwIePHvoXWC9jzreYe8unDRjx50J1mVEerab4OP9arxM+FzZfuaRJTZDRYHod9JFE/qCKE1wnwq/MMLvZdqqXahcEDwA5Wb0VlzZnJFkrsIRJrocGlhxDsK1cXcT+iWQO+nxtSoPGQkrldsg0q7EMzFtImADXSAhqZEhrxY5j5dTjRazooMlzW+ALK6NGK+sMqPhewq9/epq+rS/9ViKa39dWJNRtK2gR9sTql5fXxAW54gFW/UGI8cRCXSQ9DMWtZ4UUzt4PEhj5q50w+nf62ITz3ED4uxkXKMikcvTAwqmgGAxgKrXx5mzYQx8unZTmPCUxo+zQw4IY6fAUXoJ7BiWQQA15W9BK66OwHAtRcc7fDMUyfDAklcYEUX98oXkp26YEAFKQnlHJmXXwsSc0D+/KXkK4LxRg3Sbnh0/tr108hwIpVBIso2LX7+m28RM59HQMPwSUdu6B19uTKIbzPgjv4UW0g0E2Dqb/Qu+6RmBVAo19AQ2lXUw5rtU4RE/O/d4iIIA9vEskRlw8seuP6vNZqnLesLwvTzLkrevIH5JoU+oxHZMJDPAoOhIE9cqY9F5PKUJwvnmsmKmNF2KpvGtPDH1M1WhEf2DCYeTIejcheHL0V4cDQTk9FpJ0+YDRscIkMck8pYoq+0cQJbHwPsWF1PwD5oxp9T4LvnZ275xIjkEUANhi+vLKtCgj6MKHdogQYXN2RCXTtem/Rv447cutvtOOhVWQv5jfH2regg83bXPux1XaZH4MqzPY+BOx3zL7eT5CMR2Fp18Z/9rFYlefi/rjdV7pTjkHhSUXmXPDg62v4o9Mcp5izRASxvWP9JPvQkMTS+VFghmIumv0b8b3a9LsQdh3I69hVhuR9D1MQ6SgY7DwrnFi/4jrnKSNLdT1REO6nVD7C7PU8zpEPzAtt7p6gnDjcHHnAcQyF5yc8smTLWJtKinq+wY6waF/bqZ81nR5GoNhAxj52ShOCuK1ANPfP/0WmW1GzqNsjOnux8YVNMfJGBKJ10nfTHmT5gltz/gEokCSO+gAwPkfU25d5yUHysf3aSbCdWACIP8OXOXlnBy7JimJzhbLyMm7Y2DZ5qS79o0wWZVU6rhL+cv5ym/3UWHqkJmMy6CU+QaOHfAzTcZSJBKYIrtO3ELwQk7ARmqzSUOGkvmIPxg/JbrG1p9P5CgCiaGZgqssjMbRR3m2jp6x7svr86uHVNsJdnEtW8sHxdRwrOwOZ94y109FY1lW0IjILqbWE69sYzE06Um7OKHd1O65O4SoW1lqg36vLd3ICdE09A+QW4jSGnJh9LYXQVRAWYzf2NOuiAyoAqHfJ78fY6rg25bUTmf3Cusht+rUCEHbIaCb4/qGXN7wl9JJU9Kv9rP1eIe+SqG1v05oeMGM1v2CdDKFO4osGQ21ptM/FsnDmNgvydMbKTbXaTuKqw8IchirKjcroD6ILdnitebzDeFLMg2Gc3eOBdpLYCqPTCAs3jge+IZLg/4U2QT2oMYk+lF4yjd7gu1ULUaOFggBbeONwXDz7qdoteSRpjHd1erBEgVcsWkWZfe7TVtfCR5KskHOkBI+AifOz5afKxatVbe9XNjKr2RuPBLT1/YCKjpYQ/8Zq6dDyin8NxdHgut1XYg0CM3M3y91DyXSNUJYaDvcHtyMhfYtytzXll30vHdQtGGTAIuTF7WEis+GK1x/Mzn3riwA5tTbk8lTCfsPpYmY7kRQuRAsHWavKuHWj21eJH6JkX3aYFXWc9CaCD6smyZFMTBbM4thIWzcojF9D68IZdLajrDlwSvFPvJSrDo03YLd3MeOcjleVbCTP4bCXJDsOcFY3/UrlafDdatIdGPROZprW1eMN9Uon5Ph9K0nUtXqt48rmpNz6koQHBvOdV3R6oQ45dXbUs5ph9IAfFyuciw0l0RPIsl7Cm8imewqYN63Z0Ft8pW5S9NP8RxltSqzvh1o5a7s+POqeoz0Y8IUfZx9r1f54GiRgcTgdJWJg+tWWu6+NAnbfNjZf4XDmUqthPuEecgWMw25UVYkQC2y2jFe5AS2rrL3Uwpk7drRV/9CRhDqEVux4XGLAuPrBfOWHLTTAa54BflUfM521wYZDQXMcyOJ4uL/R83jTWh6+tbyUgsO5xlSkQslRnvdR2eqDQ7+C/bSQ7bmYI8RysunJ/loUWikq83rtCA6779n58KNoOOsH/Fd75/S9LuxVnRBOFemtYA7c0MCRQ+XxuM2SDsK259/cudHr9P+y7jDPRIuhh1FpmOU94DOczSKZhiO4YXjyx5oCOzLf1U/iyXqqCEeuMKtRe1UInKuuSueDIA1IFmPB8TN3LXexl4S/5dTd1K4BP84rbHg1DzdMh9ZzCAyA0QtfxYWaXFMTa8ScNA9N9asjk49t8FuHWuQ2M8zGwNAUSRrrMJ3oKwPZ9UGpPeMmukH3+APN0v4RwTtgBGY8K8l2BSMQBVALMtiJ3Jv+Y2uLZF982YBUlBJA0ux7B8Uxp6poI</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-01-28 07:00:57,866 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:00:57,866 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070057Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_ssx3nvhfg9mnx1yblem8uknurzwdfqymn9v3uy1|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_f687b61a1f5882c28fe4b250876a82be|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxCqYMtcgV97TKg9L/VL5Useosnf8DgNSn2vLythZJ2IVg+b3l8nhQBVdhybC9DC2ZOi6beYNysHML1ovxMGAfhHGi8VHSZOE/h9StGzwIIsdACzYMnRPgms3phlTnDan0yh7l7b9YOYEzE5sFStKdfqd3GerxUWM=|_88e850ba9ee049335e9580ca76a79485|
2020-01-28 07:01:01,140 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-01-28 07:01:01,140 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:01:01,140 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1549208406::identifier=rick, context=org.apache.velocity.VelocityContext@4c9d02e6]
2020-01-28 07:01:01,141 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1549208406::identifier=rick, context=org.apache.velocity.VelocityContext@4c9d02e6]
2020-01-28 07:01:01,143 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:01:01,143 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:01:01,143 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:01:01,143 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:01:01,143 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:01:01,143 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:01:01,143 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:01:01,143 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session bd2d80041996e8e648f9de7abf2852695b62bce91138ef22302fc6ce25a74668 for principal rick
2020-01-28 07:01:01,143 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session bd2d80041996e8e648f9de7abf2852695b62bce91138ef22302fc6ce25a74668
2020-01-28 07:01:01,144 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:01:01,144 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:01:01,144 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:01:01,144 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:01:01,144 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:01:01,144 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:01:01,144 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:01:01,144 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:01:01,144 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:01:01,144 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:01:01,145 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:01,145 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:01:01,145 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@338fc345'
2020-01-28 07:01:01,145 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:01,145 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:01,145 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:01,145 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:01,145 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:01,145 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:01:01,145 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:01:01,146 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:01:01,146 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:01:01,149 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:01,149 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:01:01,149 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:01:01,149 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:01:01,149 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:01:01,149 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:01:01,200 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:01:01,200 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:01:01,200 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070101Z|infraio1c2.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-01-28 07:01:01,201 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:01,201 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:01,201 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-01-28 07:01:01,201 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-01-28 07:01:01,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio1c2.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1611730861201}'
2020-01-28 07:01:01,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:01:01,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-01-28 07:01:01,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:01:01,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:01,201 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio1c2.my.workfront.com/SAML2]' as '["rick:infraio1c2.my.workfront.com/SAML2"]'
2020-01-28 07:01:01,201 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@338fc345'
2020-01-28 07:01:01,201 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:01,201 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:01:01,209 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:01:01,209 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:01:01,209 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _76d8fa95ad8709e19a52f7648b2e2764
2020-01-28 07:01:01,209 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _76d8fa95ad8709e19a52f7648b2e2764 to Response _39b10ac904e37008b6b2dbca1b297d9b
2020-01-28 07:01:01,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _76d8fa95ad8709e19a52f7648b2e2764
2020-01-28 07:01:01,210 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:01:01,210 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:01:01,210 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:01:01,210 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:01:01,210 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:01:01,210 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:01:01,210 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:01:01,210 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:01:01,210 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-01-28 07:01:01,211 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-01-28 07:01:01,211 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-01-28 07:01:01,211 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx0xoXLxjc/Et9U49TcMSuzheZxki+9bK3K2Zeoq3X8E9ZqLkd/FZzr6+k7kHuz7JQeewFt3u637rndD4UuZ8czgMUxGJ+MbJHbgkIjpTnOAQKZDHbPjwTFX3wUmNDggMhoslV1A== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.14.11
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _9fc03b1436c74453a1c23b1baed98247
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:01:01,211 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:01:01,212 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:01:01,212 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _76d8fa95ad8709e19a52f7648b2e2764
2020-01-28 07:01:01,212 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _76d8fa95ad8709e19a52f7648b2e2764 did not already contain Conditions, one was added
2020-01-28 07:01:01,212 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:01:01,212 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:06:01.201Z, to Assertion _76d8fa95ad8709e19a52f7648b2e2764
2020-01-28 07:01:01,212 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _76d8fa95ad8709e19a52f7648b2e2764 already contained Conditions, nothing was done
2020-01-28 07:01:01,212 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:01:01,212 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _76d8fa95ad8709e19a52f7648b2e2764 already contained Conditions, nothing was done
2020-01-28 07:01:01,212 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:01:01,212 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio1c2.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-01-28 07:01:01,212 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _76d8fa95ad8709e19a52f7648b2e2764
2020-01-28 07:01:01,213 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio1c2.my.workfront.com/SAML2 to existing session bd2d80041996e8e648f9de7abf2852695b62bce91138ef22302fc6ce25a74668
2020-01-28 07:01:01,213 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio1c2.my.workfront.com/SAML2 in session bd2d80041996e8e648f9de7abf2852695b62bce91138ef22302fc6ce25a74668
2020-01-28 07:01:01,213 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:01:01,213 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio1c2.my.workfront.com/SAML2 and key AAdzZWNyZXQx0xoXLxjc/Et9U49TcMSuzheZxki+9bK3K2Zeoq3X8E9ZqLkd/FZzr6+k7kHuz7JQeewFt3u637rndD4UuZ8czgMUxGJ+MbJHbgkIjpTnOAQKZDHbPjwTFX3wUmNDggMhoslV1A==
2020-01-28 07:01:01,213 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:01:01,213 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:01:01,214 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_76d8fa95ad8709e19a52f7648b2e2764"
2020-01-28 07:01:01,214 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _76d8fa95ad8709e19a52f7648b2e2764 and Element was [saml2:Assertion: null]
2020-01-28 07:01:01,214 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_76d8fa95ad8709e19a52f7648b2e2764"
2020-01-28 07:01:01,214 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _76d8fa95ad8709e19a52f7648b2e2764 and Element was [saml2:Assertion: null]
2020-01-28 07:01:01,216 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_39b10ac904e37008b6b2dbca1b297d9b"
    InResponseTo="_9fc03b1436c74453a1c23b1baed98247"
    IssueInstant="2020-01-28T07:01:01.201Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_76d8fa95ad8709e19a52f7648b2e2764"
        IssueInstant="2020-01-28T07:01:01.201Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_76d8fa95ad8709e19a52f7648b2e2764">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>SZYBmPPWmYiKQoFtspEHj0jAaCOxp1TefFtwhQIeObE=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>njIXrw/YATVNJgIUPlCMIXCFZ/fujh67WplUNhZf2P2UXp22+VCV6UDbkS1t1Q5MKC1/vHlpAj6gnWU/Q49XMGM8yuTn5lAY3xmCLRX10h/9zXkxlg1W5b26IK2oVs1TXtAEKSROINcZY6dLmH/46nqgAuExRROP6Hww9jrrWFHAOzO2GcF5HJiaCuTGlZRlBo47MpLvmWkFQer/BOPqkRS7EtjA6S1KWpydR0mAYoZXQMIT4h902vB83aJpaP2WsxothF8l9/cKRs2fBrPGBUuhHy9c8xzgt35U7wWWol1zqYsDg0ZAQBnoORHlN5XpzD29CHoN4a41iA4l1J9YrQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio1c2.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx0xoXLxjc/Et9U49TcMSuzheZxki+9bK3K2Zeoq3X8E9ZqLkd/FZzr6+k7kHuz7JQeewFt3u637rndD4UuZ8czgMUxGJ+MbJHbgkIjpTnOAQKZDHbPjwTFX3wUmNDggMhoslV1A==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.14.11"
                    InResponseTo="_9fc03b1436c74453a1c23b1baed98247"
                    NotOnOrAfter="2020-01-28T07:06:01.211Z" Recipient="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:01:01.201Z" NotOnOrAfter="2020-01-28T07:06:01.201Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio1c2.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:01:01.143Z" SessionIndex="_1ae9925e1e9b283015fb792266c1fa5d">
            <saml2:SubjectLocality Address="172.31.14.11"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:01:01,217 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:01:01,217 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:01:01,218 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_39b10ac904e37008b6b2dbca1b297d9b"
2020-01-28 07:01:01,218 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _39b10ac904e37008b6b2dbca1b297d9b and Element was [saml2p:Response: null]
2020-01-28 07:01:01,218 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_39b10ac904e37008b6b2dbca1b297d9b"
2020-01-28 07:01:01,218 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _39b10ac904e37008b6b2dbca1b297d9b and Element was [saml2p:Response: null]
2020-01-28 07:01:01,220 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-01-28 07:01:01,220 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio1c2.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-01-28 07:01:01,220 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-01-28 07:01:01,220 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-01-28 07:01:01,221 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"
    ID="_39b10ac904e37008b6b2dbca1b297d9b"
    InResponseTo="_9fc03b1436c74453a1c23b1baed98247"
    IssueInstant="2020-01-28T07:01:01.201Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_39b10ac904e37008b6b2dbca1b297d9b">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>TlPi6UtvO5flOlPzffvZifuCbtZyaeFBd0AoUNsKtns=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>G4RmGvxsY/CuBQCQQoNAoc9lnt2DWpHArmivJz8K989qIsoe0f23lInfd587cxtI6QLioCYMTVGft2ltsceJ7o6jx2c3ftGxQYN9WxcnDyQhOI06xgCXRrN4SpPWska+s/HaCfN1qC305kjDhkj6VxvLKjAPwkSNUhvh8FE0QqI2HV8u6UG1SRCez9Py99D4lsD5njG98gd/pQRJHpBjZf2MdoSIdztsNPPBHk1/E7vRCOjeHzYUJ5MtEuQd/JV/aVRHKw2OvGnPsKPY8+kq4FUrq6o7o4+V7asMPWf4+wEH3OIzLdWljCgyWo+EXiasSRhTQVgZrQzLrb8WaE+DKg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_4db12ce42e92a2a175914df44a7576eb"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_af3cabb5a43f08e82341222a432993ac"
                    Recipient="infraio1c2.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>l0c1zSBct/liZX5kflyDVjvEYejTTYnr5wGtMGicxX7lxVYVdAlbOe/fdga14waP6ubsNQH1JnJI+6HfcAGRnNZbXgPTNrMQWyusMwz5OC/iB0Yq6neZqzz2GbHsM1Swn95kxyOWJfiCkBWyDnVJDW4mFVh/efTGeV5aTesHA2CjYXTmPoQpKGrukJowyBJ/19rOqf0KIRgmKQdtJaKZlRQDiX4VUjf4tliBo8/3jQUQ07wOcY7CTcHR+N8PRx39+KTFfxA6APnyE/OltWGv13ZHzaqiP94f0nZFsXZZNyFsg9B19hT+WCDwSg95JCALgsjE7XB+nHkQ++TZWyXwhA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>LO94FX9lN/7mGu4yoa7QhbdVC8RUkmnKxDvC3i97PTl0ktfQeYCfliCtzBTUkR8bNNvpBvxPmOcI95f8RiZOj7zlXoWAh9Q+ojPCFkNchhnmGTx2fho8G+z2apnUpk2Ln0dVyY/NG/zfWZkrwnff1RZHBEIfc9+m4EkN/HAY3fvUHgRCiR1PmeZiBETj0P5GLLx6YYSmYUrW9+hdfNbSgaKwQQvcXrhxkUPlWyNE15Bhz/5LuvIgCTGCqzKGgOjFRlpG8Lepqc7ZSa07X5c4YS0tcXISk/OJXNKHonXNsJPaYVK7N1AV/v0tD+XrKrw7fDTO6cbM9T107VHhQas/kcjHKg2bYOOyTS2Fq2sptXQhikqogl4mJPb7Tex1wx4qyVsqvda7j1V2uGCc9caqRg7pG+jzpQmzjjfkw9yrePkTFIekHBuO03BVRph5uFAlaCeewze2jhoW78qBlBfdAKuLvkiABc07u6kxRdoC/eeF9gHh5OMmZkwhfS3MAhy6JBk8vnd/xpLjbrzcKRkikJ+7hfgU693fP7BvH/6VblyyUh4CgXXhX7Wy+XrOqBeH0Ve11+CZNAHP+0cEezaGkzk127AmF4n6X4QtzFyp6RYub3M5RzRTuANuK05Jl3LN1hnR2AI3QYHoRhscJmzbOlUS1WEvdJsCa+vb1r9ytVpVuM2OqpXupZalraOOsqTEYJseFOqVOcxh0VpoOJ8hYKeV91Z0q9BNmX3X0jZQ0kf35LyZ2/qSfesvvR3VxZ50gasBHUMvEhQs8kHV9dO9+f990Uresnaue1Mz+671AlwPbkKSNvW5CsWLZmDvfx0MXrTuBFkcrvZ0fPQxQdpAjVbXQSsvr7qMlmJaSlzGKAO4fytdAVP8f42Af74j3+HLni5YQSEbQizyWz5GQ1T4hjKoj4r+BDDM/LCYn1Vu6E5LvrL2xpz2JUxou6CdEASPJGFWxFwSdvCVCiUnBx6+s+/ozmhn+ke4ZmhYbGF2pHMIRQTq7MITVtRXT/dS+0jdarOGWsymBDnNxllsEWl8tQ3fcpOnP8aJoAeb8rShqt9verD385IOO7A791kzSxajviW/sC45o6pi/vZtE/WxZtrMSxCWlm86+5H6dUjyONkyALKfDa7mb8XtmBINY5kR0YvmrKvh8jJ61rVx7ZTnAOJ7ZITw7RBe7M0r2feW211VirWhGQ1qM2aTvWzMMrpDLAk8VYEc/40GtsC6I5mTBhZiwd0RByCVN5Fhe6c4v2wxkX0yjcv51aKK1CP3i+LjYRoy8i/QUpX4oJJuKV50qEAwPBmb+pm7uc6vPPB3NT6ZnKiUCmY1UuNOFzeoHfObXbFM+hG31qp49xeBKVwGEPJ96vUEqG8jTTF5DUhSMxiWvlBfIONIOrAoqorGFtCUb/5e3cLzdGkj5CSg2fFoXTrDZQ3wbo5kEBTOHZ1/RKULb1Iu4yuiVQ1/UNVFEwxxAg+ydmNtSfN23By4RwMtOc3V9FqUwUTPwyvpt1qXiYfiSaxCSWntQdb8z3JhX1Lp2CYD53wnRzzhfiX6LpC5bZGT0q5E0KPGgOFc4nmGxjJ6vrE9nJzui4VZg7klS6WHD09EpGNq5Rr4yGjZJm1cwwisvQE+7HsDMi6wge10cbI/vJ4AQj0LNdPpJsRRjZiz4tCL8iY+LnXJ7B+mwgTLLWVyCXqVJnnL166kedLNZUTBrllEjUsJpIvVd7qMZtBpMaDjzD8YQlwzOJOY3hlSh1JLx0PRsup1C8oibu1/kT0QAZQj3bVuvbzdhEYca7AoHmGkBtN/pZbFQHGMUowcDNPvum+ZIJX9uCqp1ZirQ6djeHz0j/ts5/x/7ZdRxN1aiTQQ51xCsFwmQ7udUuOgFexCGcXjydVwVnChgavQIa4Atz6lEmFHTRixjH9EnAopSdQ86+n1zgL2xDL19X2wSQ9lOIGm/GRCe5tSm1BhA9EOoFfJO7SMl+vywCj69J9cokF5NODK0bIsdkb+ahUr6jDQNIEAKS2fRpDu/sDHpsUcwS+l51kkoSGrImuPkt1Id6B1c2RqejENoA6tkTYYSs4kfYMKP/j0v2mW5D4TjgajEeisgtXNYPdR4yjjzGCo/60WdWf8oQZaD3/ddafbugz20GuXk+mrBCylrqCdtz09xFIgXDi4xMd8YL+29gAQM94/Wttm7t/h2o9OnVHnhdjizN+j3r1q3iiUm+BzySX2bhLqfiYGMcFwErj8MQ9QHp2X6E7AEx4sjeD7//aj7MUOLmTxYyuUWy+bdwv3W+S3a2Clf2Po0pns3RWWfiZ0xOkrDjdcmAw+hrHk8FAYjSGP3aF+kqrntxn3UifSHBHkIoP7sQsenwOA00dORfFTr4yEkYFoV18JwRVcrp8V1RgYKoDvERnfdDOJrJoTZQyEGVPwqMO2M8KTYZ3SUmwmZuVTvvMbtq0OgZ1Oa0Y1IfiyagtoOwTtRYEBkeT76qio/fahfdYrJwXwNEZ20nVhs6ThReXj1pACYto3jae7RGMq938TgwGEZL58s2CH1z+R+5PlYjSP3I2ZzD5uw+wGf0qlIcceXv08zD1iT14JO7nH+3O8eaQI6mZoN5qoihEdzfNNlm7njkSFuWot/FUh87MNGGCbHatmhltnxqDrfJzzycfwgMBzxfulgbfLl5rv5ioFLszhubNGXDcFgrXN+Sw/Y3RKkK6NhloDred1M67HRiDH4ymW4GPQSuWIzHUk6LlQrNcBiWDnXtgqmAzV7+XHmAfYxBP4xY4Q8ZsZ7omx/OXCUDGonKISG1aeAgtEmbvFjy+Wf6K5j0jW8tMV9rVttW9/bYK2NUpMQ2qWVobIlqwbBVEU3OSK1AxyI9qZAHU0et9CpD5pSefSKbHAOYBFhFkISJWMwSABQqE4apmgDENDDKuUT3gYOrRboMX4ncXk5+MLvEfwVXcSyzOzR4uKIwkE+AX+uQzwvFf/WLuezzyVKD32olfNmMUgLRQSjdPVbVaa57VkWy9yu8fXfCEPKhn5fox48VM9m0U2xzfHfVr8edU4aDOmQT0QU4MZP0HnaXpX6iDMG55ufB0fNuMwmwJJvn7bJquT6mpnhM1ZZnCZjCMUBT8TkFae5K++8+f3laSGTByvhpPnpP/oPJYfVdKIVZCHyos8lIdZfPqfgkUzIUp54Qt34mA8GguOeoyFWUBL1XPmyojjM6gSjv6mL1lD/MfZIEKesCpK8X4ZIArs9yBrJMaxvZBHhkOx0v25d9ROQmlSOfCeJHii5z6PMlMqqbb2C9ei6qTdR9P+EM+96F4tZXxkeqAjies+WUVMpQvLragTfchOFzgXAv5yUzmyKj1nOWjWiSYHnYtJuYNo+Zll3VOrCgBNsoE/+pYk5S46eCK8L7TrI5cf+R7qzYZC0cL2ua+mh8mY0c4gWTwdD4hf2tOVkgs/E7bsF8a/u+mST6zLlHxiN6O2l2QERBVmcIDcZgC15IvjDoGl2rWkqxufIrbyGBsSP1x7lT8yg65XUx42G+aZdx1g+pi4CrSAw6iGHw9pBaGuQqKVKONJGVoWHYgeS6gmSDzFCu5MjRv3NXjB9u5bpiuJvwM/PEvvosYlRGwFMVbUubZA/XI0JMs/I1AIHED83kUv8skQ/hDUP4G8GkPC1LyQ3wOHKEztfr5Jw3oV43rnQWxBexYsSFhD1H858XJcIGkdMbIHza5sdcN3PHnS4B/zbkAXX1r4NlF2OmFb3pWrEZnu/+NgWxK8eCCGGSKYpi98yJg2J/OKzFzYQkz+8JeSpXsrvAaCz6baDWKkF2pec1lfNITBDzZ1CfMIEo34YV7SrAocfozX5ruZvN15gE713vNejmZOzRHNx6IMA7pQ71Bkwp00SjbLINOT8Ca5IApVZEO94MM4zNDNLJxVU6LlQD+wW1W1tC2okH/0VTYB9qy5s8dAegGdCfRkC1oyoOdgveD5Lpup29xonwGF6waOhBIIrm3azNhICMimTuLw3QDkWLMGKayNxFndSbBwbqjK6A7rrvV/PIX3K0lrcUe4WR+oFT38j/pkwraTLW7Nv8tRIl5Gb5EikjurCQks5LOpZuQHehM4qhBvoP2guRLRJ7zjY7rRpzEyutZ0rml0SCVseVgablvs7yOlwHoYvBKKecN3WNTaNkY1aEvFoQ+nNmSJdJ+pdVJe70fnAgqAkR35Q33LZLqQKhfp5Zi3UCwfO2YHI2DN17PpRWGlyyXNvo/V9TJhJNg/ZNVsPrdTtj0IcYFPbAMPj10kiaLQ6ANR8eiLk0PeDt4QAFQnVDN98JIjC+y9qsZ+MsiLz05m4qqUBEAT9mCNt1fmnpcmtCQamPCAb6BFu0lzZY6AeEpITMut5+cCgLLKddc3JEY0+4wCqXLUf0kz4JLWBxrVx4xdVWpm4ZiBGtsZ8mmaYw8/z0E+tuCgzBpHv7GuNLMKYc6HHWUGW3Uc8ZApApqY1aQP1+a0Ok4udDRwAzrf0Ns0kh9kceqlzrHP1CyNLUgey8mYdhhar1Nd/4Af589/wKCt1Yq3KtL70/G1IzB6NMacZBr8LEm2C7zUjwlQRD/pAQ/tuQCFcQQVACiOsoZHhCioUV3YIwPejsg8fNDKZmL0gZ/SY5fkEhAIL6bNYpKz9GGbZ7Zvr5oM89D8x6p8otb9sQw9W5imoelTUi/1JpSpWo9RdGB7A+xXAkjrKfpKKKG6xOF7vl/1BtPUu7j79ZeFDc/ENUOaicawX77O+r9nfcQuZ7xo4Wt5KpolYGTiyMtebpdjHOi663PhVpqKC/MKdhOUdSWLQe9TbJCXTI4I/MH1kDH2r031XO6Adc+dbwwKTxeHUMZdrWy0iZj59mRogbRVac5A7SJSuXS1HYtNwksyriGHj6wgE3CV+Y47iT7b/6UTgt4c4wn77vVTTD6DN+vRBC+kF7VddW3Brd237bcPGO4c/I8Ju4CeVINn19OBxMuCoUHjtfttNMtfMpH5zZs0d5jX/PBuLrL3V7VB58tPrvTYIGND7VvLCQDEXVMREFMLD4tGEqAydwF16F2EseFoCX/ZYMkEYtjjzT8VqBnc5ZzQcQkL8YWJcva5yBvw75nIjExbT9X9fjxd2egBXNldkn7ip4e8KW1CmLiWwhPfHveGsiOh/It1pM0V2TG3hckGyjea+w5ZZZ8piQ5W5nqsEJtempORm5VGHrGCxDPm6v+FK9J3jG3c/KUl78sJzAiyI3RaUZSfvktFN5DBsxPtPlLQWmud+V1FLnC0QVU/2b4fTy6Re0I7INhBLecemuzxlttKXUbSWeWSNlJg26lQ52ygtxz3XNGLLFq2b6/xy4qZuH21Pw7e4nUA/2v5qhTNJG8gl4ryv5v6/rhS+0vlXolaeDx5yaE8uQz33Y9T1RGDNEzFv/m5V12J6ll50z/EpwG8Eb4RIGNE4ltjLwDDbXgzqKvUQFAP/Dhpn/EnUyAXCbVb6beX4AR+bq4EVQot6OEyMr4F99Efu8askzvePcEzp0GNc63/zyFzlPamD1ASLPmCkHFvLRoMd8rk2V5bMzFy8G0pr/+1gbjd//lK0YZnocHZie3pEb3lKRC9p/ajk6YiBuG6o4MLEcb0JfRSUYlFR9PCBabKxL53MtIimDcD1ZeKX51R3ep1ZnfDDqJMcwtXRrXPoQzGv6vH0IO3EQr7cJxYLRLjAnG+pSnx2w3OAlhyUI02aqmGmSvKyH7dCcJwovGZZfApW6dbabS/tRQKXzeqPM35Ip89k90M4LPuqXr2+FPUtw36ScxuJaUJLan+rnU7x0c2tuPSsEno6P540k7ih3B6mXgr6kTVie1SzF47ekR5Cpqw+4ogmhyq4tM9zjnqyAKz5aIBKSu5QXWrjj9IqL8+ParrYlOxZL+pMAOuqw9Av+oJG1UnTQ6H31w8KQHe9FNfCx6J9Z7IewSt4N2NITNgFxAAyUenVGxjmifbUs185llKNxWbdrYlQ4g04vC5n/W6nWlwClEEEX2XRc5ZH9TenMoKgdyC5YoYSY4o1A0rSZvrgY1xkZQ9e2nMEjxIvfX+c05MbonEPjezM8XHa9IYVw0OT5ZK5vFhtlxjY/BkbuschE6lrjVGNyDIb945Zyj8WeJWHSFDNxlApTFvyJYJbWdGSsQWcbPXbyKKB1pjFHbxOpE61DklUJ0MN3REHLS8nEGPbwaO0Xa8Kb527qFS1KvdPsZ+AW4oM4f9DFLCFMziM/Xxw4Ng1sEnFMz4XjZdl9qLdtxHJO3+53kEBT2zbFB6BPSR8ESzhyTNTbgw75QCuyEjoOIAwWRAmOtx/6eiuknVvIPJV3XJ0bhnU5O/V/HMfqQ2dfLmRrt+u1ZwjdT/mAqBunw9WLEcglPtIirrvpiF/Vmf50kyOtdslxc8QDyY8r5tTIGBrXu1zfVhNF1aPPnoGbjr+aic2eTI2dgTZBD9Zd0hvA4KkAJ57pd+PJk4C5ctwxFYanSR2ho1iYCEVIBFe4yjh/+g+uCihqKTabD8i0PU25AP4t8AGM38vFKcgCWTVp9/CXRw9Y6EydPHNhyCgfnfyIpcRTTxPaA6qhgjCcI/sZt7OxXrHUkLBLK7OXyKRCy3mrEg2GpF7YIWbZLHG1/J8SYt6zSuR9nFUErO2FFZPclIWvN1gizChT3CjiMVXgXoxOdytExy6szZfkr8e7fLUBrd8mPCFTaUGoeGo6ZUHeY+pPjGlpGGKJ7vwitR018IJhJ0e7CygEQNK6JaGMBdlpMhtrlF2HjhcQgu2Au7YmmqeucPkY/FCDEj9hHut1knP7DVu/Pt9CkvNCCGdvlriXHx4UoNwC8/KzhzXa4PL08H3Z062TOrrab6Zn8P8LL+CFjEJgQ3aZ12tQxbq/HBdYvm5sRuPt+DASeBNW8ifHsaGczxh4znALwnOxhXu0YgK1koTdmj+bSHVq3obsvHTIDLx6VUnOFWa1uJCchAmY0ISguOcPs7XqksKX+gPyL1GPn6bo8NCKtA+luoVqCIpAL5bvJjsmUACCLzz8XITAUa/l4+7cqq5TSYZVhmeGmCfGv922hPbjujj+EO5XncQqPVFC3QYr+Gp+iBNYdqhEVz/hQs9FXY+8H4O5+HUjhcN0qqw1b8BCpvqfsmf5IxtGpLgElaJxSeA0KcqEZfr+6LPzFvTD9WjsVaNBlTrUj/lLzByAgfjswTLksV3tkuFPdBGKf31PwneWa7l7Y2ejPFBkH5e145cf6F4vBGdz/2E4KKr/xA1aF8marDdroRmqFkKXKK/6C0OEEJgAbvTjYrhjqg/C4fzUxz7hKk6P9eCNQ6G+/xeGSv89XmO4T3oaq1jnhIWUgD1Jke4nfyZwOqKvjDkqcX9S4ZdCoFFjLrtoBPTKUBNAMo8DGuDTQiXBsJ6AUCahwYCElOTyHAyKHIaXKKtAPieYibCNl78LKELneTZAmuF05/Jui/3ywDiPNI8GSa5i4dZisW+fSMBr0RRcIXKuaiN524+3veAr2gzIZ5PBcsTHGeU51+zexTap5HAzuAvr7oj/ITRA95Gus+/XngL59Hlp4HmRic736dipe5PO5ej4Sh6vsog6LTVIOae7iuCsvCQ7XXHOSDLDdv4ZnLZ5AE4NV4EnWRAxGg2yxaCe5th3MEiB6bz1D5t6wTefYlX/13VhX1tLSq5HMyAxPhANJIdrIes/BdCdzZ+X1emRklZXT6vx9EQ88BWKKAn9b4QmlAe+ayIU3meckvoVcncMgDbBfNlbMV4iFuO2Z5USG4iIc+wV9C0//vVmnxEQZjziy3xzL4jgn47jtdh3R53j1IY4DNRm+MiQlZtjbNQpPFWoG/+GJrEeSn7aGGEBgvud0iIAJAaL25UPzOlJ403+oE2ftCePhkpBkvTyzHc5WaqSZ2f9N/cD8jxDEVXFhSFlusWIze0DceeA5VKVfeIKS2i5hKvKUrldGfR9ohNqxDfehDzEzao/RavQHtKkTVCBL6vhYPAwG1hKM0iuoyXY1cgmk=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-01-28 07:01:01,221 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:01:01,222 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070101Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_9fc03b1436c74453a1c23b1baed98247|infraio1c2.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_39b10ac904e37008b6b2dbca1b297d9b|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx0xoXLxjc/Et9U49TcMSuzheZxki+9bK3K2Zeoq3X8E9ZqLkd/FZzr6+k7kHuz7JQeewFt3u637rndD4UuZ8czgMUxGJ+MbJHbgkIjpTnOAQKZDHbPjwTFX3wUmNDggMhoslV1A==|_76d8fa95ad8709e19a52f7648b2e2764|
2020-01-28 07:01:17,295 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-76261-W1AGEG4zMjQAf2B5eGxPAkbg9KxK-h2Q
2020-01-28 07:01:17,295 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:01:17,296 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:01:17,296 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv"
    IsPassive="false" IssueInstant="2020-01-28T07:01:16.396Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>RdAJ0VnYds152z/UARamUcwYjEHsnEM+juNwPOxsZ0E=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
e/NxBxK5DXBfK9WbDSPRUspXUPKn6ed9ejuiX9+eDx/GAasTAgTeq3oaJZn6k5UW9b6pPvoaqrWf
B6Tcgd2i5r3qyQiGJlhqJ3ZK6kroEd/kUcS8Dk51aMOpIrBT7WgEG7IrKwhmO0yoqx8j7AZnUlnS
1/+XPG3NQ17KtFCeA4uQvkcUYwrBlPlW5DF8Hdc2CRu1jhRf9j/QIYoHbncx8WPGb8DTvnHKJpes
NTVyZu1fjhcCZ73LQjtYCY4g4+mvVO0YALUC79ZURBCAWxtIUstwDqrnHpaORGYPS9v6mL1oIf0L
nMif1CbIQ85o9NHB1unEnR0RA7VDle1eWGch7Q==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-01-28 07:01:17,300 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:01:17,300 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:01:17,300 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:01:17,300 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:01:17,300 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:01:17,307 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:01:17,307 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:01:17,307 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-01-28 07:01:17,308 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:17,308 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:01:17,308 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:01:17,308 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:01:17,308 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:01:17,308 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv', issue instant '2020-01-28T07:01:16.396Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-01-28 07:01:17,309 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-01-28 07:01:17,309 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-01-28 07:01:17,309 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:01:17,309 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-01-28 07:01:17,309 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:01:17,309 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:01:17,309 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv"
2020-01-28 07:01:17,309 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:01:17,309 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv"
2020-01-28 07:01:17,309 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:01:17,309 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv"
2020-01-28 07:01:17,309 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:01:17,309 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:01:17,310 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:17,310 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:01:17,310 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:01:17,310 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:01:17,310 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:01:17,310 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:01:17,310 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:01:17,310 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:01:17,310 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:01:17,310 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:01:17,310 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:01:17,310 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-01-28 07:01:17,311 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:01:17,311 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:01:17,311 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:01:17,311 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:01:17,311 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:01:17,311 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-01-28 07:01:17,311 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-01-28 07:01:17,311 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:01:17,311 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:01:17,311 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:01:17,314 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:01:17,314 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:01:17.314Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:01:17,315 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:01:17,315 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:01:17,315 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:01:17,315 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:01:17,315 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:01:17,315 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:17,315 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:01:17,315 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:01:17,315 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:01:17,315 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:01:17,492 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-01-28 07:01:17,492 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:01:17,492 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:01:20,669 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-01-28 07:01:20,669 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:01:20,669 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@733602213::identifier=rick, context=org.apache.velocity.VelocityContext@e1e857b]
2020-01-28 07:01:20,676 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@733602213::identifier=rick, context=org.apache.velocity.VelocityContext@e1e857b]
2020-01-28 07:01:20,677 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:01:20,677 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:01:20,677 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:01:20,677 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:01:20,677 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:01:20,677 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:01:20,677 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:01:20,677 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 467fe1f22abb30f1730fbe8c9f560c6cef8e31c489192135060639cc7d23cdff for principal rick
2020-01-28 07:01:20,677 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 467fe1f22abb30f1730fbe8c9f560c6cef8e31c489192135060639cc7d23cdff
2020-01-28 07:01:20,678 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:01:20,679 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:01:20,679 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:01:20,679 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:01:20,679 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:01:20,679 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:01:20,679 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:01:20,679 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:01:20,679 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:01:20,679 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:01:20,680 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:20,680 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:01:20,680 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@46456696'
2020-01-28 07:01:20,681 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:20,681 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:01:20,681 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:01:20,681 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:01:20,681 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:20,681 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:01:20,681 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:01:20,681 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:01:20,681 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:01:20,926 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-01-28 07:01:20,926 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:01:20,926 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:01:20,926 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:01:20,926 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:01:20,926 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:01:22,350 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:01:22,350 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:01:22,350 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070122Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-01-28 07:01:22,351 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:22,351 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:01:22,351 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-01-28 07:01:22,351 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-01-28 07:01:22,351 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1611730882351}'
2020-01-28 07:01:22,351 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:01:22,351 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-01-28 07:01:22,351 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:01:22,351 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:01:22,351 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-01-28 07:01:22,351 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@46456696'
2020-01-28 07:01:22,351 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:22,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:01:22,352 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:01:22,353 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:01:22,353 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _818f01c80c100ebea19544709fd40369
2020-01-28 07:01:22,353 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _818f01c80c100ebea19544709fd40369 to Response _84f1b9330cc4c0e446d951970b847154
2020-01-28 07:01:22,353 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _818f01c80c100ebea19544709fd40369
2020-01-28 07:01:22,354 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:01:22,354 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:01:22,354 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:01:22,354 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:01:22,354 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:01:22,354 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:01:22,354 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:01:22,354 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:01:22,354 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:01:22,355 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:01:22,355 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-01-28 07:01:22,355 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:74] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-01-28 07:01:22,356 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-01-28 07:01:22,356 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx/jmmt0k3MrfqYM3gyJObh8wb7qPQ3sSLJL6ZpzNy8+CN2vqNHqe4rsi2s/+wSsDk0gwBmYCvPlFwXJXZ2kG6Xc8MiVs2PnNbNvr9REDtFYk6r7NPj9o+0qNm3St82AZDudBHJKeEYCpdcmg7x6rKJBXZu1Z9eF4= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.25.118
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _818f01c80c100ebea19544709fd40369
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _818f01c80c100ebea19544709fd40369 did not already contain Conditions, one was added
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:06:22.351Z, to Assertion _818f01c80c100ebea19544709fd40369
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _818f01c80c100ebea19544709fd40369 already contained Conditions, nothing was done
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _818f01c80c100ebea19544709fd40369 already contained Conditions, nothing was done
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-01-28 07:01:22,356 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _818f01c80c100ebea19544709fd40369
2020-01-28 07:01:22,360 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 467fe1f22abb30f1730fbe8c9f560c6cef8e31c489192135060639cc7d23cdff
2020-01-28 07:01:22,360 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 467fe1f22abb30f1730fbe8c9f560c6cef8e31c489192135060639cc7d23cdff
2020-01-28 07:01:22,360 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:01:22,360 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQx/jmmt0k3MrfqYM3gyJObh8wb7qPQ3sSLJL6ZpzNy8+CN2vqNHqe4rsi2s/+wSsDk0gwBmYCvPlFwXJXZ2kG6Xc8MiVs2PnNbNvr9REDtFYk6r7NPj9o+0qNm3St82AZDudBHJKeEYCpdcmg7x6rKJBXZu1Z9eF4=
2020-01-28 07:01:22,360 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:01:22,361 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:01:22,361 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_818f01c80c100ebea19544709fd40369"
2020-01-28 07:01:22,361 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _818f01c80c100ebea19544709fd40369 and Element was [saml2:Assertion: null]
2020-01-28 07:01:22,361 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_818f01c80c100ebea19544709fd40369"
2020-01-28 07:01:22,361 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _818f01c80c100ebea19544709fd40369 and Element was [saml2:Assertion: null]
2020-01-28 07:01:22,364 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_84f1b9330cc4c0e446d951970b847154"
    InResponseTo="_zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv"
    IssueInstant="2020-01-28T07:01:22.351Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_818f01c80c100ebea19544709fd40369"
        IssueInstant="2020-01-28T07:01:22.351Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_818f01c80c100ebea19544709fd40369">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>prAfEVjpUWykArR2PyYUjWzxALkeHWK9FIm8rKlT4XNz1iPmqaiaPhrZ/fw/UGgKbvAYzjbK8uIMZ8sF9C6ClQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>oSwHcXNDY6C5CsUmtD2bBtY1Kbe3R26x7utIU/cXG2o223MeGZX3Z5nTgNMf9iMy8Cu3pqbEXRhHB1Y4AyBsha3O9T6q3cQSEhlfVFawG+YlMVDA+/xdIe6XInezqg76m1yHHuKiiuqu6wkS+A1hptP07S0OEwAVHu3cQdVSiLtZkXtxjJexCkSe5Hcrohp14RccflazyrlCYvLwkBksnjAPloJREHdjpcG6TzVBdN42079zcOP/UH4PlcK4ZCgfdPe8Sz/U3gJTClGUeu0MMh4/99EdhwWH2iDfprkvTCTmWym5ngAm7zPLkzE4D0YlbJSgx+h+rih+E8AS/OeBRQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx/jmmt0k3MrfqYM3gyJObh8wb7qPQ3sSLJL6ZpzNy8+CN2vqNHqe4rsi2s/+wSsDk0gwBmYCvPlFwXJXZ2kG6Xc8MiVs2PnNbNvr9REDtFYk6r7NPj9o+0qNm3St82AZDudBHJKeEYCpdcmg7x6rKJBXZu1Z9eF4=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.25.118"
                    InResponseTo="_zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv"
                    NotOnOrAfter="2020-01-28T07:06:22.356Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:01:22.351Z" NotOnOrAfter="2020-01-28T07:06:22.351Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:01:20.677Z" SessionIndex="_bc3c70e24505c578f9b94fb8b3c9363e">
            <saml2:SubjectLocality Address="172.31.25.118"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:01:22,366 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-01-28 07:01:22,366 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-01-28 07:01:22,366 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_84f1b9330cc4c0e446d951970b847154"
2020-01-28 07:01:22,366 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _84f1b9330cc4c0e446d951970b847154 and Element was [saml2p:Response: null]
2020-01-28 07:01:22,366 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_84f1b9330cc4c0e446d951970b847154"
2020-01-28 07:01:22,366 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _84f1b9330cc4c0e446d951970b847154 and Element was [saml2p:Response: null]
2020-01-28 07:01:22,368 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-01-28 07:01:22,368 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-01-28 07:01:22,368 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-01-28 07:01:22,368 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-76261-W1AGEG4zMjQAf2B5eGxPAkbg9KxK-h2Q', encoded as 'TST-76261-W1AGEG4zMjQAf2B5eGxPAkbg9KxK-h2Q'
2020-01-28 07:01:22,370 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_84f1b9330cc4c0e446d951970b847154"
    InResponseTo="_zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv"
    IssueInstant="2020-01-28T07:01:22.351Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_84f1b9330cc4c0e446d951970b847154">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>SJUV4z8nYuSGy1uXQ8PY9xMGiOmL98/hrVQ6NFerWlCwSFG8Qc1LYNVYK2KM586srMProFcEEpt3ULk7YZ8TaA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>sG1kXde+ZpJTMg46czeuFUG48OZimAdZeejd91PcCbCLx0x+Tm+Bd7YpDHBBYGDcvJpx32GdW1HSd0uYQfGs1Bew8/hp3KmVq6ZpAAoHyq8WwbyJFjs/Fbivi5QHSUV7i0rlp9clbzTrWX6cYP3hrYCIceUJtQ9BJU4HVs/NpAzJ2k6o70aPcC9zZg4cLMNfU62kNE6Y19GlQNLE5ph77lN28ZHM7C1QdbCoRq5Y2Q+Il+VfPjBR0X7XAXVbY1kC5pAiqERLxwJnsJtoLHQgBxZHx5L1sB9Bp/Klucq8W3DYR+6roZ7M7+Ks9Vh9uXb+MEA5djW5qmaQWaObz1LGlA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_584aab2216f9e958b42bf467641274fe"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_8fd91215e83c1b4883f0bf8c354bb55a"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>O1KSOwnt/5mmuaO93SPSnF5Kl3i47EiRcG1fgDLTbCLfIlBS31f4Qip1syQZsFl3iOOfxHyZbUcx98NXXuQZZSoBDEDB4XsSSPm6L9Gw8TTTr59+CH121bleriQL2TYmWSHmlgN0cBtkIHA59y9luqOCu8BUfkoTl0BhRO4JkD6KWSXQsQneZWs+rzcxYET/1eIbaD7ll/2Xy1NMUrTCqPVFrXZ+H1lQGJpE7M8pRy/ODe2ziq2qR2232xSf3N9IZWhwiEHxR0jKwKnzCMnAP1Kke/p6mQh+9aTIOku3kWY+GHEFfpAnEulJkrW71NjmR8nPWnGkvuyMkapv6xHCOw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>wD/PqV6uGVDeeum0EqYhEBhTa3xOA08ypFIGwG9RLl6WMpw3k2Q+KfZ70D4k+gjfaJFyl1TZikiR03worzHRFyzOe6Zn0ZaP8++qcWE+SCyaUwxO1YSI4c/moschEtYhlhqjzek2raHymjhXlOOY25GBlODiI5Bi2QA03sSDx6JU8mU9aPYmfDdzmLW9BtwqfdSmh31Unbwfib0IMEsgI2F2eP0FMWyEALN+K6dQcGc4dhbZ+4DBrSmCQRTLvvcR2MgXBL/raAVLafnF4mMucRQkR2r40oj0o4MUBcm7zMqMdW93e1uVf41UwtDnpClQfs4yLnbxbOmEBkaZcdHOWXIq9TdjxNZwYwmZQUV9XubG7M1lYF65R8avdViXhm+/uAOj5T9MvhpYr9Hcq5j0Ui43xKGUEEISUDMV6jI06OOUSWxhPJKA3pVhpyL0XdTgBmI1elxQmwIiaFj0P0weGWVC+bPWMYc1Oq2PfmKgCDk2TzaVNb/7k3bevnVjacqQPWGSG7IRwxUzsBv9CSz3YxuPyCjkEouSydQ9o4d4hdMbxIlCOswBYD8Ivo/HShrdB3iJnbelM/OkfN9551MLB690rkwdjvI9VQzSYNN+p5AD2rO2AePLbuHeqyHNztJrnkXMiJkkC5kFbDZAczZF6Xg34+L0d5VgmxGXkEoSsDwFCrcR8siTmY6joaoHvzNiFu6El0m6R7e/6M6oe/cQ/SCuYznRZYtA3CNrM3DlNsLtiMMuiz1qTWUaO438pz4mmJ1lYtT9WwhEtnekYdupmp691Aboq8ORHy/NPsC8ifPqbCLiayR61WkJpu7eggQ5+4J37ddnx/dxHr1zfAxzAr+twKb2OfOLmq+hikJ+r55a1PwA9zNjNA5cRRlUKgAwMYUG0BhyuvsiIbnt7w//jx6O8e9/wu+OIIoJoRMNQWM8eZ4eSJR9TfV//FZW7av1kRlUN8SRZ35a0/WmkoSjnwLqchGb/2E1MkYO+p7saaEJnEJUzy8R4OB1l4h3ccpkMMToU7yoN4jSyDrVcp3h2YB9nan7BGn17/88c/B+7Wj9HwLSQjVkB4QJbC9ZoqjUoPxgmcACZjcmTDjuwItUaml1bqdnda41WCYX3Z+s6thCeg/jsUY9+M9GCg7ZK9BrYK8iATpSI8NNDd2iqLxeu0qFkj2oSfaLyKr4c+qNBxpeNkGHDc16r7J1g5AWE2qfF1hWuqpKybm/9R4EJOISoyYrd5qIwLmmroNSOOtVav+BHSQpP8t6Fc6qHF59pk2Zw8EiPwnsiPe+/hEcZpdnFh1tBOWQ30JC5YwDstLweBCoKhgKYf+sIOE0uvJq+CIYBCmcowS1SRtOjaHjbU+Ka3zwNnCNs0zllMLObJBBrgCM/zJnwkb9jQ2QgwYmjte0EQFrgxMzbJa5QuHfPWDbd0vy3ctfgxnmkhAoi7JR4SUtjnbBv1z622MIFE/TFlsbSd/EWBaSUMax+KVQfSWlkVyTWvCgnM4/ByK72qE3y51v12wBE8sye+LAQzacfzlBuqxs3FgJszPdA2Du+yjH1jj0pVvHL3P6QMc6OKkAliwkRaHdiSwAhSy5iwQj6mS9YsxYafC9cbCsaqoX3e1/0zI8/cVondbRfTET7twQbRwsbsja08A40vT4DhZCWlSacPkXpJ9MlBSoTz1DtGsCbyZy4PYIhwpbpeVJ/lG0DGpglk9I25b9B4N6715GPSy5R2Yhz28pOLi5ZcnyWhMIZYU17A+sEa6wXHZjRbAfgkiNtZsOWSoZfnIemw7jtSO7IeW0RlD/zBx5z150jv8O0GkS1+k2bWNSdkw6/wD4vbQbOTfE8Cu+jV6tgHh7HTCewHJHLQw6Uwk1WCJuuB4wsr3e7dkzzVQY++BEPOUHbHM+PvXcF9JfkkzaFkuA0ZiX9Vtg9ZYwlUBbjbWMxZ4yVG3HgwL0FvFG9mjUpIX1lLTvDQev+2tIEHmtFzxMZCN2ew4W+Cr2oSapnNx8Z5kM/eJtnY5hGctUIpOakFziSRYSQGSn7BImSWHw1c+ZGa0uOQPGdkrXyDy5UPseBmrLULzZuQda6DYmFhOutkXK7mkFmVwrmgvgE9bjkAR06En9GfJV7T1V5hF4wQMKLtSNbjkgpQvvIp9VkHrGcx9fE563hOuINhmMdml+S54euFToyRG69IaMh1qsa+B1TeNHfPTyJImVSxaO3QTns0EVygUyfI7FmOuzcISqPf7ZOI1O4Vf/yUlQhIgv/bhf8ac/ky7HtEFffQLaKZWJqa4E8fZlQmakEz4LHA9HJ5Cjfh+IGfMUX69bnoUA5vyOU91FFm05wk1icx7iARmTtNnICt1m+JSQMGW7JIuLMxD1bnDcFQJQ5WRLhkG9P9vTH3uln7k8mSZv9nzCsftpZt3KEuG+vFQVoClZ3YyGbrmDP0uJf5L1wAnubq/U3Jzr9Q207VpJZyYJ7wo6VOx7tS7XMBkXPYEfyu70OqHvX2kYyayXq5VLsQmpe4icBlghhKVP0vBVHov4u5UYdKiPztaBlamp0sIji3A4QQ2QKBEmf+ea4jGxxCM3N9IyV98Oqbpb/8n4c50WZY//dw0Ayoc8aOL+DLMqlfy4SfS9sjnAOauEJ0ITWLBAqIw9N1lcukMJcASjoyC15UdiNnV5pNE8HpV6eL1jUE7iMYf62SW6qJ0ui4bKPHGrec9clcMmvNXFyXa0x8cwJTMlO5fAyTr9K8YwwpzMZm7X4eteVvco2k482D6vz7uKBnXHPqHxtIl2UgOfH54ChJUtP9+2yyojC9i/rAdFmOz4YAx28qRxhqvvkJgh+LLIuyDxPVCkL8gzmwkB0+60Qd0u0bf0eLx1uzyfHaHeFpV4QnoLfD0GML4P50oPfG7/2eMy4ASQjIWJTLgwCsWuyTgqH59sP1iEQt++1xkJr276hmhLHALmxhdAQMf+94jLgVEhT73HaGIulUkZ2Fqwds4hUxygtGrnp7elyWUgG0taqlJhHDSGHZK2jMAXynkArJGsRTx21gV9XtmDbSiMP6a8S8+WpUA0xiNV96gajlX79bcOCzHL6Hnx0ICH+5LxuSD1cX5S1OULpZ5MhwdqE8wejT/IkijYRRyVp8XZyuAgJHuXI6chFV56xvzKV2lQvhcld7MxrVHbteqYyI1rBbbeSFqRCUwtw+8mHXe11/W6mponyocm+M4kSlSvJ12sb33JbYGIj6bX7E+RU9ECRKFdt2U6lvExTaoHg5MP44yByrSeeN0EXkCoKA+RIs7ISdb45SVZ4rDJ8IlTHqEAwrVPBU2eHt6QY7Aawa70VikmHVNd4b50801Samyuu/YrIBKFxejOnvywqLwntULyuJBKcJ2/0iCcwmjrMiTEEnnkV2te8FmytsUkFL/IbVUNl/eXgoU5zRKDcZHIGwjcR+kmDvoDXJzeQrhEtMtXdtcK3382gekZ1N81ux7SrjmdN6QGqEJHYdrjEdDgwukj08J/NLP755LSqKNrCB+jmehnkvMuK+lNcagTHPSWcI4LR1kMdpSEDoPQ6NM8kJzwGMdXmJTNsKfgQEUvGy/RsmArwfph87e3z92d8UnrHbOALi4nwb3R4V4tTie2cj1OqIg2x3tPG0eL/X3rWc62lqeZbcycou2aEWfy6IDwQxtPC3vgfq1ZzGUPjcV7yDwhWaapu8oJX0RQvqcz1i55j43bECjiJlZievBdCdMDuKsGKReF9IOWO0IGDTY2P+5WurKtnDaOaog3iHsRrv4AMiP4ZDT9s7u7hpUsB4cGFsuGLIDmyY+efSzN6ibGlYGb8bIau4/j3qKpCGD9gLXz8W0qTQL1rMnym5Pl75xf+UcBExFUxbizYpELzZSPYfwLWZ/1IfoejBhL/k/Z0Mxz101EL2WCsd+AYf3yz7vmHqJYdirN4LpGFLb5J9k7fE1sobkWa/wrLjTqsP/rvtvspD2pKLze/sKPhh2UGLRIpHb5/dTswi1An3J5BuULOIETy1+M+pSznGImqGI5C9pV/ASaACJ/TIdY2ka6Zz5wMZ17Oh4dwiqOQM5puuFoJ9nz4abuJNThdpHzdzCe2kXt/G61FpA7VfF8K4rdo7pz4eWTEJXUFT29o41qdq3c7oYCGq8B5Hiu7itro3qx/UGBjsjjhVg0KcfniEzfClU/d79DWLIqLHQafQHpx8kcWsUwsLQTUYSywMoPlw7bAz+glpfbVBakiBYul1r2jOxZ/ETI2MxFqgL7Yvvfip0/F7NEsstEkA4KS+Wa4yt7qrq+x68dL2VLlS5VAKHfwH4EE2e+YIVxhNiH+neK9MmEZLfMeQkxH6x1R6PotK6QnGDz3UoUsvlJaXtOCl9ESq/GrlDJ9oW4D3/iTBz7UiqTmRHXhclARJBjt3QB18P554jRo3mG+EeGW+e5lKPl5tgx6lOAJlKZsx6T9kmCWnhTFmJpKytBFYyYPu8HeeLA3hNrE714h6ba8IXnjgdXN5Gm1OseRU4b638EQVp8Wf8E8GNSPZYTk9wn0KGrs90zBtxn3lIUb89bcFW/AEgQSMMTsT2okh0ucehnbSruddo25eicdVIOYOBxQzU0KAJnLXfjQEDG/wpisNqDJbt1kM1N7Hy0OSOV4xpYcp9semZ2/ZdBvx7O5RMIm0Zaky9loXMTBq72JFT5haMcF97iTzSgX6HkGtiLAEqIvDBYgj7mVEbBX8pDCnuu20l5n4GKPWMkvA52rq7dcS/9QSEwOYYgscbYclVWpXLSixEIn2cNJmL8LRt+mjKpfE28kFGxo9pFXznkwZpSDebW0elRpj0yudX/q0nUURVONeUBkHo+ObuNG1vHCPDd2HyZQ+b3Isva9lKX3YNGvKsnF/XAJo0ILfyOGf+LtC+kdlmkFp3HZY3la9gtkqGMXWfvT0hTSxEgGReqaTYPu4S85uczMJyh2gon6J9vNcJRIa1oZRkTvIVsG2I/WxQibmfHujQVwizwi2+vU/eIpQ+KJEyNxV+IX5ge991Wa0bKWto6WON54/ulTHRjyYrainPH+BfCn086xXvysvylxqbZf/Hy7gwwtW9L1ZstH+dXnzRhutuM8aU/y4MrBEe46GZPG+dpGaD7oRH9O185wBpluYnIM44W960KSkfOcHrSCLcNbMKDO9N3SESR4IXPPFD1Em7xkzkfJ06wFgz8H99rOkpGn/no7FaKB5N+T2hbsWFurakTxx7g4lBXZvSuNkztM5tZ1IBZ56TfbH7nKOxCL2j553pepnA1zshty53jKf2r3lOrSlkCIhkTZiXrzRv5CMoVYq+WEvsWTqJIicvwe8CDLTpntlOtNyPt2537ukwr7Z7p+XRzyP83TW3jvDBPmND4VLbmC3Gf69wbGECnEwslhPYC6l+vaoPx4uAL21H2P9QYE0UxzJ6aNg7iEg2zXasL6cn65DMzMEmPSTygXgy8/WTZCDyvFck04v8aVfaf2LNZj0HlIt5uUidQvj8gzTWcBNsvC23IDkoT9yJ891yAyAbD49eLXk/KCzQcc66XBUwf9kqlNB2Lu4IAjq0OybZxq5P0OgiUHx9ErAcMTRHM0v75o9iI5MHWuTH7+fBIxDHMe6LDFvWwJ+nBsaph/wStYzece5ZEaCeiPMfo6KdmIwBN8XzAXJyjFryaI7m4T5E8M7zaib1oKHIy4yYn/EMbT16NLh/KVuZOTvFAoqxk7i0KZbu/GnWCRLOxeUDEVQBi/aNq4WAXrKXtbfmWb7Cs9rle604V2+HU0lDRxo15+Fc7xxpuR7a99wu2v7G8CUzleK8867JOw0/3sgvWp8pJGCIrwFzsM/EKWLkC+xbkojtJTE4OJ0iskuFk6UM8uHN5bVAkZ6ITKGa5/Cv3iqiupgp3Ai8MPjD6yNUiEUQ+nQTH0u4epTcAUjb64xApFya3v55Xi2zUiBaEFhrkBIrhLDNq/uUWvyEE9HC3xx9HvASJDm+uD21Tr5MDioCyC2ZNILM9GBwyc9jajSAcgwVtoJ+JbMiXrt8o18xnrmBl0RFr4c/cNm+g93epb7PIVqCHTqdrfHpiTXaCCG+gfKKNd5BBJanqN5+DVHKvjnh8GIZuBLLaa7LV0ov+Qy2vrwhrxKm+9fgG4dUhkKab/vRAlZurEBSoGXQmu9SY+l56/HThoaQXIxBNTQCvA2zka1ZbZtpRbqli/F4sewr2UDDHysR/v4P2uNo0NykPO8+AbnT+yHv2TJZIIjz4JbvulzLDmks4nABkwNApTUh/AQsqlzV0CZYYQR2Bpf3oPwTbiSIqzk87Cne0NH9TatGhlIzkak/gm+F0EMGPxe97VVxp5uQcXvt+mpZAlvOMQc4m5zNWd+WBTnustHj0HMY013xsJajfrty/i7ATKrT8abN9QeZweKwcPrHdm9biryp2EZ4GUZT+cKMWm63QkAS0ETZLvxm3Osenkvi43GH6gPnH8ZEDneCHQ0l9Kr4WviWjTzNCcGATTWKWqT1Iqo1ZlboVK2p4SNcKm44XjNYKuBbWaZqEO5sISOE/Xi3LwDGuhNQm7hQ4q64bQAxZWjXSH5k0UwmaOYP4SpvRPcadgAZrwjTnjZMj6zrx6dmDIjF2h0E3IDciXYniwa/vFXSEi0qwxN3gYchO4GaVysg9PZSMadS1yygJzrC0aN6aSUDlb8QhzjCTzgSHfEt6thD4y5ka8A+4fHitR2bzzMD+/MsrBXqLMFt3SDnajfUK11Do0IXnDDLtWF+4x25in5CUdOriUBL35W+kduO5Sy+aS9OxNIImS7rswlI+BTa20o7RczKBreb0IeJEvt7d1sHLfvMddCLDsbI9RvhYVQrKx/zNyO8fJUSouUm0fwZeO7QB8rq8VaT3Ng+l2TJYOwrUNxecuhzPIXurRgkL2NoKJb0m9H/ZRVrbRpi3M7IlbYnrITqLxZaWO1TKrDgUKroqWW0PMKwVKdZ2CfIzO4YiIj4CO9HEx8vZlmCEO7Kdr2v2trRAnIwXbJUfvUB4D4io/uFE8aem8r0jjtWGM2WpIj4xJKuy6CDr3ZPlaznfaLgWsB/w1wz1orVrzbhXg6pxmPqLXfJwQtAf42bCEmIpMS4cILUS1ctIiqLUb8cHFePXhMNLo7bNk1oq15IC3vOzA5jQx5aMas72mVMQukERqtCuR86gHcW6QyPhWpUTNTZ4CGd5bcB2g78Wq3cH3Xxc4QjME45ef7Da0yO044vRCd2JJZS6yUneZSr9hb/atuPPIsav0op5rG7iJD++2wIO9WUKhup1qNeDxBK4Cxh0hVQ7uPAhMlbLQWMFk4vK8ot94/vL2ow565ihuIW5BXMVWrESfDZVllHHmVve/vWv+xoamVKyo0RBY99jIz+Qrh41xNQ6/qR9hnCHNxqI43dMtK78MERCfnjUolTJcYKuhzX3bmOlOUvg7XV0h9r+Qu8sL3YzxKrVKF7AaW0A9obt1UfZDG5uKSIlqalR76X+Hm5k0I7kzrw6q1bA9hOodLW8xAUYecH7S+ZHUXWMgN6NfTbsC1/vA41N5fmBOaJXvlyP9Lgw8lyVxbsaO2M2JlUAONNO/Yq36XXbnbctkjW39LyJWpLfUseesStRG0O8kkcamQpxP/DzMXMqEvbSZSvYJqgHnMVMbY1URfigdsSP6E0nEKf/jAbmp+5QdGSiB4cAPl9oTMhlWc7In6QfraeTwnwGqXndlK6QCBH4IcT+p/zQ2DCcnCbdH19+3h9PY9ySklVmQPuxRvJA0HrD75hKRYcC0m7TM3S2f8+NWl+StKu5RVuKmxMfmRrosk1LZZ1XNuCKdlc2NB5nu8Z1VgeSxil8KReP7SIh9d1wzbxRueQrW9DZIrrgfPNc1ucjjtzCk7ft9OdTdIX2EF9Y7l/FuzGeKITcTqv5py18ZiGAP1iOuil/no9rgRhO3IP+TC+vA/3cvGC4ioxGcsvHBUSsriNhp29wYyo431gQd1YVkvWq8swcE+oxpvIzmuPC/i+DEJXnsQVnINVnbo5SZ/E25qKZNeIPKL45t+IA4eG4FIE5o8ZwS3ryJWbT9j5dsj68NeUdS6c+c0fTGwv5Ob7GX4DBxPCEjF+f10VdNBOxsP/5EV6PeEHOMxXqZpTjlB7Ym8+QZY7zwz1o4Vt6kUQQ</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-01-28 07:01:22,370 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:01:22,370 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070122Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_zm7hx0agdrhzigvffnujufiifega5ek2zp9tajv|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_84f1b9330cc4c0e446d951970b847154|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx/jmmt0k3MrfqYM3gyJObh8wb7qPQ3sSLJL6ZpzNy8+CN2vqNHqe4rsi2s/+wSsDk0gwBmYCvPlFwXJXZ2kG6Xc8MiVs2PnNbNvr9REDtFYk6r7NPj9o+0qNm3St82AZDudBHJKeEYCpdcmg7x6rKJBXZu1Z9eF4=|_818f01c80c100ebea19544709fd40369|
2020-01-28 07:01:41,087 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-01-28 07:01:41,087 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:01:41,088 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:01:41,088 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_a445d58c614a4639875efebb44046f52"
    IssueInstant="2020-01-28T07:01:40.608Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio2.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_a445d58c614a4639875efebb44046f52">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>eF3RGgCqG19yry6IXyFpB8r6/CM=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>dOzVeSFq3T6s9Zz1yXQPp+ySj6FabUOuCuNEzaX2hsrQaG45rJL1wnpUYYfdbOCiLclMbkfrH8ltVaMA55an3NVv8o8tDhT/HFbxCK50NseeafqAegDk9QtX1AzRBtvIO4ZZ/Rg0X5mMmKjE6Ht36uGJFGrey0A0kYLt/WKjangEhYevXrW0/L0i/n4z+svjC5Q+6mT87xMprikExyVugahW+DI3IAF83CxUwMuKQLYSY6faPWOEBPAgcR3n6dViZ0SDkwGbdQ2atOZGV44OWgIjse4t391bLxyifezZ30BDTd+Z/uj8sEbG/OfnkTsrjQb+oIY8S1DhWGJRU7QRyw==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-01-28 07:01:41,093 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio2.my.workfront.com/SAML2' from origin source
2020-01-28 07:01:41,093 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:01:41,093 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:01:41,093 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:01:41,093 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:01:41,093 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:01:41,093 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:01:41,093 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:01:41,093 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio2.my.workfront.com/SAML2
2020-01-28 07:01:41,094 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:41,094 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:01:41,094 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:01:41,094 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:01:41,094 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:01:41,094 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_a445d58c614a4639875efebb44046f52', issue instant '2020-01-28T07:01:40.608Z', entityID 'infraio2.my.workfront.com/SAML2'
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio2.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio2.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:01:41,095 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-01-28 07:01:41,095 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-01-28 07:01:41,095 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:01:41,095 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-01-28 07:01:41,095 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:01:41,095 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:01:41,095 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a445d58c614a4639875efebb44046f52"
2020-01-28 07:01:41,095 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a445d58c614a4639875efebb44046f52 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:01:41,095 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a445d58c614a4639875efebb44046f52"
2020-01-28 07:01:41,095 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a445d58c614a4639875efebb44046f52 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:01:41,095 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_a445d58c614a4639875efebb44046f52"
2020-01-28 07:01:41,095 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio2.my.workfront.com/SAML2
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:01:41,095 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:01:41,096 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:41,096 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:01:41,096 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:01:41,096 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:01:41,096 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:01:41,096 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio2.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio2.my.workfront.com/attask/saml2consumer.cmd' 
2020-01-28 07:01:41,096 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-01-28 07:01:41,096 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio2.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:01:41,096 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:01:41,096 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:01:41,096 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:01:41,096 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:01:41,096 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:01:41,096 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:01:41,097 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:01:41,097 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:01:41,097 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:01:41,097 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:01:41,097 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio2.my.workfront.com/SAML2
2020-01-28 07:01:41,097 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:01:41,097 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:01:41,097 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:01:41,097 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:01:41,101 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:01:41,103 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:01:41.103Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:01:41,103 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:01:41,103 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:01:41,103 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:01:41,103 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:01:41,103 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:01:41,103 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:41,103 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:01:41,103 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:01:41,103 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:01:41,103 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:01:41,107 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio2.my.workfront.com/SAML2'
2020-01-28 07:01:41,107 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:01:41,107 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:01:42,956 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-01-28 07:01:42,956 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:01:42,956 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:01:42,957 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_1550968965ff4986affab5265180e1fb"
    IssueInstant="2020-01-28T07:01:42.524Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio1c3.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_1550968965ff4986affab5265180e1fb">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>iWleUe61myQJKv+9mLOtcFhXDqg=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>UwR3sG3eDSZuV1ZnZH3EBPVYmBNAnno2ivQRv95o/K2NRgCEMvWuKM4J/PSXbdxKsVA+TiVI4XKZC5qGaW6JDS2eOZft6xL4fRNQrMbcV5p9OhTRx5bVcVpRBKhRORQqChq5sEbdfHtxqiinpTkfSeYGCWZVBYJVxyQPgI8q5EIOfK4XbOD1PpCXfLG/U4H5H4A53lhSnfQm9afMi2AmrRdHrHu57I6+A/YazE8L5gfAXCK3jSPe6SIUzEt+GFEvNPvjef858BxqdwTYOemr8Y8TgznQwTLRCzbDZ/hb5QNGVnNLYpv57YenlY6MeWFdHTqY+si5tANFdDZvqkQxYg==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-01-28 07:01:42,957 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio1c3.my.workfront.com/SAML2' from origin source
2020-01-28 07:01:42,958 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:01:42,958 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:01:42,958 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:01:42,958 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:01:42,958 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:01:42,958 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:01:42,958 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:01:42,958 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio1c3.my.workfront.com/SAML2
2020-01-28 07:01:42,958 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:42,958 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:01:42,958 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:01:42,958 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:01:42,958 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1550968965ff4986affab5265180e1fb', issue instant '2020-01-28T07:01:42.524Z', entityID 'infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio1c3.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio1c3.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:01:42,959 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-01-28 07:01:42,959 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-01-28 07:01:42,959 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:01:42,959 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-01-28 07:01:42,959 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:01:42,959 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:01:42,959 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1550968965ff4986affab5265180e1fb"
2020-01-28 07:01:42,959 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1550968965ff4986affab5265180e1fb and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:01:42,959 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1550968965ff4986affab5265180e1fb"
2020-01-28 07:01:42,959 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1550968965ff4986affab5265180e1fb and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:01:42,959 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_1550968965ff4986affab5265180e1fb"
2020-01-28 07:01:42,959 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio1c3.my.workfront.com/SAML2
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:01:42,959 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:01:42,960 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:01:42,960 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:01:42,960 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:42,960 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:01:42,960 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:01:42,960 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:01:42,960 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:01:42,960 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio1c3.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd' 
2020-01-28 07:01:42,960 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-01-28 07:01:42,960 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:01:42,960 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:01:42,960 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:01:42,960 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:01:42,960 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:01:42,960 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:01:42,961 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:01:42,961 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:01:42,961 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:01:42,961 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:01:42,961 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:01:42,961 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio1c3.my.workfront.com/SAML2
2020-01-28 07:01:42,961 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:01:42,961 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:01:42,961 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:01:42,961 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:01:42,962 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:01:42,962 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:01:42.962Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:01:42,962 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:01:42,963 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:01:42,963 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:01:42,963 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:01:42,963 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:01:42,963 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:42,963 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:01:42,963 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:01:42,963 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:01:42,963 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:01:42,967 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:01:42,967 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:01:42,967 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:01:43,601 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-01-28 07:01:43,601 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:01:43,601 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:01:43,601 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_3e163c9712044a938d0be02b73539977"
    IssueInstant="2020-01-28T07:01:43.212Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio1c2.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_3e163c9712044a938d0be02b73539977">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>KDW9WQTeSjaO0ODHdvC3R6UXGBA=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>AlSSCVft8elnYETeI6VsyNQvSlsstWulRQ0lRT8/jNZ/05uvNq8tGfbFpQvWflPnRlS5Uq/7GZFhHjcmUWWqOezFUjTT86sVZg6j3K3UnNppqJJhn+QPG8zY2BxiQEe5oXx24IHXnAgSz0eOKtHVe9EX1bVYni+4NkmSoaVoGaD4ijCeisD1JHzlBqfluyfJOqajZUl507W31zNvWXNZRRhCG4kka2ldwk6IIbEkyWorJ3zUAi/uxU90CY1zzUcIj5EEyLRW5inM1eJeiP0A4/HMhFVsVjVHCrym/lFKlOsniCnKRVvQksyOG9wXXEIqbOAZILU4sl21E+3Vfr6YQA==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-01-28 07:01:43,602 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio1c2.my.workfront.com/SAML2' from origin source
2020-01-28 07:01:43,602 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:01:43,602 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:01:43,602 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:01:43,602 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:01:43,602 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:01:43,602 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:01:43,602 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:01:43,602 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio1c2.my.workfront.com/SAML2
2020-01-28 07:01:43,603 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:43,603 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:01:43,603 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:01:43,603 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:01:43,603 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:01:43,603 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_3e163c9712044a938d0be02b73539977', issue instant '2020-01-28T07:01:43.212Z', entityID 'infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:43,603 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio1c2.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio1c2.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:01:43,604 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-01-28 07:01:43,604 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-01-28 07:01:43,604 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:01:43,604 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-01-28 07:01:43,604 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:01:43,604 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:01:43,604 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3e163c9712044a938d0be02b73539977"
2020-01-28 07:01:43,604 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3e163c9712044a938d0be02b73539977 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:01:43,604 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3e163c9712044a938d0be02b73539977"
2020-01-28 07:01:43,604 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3e163c9712044a938d0be02b73539977 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:01:43,604 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_3e163c9712044a938d0be02b73539977"
2020-01-28 07:01:43,604 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio1c2.my.workfront.com/SAML2
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:01:43,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:01:43,605 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:43,605 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:01:43,605 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:01:43,605 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:01:43,605 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:01:43,605 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio1c2.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd' 
2020-01-28 07:01:43,605 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-01-28 07:01:43,605 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:01:43,605 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:01:43,605 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:01:43,605 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:01:43,605 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:01:43,605 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:01:43,605 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:01:43,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:01:43,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:01:43,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:01:43,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:01:43,606 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio1c2.my.workfront.com/SAML2
2020-01-28 07:01:43,606 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:01:43,606 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:01:43,606 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:01:43,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:01:43,606 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:01:43,612 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:01:43.612Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:01:43,612 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:01:43,613 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:01:43,613 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:01:43,613 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:01:43,613 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:01:43,613 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:43,613 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:01:43,613 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:01:43,613 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:01:43,613 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:01:43,616 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:43,616 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:01:43,616 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:01:46,573 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-01-28 07:01:46,573 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:01:46,573 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1274567905::identifier=rick, context=org.apache.velocity.VelocityContext@5512899]
2020-01-28 07:01:46,574 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1274567905::identifier=rick, context=org.apache.velocity.VelocityContext@5512899]
2020-01-28 07:01:46,576 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:01:46,576 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:01:46,576 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:01:46,576 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:01:46,577 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:01:46,577 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:01:46,577 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:01:46,577 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 39826cd951e91d1d861ca8af54eecd6e526d982e8b243f1d94ab5b7c327dd096 for principal rick
2020-01-28 07:01:46,577 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 39826cd951e91d1d861ca8af54eecd6e526d982e8b243f1d94ab5b7c327dd096
2020-01-28 07:01:46,577 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:01:46,578 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:01:46,578 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:01:46,578 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:01:46,578 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:01:46,578 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:01:46,578 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:01:46,578 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:01:46,578 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:01:46,578 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:01:46,578 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:46,578 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:01:46,578 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@49ab0f5a'
2020-01-28 07:01:46,579 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:46,579 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:01:46,579 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:01:46,579 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:01:46,579 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:46,579 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:01:46,579 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:01:46,579 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:01:46,579 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:01:46,582 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio2.my.workfront.com/SAML2'
2020-01-28 07:01:46,582 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:01:46,582 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:01:46,582 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:01:46,582 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:01:46,582 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:01:46,637 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070146Z|infraio2.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio2.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1611730906637}'
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio2.my.workfront.com/SAML2]' as '["rick:infraio2.my.workfront.com/SAML2"]'
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@49ab0f5a'
2020-01-28 07:01:46,637 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:46,638 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:01:46,638 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:01:46,639 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:01:46,639 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2e104a3246e58c5bf9a6254699e2e830
2020-01-28 07:01:46,639 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2e104a3246e58c5bf9a6254699e2e830 to Response _f1cd8ed4fb985c8681344e22ec4e7320
2020-01-28 07:01:46,639 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2e104a3246e58c5bf9a6254699e2e830
2020-01-28 07:01:46,639 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:01:46,639 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:01:46,639 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:01:46,639 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:01:46,639 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:01:46,639 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:01:46,639 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:01:46,639 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:01:46,639 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:01:46,640 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:01:46,640 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-01-28 07:01:46,640 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:74] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-01-28 07:01:46,640 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-01-28 07:01:46,640 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-01-28 07:01:46,640 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-01-28 07:01:46,640 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:46,640 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:46,640 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx5g0XnA7kSqqWwnN/gbAXNeIlWtSkf3kT6XyiZDPMaZsMbjCVKWnQRx7jzjoxVD7MlMIJ+QaQ83c82sw54yVm5Vy/CTZNbGo61q+ii/V6rEJI2r1pzFxk5/BodSVAbfQERDc= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:46,640 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:46,640 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:46,640 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.25.118
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _a445d58c614a4639875efebb44046f52
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2e104a3246e58c5bf9a6254699e2e830
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2e104a3246e58c5bf9a6254699e2e830 did not already contain Conditions, one was added
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:06:46.638Z, to Assertion _2e104a3246e58c5bf9a6254699e2e830
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2e104a3246e58c5bf9a6254699e2e830 already contained Conditions, nothing was done
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2e104a3246e58c5bf9a6254699e2e830 already contained Conditions, nothing was done
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio2.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-01-28 07:01:46,641 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2e104a3246e58c5bf9a6254699e2e830
2020-01-28 07:01:46,642 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio2.my.workfront.com/SAML2 to existing session 39826cd951e91d1d861ca8af54eecd6e526d982e8b243f1d94ab5b7c327dd096
2020-01-28 07:01:46,642 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio2.my.workfront.com/SAML2 in session 39826cd951e91d1d861ca8af54eecd6e526d982e8b243f1d94ab5b7c327dd096
2020-01-28 07:01:46,642 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:01:46,642 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio2.my.workfront.com/SAML2 and key AAdzZWNyZXQx5g0XnA7kSqqWwnN/gbAXNeIlWtSkf3kT6XyiZDPMaZsMbjCVKWnQRx7jzjoxVD7MlMIJ+QaQ83c82sw54yVm5Vy/CTZNbGo61q+ii/V6rEJI2r1pzFxk5/BodSVAbfQERDc=
2020-01-28 07:01:46,642 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:01:46,642 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:01:46,643 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2e104a3246e58c5bf9a6254699e2e830"
2020-01-28 07:01:46,643 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2e104a3246e58c5bf9a6254699e2e830 and Element was [saml2:Assertion: null]
2020-01-28 07:01:46,643 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2e104a3246e58c5bf9a6254699e2e830"
2020-01-28 07:01:46,643 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2e104a3246e58c5bf9a6254699e2e830 and Element was [saml2:Assertion: null]
2020-01-28 07:01:46,645 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_f1cd8ed4fb985c8681344e22ec4e7320"
    InResponseTo="_a445d58c614a4639875efebb44046f52"
    IssueInstant="2020-01-28T07:01:46.638Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2e104a3246e58c5bf9a6254699e2e830"
        IssueInstant="2020-01-28T07:01:46.638Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_2e104a3246e58c5bf9a6254699e2e830">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>j6MJyupQjlzXm8J+jv4LB2a11Ax0eQVuXv70/1oHgdU=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>sBZwTkyWtCGztJu0qysqt4nbCPkZqPBndE01A2iU2Kfr7SMWR0ho78SCa4zEIIIRd7NdV6MnO32Uc2oxvQj6Z4EtLYxWLJ3PE0TSZBxtD1Rz4JcMg2hwUTFg/RErF4m6oGnny1dthMX6zR8RcYCO1TXyEAa96Wl8HszQ2q9nTwSQOAGGuVWnyHbh0d3VrE5xRgGeMkBf8iIB2+1K3jPp2rKJ87GUWHFuM5a1aoRDI5/Lk56kgfNP184i8GFi6O89gUOanlYlL49KumhDr/KAAsFbPR+8xKYziQ/0ctDA5pJZfN26wCIJlvRXNrtfljx/BBO2qP1yo1CKCjhaIwfftg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio2.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx5g0XnA7kSqqWwnN/gbAXNeIlWtSkf3kT6XyiZDPMaZsMbjCVKWnQRx7jzjoxVD7MlMIJ+QaQ83c82sw54yVm5Vy/CTZNbGo61q+ii/V6rEJI2r1pzFxk5/BodSVAbfQERDc=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.25.118"
                    InResponseTo="_a445d58c614a4639875efebb44046f52"
                    NotOnOrAfter="2020-01-28T07:06:46.641Z" Recipient="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:01:46.638Z" NotOnOrAfter="2020-01-28T07:06:46.638Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio2.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:01:46.576Z" SessionIndex="_29191ce22af96752293b88eb314bec89">
            <saml2:SubjectLocality Address="172.31.25.118"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:01:46,646 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:01:46,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:01:46,647 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f1cd8ed4fb985c8681344e22ec4e7320"
2020-01-28 07:01:46,647 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f1cd8ed4fb985c8681344e22ec4e7320 and Element was [saml2p:Response: null]
2020-01-28 07:01:46,647 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f1cd8ed4fb985c8681344e22ec4e7320"
2020-01-28 07:01:46,647 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f1cd8ed4fb985c8681344e22ec4e7320 and Element was [saml2p:Response: null]
2020-01-28 07:01:46,648 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-01-28 07:01:46,648 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio2.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio2.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-01-28 07:01:46,648 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-01-28 07:01:46,649 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-01-28 07:01:46,650 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"
    ID="_f1cd8ed4fb985c8681344e22ec4e7320"
    InResponseTo="_a445d58c614a4639875efebb44046f52"
    IssueInstant="2020-01-28T07:01:46.638Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_f1cd8ed4fb985c8681344e22ec4e7320">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>2EUneNpyA7nGLbBv4H4xscDKxaAfwA55U6caG7q5sPc=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>XLMLcMasOHfLBXryVoOVkLugeBg7jKq5wErsFjFKuGTNdmMMkZeeSYNtzF1y/LRFZ/i9EDP4Xv4nwhrjy3JQ/Td7c7uOrRZL7QeRfLWaloLy5K5IZlzzh7DJkr1/+hcFJ7qcqAhGWWX4scsgLHMoTtb8IYOjyNMKhr1Sd8hzdIV8Cl4hV52ltFK2ec2JwcUp//9mgtz8IoMe/7tncDxzCqpHC/WH8GjUIxPxwIDuvyJy4+jg2+4f8avGBMaKSGVI33U8Ah090JkEGot6mTasgn3WbDpsqslnEXu8T4Tma75R3R/vNvP1TN0pSLxfQLqgJVwlx7eMULZ1aXoII2X4Jg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_a33518767948bab9f336fecf960cfce4"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_492cd4fdad70c4f3475366410318fe29"
                    Recipient="infraio2.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>uu4s0/0PuwgbgVPct5WP/WJmqUQnHqSp5p87mn2+WMBfbztLsi151YgA2NrhS3sVRuWbOUFUDTjlqPoX0dGy5GKPNYWj8nI9cHVZr/epSn3uovKzNYza4PjBX0VtXh7pI7Hscm2mksmsv/iDI0PrHjk7UK8CRJ0tPlOPSzGZW8dNFSHSWALhp/9JqWK5o8AmDNG3mbED0AKkWHCGG0jwtPKKymFEwyvxdR3fmJ9bAai+ypcVPgauDe2Tp3dT2wPnxeBwTD162wWSBOivrL5x19ZpsEeuYcJk2fz3VKewyvM/BjEMk/zXce/OAFUCRleVLd9fpWvprukpddcsTM1nHA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>mME7zaOGvOCNj+dHnNL0aDcUwmBd06DOVHRqGjfLNJGsIlakPItu5rUo8DzsK5KC1GMF4xR8NrcY+szZPHFY3lMMdZDSSLRq4VzNjqiiWYV58F1CoidZ906UIrKV6QkRD1y3+qBrcbw0RvuaYBMXei0am2aHf03V7py3yQ3gxp7pudsGQkTjXzufOBb2QJqcIjcyut2ylY0i33zRJyrVsNyAoyv2/gYTnrmyBXbDOe47y+i4HqhQWWIkpVvTpS5LhpoRCcru5cne7IntrYvd3fpETEEr2yrc/EDL0Uh8XZE2paOrYfb9tajCpUa85FJb/93z+UJ+2vJKrU06BSgaxIOGKrP1LxVrdj4gMSg00ptYUyIiYjEasgG1DGs5XJAIgDi8NPUk0dBD9nizXuwHWyV5N45WxSE7RikrFv5fTK5oktm78EepUoEDc3LvUr3JMBrhQC4S4ID4CehnNpPwCm7N91VsGHovw02JjZ7CiRuoUiBc7p9mfYZkuhkSXuNJ//kExTq77vDYq2Hrfe6owjFLvaVy8BvqkK8gTgaqbWps66Gp/GoE0UHRrkmIrc/eXbSpwJJUy6lUholFOT+wXl7JiThvJdCxQ6e1OY7xlc7UL95if1a2tReQ3Br9SKpViFV+tPwGPJcLQz8Cyi8ppUdanSuCOp9Q+9f8tp2T0fs5lyxjC+0CGUYtIscRAa3GF6AQo0jWvn4nx93bhMI+k3K6ge7MQgJLaKaRhA2AGMnlguE8RqNvGWPi9U4DShSlYnY/190xwvmj4Kb9YelMQRbsIdKQ8/wz/Ls3FodalnZ/QYnefUCF5DfnUYNQmW5PqX2jGLKhAbNKc/m61af86I8tvJB7V4ew+UALWBwvLOdKGHynjWvO0aV4llmqnI/PokUWpd/9vLOPUjaO0VC5jRB3boo7YqQqqD3FLoArL6NOIUp3/sJzaVkVdgIyML4+p134CoSBHZ/iWRvet45Ui+Z53Zw3OY2ZWu3pUL8eCr6CYxl/Tz9NKrUQCUmcWoPIPHQFFkkMYW92psBaseIL4fBm4vfskeSuv8Sk2rLzEREmtfnQYDwAF8feRBzF6jPvMHHSnAJejGtzLgfJFEhu77RT8ErnkVPbeq4LzGfXwJQzMr6iiRAHOejTexBjsOGEFFjwYzYXyeSY5Pvr8fE/OijUv8WmyZRKga0hNYT6sZyb1YhdrYkOQTI4k5MRUIk5rLW6iEEElBxfL17qu2GvGEf6t0v4vgPT5cPnnh514XTcXbLflcIS1RP6QmjF4M/d8KhsIQgmMJMrUQkq6Y1jsYOUftg02olJ2t4LYnRMRb/3dzEYV825UZUks4QjdUBDcMwG4nqx8lzoUeHajL/BjpU5rLG67SuR73+HLdxvWHWJMF/OnGakS8EuFL6lgd0z/JTaAi3QlIfMMtzMBpyIvj1g9YtPHnARXIEn0YI+Xro3+F18a5L8t127feOfsrE4rcCvWM9iRizr6AWI1YUKLEeEQZ9DZCG8DhilzxaJ2117YVCr4w57jvtL1lknJa8O7R+PsfN0gQbX5Zh8rxSc2z+oyjobg4BfsLs85gGVDbMbQqnobvTO9HKtdFe/p/ByqBteIqvb3a4izy9Tba1+gw0nKt5xo/xV+8l9CEvazbs6T8icufZya0/BLCW2QS5qarL+1FmW7CASztxpynV6nlps9FZEC9qW3lq1WepF5OC60dm+PDXkEEmWZTAxcXOmMFn1GiQ1BKl49Bb1CBfgXM3t0gA/Ex4Eu4OWke/O7YfgjF53JaFVDjm8MMEhsJ0UHZKAUz0lEDJElZ1gkJ56N7gT/cCCcnMKu1gPa4t+5JxeGgpqz++HQuBW6dEyJxcu8XQq/PZ49LWlm8pH1BABh0emGUk+bfyjkY/FPy4YE29RUEy4fAYwHQSOz5qceF+cNC5gorveX9CzyDMB8H15vPPSQ+tYjhGPmn8IXkzvie8DyFK7RedD1hTeWsWmT0nDPWgCqYeOVEDjyhYJOuitEmKUkYLpgTCa86fai0GyUCdJK233qd/e5B0uKHbLXncKM+rIIKk4JDZhPE8WAmMwdGUJr7b+DJS2wH+ga27LWL6yiuxl4sDi4CcS6OX+H+YZpNimx+pQU4vmIzntVtXBUhu+QagFvoumPYGEj2SSNG7dD6EGKWDW4jGFTHAeCPEqOzzw4CcaMfsFdHX/Jglu2xSLuAc5XruQ7lvONflPFlLKTNuhGXWWnCjAKLNzxDKaVZ58Hkmekk40QZbNPT8u75kZHOS9HjnzEzIffLQxRiKz+wJcL8MOvZqO72xo3WfSZoc0Ee5JPHQF3u1sJ1cthOCDpuNgw+lEqZEi+5hFZuM0M9FkESxwUYxzYKJXgUo8uuZSjSA3hSCv4yjqAzTQjPFOvPO/+ErKspMhjilqexCj/fh2QFEbAn2eXsGUJS/hRC/BoNfpexASOFLsaYK61kt5J44SxH1Ev3AK0zZdT4XAeNaQIr4012q6+Sg5SXA3n/as+Li2psYJv9WeR9EoElbsxL+xjOrtDosF7burDBdyqhAFpLT1IWHE7UofzcBUhZ4snGVUiJn6We1N0LjcVGwBSr/6uicXHe3Vcl7YY3nLBjIgjtHlv/cpa/7jc6btPoPU0PRBw3SqPs+E/DV1JexKtjLaU/PiWf7ubfT6e9XD9E694SJHaLkZSNxRNxwqFm+AVpANsEPXVMyi0qkTSV9IAX46gnnrFs8hQ0ihEnqnp2OYDCNjclbhD6xP5pGdBrga4K7BWOvWvT1Cxysom/aqsyATvgUqA/goozxUtva9yUz8mA7m8hhRsJt81eZILH7WbLetf0PNs8LXlkRhT5syNPjX0p8hFKmtVFlYUXrvtW2xVkg6rmyXfW1Ibq0V+qNZGXJdYC85qZw/rzXwNzM38g6O035YKuVvUct99n373MkyBGdJ6AEvvktqzTB9Ewju9bdr6t75rX+NBT1r6hNEnVCGVPFR86YV+fAWcsemwDiTGkijHT+wC2dtvzCTMpUPVoRJ3zUMZ2NSZcgYJZUa+XkXdwl9/ec1fMhFTagCdlGClaD2TTRQanVCzKVI8UhG1TEtBbdvAm+byRbcp7sloXiGRCVu2Nm5w3bfNlByoyudfEBhZaBBM07OWyKS4kiALLXT2siL8KjHz0kOgXJSgiPs9eA82XjLJnBOTLtC6r+B0DHINFYpVu3bFsVe2ORYyEFetYnuAtBJIoVSA2oPjx5FWnOs7CZg5wg8ztOYxXho7ivT4UaGXMW6b84qaYex7Dk9+pKdYh9ZdvZpE571qTfCixA9A6avbeADRU/EWP0CUhwtUwHwDS3JpmyL/tqNUMTl2lgvt5Uj+x1VU6D7jNQy2dw88apCSWP2IFGs6cmPI7+wvU6ZtwPcds/ecki/Qhia+jZEV9PR/fqV70rRHSQPCVyUQnbOgBLgVKkv5MZvdXVwNFMcPlmzhkuscS204a00EJcdCeYA/yl0erXGcA6g+tPKIGs5Q7Vbml2YmMcTTdvyAb+lSuFcyOIpVMnYNFqSJOsrXK3JtqVVaLqGvRE4miwRfH2VDYdFfQIsTkniSR/Xg5zr8h2Wct5afKAqBywE3DdLpPg30yAd6gZ/lh0Ea00jnULC+Pt/sUTN3+IF2FWCOuxDzXGZW2UzBf+KGiIQMzTFIZSqi0OeSLKP7svmIze17sCQ0zjLoMef4zNXeANoGWxDPeJb3knX6VrAekU2azU+HKc8UFZPu9m48HggmAPB/VphBrKjpqt/DMDXOwFOf965s6iOGK/bWIgrywxespbhlSx6xojIL/RFQQmKfHy7hoXEt3bHe3ZdEQg9jVZ1FNkGeGcnJ6upSS8iwHlTcmx4OEmG16REWJdpMUwLljeEmlEW5hpLrLvVhzArsSz+h7fxc0wBCR1IPQd9/o3KpSEC5NbN8f1G+dTJNjjIy11jSDXdJ6xf8BSnGaRqJqBDXAvtIkGgzlxR2iFhi+aKKIFKOwkG6fG0PtztKE7+zYjX6RYKklDX5lvRLrvjYT6kXWkI+jzqoJZWO8DKeR5zIh+0itZVdsQxKiTkm3y9KztVlzJcsF8h8CXldOezWF6dYOHFvHu1sfhlRSLiyeQ4AwzTdjwNEJqaw1/wTcJMdb//HQZ4J5x1Dr89fpiPOD8nP0Avf8lcSYc56ov3AzwQUjgA8L4K7qRd7VcichBVRInTAP80EWJUEpqeaJAu2WE0GP1508QVVPncETepkM3SjuCahdla1201f5ct9cje2zsvlz0OiIj1ZAdiws1kLT3AeueeMs13986NYVMZ4lhAEL4QHLpu8yDTXOokzJ55c8F4X3NxCZ+k5f+zluvAI2hma3Zzagm0yLYsNipKxrESFgBn3dPbhsOSJqCEqD34qZ1nNBwI0OG2FWMUtz2sE5fuTqV19HaEv3VayaqhztIZARFEJBRZY3aw4dsyfNWet2lGlnPHKd3hPErpNpjcsIlYuIV6RaxIl8UqaZsllB069FGOd0KXGo/a/BcezkSwc1RKPxYSt6rONn1OyqfTy0sddXTDSFeZrAADU+P/LfcP+G8jLNraD7YXfPAf9i7ZEPvXfs1QLuALjyyRT0TODBjN89zXMZI1CTne4Obe9zZMu2ZA+RdvohZ/ObMO7i3X9IIBo75woTifL546/sWW+2rlFLLq4Q26X+VvjdslD8UYiC4jekC6LU5jlgKtVkC/q0bQfR3zKbrtbmgrHQ2KZL1oyV8A9nal6n8bjIzKjzlmlgzDsvzl1l8xqflw2Q3rqx0cj59yDZ1zRQnlDUB1mdPJ7aT6DJoAuZ5sQdJSIKPgnam70YdfNJSI4acUZaIBkpVbZqKiag2sO8XNiHP63xKwhkshzZPUlnGCA6qO8KRfKmuzXsW1uIB7tXIqn2pBr5QqnIp8Q351LsOnW7wLjKnd8qEhPcArrcDIFNzUAn+y1itZiOLgtXoOC6VdstCOLBaLp2bzaGpDbeW0pta1fNCgdVUfdJxA6kGKFOTkpSeeDWzwbQZIWcBvUhJ1BCa3VcSxEe2HBQ5T1vBasjGZV/xQDkCgIB+dunPVJ0sJIit5aS1r/ddyaGqP8lZ5eZ3Z76VlnKKWIr/wb81erFY9mU9j6lhy+XNoMrvkkDQqm+3E4q9Btf0xfgyInukeMPJAEQarn5VeY74w0v10LOUhhrUspQ7QMLQVc25TRcTJGoVPa+4/305CSU8Z6jDE4QF7A2FwPWAIqTiCd6aNyVyEu57dQkrTx8iESRxmbZP95DWB+fvmCynxfqEcCCWTvWPTHVzi1LaytM2tyBNSw378Yan+AKPXwo52+Bcr5jFZtw/H+40+3I273jX4wTrCR4+aUOIzF3e932xO4CIDDS2SoGVtihGN0M5X3kCBCva8J21nlOzMfn+UUIufkU2x/m9CHzxIB8yzbUscgpPuPKkybmXEAiIwOe9cayeLlAJq3eO5NsMxY1QrhEjGegI+8puvuliqdGOkkOyUtKt8i/8kLdcYHVJEDrxdBHIDilPfq7+DIPo16MhR9jSP2zTByVRuEXE5CvwpSQZKIxKqX5p/lg8xxhCn9jzM91gnhbn9/sG9HcvdGzFjJp2JxqrKeLCk5t36P8wV4QN3Gt7T/QffvnZpdQKh8Qpx9ziU4pFo5c/h/z2sUS+S1lNElRyfEfmPKkN6eNxsTXpenWPlVF462e62Cn/NFUuWenZ9zWqo79y3eEs3yTooDcVBmFxSYrVWgScrfWVZFZcRZafNQNjassXK4l+7HzeCgQelycOcuDNlQgTbSwK2aQT1JxMbOMk4DwCFqSm0OoTW8NdKfVzNlm8Kv6LZWhJ92BVkRTnk/ckUxJ9hNGMMx8BiE27+GVmQPyxRWUpiAqN9CCD9c9W3Rj6gZLbAFvhxV6dz9+b/hwG+mDND+81czWOXv5DGkmTZZFSMVQxpUFpIp09z9I192u0arY1Gi2MM1cs1JPMTTyDa19hENeegT4SB3aLFtr43IR9y7NptTJxIB5pdgl5NA0QJy8/MgDL1j44QpyVo5P8lFuiAXqwjBiKGyQdykeKgPA5fZA45yloMT+yRR5Qvnl4DwFt99fFCVoWJhyMERhdXkGjoW4Xi7l6XXOdYg1QgI68AXs8GnOv2dHaB73H+p5blaj0XQcAd4NLR38eYQGXqRH/jUJvnyHh+3Tr/+6kDdtN6xb5MZuPr1gtSm1BOwcVXsdagziI9N5yJ82CbP3fZxAKXfK9pjAvlIhAM2ROQxT/Wuwq5Ka6mNfXBfues7FrR1B0si0GNsMMU5UFad8ZXlIWJJRgBRALbuW5gBinY9nK451gdi7dNSc4z4Lwu/EvSXw7+9z+/EakGivuZYvLRg6yPpU/OIRV4Uw9Fv7Qyuvs8z7sgJAVaIqSSMd7wwBx0FD6Nm9QNGGhtg12yFYFJt2sG8EpYQK4QZBmwb9y1h0+y38HCEWzV10oi7nxoLBjrt/EWX/qrjKkpl2y/wVZZikrlwiGIQWE2l1is5rj/rh79zeZzHGjiqtwNhRw0/M8GKm/GYmJHf7HS6jOqxKqUtGUyXQXaEt6vWBPwfOnDLKDLhH5tHn12TenrN5/kjSRCNSQuwsG47797nmrDOvTROIYLFG2yzPsXccEy9NHX7eIgLKsIptw9Nm/XWCSwy36tOd1P7UlYon/h7Xxpq2rZXbXWUmqp7X+LjVYiuK1X1gs6KFclqMMEHWOritDyFaAEjpnVNFRVeadtcSvtkf82Lq1Wxamp/nR4tSTGkViDxUd33bYPwFVDKqg8tL0P6cYxPBbO+XEYIUJouVl9eTHz9Zyjz7SMn1tIb3vR7kidGgIfhF5F5USSEl1fPHLBRpSO/HSXOYmTEHE16mFF2k5iADZwXrauvjPYGz5x5dX6sRkn5UbVgfrEEO52gUWN7aplbWsaW9+5M5YNKayEVPEQyxie1ml/cgsxp6MgZFBf+dJEG/8hKvPLfKZy6mH2jrlfU07QDeu4wYjq6faqGkjRPrS2eXn9cUWwS3kJNafBjxqc8BEop6UOjvoQwytMdIKvJAL5m31HNSizQcXZ+/wpatMJ6CDICbx4YOY3oVgmkmlGAIHi6hzB6RZRC4xWq0BT1xOc5g2SzGGjbrprUEIpzKV3DUg4HjIR/Gnd+AyNlhVvsa1l6/cupJ5StMPITW7QsqogmIMte0Glh600Vgq8U5eH7xkDkf4H+Te43uXHjBSIr5wGVhWNzjWzgmo9zvE7puzbdohpz0gYxCniVDAfix+HYIY68lXuKvefNY2uxqwaISTNj1klgYk4NRGk/5p77Aj9vNVDYx/SpoSG0d/IgObgk3z570h1xDC1JR3Av2LlPB468VtVJXmzKWyxF8Yb4fXTJOfD1NzTvr3WoZuYFTK/EqERSVEq8DWXxR1KhZTa40QWzY+5DTrKeLmWkeiS/zfHdl/SwF3iiTJFqmRejc9U45zwP8on0LAb/hPI1bwmD2TfuHdJpFeZT9gSY4FFhjVfj5e34P1AAv0DMWlUyshxPHNfAOWYjM4kHAHS8HH2jPCzihj3Jegr3Coy0jln3edOJ1xpFSsvwEhVMo78h+kdayreboDZ9aB75aF8vLR+lhMb3WBMTF+69N7Jv4/MgjEemj1xqsZt8w1JFw1mS+e7Ke7YYB6DNm5qblyW6f0/Qej9qDGT5NmFKfdIjl4EUBR22XmCIxjinKOeGYAAjnwFDe0xYT2ynNek6OT3skAcdh3HO5QfkRFbummYhuN1wq71ge4mLmS2620oVmYBQ8PMuEsDtg5ZuJSb4U77QT3OTW2f9gYoFM+Dh/z4O7a1c5/dqJ241W56x+FHqajwlzN0SjTS6GEWFvNKXvT6ZjsO/I7pfmKEh+LIAlOZRJ4dy8tlnoZubj2oICR3lC4Grw2H4JZQthJZOZQV3fz7hgcApzkIkpiGi6GW4On0h8bwRtpik0OHeqMJm+cP5Aos88lNpC5MHpc7Aw==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-01-28 07:01:46,650 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:01:46,650 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070146Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a445d58c614a4639875efebb44046f52|infraio2.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_f1cd8ed4fb985c8681344e22ec4e7320|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx5g0XnA7kSqqWwnN/gbAXNeIlWtSkf3kT6XyiZDPMaZsMbjCVKWnQRx7jzjoxVD7MlMIJ+QaQ83c82sw54yVm5Vy/CTZNbGo61q+ii/V6rEJI2r1pzFxk5/BodSVAbfQERDc=|_2e104a3246e58c5bf9a6254699e2e830|
2020-01-28 07:01:48,919 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-01-28 07:01:48,919 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:01:48,919 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@83538863::identifier=rick, context=org.apache.velocity.VelocityContext@4f97b678]
2020-01-28 07:01:48,920 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@83538863::identifier=rick, context=org.apache.velocity.VelocityContext@4f97b678]
2020-01-28 07:01:48,921 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:01:48,921 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:01:48,921 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:01:48,921 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:01:48,922 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:01:48,922 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:01:48,922 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:01:48,922 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session c6f15e4f851acf9dc8f7138ce92f7e5689853df647b715c2fce1b32ddd059266 for principal rick
2020-01-28 07:01:48,922 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session c6f15e4f851acf9dc8f7138ce92f7e5689853df647b715c2fce1b32ddd059266
2020-01-28 07:01:48,924 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:01:48,924 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:01:48,924 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@19e71fe2'
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:01:48,925 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:01:48,926 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:01:48,926 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:01:48,928 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:48,928 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:01:48,928 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:01:48,928 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:01:48,928 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:01:48,928 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:01:48,981 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:01:48,981 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:01:48,981 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070148Z|infraio1c2.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-01-28 07:01:48,982 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:48,982 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:48,982 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-01-28 07:01:48,982 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-01-28 07:01:48,982 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio1c2.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1611730908982}'
2020-01-28 07:01:48,982 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:01:48,982 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-01-28 07:01:48,982 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:01:48,982 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:01:48,982 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio1c2.my.workfront.com/SAML2]' as '["rick:infraio1c2.my.workfront.com/SAML2"]'
2020-01-28 07:01:48,982 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@19e71fe2'
2020-01-28 07:01:48,982 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:48,982 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:01:48,983 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:01:48,983 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:01:48,983 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _81875967bdeeab4bdae7740c45565f82
2020-01-28 07:01:48,983 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _81875967bdeeab4bdae7740c45565f82 to Response _e6bbee8126ac6a271760aecc10c003c6
2020-01-28 07:01:48,983 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _81875967bdeeab4bdae7740c45565f82
2020-01-28 07:01:48,984 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:01:48,984 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:01:48,984 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:01:48,984 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:01:48,984 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:01:48,984 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:01:48,984 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:01:48,984 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:01:48,984 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:01:48,985 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:01:48,985 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-01-28 07:01:48,985 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-01-28 07:01:48,985 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-01-28 07:01:48,985 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-01-28 07:01:48,985 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-01-28 07:01:48,985 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:48,985 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxg40th7POJnwY7WSfI1t8OdUFYeaUOrS6iq7uA2rNtNP4LuSW4duMfrdVJjgFVszweXJtpv6IEbIv3SYINeK4HLx2F97fyGYmBGdAwuFgG4fIDEhqeddqP36zt8Qd8UUz5PxcAw== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.25.118
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _3e163c9712044a938d0be02b73539977
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _81875967bdeeab4bdae7740c45565f82
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _81875967bdeeab4bdae7740c45565f82 did not already contain Conditions, one was added
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:06:48.982Z, to Assertion _81875967bdeeab4bdae7740c45565f82
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _81875967bdeeab4bdae7740c45565f82 already contained Conditions, nothing was done
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _81875967bdeeab4bdae7740c45565f82 already contained Conditions, nothing was done
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio1c2.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-01-28 07:01:48,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _81875967bdeeab4bdae7740c45565f82
2020-01-28 07:01:48,987 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio1c2.my.workfront.com/SAML2 to existing session c6f15e4f851acf9dc8f7138ce92f7e5689853df647b715c2fce1b32ddd059266
2020-01-28 07:01:48,987 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio1c2.my.workfront.com/SAML2 in session c6f15e4f851acf9dc8f7138ce92f7e5689853df647b715c2fce1b32ddd059266
2020-01-28 07:01:48,987 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:01:48,987 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio1c2.my.workfront.com/SAML2 and key AAdzZWNyZXQxg40th7POJnwY7WSfI1t8OdUFYeaUOrS6iq7uA2rNtNP4LuSW4duMfrdVJjgFVszweXJtpv6IEbIv3SYINeK4HLx2F97fyGYmBGdAwuFgG4fIDEhqeddqP36zt8Qd8UUz5PxcAw==
2020-01-28 07:01:48,987 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:01:48,987 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:01:48,988 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_81875967bdeeab4bdae7740c45565f82"
2020-01-28 07:01:48,988 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _81875967bdeeab4bdae7740c45565f82 and Element was [saml2:Assertion: null]
2020-01-28 07:01:48,988 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_81875967bdeeab4bdae7740c45565f82"
2020-01-28 07:01:48,988 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _81875967bdeeab4bdae7740c45565f82 and Element was [saml2:Assertion: null]
2020-01-28 07:01:48,990 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_e6bbee8126ac6a271760aecc10c003c6"
    InResponseTo="_3e163c9712044a938d0be02b73539977"
    IssueInstant="2020-01-28T07:01:48.982Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_81875967bdeeab4bdae7740c45565f82"
        IssueInstant="2020-01-28T07:01:48.982Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_81875967bdeeab4bdae7740c45565f82">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>X5H9+bwbJc+ExuFfv+R5jv8tLBs1U7sofhi33ohDaao=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>C6nGqGmx0xkK4hyABXU5zC9Io/LSiWk/FEU11XZLUXixbfWpq7Z14D1V8g5LtyxJOwXqASFUbEbBmpt3dfPgO+Jxr3+xYlaa4uzXeq/tIFn1fIHS4Wclvi9FBC5GZDwh6TnbMGylYCy9A3kwKYa/ukZOS5pJO0bkGVwTXQDZDss1oqqdW4afQqfXTknQAsu0lc0ypsQRQbcCYPLHBBsUIsh27ORxmsiIFwlzvNE5Zhtrd4mldXoMext8eTQosviPC16SmVRrZxukQ++fOY9PhNCV1yo8L6epoYq2Ci00r+hr/lQrhc7pqg0uM2iwJk8BPZzxoyD2F9xEnYvwkajLTQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio1c2.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxg40th7POJnwY7WSfI1t8OdUFYeaUOrS6iq7uA2rNtNP4LuSW4duMfrdVJjgFVszweXJtpv6IEbIv3SYINeK4HLx2F97fyGYmBGdAwuFgG4fIDEhqeddqP36zt8Qd8UUz5PxcAw==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.25.118"
                    InResponseTo="_3e163c9712044a938d0be02b73539977"
                    NotOnOrAfter="2020-01-28T07:06:48.986Z" Recipient="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:01:48.982Z" NotOnOrAfter="2020-01-28T07:06:48.982Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio1c2.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:01:48.921Z" SessionIndex="_c8c665b46f0a3829b20e28a6199a7043">
            <saml2:SubjectLocality Address="172.31.25.118"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:01:48,992 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:01:48,992 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:01:48,992 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e6bbee8126ac6a271760aecc10c003c6"
2020-01-28 07:01:48,992 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e6bbee8126ac6a271760aecc10c003c6 and Element was [saml2p:Response: null]
2020-01-28 07:01:48,992 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e6bbee8126ac6a271760aecc10c003c6"
2020-01-28 07:01:48,992 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e6bbee8126ac6a271760aecc10c003c6 and Element was [saml2p:Response: null]
2020-01-28 07:01:48,994 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-01-28 07:01:48,994 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio1c2.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-01-28 07:01:48,994 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-01-28 07:01:48,994 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-01-28 07:01:48,995 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"
    ID="_e6bbee8126ac6a271760aecc10c003c6"
    InResponseTo="_3e163c9712044a938d0be02b73539977"
    IssueInstant="2020-01-28T07:01:48.982Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_e6bbee8126ac6a271760aecc10c003c6">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>UBKsGMXJMUufr/QKQMEZz8a8dUvOh/gftGCYX4uh6ME=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>QfSRFNcGRYk1wdvi4Nj45byxAgToG/G0d1n+98LzjaXBt/p46QAqaxHhFBFVN98fXCi/59soKAi4Xp+PtvCn478Mp5fXRf/1HOQ3w7ACyhF+dUpp89Oe2ebHsD9EuxpzxhRD/ESzX2/LSXmM0Sbca3Nrlj/PvIAzdFg6wUzVkRHIrMZrwe7v8tMU37ElOFPoXmvHh18u/Dq1Dopfq6XY7CbmM0osWfeNwAiM3Hb251eJTe0PGrBvzgTZbh9jmUmCbLTWM9GGLeN4NGJ9xncHHKzkmB1rZYEW9dlBWwWUYnB2AnuujjeobLGbUYHr87epmw3V8fRpaQKj/gD+cnqJTg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_925bcdb561dab410ac3e395dd2cea588"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_52bd007d05937c8308551683c200cad1"
                    Recipient="infraio1c2.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Yvj2L2kNRUOqEbS+Fcpg1kFc2hbkp3xvPwVR/WayiqIZVZKfHgkWBZ0gygFwCZz+QfSK9dQAM3tZBX5I6YBzJZ6TKpC41NVSvfWJz9ahx2336bWwvXxqUyOJxZlfa92JS9YORDtnScomGbqmdcyEOh9WShQ+087PS36ttzImakImLpJmxNs/DhIQj+AWhlU9uebAWvCd7hRK2nhXY1M3MF4OQJd4AEJ0dWMo/jgE9eudDXfLYH6aysw2hKerFOWUOzUU/bVizWeoG5yv5c5aBa9DdfTI+fZMXZdSY3zefpv+6cB5KM41wXvBrnkP6Us9AutLc+zvHPh0bWAsuSrZnQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>SK2pe1QG5WC4ZDwc14OPLQoHJuQRWrxvVKezPMPCCANpGyNE/BBVDVcw2Pv/mmh5HI5MtcijROPwAhKeyxWQq6ifCEvehCaHH/8uSLXqbkW2Hvs+5r28fxia6dx5fxfEG7ue1mhKgoSoZ+wVkMVB04nGNnxqU05iK8LBYA7LSeGWrqErhDw6pa8ve8dKeUTrhxv0KsisZW1g1iAoN5zBmqySX/FX7LFKUBIXWmfr2A/jm8QHd5kNqBt7ic+MYPbWaZab7D04PZxz1nJGzJxzsCX/5dRGoXpG1FgbO5BiLHpbQGXzzwwZka3Zmi6shPPZrWbFer8BrlkyObH5uwQ9w2fFqKh9ezla0nphEajZZzLCkY3ZqLcJPt4OH5UF5eYv7INi67S5FYdARdqujbfsv3FOPdtgPXCFkHy724K/BEI78CSFLQtordVfhrgAd3kBVXapijPdJxp4FGPTbLSLBZPci1woWI1Xx/6mlCcNxf0bp4yT6zAn25jcUuj68WYlIYSf96NTpKIqKMKe7xOBrjvcTOD+InP0zj4mutSb+hsveOgBUgyMjo7k291NeLJNXmfkX1W6/KWUkY5tqBd8L+6EtvTIKFlhyHw1jF6kDoF5D3LZ18ye1CLWMuIzEsnBt6l2DMIMjlV2QNesDvGoJx7rd5Y2TC/35J1XAmAndSjCnX4fXZ7JQZcpihsEWKHHZpMr+WS+G1tn1osEkJxPrsMZ+iG4BE26gZUsyyvHTImOr+yfbJrA2fZ3ZJKOG1dmY7HqUDjKHqfB+PqoVfTf1azh5V3gzTNRzvnB/vcVtiH0wUpMw7ptONIH6M8VW+6VLoZEKVOi+4znzn2gNrb+tTlKalzwoExNHQeTdfGGAQpaTv82OKsdjyZsLRGbTLwMoEibSsq+bMeQ6RPeEnZwtWOL1CCNjmbnd6gZ7JVzBjML8aBA65v5Bm15WO2pcNXCzaYfKhXTdCBuykSIWa+CjUoWEFFzYl/QHz524SibUYGkXd2Wa3vNzVoKCbtv/Rs3FvEI3YsjKv5KwyEh48kofeqtSGyV8/Kh28yh05vttDiPFv2pgyjRniB1rzynUGOIHx5QUqHx5tMEI6t8ggEf9fjsHWK9CVMDdDbAYD4m63j3wY+63ryxzjOFLbDF+akdVk2VW+k79EtAUvxtvy32fHt95xycs0yRqNFzuVLnwOnPcCwUmjtFt4v6L0ZH5fhZVaka+nIOAFRlVMZlZfAYX7wG0x5SNy3HukAae6B1QjFe1TSKPWBav+QNIqjRQNE/1+0QusxXpJmhB8Vd/oNAI177yas+E9AOSL7lhFLC3QjYpZvQ5qhvPk++F5Gmnxxpn3Jvm3irmIn+92rRq5xHwPXra97lj9o5XakBFsJSUQG+fLbwKyb/jnlyfR9JPEkE77TdtEepUB1HTvPwOMKno72csavjS992d/ZsZXQSdiYcvgIhIeViO1j8b7H27WYlexSmn61FrQaVdyH78/gKVc/W+uB6eYhJA11h6XeT545IzkZfGpndQ1NlIv38kw2aAWhLui0UZisNtJUwvDyzK2O+jLgA1KVi0SnMnmWjCO7Zn7nLRhqgTX97niXggUz6tL1bJb4i+Dmpkr0m5cMXhjltrN2cDsYihIuxpYEtNS0NmtWq/B9jwCFklL5V3C0J3/vEx7XOoSJba2aqSaKBaoO8kol1pyd7yhooaObQuvV7pUvpfds70xQ9t+Hg3Kc3fARzNs4J4i4MMSfbiRKd9q2xc5WvxKy1WjssmWhLNwPUcJQepjLIT+7t5vff2Ogwno0hbOXP1j6JjQRBLK8VaOz/Te8VP7qHviuk3hZQ5gH14P1Cv/ahsp2o9PF+izPtpPr28XCFWGdQ+psQMXoQAMgDYUu+6jdluSsxJmVMWFg+ApdARC5R2MF+xhdXn1JqvvxJO+pCaAkg1c5t6Kupp8zQs1jca4tBDs+LwH2remW4XWYn/Z5Hih6gQfQB1Pxkja91DXmbTHCTJknZce5veELTITP3ZN8G1xN+ZYZ4Y+izVEnAVqcnwjYl/hnGKn4H/ZOFx6H6xdFv5eWV+EQ3bcBh6oMlL4a2lXVuzkjlwnojg6PzODpmq8m/GR/0fLZT2qX3hJcOrhRinxgPzKRooU9Nufcz6Z5Cof07W+22O7/jxsqBvi+tk+9dZpS8/NBAunsWmen/XNVbjUwAZQYr+Z76mX6hkJ/3UhT4ZitnQJAxVlQNErww1FIWpCYFEn4RzsTOuAlSF7DHaI3hR6u4Y+qq/OIr0+UEYCbgCQD3RMBncCQIyQT+tjTA/5AjDvWBq1NoSA9tZ6+MDlpFhZ0WYSALbPMVa5M9p6dGRVpmrCQTAGWl+XCn9xszqFgy7k+TfJSwdMZjzVmREMBdrbNGsrG8YKNtBR+wEH/0yGwfLWsTvrZ5HPk5SlxtVkSMuo3wA4aAwA8TPB7OIfjq0XtheJyC0dy4rafa9xB34yU0MbT9hraoDMiU6ulkfDG20tWy7pwVg1xOVFL4+Ea4rMNizBQWe+ISJwnmeRptUEeraMLqQyr8EcDo8x7cXkzk0kg8O9b68BriX3XZBos7Pf9q0vOBSseJhZzuoNnYWROJsB3l6G3E45p6RcG9E+jDvZtzzpympuFDFqu6eMVgey4sz3fLndq7+YkeWdnMjvtGhCeqQ44bZ613YSqaB64rR+6VZxJ64/O38pS+NgiSkn0pYhJRx/rcSZbTVnyeVvaGXvcIxnI3jFAtWslyv6hVIPpQ9tEQkqNiC+p2zIutfP9H8JAZVrVSbvxSCRKxaU5DDIQoZI2Bz8yXFMMi1eI9h5HhDPkPqORxfSk0Q4ak7N0x4lFmrBXcVSTdvjxrkG32ThCuUbvPLM56ORPnfLygOO95Po9eIOWVHL18UPN2hQDeXcWPc/yO6gOhHIbIN6PzmtCZAGXxDE/cwraQrUsrRmj5u7Xvp347Rd4w3N70a9pGMsoEcr3hpx9ny4/JDRPGbu1W2OW8OLHgwnpcj4kHDRVFinKwDXgXEs3uiMZWOahr+NMhjiupZmW3pEOT5iDy4G036xCgb3CbeJtZnbPSlCdpisT+Ec2PS2wS6NpLrGxMpA5bBtv5SvO15LyI+EeldNiRrYVjezrM+7ke+tMv1P9pZyAKWwkJ740egSVya9LNKq3KS52MdaDJX3aJP2/AA+KjDqYLFE6rE9eGEcalO0IyCE8VqQ3vbcBcK8bHUw6mgoJYZLVq8i+VnqxPYl7PAMa5rjzweeysSEAE94kvt8kLE/mXF9L3MKJ9r9Lc6BVhkg65hx4gwsYbAXRJoMUfwn2fo9An8xn5V+YmMMW3pncTp0NRn3GBsyFojd1SHiR2eBtQJ+lRwF3LB6+QTaU/gRyRhk60FqCrZTKKmILx1TU7XEDdIiqLvf1+4GBS2qTTZet+AXzzz9f2oY3wZMAkY1jYV+QpZkKL2CcVwUd4m4PRukDXwsi6d38dLW29Wh+84zJqICOyUtUXcZvyX6o5hVlkMhHFvG9WrLFnAsgPwnbZ/xMLdk5JvjPF/b9a3f9MusbQBKPudPZWjb4GGdos/i1e3FUHt7+V/H6kgiuUVwNPeTshMor5wO0rbrUKC5uy9YFPbJ1E7DHiw64gvd/E1cTnODAvqZZZnJ3JCplqJ3vEti3nNYSrCEjSk2XNQ6umlMSilDCXtCIoXHQFHFMdAICEgDXY7Tm4tcRu8yOkLz6/xwMLA0qLAPhUZGCH9VEtqyvOjNCnnlQuwjUs5pk9aj4a7/Zb5K0zqSMzoDeXOwOHZ/yJe21v7ZalXnnrXX2Uto9h+EDP7TjiwGVcTd5Q8ysxn9nC1gbMl2Up0n1bpFB3uXkyAt31PqG64ENNhC1apsE9Fas/NqNRiNnZyEFdUN3KfJsvywH5lLh9RxFnDRulpeDKPLh0JA3jZPEq12xU2jPMy11rY6rCCwKBSdKvv8EPYILHcpkhawbsiugsTiEa49GCVa7mnoxZ/R7s/ETjcpd3YJkCNdMTAVhSW60UVbnjE4wW0YX9OS+u/QKZZ/KJHGQL5Ml4JU/cPGNLU8xRa1+iNCqk4rmLlsvFpo4rrJR3aSDJE6gGlPv2OLWcJSEFdq9xTAxd5/FvalIqeaWUL/i867mfTEQaXffuGL8bgGQ/qntviXyWw3B+2NBTmWZGqsgon1/uNyfQoDkuCGN5vGJIymaY/E0CdpyIuISuGadeOCkZrX3MOcJyQTyVNcc7HHwglcUCOirLjIo/EwJYbOY6SrtoAtAxTCk7nrqd5Pe0U0vuIE2PlSqOaNg2eSpmr/Kak8TIK5iz27Uv38qC8x40iiKdzwF3k6FeQnzhwAM1ZLn+QoHBEuGNCMm0JgG0EcEvIfCQWHYA3u2IGUaehimGDinNKnk3Dg800QXTDIiv2poTCl0bQlkJl42Bo3LrvfgPEnsnCiFWB/vCcCyPEy7h1Mv5NymOtVPBWTNDjpY4lHi3juqY1nJ+Ctpc6NoH2JautJgCvRRPNEl65CEhgc5wGGkxElNUs3XZS+EAWjFIiS+5XgVC3SQX82+VqTyGvylHCOCH1QiMM55C7yKMsJmUsWJl5wWSpTIjEtXp4U/m3Stk2+80aVEp5ovDGpfSV01T9knZJd/LE01L244BcQ/9076fnv/vW7woiza/dZx1EK9Zxqi0A2qEyjyJi8iCDJ8Syr1BiW2AqHZcBKPL4s5JkaB+7P5sVb16jkBrwDBKTRtctMtEhkPFe0OBHy8aVakexfbV9+ZGgPdvejckCcdq1U/5zeFoOWsOTeg/HNRgs/ZMgGWrXE4K+EgpPn5STdF6TY3nOB6w5gKjaVs1zP06vTi3nD1nIIz5Pxf34/z69cP3xigc2Txi9FBLLOBX6OEHEVLlkaxKLfhf2xqE6n9ve/K8zkTZ4higpetUuseqk6RZ1ZP1soorFWc+/a+TDzbJQGoTDhGdnlRpYoN6C6qcwRCDQP+dY0kVcGE+UZFsIS0e1jAu/h6CN/jhHQpAgsM0XZ5B3WtGMhFgcI8rFGLzBwxyv5sMiOafMnh5iymm0pWYgWjEWXp9buekhweX63Uy2diQkofLB7UCNAcVlN/5fBCZ81jw7OJvv3t4I5Szk6IwID6g/k3yU4NNLa+PT1jc10d9XouqyBalcwIvEepqctq9APUq2DfEuxa7LhJsyZrboOX0EuiNqNGqokjws+04VupaDMHjh+ZFSCcqbZzNTSWNjb7uF891v8s/gof1yX+o9xBVhsig3hDlNncNW/oHVRQUZyKW92ujuNMptNSw0ufQhEp9O+80h3v5MR7UI9+wEOCJct/gpCpSwmOE66ENg96aVjGD8iF4q0VjIoTjKTO5qDIvfF3D/rmjVXIT9TiF4YhOCP0RN+mieBxkIgVmbwqkgUJywX8u0YdNuUCdG0OnyrnZ7m0kfyKMmXEB9MaCQUzmp18FP3Ya0wfIZ05Mi7g1rxczQFc9v55KRanM2C5mGRWQ6zHIGIfiJ5jN4kGS+jMUSQbSgIc6iJyNB3FjWGfja35IW7g2BdvnuThNn3hcy5Jxehznletyhg+KAjoVFOnf1Qp0YYCtS8dt2LlpLRxpTsTuV04UdMFx6tw39ZN/z8aC+TO9rQGXwF8IfNti5LYQverEv5DSYb0s36Ft/LQ53HriL2SSBeVR4iM9y7HcaR1vFkxQrFz3EDu0gLd3d8xinzkrWRVqPiOcLlKGyowUgOc39VV6y7kke9Rk/6xlRoYWqRIndnRXP3tGTMgwHri+h+5iLF/61kv541rYce85LoVGE3vquJFJGzyAnUQktrfS2vdey2kjivcgf+xMExztps53EEtg4psP8pujM65OTsKxx/f9+nlOu5vZR/lKFSAJkVpDvPmIvCmbU5FzLtZDSF0XKdDsXQOkNOsH0idL8G04HgXnOsmiWKF5fn3c8c8wx9726mg0b4brLU1WOZyJxwwWyFFo5VRgdX2rLMjGj9GZ7vY39HT64wku9MRcZ8ChHH1MphIlViBQ1T3P/pp2x1633QxmkXpoFXb63/XWq/WtnDJ9AMREAeZir+vNJOn4ThgkBfrS6LDsJAmOVkp1j1ZCJ+BgCNDBzojI1cxkvpzrvDVg6fHqMshqsRNqwXlxOlW4CezI/f2/YlRsF0BgQPKI300znSqqMG83krylzsJH5vDn5UlmRvJrFcH+DLdLa3u9y5xn37FNgtEFQM8lbnMHa7TOcDP4ljkStMW70RQ8rTmDWTda+kKQBMiX9NV6I4cSMA2GdrGIDlnek5OSSqwae5NYT2/T9fJcO2So1jkxrJAmiCp9RDLslyzFGMnGyayFbjEWj0kLWO5iGpGtzqXzTvGnJ3LVCLoBRsKuRCkQTUMuz8mBhGbRIK5blAINLHYxvw3K/NfKwg1c4EaDvdJZ8th27dk8uO952VFUCicKUwrpjpPTBmdvXFrPr4D3iLi4dA99W8UpXY9ZqLD7IfDXY8qBAWlGKnNqPzOpUpi0dyD0AT/jE4xRNc8o61AQduO0eJt8KVDUwThYjRmlWGpykNeCUpMeVXhZPJrihc6sJqnDhC0gbjvpSCDWqpyHohDRtLICW81rhQIHA00J/gZf80RxW8Dhct9zabZIXICNwF9aRO87IatPymx+m/u3t/ztvqQPUWEjdFQhlumMMDmN93HmPcsOtZ53ttd6s47Tz2EuqdQfhxPNvo0mhs507EIQP3i+2OVTjgpUWXQ9aamaLWz+bq+ALr63u8r41DgfbnrHP9dElUBO52oPGTCnx+cWZYnXLk9vymwdm1MQpIY+t65Gh2uqpBoUkfBwoFy18VL1dsRleLyqdKwl0RI1SGgNT05n1jJdEvbd9jAxP7wqcjhNrMOJ/wH8qIy02D/kQpbFsmt9v6n3RZbe/aF4FhvTs0ixGLev/rIKvjYiDYklaURx7W7wXru6NJhCMp3O9X0TcDT7e6KdL4jLyGwFGjbs8WDFNyqGiOUSQZdzLrlyzn1oaVYXnwlFAoME/aQGHNUkeM3NzE68fNl5coBsOIY8gWAQlrFpJkaYj5F1+vNyqR9vFjWQ6uZFNij7ZjrAKm2BY1FA1DjcPlLbf/eEQoiZK2rl7JIe68eU/eL1yhFbW8arWQO+Sgbat2XqfsrRrN3in/AvNjfD3AZ24ovZA1xXba/n9XAvJJfZV9juZxm8ed7LJjmH2jWSNNKgWk2D76wGZokj/dSiGC1kYhQT0yd4q6/sDAfp8nCrDC1AK1mn2mte/GzKQW7wHSBUjpeXioB1oL5uln6Q+2iByB4kZsXkchKFX9JH4TvSeDbm7a+xL8+tsrAs8atmMGM66XKbiHyXSJPyVVVeRUkPkE6CTX4J/rhU/GXbXGDrRKzI6vxAThRIxA97qp4Lladj+RPFkRK4ycSuhKxBNgtoQdQR7vOmPLliGwsNQTQE/fQmWEMH/WD76jnqDar0Oe81BSmB1hBz3XdrF8VkMQlHEgc2hVJl4qyIvX054vCFt4D+IKVPFS0B4ORtUlUCaU7FzkO2x5OHFTy+sZk5TIDZ7ltEcDv6wMmM0LiQ09/hq+ptgCgij8uRX3/Q0ZKIy34LBlKMQ9fSwglDCtTEMCElsXhgojnUUV5H51x3URNJ9n1Mnh1+fTyoFJaRLEE8JYq4M1HcgWZ6NQ6ZbhO9ouzMiV9ejomfPXY0u91CIWCC79QuXhs4dSwzOSDD1Pq7GDmzRjghXR6aeCmBa9cOx2oCa2YDnFavNkl125oHIdw5HO8HOp10EoMUgSeuNWp/QF+XEZ7Yfp+StdmhXYcV3Fhfrcy1ockMDN7LEEbp3oNlLg+SojylvBnvOHgF4R7QiTvekGImDUW0PtE/BBz0B3gQ1fAKvXoL/c/d1G2PvxAAaMDNqOhaiq5J9kPehLW6FszjpuvK25+qVfvEhhpMIJOWRBw9rnZFdZB282Th4fNdKMZK7lEKEKTSWnc6W5TzuT7YhN+anYrfkgnl2TMHrlLxaH1Erx0fYj1bPXM=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-01-28 07:01:48,995 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:01:48,995 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070148Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_3e163c9712044a938d0be02b73539977|infraio1c2.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_e6bbee8126ac6a271760aecc10c003c6|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxg40th7POJnwY7WSfI1t8OdUFYeaUOrS6iq7uA2rNtNP4LuSW4duMfrdVJjgFVszweXJtpv6IEbIv3SYINeK4HLx2F97fyGYmBGdAwuFgG4fIDEhqeddqP36zt8Qd8UUz5PxcAw==|_81875967bdeeab4bdae7740c45565f82|
2020-01-28 07:01:49,762 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-76263-B-Fvn-e31I9lapKOmFY9y5QuDqsVKFPN
2020-01-28 07:01:49,762 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:01:49,763 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:01:49,763 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic"
    IsPassive="false" IssueInstant="2020-01-28T07:01:48.459Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>FVa+VfpZG4Fx3WA5bH/Zt6Cl0WyH0IwgYL4iA8Y3JjE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
fLNR9QPtAB2lAKdO8q7Zyg10bGj8EXmDW+55vjjKtaur310THMPKi2GGZhRhNtY0Mdoc/4ON1CPH
e6TBrjg92D5IShYakjbxhT7zWzIwtvrfgEBpIZ6fVWpRjMTPyLBsSQ/opscpcPVGIDCqVr1ff/MN
wwEVlktaG3i4OyE6SDEo5/JKCwkwPJqZ92orgjcJfiz6SoJwP7wHItR8t0N/peON/4YQRqUtgipO
OAlBMRKnBFL0jD89drj3doUAIRH8a2eC2ji7mXt8wb0Dyj58bBMwUmm1tVW5J3+RiLcbHqdHfDB/
5yqrERKPxFuyAleY7GcO9gvauW91nws/o57cRw==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-01-28 07:01:49,764 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-01-28 07:01:49,764 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:01:49,764 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:01:49,764 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:01:49,764 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:01:49,764 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:01:49,764 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:01:49,764 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:01:49,764 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-01-28 07:01:49,765 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic', issue instant '2020-01-28T07:01:48.459Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:01:49,765 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:01:49,765 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-01-28 07:01:49,765 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-01-28 07:01:49,765 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:01:49,766 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-01-28 07:01:49,766 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:01:49,766 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:01:49,766 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic"
2020-01-28 07:01:49,766 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:01:49,766 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic"
2020-01-28 07:01:49,766 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:01:49,766 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic"
2020-01-28 07:01:49,766 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:01:49,766 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:01:49,766 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-01-28 07:01:49,766 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:01:49,766 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:01:49,766 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:01:49,766 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:01:49,766 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:49,766 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:01:49,766 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:01:49,766 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:01:49,766 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:01:49,766 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:01:49,767 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:01:49,767 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:01:49,767 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:01:49,767 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:01:49,767 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:01:49,767 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-01-28 07:01:49,767 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:01:49,767 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:01:49,767 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:01:49,767 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:01:49,767 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:01:49,767 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-01-28 07:01:49,767 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:01:49,767 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:01:49,767 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:01:49,767 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:01:49,768 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:01:49,768 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:01:49.768Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:01:49,769 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:01:49,769 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:01:49,769 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:01:49,769 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:01:49,769 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:01:49,769 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:49,769 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:01:49,769 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:01:49,769 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:01:49,769 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:01:50,032 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-01-28 07:01:50,032 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:01:50,032 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:01:50,095 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-01-28 07:01:50,095 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:01:50,095 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1469755988::identifier=rick, context=org.apache.velocity.VelocityContext@f9d97e4]
2020-01-28 07:01:50,102 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1469755988::identifier=rick, context=org.apache.velocity.VelocityContext@f9d97e4]
2020-01-28 07:01:50,104 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:01:50,104 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:01:50,104 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:01:50,104 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:01:50,104 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:01:50,104 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:01:50,104 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:01:50,104 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 6559952feb5831f52da9c80a3c723bd08b2aea0c8ff371e11e43c168f7f5bbec for principal rick
2020-01-28 07:01:50,104 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 6559952feb5831f52da9c80a3c723bd08b2aea0c8ff371e11e43c168f7f5bbec
2020-01-28 07:01:50,105 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:01:50,105 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:01:50,105 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:01:50,105 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:01:50,105 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:01:50,105 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:01:50,105 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:01:50,105 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:01:50,105 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:01:50,105 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:01:50,106 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:50,106 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:01:50,106 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3bfaed6f'
2020-01-28 07:01:50,106 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:50,106 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:01:50,106 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:01:50,106 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:01:50,106 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:50,106 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:01:50,106 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:01:50,106 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:01:50,106 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:01:50,112 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:01:50,112 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:01:50,112 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:01:50,112 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:01:50,112 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:01:50,112 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:01:50,185 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070150Z|infraio1c3.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio1c3.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1611730910185}'
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio1c3.my.workfront.com/SAML2]' as '["rick:infraio1c3.my.workfront.com/SAML2"]'
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3bfaed6f'
2020-01-28 07:01:50,185 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:50,185 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:01:50,186 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:01:50,187 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:01:50,187 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _7c2434978e513c028b548b392b266977
2020-01-28 07:01:50,187 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _7c2434978e513c028b548b392b266977 to Response _03309d6b2aa187c97f12a0dae5c41d49
2020-01-28 07:01:50,187 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _7c2434978e513c028b548b392b266977
2020-01-28 07:01:50,187 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:01:50,187 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:01:50,187 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:01:50,187 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:01:50,187 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:01:50,187 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:01:50,187 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:01:50,187 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:01:50,187 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:01:50,188 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:01:50,188 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-01-28 07:01:50,188 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-01-28 07:01:50,189 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-01-28 07:01:50,189 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxr3I++8D4Wk2pER7RHdymfQ4Lb7fwWlkLb6Y1HieAIH9J4N4xSNpEjpV9GAYeU2dWuuDssGJdUJgvET1Xzytt/sDGUIk14zxz48ABFaR3BynkjFy/qZMqwnUH3w4+WHasCMGwPg== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.37.207
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _1550968965ff4986affab5265180e1fb
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _7c2434978e513c028b548b392b266977
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _7c2434978e513c028b548b392b266977 did not already contain Conditions, one was added
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:06:50.185Z, to Assertion _7c2434978e513c028b548b392b266977
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _7c2434978e513c028b548b392b266977 already contained Conditions, nothing was done
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _7c2434978e513c028b548b392b266977 already contained Conditions, nothing was done
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio1c3.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-01-28 07:01:50,189 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _7c2434978e513c028b548b392b266977
2020-01-28 07:01:50,190 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio1c3.my.workfront.com/SAML2 to existing session 6559952feb5831f52da9c80a3c723bd08b2aea0c8ff371e11e43c168f7f5bbec
2020-01-28 07:01:50,190 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio1c3.my.workfront.com/SAML2 in session 6559952feb5831f52da9c80a3c723bd08b2aea0c8ff371e11e43c168f7f5bbec
2020-01-28 07:01:50,190 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:01:50,190 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio1c3.my.workfront.com/SAML2 and key AAdzZWNyZXQxr3I++8D4Wk2pER7RHdymfQ4Lb7fwWlkLb6Y1HieAIH9J4N4xSNpEjpV9GAYeU2dWuuDssGJdUJgvET1Xzytt/sDGUIk14zxz48ABFaR3BynkjFy/qZMqwnUH3w4+WHasCMGwPg==
2020-01-28 07:01:50,190 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:01:50,190 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:01:50,191 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7c2434978e513c028b548b392b266977"
2020-01-28 07:01:50,191 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7c2434978e513c028b548b392b266977 and Element was [saml2:Assertion: null]
2020-01-28 07:01:50,191 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7c2434978e513c028b548b392b266977"
2020-01-28 07:01:50,191 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7c2434978e513c028b548b392b266977 and Element was [saml2:Assertion: null]
2020-01-28 07:01:50,193 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_03309d6b2aa187c97f12a0dae5c41d49"
    InResponseTo="_1550968965ff4986affab5265180e1fb"
    IssueInstant="2020-01-28T07:01:50.185Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_7c2434978e513c028b548b392b266977"
        IssueInstant="2020-01-28T07:01:50.185Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_7c2434978e513c028b548b392b266977">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>6S5mh5sX7vNzwbHw5ms0XGKI6inhVMfPL6umD0i/Ack=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>KmVjHIalvHjpbNoC1trNkb8feNHH1776I4DMHhJ9xMPe2ybxecXxl3nzM+K4hz7UFFLQENxJsFVXkDpIFHqrnIzF5TWV4NWe8irUl5xvIp7LnFynQPWfCmXW4xh52IYUhioVPHkSyrJrqZh0IxuoljiuXa5KvmEzRIU9R1huMTS8FGPImKkesnC6Cao+/HYtzkzbPHbXY8Zh17YW6u0pE56jWav/tAm1a6f2QVxPGNSCPl8z7mmn/MLH0a9by8+gGvN8TZ321LcoygL0RufkE4dhyH4oUTp5uaSFK1powJuwqbGmc7qhAM9oqsW7ccREkUyg9t3fl7I1jFjcQ71UpQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio1c3.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxr3I++8D4Wk2pER7RHdymfQ4Lb7fwWlkLb6Y1HieAIH9J4N4xSNpEjpV9GAYeU2dWuuDssGJdUJgvET1Xzytt/sDGUIk14zxz48ABFaR3BynkjFy/qZMqwnUH3w4+WHasCMGwPg==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.37.207"
                    InResponseTo="_1550968965ff4986affab5265180e1fb"
                    NotOnOrAfter="2020-01-28T07:06:50.189Z" Recipient="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:01:50.185Z" NotOnOrAfter="2020-01-28T07:06:50.185Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio1c3.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:01:50.104Z" SessionIndex="_84f5bc7b5badddc9930affee0691a98d">
            <saml2:SubjectLocality Address="172.31.37.207"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:01:50,195 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:01:50,195 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:01:50,195 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_03309d6b2aa187c97f12a0dae5c41d49"
2020-01-28 07:01:50,195 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _03309d6b2aa187c97f12a0dae5c41d49 and Element was [saml2p:Response: null]
2020-01-28 07:01:50,195 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_03309d6b2aa187c97f12a0dae5c41d49"
2020-01-28 07:01:50,195 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _03309d6b2aa187c97f12a0dae5c41d49 and Element was [saml2p:Response: null]
2020-01-28 07:01:50,196 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-01-28 07:01:50,197 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio1c3.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-01-28 07:01:50,197 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-01-28 07:01:50,197 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-01-28 07:01:50,198 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"
    ID="_03309d6b2aa187c97f12a0dae5c41d49"
    InResponseTo="_1550968965ff4986affab5265180e1fb"
    IssueInstant="2020-01-28T07:01:50.185Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_03309d6b2aa187c97f12a0dae5c41d49">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>lVBsmTcOGZfkHpsw48niv2wEIeSN2P5Q9SsUkpdl3bQ=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>UUa7/p9NJByH7+pj1wdZ4OD2vClyZcXMCKZKEUFe4LQavAeHLrzIr/vD90Ji3SpSvnsSGnd4OlFPpsCIoHHQLGA01K1snga9udcbQjNL4LU/qOmWiPygceLdtd7L0ob0s4wv5vFaYBz7ajkIVffquxwUOJ5tXXiHjtm7nEK1/UZpweX5zEEFayBeNM7YiXgIfGUsDLwtOSNaoHNynIOKcT89+qZbIaXe6kh6uyra63pYQ5d/V3W/exktay/AtQkFOTsrp+/JbX9MO1KLMIjI2iNfFraWhnA/lJPxUp35Viket8VAPecVx9ba+tvX4bb8Ln37Qh5exu7f4T0WZhUzjw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_e6f9619f90858d9b13ad23f5a389f364"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_3b8514a6c88bcda8d20c36d0ea1608f8"
                    Recipient="infraio1c3.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ivwQ3bZCLZRUBg4NalXnXxuDSSPQ2qoYSpU+g/+1dzD/GOtj87btALk0a5mV+GYWBE4PXent7iNRvGC9qvTEiOSy6erX9Bnls+/fnbYHUZAZ/Plkp1gEcL+lO6mFkjvB3TKEM6TJUp3rkBd42ILgpxpZuiijyeuORR/ic9NAAen9eVdTde2Xx+dYAkaMOxbY4e8dF10CQBZMywgcKIsI30CkIY1Y9CCAHCEtvBUqI44hLlDjWf2j79p9JEoqnSma9gJth0ZI6++nOKAdrfLSuUZ/bCsNVRisxz1kjlV1e8ePeeDCndsoAXlvidW8kWzCGrEp7KgolvlzmbBmlFaI1A==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>PHaaIz7S0BRUxWs0GKDa1WS4pMg/iNOi9O2lOxCJLi1eUnkQd0P0jYq72Ph6C16XlPQ56WwvjOG5utlJOK5A/P/pYAJyRoxgDS41r7uNyQFlEdEOCjbOABfYYltG6wzwTQhm1d7n/37coGczd0eVsU6Qh5zRstA+yBZ/2E7GPZqhPPowP1OwupfMrSCu4UC+0qsO+z7p6ObALMOI1+6oGokTFsbTSTml+Y42LXyX5cwRfbOS3Fars0EAUd94z17BMyQFTgrLCF9eXsfZbLYcJ+LSpWi9P78vddX7tdTrEUd+62m8NRNnWOmaPsP+tfXLfjPtUgDNj5WCduNuaIGkOJIhxJcnL2Xg1bgxjutuU/D82y2YUCCLIZSqoVuPfyucbUVzGtt94xFm7pf5MNz8NhzttYGuhELC3k+HX8JthjPEB8Ou3oYQISMmvmCE+nMqh20P1msA/afGxeKZtaqBKMFkQOA3gwtnzAKxdFfxo6i9Ch9MWBpwjisagm7PP2hb7pW5DbUW7F5YTVi78JoB2wOKgLZk0PPQmegEwAqE6FDwjfO/hZGDJ1VzuxXCRl7hBjNHIGZOcx21yYfq2TKMXa0V28+RwXWz7RxmNe5fPUjo/Pbn6+Ra2MVyAnxR3pRDdqMd2Sw0B/QCTOrcOrJcqydbpMNWR0sOcAXg+VDIjeDDxi4iYthVobmY0ypAk8guBVPXSdeiV4Ow3ZZWT0U+DjbifHaWQ+JDMJfn6LE6kFP4gO+G2/PSorFayyHKG6JXjELDZaL206zYnF5BAPNlWCju+GeyAKFUaXaE08CDA7VN2ptuggru+uWbaQ+OKfpYT+B9IsCXiHQZ9gN5Mn9/pq1zvtTPE5k1wjEs6q6eybfIveU2YjZt4Zuk+8zQpORnv2fx7kFuMkU+JKWzK3c1ukFA5vXraVkCXMCfNHvuM7UqFgS89W0H4+JdKD5N5wokD4g6aTDXmEyr52dtMGxfnz1n3WRpbNA1DrjQhDZxt+7O2oCRIvmnG61ZbFfOTcY8S5pYApQ0wmGrykH3/jzNTfI5mNRcpzy2+aEL45T17w6Szl/UBFthiToCig/UoqUiG9aVVlNytXDMmnNdyJZ6xuM74AoFesAc90QKcm00GDoAiinypPwf4hnQI/y3kWPxoacnSl6mJf90kn+lYtX6pGQy7k/fVAKiB1IH4ewVAwuokW3fU4guikiFWNkBYdG7vEYO77n2zm+SoF44pcHXj2k/VokxmK3wL4kXOmN1I/kRxsXpf1EWvxKOddy6hFoLOQnascbBlByLDjcQtYmUpBAKEjpdPDcf/p114z68tAFHbcYajquEHNda87FnKqk67reakRBOxGss5q9JE/wmpku6UlmxJLq4IJsEFJlY7ZU3+98BZ9Uw0GWK/llJt4UxzNz1VxvH//M1r/uRHB40Wo/PC//4HtH4goQcpVJ7cpFnUgkcmGJLi03gkmaF803hjRTYZjfyHeKndNceKuSn3smEoBIMJuR8m2fUsLE5O6Fc4kOGIsZAAr2nVPYJNNTDdV0xqRE587m9j+RmFaXUAiwKUY8zfIf36m2dCJXdWBMFfyaAvSw7orUy5XFg29t7oO51zjU2eQhtuXFrgqyWcuYDLzlRc+zstgfsMDLmpvqVAKwh/+rqXVFXTjeXgRIYysaajQCugw3tlpBaLPgbHlvRDKRjDSdFrNSSzkvhaldjIqr7I6Ij2Mk15ibuzauw4cDGIbw5ypOZm3nBcK8S8Iq0KbSQwvEMPFR4EoimEj2lsrGYr2VKKrH/2scxcIwytPQlhwqs9cQilDjAgCzZuaE7/z2o0/S7qOg3GUqBErJXMzwHsldAFe+mYzbxloQufARIhGUqBjFEmMxtOA6tXHAa5pJ0nRXPjCqUWnIJzY/AEWFNCwbR+2Mmhrd18gkz3NebwRMhCTJGjr05S6iVfvJpueJIfrep4IUo0y1k+IUUWnOtOiTkn5w2WkGuYtrZTL3fDKDCPk5PJ0eAOlQZirupIO5P8GK449ngA8oUr1ZbnR7RPygoT3D0J/JnsKEkyLPBHRGZTwsmQXbDSwaxsEJIGpvqExs5BUL4cnnnpivmasnLec4yF/Jz45zlB0RvvFogX5cyYRRnXgtIeGsC+nlvwVgUGsDvAml8u50tl/gI8zkeVgPe56jAk7M5JYwH6BZxu4yAmJsWKkWvGMkLQzgVu4hwxSpNu9EJvBhjmKT/GLGXU+Bmgc12P+jbYqR2nM+aZimU9Te5mP2XN5ON8u65/nXe5GzOZwYH0bHTo6WQv65U3fuBbBjJt4/DyyvtwoINVYmGkW2WWIgbvhkDURg4iM0hP7fFOY3GFzP6LCCoUfRhTfVYu+NVfzMdaA2HCupbLrExB/WXNUBI+GkXNo2AyBkQeC8yIdhsqP0jjb7mQFCCtiZIkTO5NWqwL4gXY7WIpQM2HD3WaMOYDujfiB1emuUJBGz1oOBKceqVfpTzXtoE7Pp9ya9B5g8ZxKh9H/L0EdkrKG3bZjPOOPbBWss8huTV86bpnoSJaUXgnXZyke92RAjoUcS3Wg/qkhmva15mlKwuJ90EiMiaj9EL5yQTkKxqrVoMgajJD3MgzgZfvFOQUXnHsYrMzxqD5QHE9bLaodi+i7e0w7fQxt/q7kfWd3a+qW1e6wujQKYxKptnmHSudFgnazNFzthErTNVmItrKiDkOVbR41OETN96O3vx4Talfo8MVGzGKvzRkrgo1hTDLLnxR5es6fgHxqw7EVTwoVtaAMlxDQUjfqGjLcwh2sg5D9R23GddRL3uQajn4dNlceMwRM/3TxEASRVHUkmfd8FHPK0WeTlJfvp2saOfjiFZYZEZrJ9ARVauqVxG3jlOa5+a8Nsh7+Mf9An8ETk/hdokVGMqsC5naqe8bUATJt1fF8iIgcS/nPkAQ2w2czr2z6t/zCQSQV1aJTL2l77IANd0TXGnsPOw6G7yoUskumsblUPrfsaXpTAGdvvgztZoNHT1mEqZ/SVJWzUhxfXbh2hurjyx7mg0ptHBg6TSPZvGPixMUK67ckv3qDE/QYiNVZ5MNTlCidEnc27AdIJDpE0OTASSBXn708uGnZEjAJkEv84l1a35s8Ozqrj0ccRPF1Kui+3qoH1tzCBGTC7psfcCjnriQf+CsxOgorIVdGUEvQ4tOPXxpkxrmE1aJdq5oFmvUas6UOXvb2b9vyhOwHoqA7QwwOtHs1rQNeOH2QSXibhePqmZzkClGP/zBPSS7SvjiIeyq8qiL3cTJ8lY6l6cBE43prayAVFWwbQwP39n3qJtaFLEj8c9HKd5ioWPyDUlO3pWVT85oG2H23XHa7Pv+HDQL77EJhcCE+OaFnUemaM77otSIvgyYZPfG1jZFkzMUfyFVrs9VaZ5nVC0bALYlq9D3Y5rSLexPsyjfHySo9BIf2LoJId7Wax/6mpIlwpeoqXEeLmLqzjO5a7ba05ob6jeSdtKQqt+1v0Fr8KqFevVomeUik6NATRZ4O7ejcG/2LI3SwA9Ez7DtMQrQsX16TboaMucqsqfcyhI5dIJqBorXFH4iqo8RWHpaSSpg6JbH2vqSC2oRWKEv7Iwpyu0UZ67xWMVWtKduFE5LbHvWHQxz1/hRIpg8JuAIbj88cDJVx1Ki2YLXPeawUx39GDvcdyc+UraB1i3pEcJlialnU93GFtUrFrhCVWlggP63hZtnHEupkdc2QqiI3uFZnUus4Iy9WjGrXBOQHkQqCVsltCQkJaYeskp8w+pg2uGFgQxAc9a+B3eTCyDPeyMOtYnqGDPzQbBj2lF8i2WGtqCqNViZ1p6F4+tzl1+4rs51z2+n0t0roDFkkvAFIOT5pBJdYi3LwJeCI0qgMOmlDRS5cVQvT5b8/ReNOjqQPqpnXMbv4eDFroCzcQNjdJYGr/JMQE3+acFIrT8L0pO60TTCQ3XmPFJ+bQ5I5T2wiGNWrTVdMX3PtkgdLW94kKCID9d5dy1o28Z9qbooRFYw8osHGXr1l+MPJ9jF302+Rn1hD9/lW/CG8RBIFQZwTt5KPygtWw4xNUZ1wO4z+V2de35EG9sbQpLPcYFs7vP0MJG2iRBevZHkB0tWvlADJ/wocgZA2NhoK5e4qvAs77Vnht5HMy1TXK2J4LswahRJ89EFi/eisITZ2gkdjEeVX4BNOsu7qKNLEFo3Nghuxspfa1aQna8g0NEyjR2E68FNBE8pJ2abL7RkDvrjRPawNW9xUh9ocwtvnA4GOFTBN1kTlwl1sZFwAsk8IL5iQInA2W1sXjRFj9nRTC/aQdbTCIKF8JpMh5ntxu+asLu0A0nvDe/L/A3iXiNxIF/wqFR84M1phXFKxJomMKTbPXdzxYhfLefkwbmrd/sJsUEW0zlzgMVLfP7j15s+Sz10cte3zrM2d7Wk4Yhx4kB/hDeHiwCGTZPNBn5WxfJSY9svgL7U3O83W2K2viBjyedkGsrQEmG0XgiQ4PsTdUGTOIvk2EtDmK3za27csRzRd60AwOLImQQifdqXtepiGcM78h+9CMx4PM8qxdRigAFyHAesnzGDbOa0YVTH1ciPhhOrufOGuTVBZja69QxO+HWHVmkjaqz6Dxaz9mkutqzzux81XnBlIpZRRBsRMeVgyGsv7Tk/BzXhnPoU2sPNM8utNlwjA2UzFlH9FtGgg1nX+J+Ug99uf/KMoXaa3uhp5L/iKH+4/Ajloa6P5JOeNy5U3zD/YfFaMljWQii8X8In+jVHn45U0VdB5+ZSOFIu4sHGe4Mpo+Otv4ahglGWmnmCNpCMGOvjHcamvbJpziyfQUo5BK9KkwSNidh5BbTipKHIKsfmqifKBHCF8WRlgoynOx1sw2ua83CdQStDAtd8qHTDpcU+YWKsgMVaqLDNVNPUbbY9QffR7FqB6s4uMgl1B+l51qi2Lcv3j7IqmMpruxGjkJlo/L3b32DgN/W41i5QbAfEVBV3AEUY8ZMqidOJbinWGjBmAgi55RNr0XaQ99EtqcrkDZpEu/Hn0V4RoxcNl9lBaO6rcwfXJ25StXkiSt/Jm/z4dTOHwj16M+Y9aNKMNowHrc/2RGClj2a1ifxEl/t2oGq/Jbo+O+S3MgDtWun2dAVutsL+OZHMC51RzpHeg7MynEOs5lcunhS9EyeV6DJk+uDzrvr7hnUnzpbeXIN5AqSngyMTqPO0emDcGYfdxbhVKAt7d3qQQpou+gPPm7HaYYh015PFtKgTght7uV7xCQD2ymGgMrDcRw2GOyxMoA80rm2tOJAEULC4IbTTJ7hw0IJvZA3HGD4gS1axSQDJPOIl/IHnt5igwjE7a3r3cA9/e+EkKeJqHduywJfZM/MuN/grk6AsdYC1cf512ZonS6pheHgxnrML9BRs2FnoHz+AoNMZozN693rALR33rdp703WrBocq/fF7T8L6fYmfffpxLc/ZF6pnK0KxrLmUFG7h+wZ3KxnT3eJgUSOO7iJtnAAQ11Je6T51i/7qst0+xFGNLt5xL1S0QXXEN8BvRVfJqWpzk/UmT/USoaFszAAVgtv2Ch4/pUevAukyQIFaRclYMOagsBpj7XkcJTtmLbUJ+H+p6wZ7Koy3YLF/3y+6bQ0AIjE0ZZTTw7GxqbcMokomzaCL3/DrXXAv9jFc2eLDihAtgWl18nwIgV/l8rTaLcIduY1cYlXUDpTALFjRETgB6QgwSax6qTa8kSikdC2AdO59HZsa+m8YGPCNe3o0eNJSmqTWe3DwCp0tw5BigMFLBjd0DDIqZL1AojwwMYvvRwHyoNFdGwxVdH0EAqyeEFk4wo+cxoHIIrTQgVTT8AVqEqsMDzlc29eokSuKRTQuAnqvfcZ1IzvqiEF570f5qhUrc0p4aRhsqK0UrpixFhW25Sh8xojQjQy+tV8on8IURL0+WyCZ2IiA82CZPUVD3wjABHSrVUn8HqxO8pSZFbDIlf7mXEHQ2qfPXiqowiE4YaxhY7lbfJJuKdCB87PIp0ThKBWFU9YLQrbUOq65iI1UOjbCZ0nNt4jahmVrbrzyUP3++P+W+w6sUIaKzOFAaMX3LXbiSpnaC9vrvnc1MmnFM6tQwqrzqEXKworHcLjjd7O2IlCSZuR0hHAaw3WLkyzenJc9mBPwbM7nLdJF+qfa2KH9iM6/X/kH5KdMVmWPJNb4iu5lImsOwAYVGO8HYJ0gqwjdLEZlXGaiRlmiFVvAyH8sY9X27F3p4qENAklvqZakQJaU82xmh9nXYF6K4hlLcOmg7TsnHG6h/e1HLOYxZ1uUMUgf8UOGVggHNsGzTTjNvQ4E9a1SlJtYdFCMXxvABiPudCXLq5OEXzTv0/RMBXSN3YO9AoAQaDEukgNzfTQuSJRa8NxDggO1tR00hn8zQ9GCxqeSPCSTqf0aXR39u2TYLKic80G4fiSJXo54QyUAs9mNZN3J4kbey1ApyKXBiKjPEXb8GLzytsy8aX2g8Kp1uojl36S3/tNre4cc090+sj7h8LCSDbM8Kehrh+vdMXnrYAJDeFeSKYKAoMK1fLFIybYNY3Zuu30mIHAK4jmEtqKa7zYyjMwsra57YVK3aIAnF4QGKwg6STCqOgEVnd41K8sHQnEqweQewdCwKiyT8Umx9U7Wghp50G2wFs/UYFw/WuN/W7oFJcbl6nW5ACkm3OQ9nAmjALHXcs4MlyStEVTZ8OerCgLfE1/c4jBjJQnPe4w3wdjWBbTk6OXwX35UCbjqb0NPzQCWVgrAE+4yN2ywiBQUlLrlJLAZoHOktfWcF7trCMfn7XyGA9vpZ/o58/4cYRwNGLLqWZTJ1Oi1Wf1EQsvuAuSIf4Fersg/lu5FInL0/hDKNcGb+WDtdYF/FNuD2XwCbkxc1zAVsPKSXi0fuWgQn4fYhsQ0cZfMKTGhLSqXdBAp8eHmvLni0zmaWnU3tGRgomhc9axIMpMoVUgiyb2bptu28fLAXILlU8Fmr0Ccgo64T0EmXab9qEzlhuW5jGe4Nfg6gMFFIukYAWmSx4D4RQzZRqy8YjfWhmq3EqE1+WnDnq7/SeIRDdDSaA0KdtMT6qgx7VTgqOQyS0ut/CwxzNSEuwaoxhWh70vBbnnlat+6D4/8D7nWVahRBhYEctTGNx96kEVIMjDKgJvPB3o3ZlmVpWBCyr0E2zcm21C2U4AWiw4T8+ezZ7mv4PRqizVF51zc82rkXdZEJYO1lNWEYd33qJ4f5algfSh9dHKbi5Vvz+v82aOGW5qbtWr0e/umqNjNPTFDLhHhTBCYO3AkIbkmcpEbR/jrlKgx0oZJjfoAkqddjqsjVQd4C5h48/06S+1vZihyegQZWxgQNU2WVyLBJeA09yXnkr8xGRS+if0b0/8tw6qnah4N4236hgm6v4r26L06i3CD71L3w+rzCJGRTHqgCc7rnqmJ0PodO9syZ8mYo4y9NGJD2uV2JWcu5IBma/Ws0A/2tIOh4XTnP8xq9OOjSrvmvDg0e83JNZODIi8Dk83A2BzLMr+ANMhGmRSODkBi41YEzXEgIHkzbdmB8aSQnqU2JWf/ZQDOC7ocJFtYxJGiMBCYD2GBPUeqOIv/584zVyRYRVT7nhpfGSdiptTxqKESBPZZAa9JnMYJZIEx4o4i5jJbORL4HLDs3cJsNmQ/nfvqzvOPSIQxx7R01lVZq6kBTN6BCMNXN8/aY6RetzPYpyJ/52AeAiqmSdVAy7cQln0/DnGcEUe8CDgFwU6MUsb6V/VoEa6AYRfS1DPoxcB2YuFbgbwO0Mxjw7n51YrsTVIGgcTT/r1mETKonlvo25YB9uJTsml+YXFI1VwPbrU3OBwgyLOYO8yrv9LnRoBLVF8Nz0TIOQw+sr8uFijkVB6RldTiPyM0KB1nNb0w5PazOnEhmF7nzaUCK3qr0T0gsWy1CPux3IHU6MCiIZbE8O1jtWd2XkNDW3FQ/Oz1qf/2jQZz1+5RAU/npox4UlX7dfHXIhC6xYP14bSBz8Wt130MPkr9cd5hhKzqHs=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-01-28 07:01:50,198 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:01:50,198 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070150Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_1550968965ff4986affab5265180e1fb|infraio1c3.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_03309d6b2aa187c97f12a0dae5c41d49|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxr3I++8D4Wk2pER7RHdymfQ4Lb7fwWlkLb6Y1HieAIH9J4N4xSNpEjpV9GAYeU2dWuuDssGJdUJgvET1Xzytt/sDGUIk14zxz48ABFaR3BynkjFy/qZMqwnUH3w4+WHasCMGwPg==|_7c2434978e513c028b548b392b266977|
2020-01-28 07:01:52,346 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-01-28 07:01:52,347 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:01:52,347 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@315966426::identifier=rick, context=org.apache.velocity.VelocityContext@51ae03a5]
2020-01-28 07:01:52,354 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@315966426::identifier=rick, context=org.apache.velocity.VelocityContext@51ae03a5]
2020-01-28 07:01:52,356 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:01:52,356 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:01:52,356 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:01:52,357 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:01:52,357 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:01:52,357 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:01:52,357 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:01:52,357 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 616464e3c501b30c3033655206ea18b4433088a04360ba3a5fa04562d64571de for principal rick
2020-01-28 07:01:52,357 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 616464e3c501b30c3033655206ea18b4433088a04360ba3a5fa04562d64571de
2020-01-28 07:01:52,358 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:01:52,358 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:01:52,358 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:01:52,358 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:01:52,358 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:01:52,358 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:01:52,358 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:01:52,358 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:01:52,358 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:01:52,358 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:01:52,359 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:52,359 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:01:52,359 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2f8737d6'
2020-01-28 07:01:52,359 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:52,359 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:01:52,359 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:01:52,359 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:01:52,359 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:52,359 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:01:52,359 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:01:52,360 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:01:52,360 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:01:52,525 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-01-28 07:01:52,525 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:01:52,525 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:01:52,525 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:01:52,525 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:01:52,525 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:01:53,300 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:01:53,300 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:01:53,301 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070153Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-01-28 07:01:53,301 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:01:53,301 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:01:53,301 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-01-28 07:01:53,301 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-01-28 07:01:53,301 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1611730913301}'
2020-01-28 07:01:53,301 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:01:53,301 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-01-28 07:01:53,301 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:01:53,301 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-01-28 07:01:53,301 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-01-28 07:01:53,301 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2f8737d6'
2020-01-28 07:01:53,301 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:01:53,301 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:01:53,302 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:01:53,303 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:01:53,303 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d80e92edee0f5bf382f30fe266009ef5
2020-01-28 07:01:53,303 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d80e92edee0f5bf382f30fe266009ef5 to Response _976fbbd3ceddb0a78e133643634e22ba
2020-01-28 07:01:53,303 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d80e92edee0f5bf382f30fe266009ef5
2020-01-28 07:01:53,303 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:01:53,303 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:01:53,303 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:01:53,303 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:01:53,304 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:01:53,304 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:01:53,304 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:01:53,304 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:01:53,304 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:01:53,304 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:01:53,304 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-01-28 07:01:53,304 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-01-28 07:01:53,305 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-01-28 07:01:53,305 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxsz//zxlGD638PfjDwgtuKxO6e/uiKPA00yAow175FA0zTav36YlIvchXh7m5MBZJ/hfjGS6QvrvW+d62GVy7RbVe/rV6vSWN/Cy5SFp7qotU3TcSnaXduCSzbOpznGL5R0yuZceFr0LHJeSKIIqfrndYNgOjGyU= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.14.11
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d80e92edee0f5bf382f30fe266009ef5
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d80e92edee0f5bf382f30fe266009ef5 did not already contain Conditions, one was added
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:06:53.301Z, to Assertion _d80e92edee0f5bf382f30fe266009ef5
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d80e92edee0f5bf382f30fe266009ef5 already contained Conditions, nothing was done
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d80e92edee0f5bf382f30fe266009ef5 already contained Conditions, nothing was done
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-01-28 07:01:53,305 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d80e92edee0f5bf382f30fe266009ef5
2020-01-28 07:01:53,306 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 616464e3c501b30c3033655206ea18b4433088a04360ba3a5fa04562d64571de
2020-01-28 07:01:53,306 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 616464e3c501b30c3033655206ea18b4433088a04360ba3a5fa04562d64571de
2020-01-28 07:01:53,306 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:01:53,306 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxsz//zxlGD638PfjDwgtuKxO6e/uiKPA00yAow175FA0zTav36YlIvchXh7m5MBZJ/hfjGS6QvrvW+d62GVy7RbVe/rV6vSWN/Cy5SFp7qotU3TcSnaXduCSzbOpznGL5R0yuZceFr0LHJeSKIIqfrndYNgOjGyU=
2020-01-28 07:01:53,307 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:01:53,307 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:01:53,307 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d80e92edee0f5bf382f30fe266009ef5"
2020-01-28 07:01:53,307 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d80e92edee0f5bf382f30fe266009ef5 and Element was [saml2:Assertion: null]
2020-01-28 07:01:53,307 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d80e92edee0f5bf382f30fe266009ef5"
2020-01-28 07:01:53,307 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d80e92edee0f5bf382f30fe266009ef5 and Element was [saml2:Assertion: null]
2020-01-28 07:01:53,309 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_976fbbd3ceddb0a78e133643634e22ba"
    InResponseTo="_fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic"
    IssueInstant="2020-01-28T07:01:53.301Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d80e92edee0f5bf382f30fe266009ef5"
        IssueInstant="2020-01-28T07:01:53.301Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_d80e92edee0f5bf382f30fe266009ef5">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>TBFhsbcAoE2ONWtV6iOwvRJS+x0JrlMIICn5JPeX+BlHL6NKCkA6B8Kkg4Vo11c9IWeL+JinkmSxbVUCev0W1g==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>SuDvG9Jm5ERrQhVJ1OAKIxgVMW8Xw9NYP7ay/GS3oYTCpDY61lGYDnrQHJGsfr4IBOkfdsKqehYq+Lhxkquoz5eWV7X01TGDbASUHVyIVdncC+VZ2FFwNlVPCsnVfoRhN2/T7ZzavFLH0S3maXB9NNR+8hil6pGRbuJfoEs6NX80Q4NiAJ0DDGDHfJ/k98CZ3VXwFaJR6DvuXQ0g2fcHjo8dU6EsF6pMGzM1apm5BsNIKnfKXFqcsIatpL4+TXjdAzMEfq4i1EfaDlHukaTtiy/zdzlGiA0/hVf+AMPg9+OTEtJf20mIj4F1DvnHU5thar1g609zB7fN+t0EibMBjg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxsz//zxlGD638PfjDwgtuKxO6e/uiKPA00yAow175FA0zTav36YlIvchXh7m5MBZJ/hfjGS6QvrvW+d62GVy7RbVe/rV6vSWN/Cy5SFp7qotU3TcSnaXduCSzbOpznGL5R0yuZceFr0LHJeSKIIqfrndYNgOjGyU=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.14.11"
                    InResponseTo="_fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic"
                    NotOnOrAfter="2020-01-28T07:06:53.305Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:01:53.301Z" NotOnOrAfter="2020-01-28T07:06:53.301Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:01:52.356Z" SessionIndex="_653fd69ad14bbc6d7125f191ef32af4f">
            <saml2:SubjectLocality Address="172.31.14.11"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:01:53,311 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-01-28 07:01:53,311 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-01-28 07:01:53,311 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_976fbbd3ceddb0a78e133643634e22ba"
2020-01-28 07:01:53,311 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _976fbbd3ceddb0a78e133643634e22ba and Element was [saml2p:Response: null]
2020-01-28 07:01:53,311 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_976fbbd3ceddb0a78e133643634e22ba"
2020-01-28 07:01:53,311 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _976fbbd3ceddb0a78e133643634e22ba and Element was [saml2p:Response: null]
2020-01-28 07:01:53,314 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-01-28 07:01:53,314 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-01-28 07:01:53,314 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-01-28 07:01:53,314 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-76263-B-Fvn-e31I9lapKOmFY9y5QuDqsVKFPN', encoded as 'TST-76263-B-Fvn-e31I9lapKOmFY9y5QuDqsVKFPN'
2020-01-28 07:01:53,316 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_976fbbd3ceddb0a78e133643634e22ba"
    InResponseTo="_fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic"
    IssueInstant="2020-01-28T07:01:53.301Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_976fbbd3ceddb0a78e133643634e22ba">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>NSuxIUUOqPkXiZiz+29vCQymnMvgP/r+xWfM5CD3VN4thcF2SgpyBPR4jmx+a/ytsRGaB5BmR3X5fw97e/CkHQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>QwNWHfM30pb+QrbquaWkfYnFs6Vf9A+S6y6LpB06iQ5qsd5xlsJW46TeUMa32GTo4xKly6UmYKHHRuYlJMyJTYOvHzm1gYEFIyBc1PqVRXRcale3d5kziNEih2hmd9EymApMxmKEzEhqnngOPn3lDEyu0B7w97RUBXRfIudAkunZHqejQEx4AjAWcTEK5HY0SmbliuXxQ+ZL7Zi2L6eDFf+C01Q9/oxyr+cikDjA+S4jkMP1CUF+UfS7Z0nHYQbhsj0TOAJujIh8+ipJQI8EDHiKvxksYK13aSX08u7PgX/0OwOcZzga6lwsVETTv1Cx92i/ke0DvvggIpo2MuaMlQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_6b00a698831bb8eb274e37aa705bb63e"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_066c9ff7ed9cb0f8796f971b91386905"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>rEFjVBMBQiearks48TytMX0KEwpXOY4UG5pO9htfWYffan8yiQIPoLuq1egC4m39TifFVJRNbJrceXkJzA8H/cFyQZigGElhqtzbEUZB5t/IhN3ZZwXLWMY2rC2YSIpmkTP7ugnWjgM5UgEGjrs/Lj5Qq14BwXzgeB1hESvkkirq3CNh/JDtWYIzFLyLE0Kld5rHk7vjb8LWs2sIPoNeBhDIG65dnaYvYx4SS8o8U81ONpNyFcOupRdLYLonBeWvLlbL2oF9qb5Tvs5JoRwuyEdXZS7LgnG5WEbwH91BErX9ANZd4XhKZ1s9qFysgmvRaYhDdZFVl6rQ+uK+8lV9GQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>G7GOTXYdvbJUzuc6/zubaponsIiTdIXzl+ImFTJGfzLZRKLEAQ2aA9WIXccS+n8xLZtsH4zsShSEyyLMFWQPi2SewGkWlcnuGTAfA3KndV1+SklmfQxkgYbu5XqDeelEcfgt8F/bP9DLHHws0e4W0GDU3KKdH8uIt6CxFwNvsFDRRfu8G2cUZJ1MJwCOUWk6r8sBQFW8nqGsNoANYmByxRnszqBORDOHyHmA4/8xsTofyKdsAFisJtDhnXEoIy8MogCj4oy8sqnVgZOQIPt6xBg7Ch4hSrVpfgPrKL9Yx5d7ZWPv+aFxXCKu2PStk2z7UBRWomUaHdP3H702+wr6LT0abCu6EuupaZUSdPXsCkCg4sgEwRXvWfbH7suEdX9sP8PQFjrATw8llT2gXse0Pmbh1+Rsy2zFYDedSIknUqFQa6Km99CZXrIqoj/HZipQHtipYT6zuCGCh3I8V2WXCm+Bz2gmZuPzysqrcGpMoZ9Ws28OAQ+IRuroZA9FyQQ4CIuInXxSs7FfZ1jD4BYDlv+hH77rtGsx25ro1v8wSWSqB3I5Rjo8Nlp1C00sh9u2e+f2Ssa1iKeMU69JXVj8wTIPFVxAVaZEU3lRDDQqPwvZkWWYa5Ib6KD02ASRS8a6ka5fc26HbDJYFvB+bejEhTBHl/NteIvZX04C/Cgv/JjEocgBTwDjzLN2+MDsAqkQ/2yc7fgLV7AcU28Jr7JN1PfUcwZp6yKs0wibPWz+KuNWfbvhtcmigdxZkEFrNRE/iDZ7o9cE5icw7GYi3F3zEYGHEfptvEBem3kORFZGqlNBXe92AkJ0FgN3QYw2lZegs0piEHNU9+9y3aKrD/kEKJG47layzJxnnRDIUiqvED1EmmbqIZsHz10APqFvZw9+7XjzF/2e2/Sb0O4cSUG2o7LN2zINQASCEBcUDQVDse2l1HG22MbckEyTNhv1h4e6Rp0FGftzBgH54Aqlj6QXH4LnSYdZ0aXCYNWxRf5kJJEofsAriPRpSEtheewMb8S29iCr8GkGoWPfzU0vsE2Scng0Ntd8WCs8QED/qXzgdYX5UPvikHqSbqKQA1a3N03D6V88PpY76TKKEuafK+Cq2GuQ9xtADEI7IibPtZO8kFZF1FUP0KgmO//UMaGp/sR4qSKNwJb0PVUIshoO1XDz4dKzshjj8CEFzuaPyG3TgGktMV1N6B9tVNXVFImxYFTF5dWyQ9s2gDujH/FCxrR7sU76Iyk1A3BpJPcSZ9xCn0LqbTLoEr4QwfKWM7VbGDqkAwFN441+3cI5FEuQhX9d6ryjA9Qzi9OGadnitOLU5LtIYbi5Qk/bZSPlrW/+bIK7JtJ5bpl815ezB3CvJcowIs/iTkeIZZ5wJtknw4HfIj9GdR5NhOLEUScFPWiiN2j5ih0fKEUWvYDoTByJr4PSNJnnS/CXKUL0zCP4PmorJHx1FBLC+yclOj7ED/3EDxF78BIMM/U1XiQ4z5hcfnXyYVLF1PjXwzTMulw3SG+iedgTMCWFQNQIGSgAacPeTJZ+ejuSekruT/WjX1E+NdYup9YqlHsia1P569mRWsOTjigUQlGiuoJ1DVxc6hfDsqkEldFV2qWJ+lVZSgw5c888tt4oFxGyt2R4RWWywy9u6ssj1veTr0xKr6sN7j12EHQsCxKU8R7+v/OHpJephxE4dvzLydRvjO0vTyr8Rbh8qA6kcZP8XQrgLlYmYGb21+2VUOf6SAHp/3C0hwGNir0hpv0HpNDUkEcd0ndY/s9LyPErzxPOk1n8h//y+0FtXCRxOOXVz8hbMiOmLwmlz2yEW6pTsEVvRRJc8W0mJ+lIYVz3jZT+LCqSH6UMSXZrJgIoTQ71lUHb30ALsyytreoz2SnQN3Vx4h0iZsunkwJuaIX4suGI409NWrYYicSfDkEF1A20yo4h7y49SNG4EZyg/7HHluQAQ33ztC4CdbEfveOP0vurWzqrhWcVoDnYwfosBkGfwhDf9uGEN/MXT59SrGioCSPrjiazkF65Iu9XU9xGa5yxhuzgVrSPUOC6p7x2JuOULSEjq33EcHVr/10GNQYWRS3quGlrRpBMTTwrAbWPwKbJTTKnisEEr1yedu2farVHJLWzWc5VOHwc2x8TKEURyeORxyIwCaFU4udaa+3r9TXxUeYNzKidn10bKyQHjFfBWKBnxJvz0pP+Lp8RFevMiLE6h42gGtyA5e84yiTYKkW5Bf0lS2jpCESFdBEwX+V2SisGXL1d/LKzK2v8nImTVt3ZwWkQhHaXou56xTuyhm5n2BhSX2pVTMKJxBQOodEu52u45sueBh1grUweGUZYfxItvIxIaimuDFRfviofppEhonjVRsWOoYluuF+daqHSXUAKkBWqm/q4VAU7lXpZ4jAfgGzCQbNygWvDPSRwkhbE4gtFQJ7kZZJkf3zdNblS9A7z5pV7J7lLbjXl77ygm7NTGwRIiwtxiYJ6xToQDJdqF9UuY8lS6A20ttz//JZXMi1N8JgI3JJ7cp9tGcr9aXMV4hf+smM0ZBkSh1MJAMOJXO2iCwfc+AmqWr/P53O0hu3GdWob5o4vQgIE2JT8+hP1Au/ZVCkIVm811nKCV6LabEmBDSw8t8j0ijvxjPBJHKhG1Lxej+jeq0PxOE8hJU9gwiL3gKcz4g0xHrEPMrC7uFsjBfxNYZxZt4z3NDBK6zpZzx9+O8RdBg8xCAbjFVaZhklaS4bT/xcUwaUhYdb3Oh5W0Esqf4Lo3s3nLcq8HO74e2Ee39ozOSteVWMMe+Brwrg0KTSlHiINOShXvPq1xubSFrwLz+WjhyajsR1Aqgv6gmE5ez2LLImnvHXYB0LFX1yce4nAa3AfWWFS8u09/mjLTBrUrnqlFcxm+yYQ4cor5ec14Buk1FtBBdBZCC2oENb0vxdEgAvpcSV2AyAq3UhvpxuCNVr5FZYI2CfruOj8sB7VlLGJPoWr30jvzlnocHs85cbAWo67/BHnLItMY898RbhqD6dHGkU01PMDloXJV9UC76nJ8/M/ayUbBHwpesvAU+CYchO8ShKSl5wtK9Dknvazq9fByVTdSgRqYaHQWB3APJ49L1HDLa16I/5Dmpnyt+Ihdht/eG/vnKYpXfnxaVRATdlXbjJ7a6xNAtajf/dpYUpl3a6n7/MlJ3Ta82ruqSfVyBNmgnUPC5xf7YGs8V9xDvC/PC8GYpUklNRJQjfjSJncDu+pR08BOUvv08y7DFxiumZPNME8mXBvhgwS7BzPwRni8DLpv5YqShhGbg85DCpEhvfX/9gv9kbrLz79x17K7E+8D9L3SVR66AaOq0QiVPripZuoU0Wvdz6WDcfWnjSOeNKMdbKkLerctMd5L1hwUlmWMKJ7uPI2HjMmneL+BeNl9cbLzq4tPzFrIlSFmtkxpud2yD24smsus7/TGU1BJPbWyAkmeQfREXxBk0Kq/2Vi+h9Rq5QFfLgYTtW4PrbrbYNKh/4i2OYUnVMe8MlFak8znSRqJ4WKfNbTVg/cBrOPqVFqCh4V85CVTZS6nA3zyt0LvRzjeAmrgOyZ6upawBBbXOAkqR6n/mcLlmGH7exH1765MHWvbSL3rprUSnioqsSPSNY3RDQCzEOIhjtElbZ+Yntt/0pybOZQ1j6y5eZmaxl1sPNP531dYTmNwN2QKuGE14fL0LSHQV7GFNThNDQ/Rsdzq4oH3AAYjvwza89S8KiaPfLR1xKO6TUmBCI8nBCe+HA7q8Gwn0iDO0FyL+tickY3IWKwJIp+zOAojjtcHu+b/u4tfGf7rdF1Xgus+x1Xp3Agt9v9VB95gLYzsCLUvWI3SrxeOwRWDff34R8ID2Fz//W8+CGqmMVi3uH/Q95ej7ymJtux+wi7Fa8K+GyTr6peUdLP6beUlwOaSdu533mQqoMCsWAMkkgdaKAF3FE0I2PvSXZjU1ub1jhS8ipw6RevDmuLxX7yI1hGRKGbhUXrcJ0NrosG6427/ze9v+GtIBtaZ+9tjoYZ71qbCDNzHFUknFwd+T+gRbWfMCJtF5o8Eyt1Kp0o9hrK2sJoiGKz7ENJUg9E4uU1fAyUygnVdh0YOlXBIwjAMarjeGscL83DvEgaIQ5k3vtPgMjbL7HfK/eiK0cL3uPz7rLMAMJsM6Kh22PkWiyK8vIIdm+S2iIPpmV+YpbyUino4ME5moN4SSNgx23G2k5m/cE0JG2na+7tdRriHZwueNauQ8gi5Q8o4dOcdhJ086GCzk6QM11FQ+nSVOgOr4HH9/9FRV1jVb2zok0zBQegRKIaoGV0RGEMq3MXmXrV+ygGnWA67W7UjCfqOdz4yCRTuXltsmCQ6jcXOk/jglOD+Qh4nuwXS20fDBdW4AIEMl/9udzkz4pC5K2nxcuT9W1W5h5xweslVV1U1tvfzp7wNZKJNRny7Zbh3ZQBo9qQWBPaDnxCGHrI279Hp4G7cTG5RNkhMPO8H5mz0hMi/UnRpy+ud2iriHWS68pHxvS57ENE/2v2Bb8McwiMeQiBs490syIQ4yr6qiwbha6nd8Ve+f4Z+x/GIEBruTrYLJCsRVVr2OIgVRm4wIvIOQg7+N87jYI9WgmKwcdcMiU2gk8oo1r295E3z7j1maPqa5JmxeHSizIr4PilIpFQKmkLubwRJmcyuGnM3Xljiy4K4RgyHaCmM478GIh4HzzGEN5Rme48Si9hjk4RjdA4PfFepoY2suIYvPUeoWx6XOwwomEcyIKogpe3ZAVlTxPQZEv9bHWLnrmUaiuAopcip/aMeJoxpQbPLDc192g5wvF1F9u4fDFm3a8i3QlzneEI+2Bl0t5M9VHcghTkNGoB2k4S1ZW9Bmd/MThv+HnFCVwGI2l8ef7FZ/q/2bp5/53vu60FdxsfgJ5oRyPb4k7pHyATVCf0alDQXW8XAdsQS6wtNGaYzdqYPrQKgB8iiaFDMf4Y3/L489vwTZyZtjVXzl2LSFA1PhBptTQRelsTjLUUnmvne/r/HW7/Hq0eebiYq5IJRZ7iOxY9xWvRFDOlaH32PBQkUv1VnPIGXCnZcNouNqNEHa+WG+Sxvr8g9njxxpaF5c7iZTsc7qtbjWqjukyAoJt/ftHIel+N5jx8r58gF3ANcD5PCWIZ4XeH07o5HC1NnmXr2Cf74gsk9ib7sK4you8uQyL5L85sTh9YfM6FuDEhfjV6PA44JqXK80RJTqovSBI9dEx3848nMPIcue/uqbMe3YtevZ4WdSsbif7fC//3//n2s+xn68E8nhqryC+3NEI51ssGSvMQ3isxfPbKtE5oiIHieoTXzATAaXp2I2D+MjC8zjLXBD9jijrPxgl55VlFJGcgSTmxkd+SfrG+D8jJtXZsA3I220E6J0fnx2qQlrJOfaohNZeDQVySXw1cKMNFW1A3pnzygsODhhw12PJzjs2VIGkH0A5Z3o2epyYXRFmHYCudEHlL0Rc9ndWpZKlpAQVivv1pYvXbOVOqF+IXh4iAJEyTVOjlpMhPIZNLeJiBfqO6pRmfWEAWRcySxziF6lIDiGgFPcALgcU32iAPPUsS5yZwqHCInOVqLou7Vjk1NXtrhlYFduy2j8wRKXp7L7ii/Xbl7zPJYwyoA94Q3GVDFgESfPUmA6PdJLFdpNohRwirkqeZbPnr7gjKpCJBCuQTYo8/imwxK2LKxpPnKTssnMhM7LURjOM/W2KzZZwb7OLOjIkPPcRoAIklfG/266G92Hr3F2KoPg8jJ7dS+W8O2E9FwinN4rwAoXo/nabhiGOHIzqs6Ak+hc9Q1YW6dPPzpFzwIVqiiynxOCqToODRsGiYBR5YW2trei8YU0T2zB3V8IbVking9VfdCyPmqw/k9ewWcUXA4L4DIC9YuqC10MkBUo1JHjFXBS89yF6hnWWvJAeiJMtS0NtUCFZJApVqtu6CSkEYbYTW9DNi6u2AXTJjyh+eNQCu3zF8ap/gLAiyhRUZQym7E0f7UKLdAz+qZiUQYCNR0H/HC+Mu1BVh73ox8W8SBAfuw460FtG/8txOIMX8GCKzDwTLYpXwz6L1osG/HOixbF7C7uHsBoZMB2taWTlEx9/CZoi1iiI67cIrE5nnD0LdzVSomPjwQ0ZF9d6hOc5D2MHa2AVY7IgKv9qzJsarAoZzl9Dmh900fDqfqaGOFOTNWucA76114TUCNglwAU+DUVgxPeeXixGwMhHYoztn0JxNQo8NB0fFTH/izsZatbCr0v2UqAMHLtx5YJibdhRR9Jep/DbVi4AL+4yu1O+qVyhz+M1EXzQyY8NDeq43EzE6EZwi/rUtK7bWrBiL5Z8nDwWS4RASJFerOnb21mqQxFdEYVW4Aq0cGz+pXbLEvril8HVawZhT59ODNAhrgIB3w7BChALGIF22rsB21sb8s1ejQRWbp0HGkvBNmSc4/lgkII+TmY6/bbToz+axyyzXnYs3felzThVFGdxxX8Jci0UBkhmNBxLFkSgRuSuzPZbK6lP6daSfTJo5dpyb2ULfOJU70F/syEgOXyzhQwoOTkT4oOXpsaGBEA0bgsuT8r7/O+MKVHDTYTT6DxR9P+1vD4CYKozxLRPmYJEp8Sr43KXiT51HEndynIvfnpTAWc0ltMz35KE550vB4mTuwahogaKKyfuZ9semNncdia2y4kKiGkxRqllfy0vfA1etP7D0W+REkuYLKJPjvmpf8ATtlRbZ1mAD3SyST4uvkOoWJ7Ywp18vMQ2kkvQycAjg0Ix6ruQ9XMPEKWIhXH/cbHOZ8Mk7+55WViWYQAoIQHEEzY9uJlg/aCeqvhgIUZXZPR4ndWKDN8qO940pwlYxccQNTvK7srSAhjFOotYBc8BEYlnZeLgqXYc+NDMdWDn8/tUpTEoVcv02cL6G6SJA/FOen6yHN4eQHnPUB7Vml66Le3F0jRmWrLiZUjouLvOhDLEOhgj+KIev0fJIpAIZYvV87OGaEkDZN6tXIZ7gTWvjPtGtF434RO0AyO/UGQO0I+vsOz8krIwUPewy1Jpj6HIMlKz5IS5lD3dAr7SFb+nRcMOSzktoTSPu3dVvbnxUWoEG6o7DB3UI6Im0KrJJtPKaQW3QIdYTocq5X7gCegop74zlyE9OjdRG3jPRaiu1xonP0Q1FGss4h/aui5xq4tf0ch6RjLwPQG++0PxmSvPTTkUCaEIel+Zjc663QCFfWuLLwrkBmZfLpq/5mmsPssZuZuvs/v4B8zeDfUfR5vnzusF3Rq33i/7Xo1py9kgF1YO0arvRaRaAQBvW47YDDQzzzfkVnf/e6qZG1NPvSMDGGYRVRdv9fN+rtaeBPHi4Vk03+oNmFgUN1D4EgmWnka8Irtk1sCypSln87OFi/KMOvz0zMOJ4o7TdWHJgN7jjW/YTaht/vwii1Qtx0MjFn2WzN2aZGK6D3BNYs5drF9pW+cb2u7n5lHFaLPaOQ//yf3aUIg9S578iZYpCrIZK8hyTCYntafs1xRFQbqq+eJ9L5BK33J7/CQSGD+wZX+9hnKLApZl7XnGKVi1b+HSUKJFqv9FZueURB/EOUgejyNGiHBh/LzcTXi2TuJXFjI3Hfj7RvlJyyncJSZ5yKSfqtjl8B11tUisUvj+UmNNSve7zUKGRd8LXzkhP+mtXm4Od4rZIz2tpKdu1hzNjuLXY+63j7Szk1DJrA+vtU+1ypImq7rpsK7NbBjd5Yp2/nD6rCaOnc+jTVzIjUWe0z0/lT1dZfkpqgkV2Jt8CrgyZ8dFWPBwtBuDBhspQd6uUe7BHKIVIi7ulWw+5uyu9bCyKbEEcf0SHhnuchn3/VezHXNfIiIpXLrW4NOhnh8hEbUN/lTAFjim0YZ4u+PZOvgFbJiwTqdD7JZbu4BJ7wqPeliHoOu4VFQQG+KkvxyPjt7oKte154zcd1AuCFyJrAJzxzXQjjHCB5lqDwOYjzTEqREV2Wr+AO2+NiKsSUomrMWFqIfcTaZBMCq+oI6Xy3Fwz6t+e+0kLRxVB4rt3Up8nOJvlRxfEgCdpPTGysy1y1q1T12pCe0BVUJwmTJ4FmrwKNkdL7Z0yhrnL/OxcDG0boY8D0I4iSuUw0LXOABvf+4zvojrPuUa8F+RAy/vOof2sElPpmrxjq7Qhms/OzJ9D/VgmNsxb8DyPYPMnVRvI06pE</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-01-28 07:01:53,316 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:01:53,316 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070153Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_fwzyxptox8sxqqxrauinsuh7rdz7fgxslxbd7ic|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_976fbbd3ceddb0a78e133643634e22ba|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxsz//zxlGD638PfjDwgtuKxO6e/uiKPA00yAow175FA0zTav36YlIvchXh7m5MBZJ/hfjGS6QvrvW+d62GVy7RbVe/rV6vSWN/Cy5SFp7qotU3TcSnaXduCSzbOpznGL5R0yuZceFr0LHJeSKIIqfrndYNgOjGyU=|_d80e92edee0f5bf382f30fe266009ef5|
2020-01-28 07:02:41,191 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-01-28 07:02:41,191 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:02:41,191 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:02:41,192 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_007f985453a4434b8c706194d2922eaf"
    IssueInstant="2020-01-28T07:02:40.846Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio2.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_007f985453a4434b8c706194d2922eaf">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>7jAOB7JU66f2GwXDtYDNRRmdgj4=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>lXBjuxNruxi+Ahg7OViBihbp7u4vkG5EGl6OCGvPV20/vRMTzGoD7xBKSqdmhqQCfDG0aHZOOEvR/9tV85E7k13PePpQaiAsIr+nXhEk/ew9e5eUiab41BmMJUntYlWnQE/KOjsBGKvz7NuuOcbniqOw+OUVKOxkoRVMzgtoj8FSkqWi97GaXIRgS/cFuBg3QgSavF3gFjOEL2ZbdIXJg4iGvOxabBqB07GU0qIXWK6pCGc78gtjXmIHfYMQ3WyE6cbDZ1MHyTbHEPPnBZXwsVS9XgEnjlkZoTJonKBDpaY2FCUggdfvPW9QrmaXpG808nBJt6EJYFlucW+FoCpINQ==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-01-28 07:02:41,197 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio2.my.workfront.com/SAML2' from origin source
2020-01-28 07:02:41,197 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:02:41,197 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:02:41,197 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:02:41,197 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:02:41,197 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:02:41,197 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:02:41,197 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:02:41,197 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio2.my.workfront.com/SAML2
2020-01-28 07:02:41,198 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:02:41,198 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:02:41,198 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:02:41,198 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:02:41,198 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:02:41,198 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_007f985453a4434b8c706194d2922eaf', issue instant '2020-01-28T07:02:40.846Z', entityID 'infraio2.my.workfront.com/SAML2'
2020-01-28 07:02:41,198 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio2.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio2.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:02:41,199 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-01-28 07:02:41,199 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-01-28 07:02:41,199 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:02:41,199 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-01-28 07:02:41,199 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:02:41,199 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:02:41,199 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_007f985453a4434b8c706194d2922eaf"
2020-01-28 07:02:41,199 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _007f985453a4434b8c706194d2922eaf and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:02:41,199 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_007f985453a4434b8c706194d2922eaf"
2020-01-28 07:02:41,199 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _007f985453a4434b8c706194d2922eaf and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:02:41,199 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_007f985453a4434b8c706194d2922eaf"
2020-01-28 07:02:41,199 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio2.my.workfront.com/SAML2
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:02:41,199 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:02:41,199 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:02:41,200 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:02:41,200 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:02:41,200 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:02:41,200 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:02:41,200 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio2.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio2.my.workfront.com/attask/saml2consumer.cmd' 
2020-01-28 07:02:41,200 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-01-28 07:02:41,200 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio2.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:02:41,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:02:41,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:02:41,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:02:41,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:02:41,200 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:02:41,200 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:02:41,201 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:02:41,201 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:02:41,201 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:02:41,201 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:02:41,201 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio2.my.workfront.com/SAML2
2020-01-28 07:02:41,201 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:02:41,202 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:02:41,202 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:02:41,202 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:02:41,206 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:02:41,206 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:02:41.206Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:02:41,206 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:02:41,207 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:02:41,207 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:02:41,207 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:02:41,207 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:02:41,207 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:02:41,207 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:02:41,207 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:02:41,207 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:02:41,207 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:02:41,210 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio2.my.workfront.com/SAML2'
2020-01-28 07:02:41,211 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:02:41,211 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:02:41,886 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-01-28 07:02:41,886 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:02:41,886 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:02:41,886 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_82cfedd9a30d48b1aa868f20fbd3a417"
    IssueInstant="2020-01-28T07:02:41.489Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio1c2.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_82cfedd9a30d48b1aa868f20fbd3a417">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>1m2oyJq5M5EgIGzAE2A+CUu8uF8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>hFI2fU1ElG+UMvq3jR3fRFZfwK3EsPVAtM9S//gZtfwR8BWE43brhZHNVgo3TSHRHt9u6YcbaIYnOln/MhM29d5zZ7O8sOkvtILwrVpwX9BmNqqu8OUWGMwZOWcrKCzwNdIuQrXfq/YpLkhdsz7U4WtSpQkbO5xXk+nOApDxqowW25dP9MV+QvxdJm6elz+OVf/hf6Xqpoppt+1RMOQwFGBOzObIYE4+cwcSt4jxR527AZVKwjkNhs/5ApvssfzunuHtfe8rpWWy1IXWCIaJ/z6effyNKvM6SPcO3obTJbaPWutl0Jlxd2wCMoW+8z3sc0RrN4t49Q+Ej7m1SPwNug==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-01-28 07:02:41,887 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio1c2.my.workfront.com/SAML2' from origin source
2020-01-28 07:02:41,887 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:02:41,887 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:02:41,887 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:02:41,887 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:02:41,887 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:02:41,887 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:02:41,887 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:02:41,887 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio1c2.my.workfront.com/SAML2
2020-01-28 07:02:41,888 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:02:41,888 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:02:41,888 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:02:41,888 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:02:41,888 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:02:41,888 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_82cfedd9a30d48b1aa868f20fbd3a417', issue instant '2020-01-28T07:02:41.489Z', entityID 'infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:02:41,894 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:02:41,894 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:02:41,894 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:02:41,894 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio1c2.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:02:41,894 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio1c2.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:02:41,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:02:41,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:02:41,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:02:41,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:02:41,894 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:02:41,894 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-01-28 07:02:41,894 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-01-28 07:02:41,894 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:02:41,894 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-01-28 07:02:41,894 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:02:41,894 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:02:41,894 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_82cfedd9a30d48b1aa868f20fbd3a417"
2020-01-28 07:02:41,894 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _82cfedd9a30d48b1aa868f20fbd3a417 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:02:41,894 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_82cfedd9a30d48b1aa868f20fbd3a417"
2020-01-28 07:02:41,894 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _82cfedd9a30d48b1aa868f20fbd3a417 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:02:41,894 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_82cfedd9a30d48b1aa868f20fbd3a417"
2020-01-28 07:02:41,894 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:02:41,894 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:02:41,894 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio1c2.my.workfront.com/SAML2
2020-01-28 07:02:41,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:02:41,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:02:41,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:02:41,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:02:41,895 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:02:41,895 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:02:41,895 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:02:41,895 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:02:41,895 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:02:41,895 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio1c2.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd' 
2020-01-28 07:02:41,895 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-01-28 07:02:41,895 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:02:41,895 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:02:41,895 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:02:41,895 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:02:41,895 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:02:41,895 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:02:41,896 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:02:41,896 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:02:41,896 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:02:41,896 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:02:41,896 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:02:41,896 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio1c2.my.workfront.com/SAML2
2020-01-28 07:02:41,896 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:02:41,896 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:02:41,896 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:02:41,896 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:02:41,897 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:02:41,897 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:02:41.897Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:02:41,897 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:02:41,897 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:02:41,897 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:02:41,898 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:02:41,898 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:02:41,898 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:02:41,898 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:02:41,898 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:02:41,898 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:02:41,898 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:02:41,901 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:02:41,902 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:02:41,902 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:02:43,330 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-01-28 07:02:43,330 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-01-28 07:02:43,330 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-01-28 07:02:43,330 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_992558c1bb9646deb7e6a36d4be6c093"
    IssueInstant="2020-01-28T07:02:42.895Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio1c3.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_992558c1bb9646deb7e6a36d4be6c093">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>ZGJykb0+hmv3WEShaGpCGsZbc6Q=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>DySsac/G3M+/nsu7OYVrscwLMAVv2BUvtHCKPptfxcQxT+vYWmMdhQoVfLpMzqv9oXCm4UVHdzwXbKY5dhfJi4GXvWAbtZQgN94vkINPObgWpePKR+EKGsnuiz9FU4+kw2ykis6XUq4crovs9+cfqvMoOVYQs0ZGyNpD8BcYQvF/f8+P9YggUrTKc+FM6WpfEs5ZWX3a5Z7WGXgsLNFhyp6eXCo9wbbTD9dycaR2Rxcuzq2WFufiLWa7KjOGyzgopaE43uhjrcjRMahNbYHmktCuE2CcMSDjFHyo0bR5Ye8cZnYirx8fczkh0ciVgSyMToLrQuXMuATzg6X+JK7YSA==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-01-28 07:02:43,331 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio1c3.my.workfront.com/SAML2' from origin source
2020-01-28 07:02:43,331 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:02:43,331 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:02:43,331 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:02:43,331 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:02:43,331 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-01-28 07:02:43,331 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-01-28 07:02:43,331 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-01-28 07:02:43,331 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio1c3.my.workfront.com/SAML2
2020-01-28 07:02:43,332 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_992558c1bb9646deb7e6a36d4be6c093', issue instant '2020-01-28T07:02:42.895Z', entityID 'infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio1c3.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio1c3.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-01-28 07:02:43,332 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:02:43,332 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-01-28 07:02:43,332 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-01-28 07:02:43,332 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-01-28 07:02:43,332 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-01-28 07:02:43,333 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-01-28 07:02:43,333 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-01-28 07:02:43,333 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_992558c1bb9646deb7e6a36d4be6c093"
2020-01-28 07:02:43,333 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _992558c1bb9646deb7e6a36d4be6c093 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:02:43,333 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_992558c1bb9646deb7e6a36d4be6c093"
2020-01-28 07:02:43,333 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _992558c1bb9646deb7e6a36d4be6c093 and Element was [saml2p:AuthnRequest: null]
2020-01-28 07:02:43,333 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_992558c1bb9646deb7e6a36d4be6c093"
2020-01-28 07:02:43,333 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-01-28 07:02:43,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-01-28 07:02:43,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio1c3.my.workfront.com/SAML2
2020-01-28 07:02:43,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-01-28 07:02:43,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-01-28 07:02:43,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-01-28 07:02:43,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-01-28 07:02:43,333 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:02:43,333 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-01-28 07:02:43,333 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-01-28 07:02:43,333 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-01-28 07:02:43,333 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-01-28 07:02:43,333 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio1c3.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd' 
2020-01-28 07:02:43,333 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-01-28 07:02:43,333 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-01-28 07:02:43,333 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-01-28 07:02:43,333 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-01-28 07:02:43,333 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-01-28 07:02:43,333 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-01-28 07:02:43,334 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:02:43,334 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-01-28 07:02:43,334 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-01-28 07:02:43,334 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-01-28 07:02:43,334 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-01-28 07:02:43,334 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-01-28 07:02:43,334 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio1c3.my.workfront.com/SAML2
2020-01-28 07:02:43,334 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-01-28 07:02:43,334 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:02:43,334 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-01-28 07:02:43,334 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-01-28 07:02:43,335 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-01-28 07:02:43,335 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-01-28T07:02:43.335Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-01-28 07:02:43,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-01-28 07:02:43,336 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-01-28 07:02:43,336 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-01-28 07:02:43,336 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-01-28 07:02:43,336 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-01-28 07:02:43,336 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:02:43,336 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-01-28 07:02:43,336 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-01-28 07:02:43,336 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-01-28 07:02:43,336 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-01-28 07:02:43,339 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c3.my.workfront.com/SAML2'
2020-01-28 07:02:43,339 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:02:43,339 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:02:46,489 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-01-28 07:02:46,489 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:02:46,489 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@486066565::identifier=rick, context=org.apache.velocity.VelocityContext@2902d09b]
2020-01-28 07:02:46,490 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@486066565::identifier=rick, context=org.apache.velocity.VelocityContext@2902d09b]
2020-01-28 07:02:46,492 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:02:46,492 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:02:46,492 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:02:46,493 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:02:46,493 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:02:46,493 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:02:46,493 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:02:46,493 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 000b61d573290beed962f876bfb24344ecf9210daf766a641beeee85bf457072 for principal rick
2020-01-28 07:02:46,493 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 000b61d573290beed962f876bfb24344ecf9210daf766a641beeee85bf457072
2020-01-28 07:02:46,493 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:02:46,494 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:02:46,494 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:02:46,494 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:02:46,494 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:02:46,494 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:02:46,494 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:02:46,494 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:02:46,494 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:02:46,494 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:02:46,495 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:02:46,495 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:02:46,495 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@345affec'
2020-01-28 07:02:46,495 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:02:46,495 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:02:46,495 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:02:46,495 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:02:46,495 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:02:46,495 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:02:46,495 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:02:46,495 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:02:46,495 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:02:46,498 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio2.my.workfront.com/SAML2'
2020-01-28 07:02:46,498 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:02:46,498 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:02:46,498 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:02:46,498 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:02:46,498 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:02:46,550 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:02:46,550 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:02:46,551 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070246Z|infraio2.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-01-28 07:02:46,551 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:02:46,551 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:02:46,551 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-01-28 07:02:46,551 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-01-28 07:02:46,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio2.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1611730966551}'
2020-01-28 07:02:46,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:02:46,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-01-28 07:02:46,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-01-28 07:02:46,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio2.my.workfront.com/SAML2'
2020-01-28 07:02:46,551 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio2.my.workfront.com/SAML2]' as '["rick:infraio2.my.workfront.com/SAML2"]'
2020-01-28 07:02:46,551 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@345affec'
2020-01-28 07:02:46,551 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:02:46,551 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-01-28 07:02:46,552 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-01-28 07:02:46,552 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-01-28 07:02:46,552 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d4f01602cc4a31c1521f5db08aa93760
2020-01-28 07:02:46,552 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d4f01602cc4a31c1521f5db08aa93760 to Response _e22095dcb2e357f4fdc8999516ecd246
2020-01-28 07:02:46,552 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d4f01602cc4a31c1521f5db08aa93760
2020-01-28 07:02:46,553 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-01-28 07:02:46,553 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-01-28 07:02:46,553 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-01-28 07:02:46,553 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-01-28 07:02:46,553 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-01-28 07:02:46,553 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-01-28 07:02:46,553 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-01-28 07:02:46,553 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-01-28 07:02:46,553 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-01-28 07:02:46,554 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-01-28 07:02:46,554 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-01-28 07:02:46,554 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxyt2wpzLNju7GYP3pavUclsR6COtGebXoohPyRxA/9HZiy21psdnMRjrqL2ft6k5NrgiGgc66xDwK0sEmaCQDMkxsuXXyOwxNU2ZcxRlLCk4rsb0ECMrp7vMhXqHDTqglV0U= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.25.118
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _007f985453a4434b8c706194d2922eaf
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-01-28 07:02:46,554 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-01-28 07:02:46,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-01-28 07:02:46,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d4f01602cc4a31c1521f5db08aa93760
2020-01-28 07:02:46,555 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d4f01602cc4a31c1521f5db08aa93760 did not already contain Conditions, one was added
2020-01-28 07:02:46,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-01-28 07:02:46,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-01-28T07:07:46.551Z, to Assertion _d4f01602cc4a31c1521f5db08aa93760
2020-01-28 07:02:46,555 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d4f01602cc4a31c1521f5db08aa93760 already contained Conditions, nothing was done
2020-01-28 07:02:46,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-01-28 07:02:46,555 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d4f01602cc4a31c1521f5db08aa93760 already contained Conditions, nothing was done
2020-01-28 07:02:46,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-01-28 07:02:46,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio2.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-01-28 07:02:46,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d4f01602cc4a31c1521f5db08aa93760
2020-01-28 07:02:46,556 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio2.my.workfront.com/SAML2 to existing session 000b61d573290beed962f876bfb24344ecf9210daf766a641beeee85bf457072
2020-01-28 07:02:46,556 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio2.my.workfront.com/SAML2 in session 000b61d573290beed962f876bfb24344ecf9210daf766a641beeee85bf457072
2020-01-28 07:02:46,556 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-01-28 07:02:46,557 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio2.my.workfront.com/SAML2 and key AAdzZWNyZXQxyt2wpzLNju7GYP3pavUclsR6COtGebXoohPyRxA/9HZiy21psdnMRjrqL2ft6k5NrgiGgc66xDwK0sEmaCQDMkxsuXXyOwxNU2ZcxRlLCk4rsb0ECMrp7vMhXqHDTqglV0U=
2020-01-28 07:02:46,557 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-01-28 07:02:46,557 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-01-28 07:02:46,557 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d4f01602cc4a31c1521f5db08aa93760"
2020-01-28 07:02:46,557 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d4f01602cc4a31c1521f5db08aa93760 and Element was [saml2:Assertion: null]
2020-01-28 07:02:46,557 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d4f01602cc4a31c1521f5db08aa93760"
2020-01-28 07:02:46,557 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d4f01602cc4a31c1521f5db08aa93760 and Element was [saml2:Assertion: null]
2020-01-28 07:02:46,559 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_e22095dcb2e357f4fdc8999516ecd246"
    InResponseTo="_007f985453a4434b8c706194d2922eaf"
    IssueInstant="2020-01-28T07:02:46.551Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d4f01602cc4a31c1521f5db08aa93760"
        IssueInstant="2020-01-28T07:02:46.551Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_d4f01602cc4a31c1521f5db08aa93760">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>rJlldxVGUmHqpeq1G1ZusR2y1aHbCX/0zDKk7Mas9pQ=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>b0y+GwreqCARry9OyUTUqmNzs5Ndy45ftS6ceSZTdRarzE9yN5cE8+u1ViROwBfUcwNeD0jadfWw1QHqSUxfAq/HldOyi5AUW/aZroQ2fEue8q/p0nj8OkMhsvYF5sUUakEGoGvUMjvCH7ennjVUG1JRrVueNnLHe40eDyeplg8HqJ+rp6iSV59aWAKzx5UVNN8slzrhyHjQ9eHht46jCTy0uxZeE0q5iAKQtB9rNHzUMg7fmInf1PZbqkfcQCl9B74gQaoQgaq67VLGhSeHnUtzWQO01ktxIxxcDfwgIpiPrxKNlPmnMPgMcLpkcFnibhphsmVsnq/IoGY4grp2pw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio2.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxyt2wpzLNju7GYP3pavUclsR6COtGebXoohPyRxA/9HZiy21psdnMRjrqL2ft6k5NrgiGgc66xDwK0sEmaCQDMkxsuXXyOwxNU2ZcxRlLCk4rsb0ECMrp7vMhXqHDTqglV0U=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.25.118"
                    InResponseTo="_007f985453a4434b8c706194d2922eaf"
                    NotOnOrAfter="2020-01-28T07:07:46.554Z" Recipient="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-01-28T07:02:46.551Z" NotOnOrAfter="2020-01-28T07:07:46.551Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio2.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-01-28T07:02:46.492Z" SessionIndex="_48bae6d5d3f0886a564ccef9b8e04941">
            <saml2:SubjectLocality Address="172.31.25.118"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-01-28 07:02:46,561 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:02:46,561 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-01-28 07:02:46,561 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e22095dcb2e357f4fdc8999516ecd246"
2020-01-28 07:02:46,561 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e22095dcb2e357f4fdc8999516ecd246 and Element was [saml2p:Response: null]
2020-01-28 07:02:46,561 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e22095dcb2e357f4fdc8999516ecd246"
2020-01-28 07:02:46,561 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e22095dcb2e357f4fdc8999516ecd246 and Element was [saml2p:Response: null]
2020-01-28 07:02:46,563 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-01-28 07:02:46,563 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio2.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio2.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-01-28 07:02:46,563 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-01-28 07:02:46,563 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-01-28 07:02:46,565 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"
    ID="_e22095dcb2e357f4fdc8999516ecd246"
    InResponseTo="_007f985453a4434b8c706194d2922eaf"
    IssueInstant="2020-01-28T07:02:46.551Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_e22095dcb2e357f4fdc8999516ecd246">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>cqVRfxighjgfMFJc9TDJ7uiOJYEIEV8fMD+azt3jliQ=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>XPg+Tvc3HtY4qGAcgQGh1Un6Cgotd7qpn6ZTddhy1oAzeAD1W6pk8SHyzbwnWS78n9u46VLGTz2C99i2CRm8bXvKl02kLrcPc7GMv8Pet8+WULxSFLG62L1NMmKJk2tUGdqHaqdiXFJBMZhL0+T3IUGi9uTiLQxtcVy3O8LakKi7AWQQjXqssmlGTvE955sZPqmw5ihRgpUvW2M//xaB8iOjTglgqc7vh0MsEALFqKecoxdr7vc0kvU5ydhUXMSn3BlzH7JMduElrfRgVIUANvNgZSFhFEm/Zie+I1GBHmcFYajtnVlkqNT25SudVi48c9EkbyKlmvd+9ECQyRcESg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_4bd2640888941420e5073a8d1a19c3ff"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_9d4c93427bd30d39cc11720e2ee716dd"
                    Recipient="infraio2.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>X4ekLxZyU5WIgu0ES+JNAORSU4WBtW6TWSpD5+NlRhIzZUG6s5mou4qcCIrduH7aHF0vJFwymOLzpjW5hNRUhuyHuXbLoqzSt9p38heucKlM6ew6dy8IIoDfiaGmRfqr7YuiyJ3xOXeAWMCAcyAB5IDW8n14j8cskSzyQzEmQDJxIvcGyr3MPR4cQPkC1Moc4zqnNGZF1EWt7Sh3ulaf9nwhY5bf0R7r1F6OMzRvELKH94LxVCykXiuYKidjJ2f4rJkhUwgp8hEGuJynCTLI9TDv1v1ycqrnPpk/e4I1hwRu8/7/EVQkmSdnSmJpOZuZqIBgYKi3hMIflt1f1TKKfQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>KBMAOyfQCeJ902dRL7dyTg/UWJTufK+dRvZ80TMRZXP8fWcB8xU1S4EAhRX3AYqm+tux7n98BZM2fo7nyuaDt60UU8lMF7v7jBQvRHONIpYg7UZfm5t6YBHGqvWV9KtCLNNZVN7n5xd+03LzhOvWS9iLuhEvW7e3eB9npVKI37SaRRv2UflBH05Qajp3moqeOlQmO3519xjR/Dn4pvecntskmD3kL87EgFY2tC5wLI8T5KlgXMSq+MCmebGqjUS12XPRZ0pcEjUUgXjd7LcKFe58RFGx+MDa+axd1GBfruT6mXwC7faRfNZ+rVPaBL7Xt5Dp9DDik3y3YkZ4kDHTfNiRrBkQ7nLJTFOSUg4OIVGZHJfJAFyA2HD0+mp0bTeKMfr4XyRAf6ZBjY5lsx9V0Q6XkS1Lt9QvS3QGD/HgNYJZmksOEsYoSyTjCPcp2g75cC/TB25wpWO/4+zcdLksWk2ADrs9KMnEN6qxteKP3KgHSZXfAIcx4Ilz+LIpRDCiDuvudWsvPOw3yiQuFhFulr0o7ZRVG7c3DtIbY3aftxp+CWXreu+SC8Qz2exp5bdHbJIPSbjNnj7I7Z5on2di+EBm7IilJ/K4ANDnuWo5r6o+9qPxHcmOS+24NrVi8JkCIvCYjckR+zLfCENZoJElj6z1SM62AMkLGiF6OBUmPfstS4eBSvcixLdn6yXfgMWKdX+Qg5lLp9jPAVqURDM0xadpsA3mprBrH6Ad1dt9qz6uopm+QU05L7aZmU+i9Q+EaY6KYrPSJjNv/XaoyH4rynJkTuLLMY2TK5KiM9Q7f/C7kpN7+WLfn6nFWOfXTz24/3PtcmuUGCVRnfRS9bOaXP2rdUz0R5gvj95AliR12U4Dn9gw1zXQeDKV54b/ZZrgGKycRPf2AVo1cckhG1q3J4047Y1HsfkjcciUnp6xUNtwhEg0SzRTEAC1A/3MIlHH7PANX7bw6CiRzD4UhtVYO/4SgNutHCDkZojchN/R5/qBGle6QPgaoNeEwvMtH9XaoVAZftTMHALkIFpipEB/gtqc+6pJXGO5PKFqUk1MnVu78IkiI/jKF8ZQUyVyzrr3sMvySl6r5B0Feas+BZYj4v4bqOKsJoDSQH+SDvMzkehkb7uhSlKCIdBgILugdvsm0Yw3JxmMvtiRWcwvthyevaNyaSd8v8U3ijcxcAxqS6AdYYKje5T2ug4mTghZ/Vf3+ieQ5cFxm6g3b83TOMYkQmK/D5MY9XBewWaTXZaQZRJ7Ha0gWtZ9K2d7P2DVqUhcF7ciQQuAGs9oSE86XyU9gtslos8tby0/SlqpTdeose57USBLv+LUBdJhM68jPhlknIFybGznKWJTG4l709+ktQ5svi4sTj9d3EYu/OklnmySTAbxuve09iNvMt9sy/RZNvXk2AbSw0K0VBlV7eCv+/tWnH4TYqquTmMIResSlhWkncHvNB+lXsPCUVn6ItLG8p+9rEHj62thnJstIIXu3OOQK3qyjHo8viTnetABRkHIf4l8zKIN5+VqanCV8rMLw9eBYaK54EVAhgayoBpjG0hNNmUg+tFhobbmkzpNnSJwLT/QZBgcTQUEh+J/IBxBAmLi9DXuaWlvMHz3jcsUauXTNB9oSoQtgsgbM7TFInc6LN8WRGq33PVhWh7iwMcSkWom5aDF0jXbvps8vvmMKmVQgeNl+AV8F0DLsAXZXjVywiyWpN4KMZjmaxacSEbB9qt4MYyJScTIDrCdPHBJyxevTuMRtS7ZaVmF4NblNkAsoS7tFKZWxCqcSz1otpQLvsEQl0T6tXly+2ubg6qOaUmEDyN+cJHTI06yn8xogN30AtjSEEx6EFHXxHM6AZdUaiy2zQO7edOdgZ5nKL/zEmkoJcFYueKdfd4k7gAjjlY6/PdbHMgKv+uz+48mmoOAirSOzVXytSZh6m1Kl1C/BVxCYfHmCHoH3M60D5nCKaCDzO260ItURlc2+eSXsD02D/9HUCBWsf2vwMMptrijvlqqULDzcOm0ahlXnsArw7dfeKJfR2lz3hwqe3tibZaUc8MKwan16S7MqVNDtoBov12w4STH/t5u92T4Y/sOk0zmm1JiwC1KrwlO/dFXgIQXVcCzq61KlE/bzVNYHTCEA4nwo4h4TjCPbOv3c+NUmFAfgJfJ1QVPIKrt7SZpCvI8zS3ib++qeX+4N9QLccscmMoC/BOIJ7cVsiVFQEqGQDfKRyrnKsNTg6K9XFY7asdHRWsSS/h+UYmyBrJQSlcCszVfu5xpKiFx/fZ8CVjTaui2YlbkNEr5tul6KYn9V39bEqAB52YL2utAOxZoUdjXCLQcbXyOrBkO+yEXvSbbFvk8zDFjzj5AOh/tJdxt2DAZs8aSuStgCRTyVba+FDirCLPGJ9yEvRWYVl68Rj64aFR/AVSZsW+9k/njfjv48HM7FeQK2gdR8IdAHSJ4fx8KqFxq+NBmSY4RI9SFzo6DVu4zSqWeRh/FbqCyCrZjhCWF3LIAGnm7esvylJ2mAapz6PVXxEmYIdA7mEIbZRkV4Xor3wxleZz36PWxhz901ddLgyin/izVg0mPNbxgORosExVSEVaQYMaXJasckfPpPgurO/FPmdMA5usWpQIodgd7yGV2PTwMD649w5d+i3nPLzQlwfLwiS88U6r752ugxpmxDhmCJrtMvoUslt2yB0LrTj/3dT9l5k8Rk6WBmZZS81FRTo/CJTnICdCchzTjvkhGNnafeob7NiBRmGWgIzxcu8HWZdlBnFc/xpkRRvRKjitKY1hU6eFuLA5qb71tFVaip2A3G7EKTIvXOMCFXpVXGpCJ9mCQX/y8H5bFENRGcPlMyvyMir6BUJY/CgEyhWLYmrJ1paTJXykDsY8cz/hSO1oDJajS14MzePortR/J4UcuzDzp72NU51tXoHfx9qTcmjDKaYC3tNPCxMKxJoAdN3gbb+q1ezTU82TqPKOcKDvZtbXLlUJNzkUIJI3VcdpPI70lMuyvMQky2ZQC757v0a/3duJeWnTUi5dpEy3KBIpDs3pqjxc07bzf9CC3ksfAB+ZNxIbUp+W90hucJSpthXsSJDtzLaUwkyBjvP34dLMeBZdOEN4MWIduEw7DGuic6H6NSlOUSbvPYA8KL+Oy/h0i11dxkdQWDDzPIBpyeKC3W7eXWSpp48b6+JQLT5Lgym8GZc/tEkBEETHOpCsNMN/r15n5l0P8rh14ez0NYFQE/OmbCxg2m2c4panl3J36SPKCwqq4URpGx5Ksw2fpuEnO6m3NA+t8C014pJlm3HLvyxCALUEzwHWMnDCNl9Bf41eUxRRFnhJsw3MPzzcjkb3nD72l60VHOCGyz6MOXO25ySCtjKmHa5zXNMRSPeDPmYMdD7rF/5bdeHeMBR5xujvZfWYcVyqoRdKmdSmEQlVSWWTbmKlv3xeNZDi6yuy3veSvNfQWkBBpL/gSvVJbx4/gt2iNMwJ9afO3RbjQ05vc8CLV0a3JCRtOTqRz5kW5kC1SpSLpgWaTUzXztBS00y8aLj03j6/sINZ6mVWPHlxYti3Gle3nkyHxESfmDkhJFKaMc+szIbr8VHWcl3b9gzqUIDghKEz/ZsBVMFQYQDhXTOkfM53Rsqk2spkUBHlvOwDNVSj8cAcWy1UTblHTHhbfC/FxUz1XhQfsLxkzbJsNSiif7rSerKdAydnG8Q9SCceXjGfmgUugvXvriL/rFVuxh+cWRUUQtQr0aLjTXtliyUwz2bQl9RexEmBz2FEYhIwbQq8oJ04vpfMYdfiGHni0Q+58VZ6AxK1mTks6Y2jMtd3C978UbkWpblmtg+nBAgwPa/tLSum19bkjUbbpisBOAONCNw6rma5P9sHClJpR/pAMF+w20Jria9m2ui7lTQrzWo+k2a1whCrGvBwGKkCyV5trTorzbNA1LHqNDrWQ9hvXviJweOqluDQV3iKJYdvzCjFBoAvhOcHe9XB2vJsElxv7tYSZ/t4C0EEfy1F/GJKZ2mgK9muw0JsM2L9Tbugzm+At5vyBESrNueGt2JzHtQP6LcOJIrCKGqqOcaL3okcM0jvOhFouWPDVUBLkWXJF+r32tg4KxHSEX1wu5fLmFKYg8i6fR+6eAsM1dJdKP2px1pyMRW7+jqTaUTKVlgYUI43KyuZ7RdkI5xYNtrsV6NBFMluIX80W/LagMyCU6udCGw5NKPw1mCmqRE/N/qaRXptWggN24wpdpTQ7PcgEMDb47yPjsh69/ss0EtXWsmNd5S8AA3itc44ayLdQiMJAPhi1XywcgvZQY0S2eBwbZqPMoSxHYY8kleA1BdUONv/y4NxDgyrVcQ8aHOyxAYPdQPwtkH0fkQPTrpJjIZ55Kp8aVF5GCRRAiEvv1T9v4pZNmoG6ohXCZoem6qtczlPgXS1bjdvkdJttcgiiexaGHR4L8bABSY/LgxXpKQS9d3oA+9pnqVMIWPHlvtAhfjecWJLtBQSKZcn0Mohqbmtru5BN5sZLmh5Z3uJYSyZHvqwgKZsrDLNGcofvSz4kV5X/xJntLKWBCaUn9vvCKp7KINY5VwyXSFpQ+AaU+rtnNp4Tf41p29WRzICW6j7AnY7B6G9FL5kOuOIMw4g6Ojk9/+3Qerm1opPFMVVFdbyIKaBoL8TWKww/nwB00bU7blsvOY99mYOMiKIgIUEaio2u4qotlylNwBPbScMwVQ5KJaKcv5m6Xsy0/4SOrkXMIhhFHjlCfefsnTN8YNsPyq55jndqT3jdzc9HGUWqMTcLM7xLu/RjYaOd0YOUvGFpTLzBv4Qj7PAgVem1LWAdCFP0nWMf7C2wbm2PZgjVHmVLCH29PqRSst0ROhAPYUrKCbSZDH794IfXvcBQBMhknKV+1JyIaX7AHUq3HkSsld1wRSYkugjKfGsP45pO5K9VX0YAEfmx+8ptkdMD1FEqjohjcefQ9r20FnbnxUAq4H0oxPdYlUkPa1Re/EFbNEMDqIFtA/sAm4Yo//aR3u342w+0GrL/8OCp27CqlYWEm1eZX1fW5PhaChZySnJznKiTO6uTmi9t8PXSy+GWstsrMYal6iwJJ2ekKgj4O2SdoIDQD6cdAlKvNalONpjiDHwhmB5PlyFMKYfwiZ24To+W8ZhwKFGagOkMYjJvp4FVI4m3IW7r6Kqh6UErFTq+gANuDcUmVT+vq3B48a21dFRrjl20UOXF+7ThN2lT8uia1vswGndD5Yp2WCgZe6xJehQ3kiRuvBT/oiQ8fd9gufPnzHqQ2rQ7StlMrmwBz4T8doTNIQ8lcHS6ojS1q6D/aj+9o+0ZjkGHEMtdZ4iUt5/nnc9VrNuWfk89Ay/4gCHvrAryIXD/GMo2SKudkfjIpyKWK3YbbqYEgUPDQk6UcLLzCGBC7AU49pipBNs8qG6v+dFrWLG/xu4rxNoVFkze7FPDr/ZYTLdcsiruQy6j+zm/jd94qSXseXMqKcQ3wVv3VU90PYN660vFm7RinL5Ao4wwxARUqzZR2DmEbURHR3O5uW56FDUOc7Df6L/+MOiIVEaG3hCVqLNv9RSFZF35UPD/AfbEDrDAZdlLFaB7xjm41x6I4/avSqXCnxUU/58b3ogVjZc09xHMpmX+wVmWkhiu4Qa3cyD5Hy4Kr5vMX5JkLgusHa5eEp2iI9AJsRQ+oQCz4TSByPRnrrSSsNYO/g3w5YyqMrdAvtGrzBgwvlkCjbBiEDNx2CrPh3IqjPPukxe0Q3bwntO8TwDEUaTSbbTkMEjpxx4GB6hGFDCOFEXOXwCXPL+HkANTwwdgaanocvF6xMoqxRfyP4ayMEbhhFMNftBPUvxlP8rz6mI//XIU0yuvF2RmXQIozzK7wTBwpJ4Isgsis3TCRFG/zAa2TP9yeTcRYk8S/DqxuLaN5X/cyP9BNdJtTwMkX3vmCr/aaTUXJxr31qqOtrzzmczoMioAkYYLGqsgkuf+UHE/VatNeghzKYQq5cPQPTV/oYWh6ZeIhDeAzVbR/12hqxy9JYgLOXOXWs2duuDbvF02lZ2seV/o06sQiXQqnpemU0m5W83L6iQ7BgRBufnzLgeVVMxuzDgd5b1MroEwa0rBEZQT9B3PKi6WqClOemuR2p4IeP0xF6TTFYjHnFyvVupRvNqnesxLyDbG/SZvzwxr811iSOXHzRkUiHVZCMLi2Kxgc8+x11sv+YOvIX28BtSoI+ogPRv1OXM8ezCWO74wp1o+TlEqoK5yZOTcXj90qKIUBUQRu38w9TkDiiazz/XtWSY76n5MMT16WMIwxOT2TQvmOv2wat8WFdykaxHonShl0Qk/U9RABqXrXvNJRf2mX8MADVBsE0P+LECTSbv7vmwZAQ61eKU+RdCXOLe0sAd8HCQJJyrjj18Y56MtQHfz6KNkh/rbc5d2RscDd3av6safZKP2B/TtxE3iNBJsF9Fo3E6Gv60o3cQpwuR8Mz5MT+aR4NYUjl6H1apbEm0Fx05R49fgKBy5YcOxcAiVHXwLoh1oMv4KVlquEqSz+K6cBnMIjFj/aAF8yGCCcpOnygYxeCheary9NoOoI909fJuIx9000+grqSApHP1Gv0/Z18Vwo4IIWRoyKVpxdl8z77fdc7LaMaJrMcjmNxVHdWJgs7lVcoOveRtjj2duMGFJ1dgjk0hMGln/cwSBKKLRTcnNY121VuRmoX1EKsLlZUTyPLiiKP1wie4aDfpjN0ncOa4IbloKFGmyvIIJhc7fx64oKQQYPBlVMc58JEJ9KE0G0vaJLf8Zm1CpeGm6LJc79+iRbygaKqYMUxtIyV0iIZyyz7G+NwmPK5xlUFng8XLk/STRtKsx4baSPqDwuU+7sq8hWT/6KSkJAVGZ7/M4LadTOgwma3YZQHQSitw7j2yuB45poKktrW7l8F4bpLw+fj/yANmVway1fID+lndunpUc0449wv3+amFSWsbA0rMPqYl+1fmV+MkJSZTBh74G9YMXZVojy3YL4cPzAbihp+NOAq/8a0oJQm3lUNeCcJGJixtg9MsVgFTEhFoN4eCYWkD/VbWkOJZO/N5s0OGfkHPUvWOMiRSpT/5SU6cQFoHhTl3kMrq8cQTnyxfWkrLuNqKFXFwgI/SH6iAo1KYypI0aYpYLTIBpdQIZAGEy2QlH0Gu3Zpe+D5VKz8f+67nZ2aVwbBHlCGq7l9HMt5sGnXxouMrYM2UDEhLyRDp8hVnxrk+YuhmKvC8IMOfYr0Lqew/VIb70tc6S97Mn73pbUFiws4uxR6EllIwMLolUMkyEjdt2200v/46JKzGRA/2niLQte8vS+f3ZYLx5UUb/O4Kg4BP6EFRp91CTDL5YtMg7CO5OX73yjTQqmXk9xG5ttaCwoIzmAdfMif9p9NqA1o9cumR97mvSnsXLKEZjlFtWqMwp6ndYvS4sUVktHJ9xZ1g3TlxbzsueX1JYzUbFdc+6dZqjSrrt/OGTIoO2PU9SQbTTbEw1IBSJNQzWuG41NMeiYJlQoYIwmqUzmXpD5aPlEWRZ/VLpp+9K90lJDiwJRnJoYP1Kcss9Bt7qQh3lE1b/8FVRnKHW7R05ebXYGARAh+ghtv9q3G8XqqZHiiofL4AE+40ERAoJV0HnvVnBN/9W7vNrvFDgR/Osm3NGG6w2f5wUMJRqsj8N71QADlVzxiBa4cbZkaWwSISYqy1oVL5x3DRaDPlFQT8lpweQ9r2px9XQBtRmcy1hjPvYNvQf+JYDLjoLow1zWOD+np3IQiSayS8oDixVqUO1SKlrMUMoWG4CnSTykg0zxkmftKuoYb8gA3h1aIv4luSFdx1NkORi9Rsd2BCDMCxFfAK6axJs3QGisWUqEjbjNB5pYSsGqRYCkgDZe7DltvFpdAfU+geelMR3ENUfwj7KiMKscohcXik+sOSShG1uf+DC7KBGD9UYyIqaZaZWldhmHCLHfWnR8O5+wwuTDT5mh60/Nd8DVvdxJlcXRbNXnsSIgzBBzw==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-01-28 07:02:46,565 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-01-28 07:02:46,565 - INFO [Shibboleth-Audit.SSO:?] - 20200128T070246Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_007f985453a4434b8c706194d2922eaf|infraio2.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_e22095dcb2e357f4fdc8999516ecd246|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxyt2wpzLNju7GYP3pavUclsR6COtGebXoohPyRxA/9HZiy21psdnMRjrqL2ft6k5NrgiGgc66xDwK0sEmaCQDMkxsuXXyOwxNU2ZcxRlLCk4rsb0ECMrp7vMhXqHDTqglV0U=|_d4f01602cc4a31c1521f5db08aa93760|
2020-01-28 07:02:47,748 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-01-28 07:02:47,748 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-01-28 07:02:47,748 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1551144506::identifier=rick, context=org.apache.velocity.VelocityContext@3aefd7f5]
2020-01-28 07:02:47,749 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1551144506::identifier=rick, context=org.apache.velocity.VelocityContext@3aefd7f5]
2020-01-28 07:02:47,751 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-01-28 07:02:47,751 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-01-28 07:02:47,751 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-01-28 07:02:47,751 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-01-28 07:02:47,751 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-01-28 07:02:47,751 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-01-28 07:02:47,751 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-01-28 07:02:47,751 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session cb3ff6b396c7b296e1862f11a94da8d1add82e51d030c25fffeb9b9c73c2c9b7 for principal rick
2020-01-28 07:02:47,751 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session cb3ff6b396c7b296e1862f11a94da8d1add82e51d030c25fffeb9b9c73c2c9b7
2020-01-28 07:02:47,752 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-01-28 07:02:47,752 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-01-28 07:02:47,752 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-01-28 07:02:47,752 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@58251ff'
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:02:47,753 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-01-28 07:02:47,754 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-01-28 07:02:47,754 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-01-28 07:02:47,756 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c2.my.workfront.com/SAML2'
2020-01-28 07:02:47,756 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-01-28 07:02:47,756 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-01-28 07:02:47,756 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-01-28 07:02:47,756 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-01-28 07:02:47,756 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-01-28 07:02:47,812 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-01-28 07:02:47,812 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-01-28 07:02:47,812 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200128T070247Z|infraio1c2.my.workfro