IdP v3 alpha 3: Message was signed, but signature could not be verified.

Mon Nov 3 16:16:27 EST 2014

While trick or treating it dawned on me that I should not only reimport 
the new v3 IdP metadata into the existing Shibboleth SP, but visa-versa. 
That worked and you win the non-zero sum bet, which I'll gladly pay in 
Halloween candy post prepaid ;-)

I'm now getting:

XMLTooling.CredentialCriteria [1]: key algorithm didn't match ('AES' != 
'RSA')

The attached log shows the response that has both algorithms. Could you 
kindly point me in the right direction to resolve this as my searches 
having not revealed anything helpful.

Thanks,

Gary

On 10/31/2014 4:19 PM, Cantor, Scott wrote:
> On 10/31/14, 5:57 PM, "Gary Gwin" <ggwin at cafesoft.com> wrote:
>>
>> On the SP, not:
>
> Well, I doubt the log will say anything more interesting, but that
> definitely isn't a relevant log to care about to debug anything. On DEBUG,
> I can usually tell something about where a signature failure is being
> detected, because it's easy to tell if it's actually able to verify the
> signature itself. Once it falls through the ExplicitKey half of the trust
> engines, it will try and verify the signature with the key in the message.
> If that step works, there's no question that it's a metadata issue.
>
>> I've tried re-importing the IdP metadata to the SP, so that's not the
>> issue.
>
> I would bet a non-zero sum of money the metadata's wrong and that's
> exactly what it is.
>
> -- Scott
>

-- 

Gary Gwin
http://www.cafesoft.com

*****************************************************************
*                                                               *
*  Cams is a web single sign-on software solution for Apache,   *
*  IIS, WebLogic, WebSphere, JBoss and Tomcat web servers.      *
*                                                               *
*****************************************************************
-------------- next part --------------
2014-11-03 12:53:19 DEBUG Shibboleth.Config : shibboleth 2.5.3 library initialization started
2014-11-03 12:53:19 DEBUG OpenSAML.Config : library initialization started
2014-11-03 12:53:19 DEBUG XMLTooling.Config : library initialization started
2014-11-03 12:53:19 DEBUG XMLTooling.Config : libcurl 7.33.0 initialization complete
2014-11-03 12:53:19 DEBUG XMLTooling.Config : Xerces 3.1.1 initialization complete
2014-11-03 12:53:19 DEBUG XMLTooling.Config : XML-Security 1.7.1 initialization complete
2014-11-03 12:53:19 INFO XMLTooling.Config : xmltooling 1.5.3 library initialization complete
2014-11-03 12:53:19 INFO OpenSAML.Config : opensaml 2.5.3 library initialization complete
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : loading XML catalog from C:\ProgramData/Shibboleth/SP/xml/xmltooling/catalog.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : loading XML catalog from C:\ProgramData/Shibboleth/SP/xml/opensaml/saml20-catalog.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : loading XML catalog from C:\ProgramData/Shibboleth/SP/xml/opensaml/saml11-catalog.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : loading XML catalog from C:\ProgramData/Shibboleth/SP/xml/shibboleth/catalog.xml
2014-11-03 12:53:19 INFO Shibboleth.Config : shibboleth 2.5.3 library initialization complete
2014-11-03 12:53:19 DEBUG Shibboleth.Config : using local resource (C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml), will monitor for changes
2014-11-03 12:53:19 DEBUG Shibboleth.Config : loading configuration from external resource...
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://schemas.xmlsoap.org/soap/envelope/ with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://schemas.xmlsoap.org/ws/2005/02/trust with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.opensaml.org/xmltooling with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/2000/09/xmldsig# with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/2001/04/xmlenc# with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\xmltooling\xenc-schema.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/2009/xmldsig11# with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/2009/xmlenc11# with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\xmltooling\xenc11-schema.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve xenc-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\xmltooling\xenc11-schema.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/XML/1998/namespace with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:mace:shibboleth:1.0 with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve xml.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:mace:shibboleth:2.0:afp with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve classpath:/schema/xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth-2.0-afp.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (classpath:/schema/xmldsig-core-schema.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:mace:shibboleth:2.0:afp:mf:basic with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve classpath:/schema/shibboleth-2.0-afp.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth-2.0-afp-mf-basic.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (classpath:/schema/shibboleth-2.0-afp.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:mace:shibboleth:2.0:afp:mf:saml with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve classpath:/schema/shibboleth-2.0-afp.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth-2.0-afp-mf-saml.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (classpath:/schema/shibboleth-2.0-afp.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:mace:shibboleth:2.0:attribute-map with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth-2.0-attribute-map.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:mace:shibboleth:2.0:native:sp:config with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth-2.0-native-sp-config.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-assertion-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth-2.0-native-sp-config.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-schema-assertion-2.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-schema-assertion-2.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-protocol-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth-2.0-native-sp-config.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-assertion-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-schema-protocol-2.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-schema-protocol-2.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-metadata-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth-2.0-native-sp-config.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-schema-metadata-2.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-schema-metadata-2.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/xenc-schema.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-assertion-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-schema-metadata-2.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/2001/xml.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-schema-metadata-2.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (http://www.w3.org/2001/xml.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:mace:shibboleth:2.0:native:sp:protocols with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth-2.0-native-sp-protocols.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:mace:shibboleth:2.0:sp:notify with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-assertion-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth-2.0-sp-notify.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-protocol-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth-2.0-sp-notify.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:mace:shibboleth:metadata:1.0 with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\shibboleth\shibboleth-metadata-1.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:1.0:assertion with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\cs-sstc-schema-assertion-1.1.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:1.0:protocol with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve cs-sstc-schema-assertion-1.1.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\cs-sstc-schema-protocol-1.1.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\cs-sstc-schema-protocol-1.1.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:2.0:ac with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-authn-context-types-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-schema-authn-context-2.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:2.0:conditions:delegation with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-assertion-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\sstc-saml-delegation.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-protocol-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-schema-ecp-2.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-assertion-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-schema-ecp-2.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://schemas.xmlsoap.org/soap/envelope/ with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-schema-ecp-2.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:2.0:profiles:attribute:X500 with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:2.0:profiles:attribute:XACML with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:attribute:ext with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:metadata:algsupport with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:metadata:attribute with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-assertion-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\sstc-metadata-attr.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:metadata:ext:query with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-metadata-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\sstc-saml-metadata-ext-query.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:metadata:rpi with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-metadata-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-metadata-rpi-v1.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/2001/xml.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\saml-metadata-rpi-v1.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (http://www.w3.org/2001/xml.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:metadata:ui with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-metadata-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\sstc-saml-metadata-ui-v1.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve http://www.w3.org/2001/xml.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\sstc-saml-metadata-ui-v1.0.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : unauthorized entity request (http://www.w3.org/2001/xml.xsd), blocking it
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-metadata-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\sstc-saml-idp-discovery.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:profiles:SSO:request-init with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-metadata-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\sstc-request-initiation.xsd
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:profiles:v1metadata with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve urn:oasis:names:tc:SAML:protocol:ext:third-party with baseURI C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml
2014-11-03 12:53:19 DEBUG XMLTooling.ParserPool : asked to resolve saml-schema-assertion-2.0.xsd with baseURI C:\ProgramData\Shibboleth\SP\xml\opensaml\sstc-saml-protocol-ext-thirdparty.xsd
2014-11-03 12:53:19 INFO Shibboleth.Config : loaded XML resource (C:/opt/shibboleth-sp/etc/shibboleth/shibboleth2.xml)
2014-11-03 12:53:19 INFO Shibboleth.Config : Shibboleth SP Version 2.5.3
2014-11-03 12:53:19 INFO Shibboleth.Config : Library versions: log4shib 1.0.6, Xerces-C 3.1.1, XML-Security-C 1.7.1, XMLTooling-C 1.5.3, OpenSAML-C 2.5.3, Shibboleth 1.5.3
2014-11-03 12:53:19 INFO Shibboleth.Config : building ListenerService of type TCPListener...
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (set::RelayState)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (get::RelayState)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (set::PostData)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (get::PostData)
2014-11-03 12:53:19 INFO Shibboleth.Config : no StorageService plugin(s) installed, using (mem) in-memory instance
2014-11-03 12:53:19 INFO Shibboleth.Config : no ReplayCache specified, using arbitrary StorageService instance
2014-11-03 12:53:19 INFO Shibboleth.Config : no ArtifactMap specified, building in-memory ArtifactMap...
2014-11-03 12:53:19 INFO Shibboleth.Config : no SessionCache specified, using StorageService-backed instance
2014-11-03 12:53:19 INFO Shibboleth.SessionCache : bound to arbitrary StorageService
2014-11-03 12:53:19 INFO Shibboleth.SessionCache : StorageService for 'lite' use not set, using standard StorageService
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (find::StorageService::SessionCache)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (remove::StorageService::SessionCache)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (touch::StorageService::SessionCache)
2014-11-03 12:53:19 INFO Shibboleth.Config : building SecurityPolicyProvider of type XML...
2014-11-03 12:53:19 DEBUG Shibboleth.SecurityPolicyProvider.XML : using local resource (C:/opt/shibboleth-sp/etc/shibboleth/security-policy.xml), will monitor for changes
2014-11-03 12:53:19 DEBUG Shibboleth.SecurityPolicyProvider.XML : loading configuration from external resource...
2014-11-03 12:53:19 INFO Shibboleth.SecurityPolicyProvider.XML : loaded XML resource (C:/opt/shibboleth-sp/etc/shibboleth/security-policy.xml)
2014-11-03 12:53:19 INFO OpenSAML.SecurityPolicyRule.Conditions : building SecurityPolicyRule of type Audience
2014-11-03 12:53:19 INFO OpenSAML.SecurityPolicyRule.Conditions : building SecurityPolicyRule of type Audience
2014-11-03 12:53:19 INFO OpenSAML.SecurityPolicyRule.Conditions : building SecurityPolicyRule of type Ignore
2014-11-03 12:53:19 INFO OpenSAML.SecurityPolicyRule.Conditions : building SecurityPolicyRule of type Ignore
2014-11-03 12:53:19 INFO OpenSAML.SecurityPolicyRule.Conditions : building SecurityPolicyRule of type Ignore
2014-11-03 12:53:19 INFO Shibboleth.Config : automatically blacklisting security algorithm (http://www.w3.org/2001/04/xmldsig-more#rsa-md5)
2014-11-03 12:53:19 INFO Shibboleth.Config : automatically blacklisting security algorithm (http://www.w3.org/2001/04/xmldsig-more#md5)
2014-11-03 12:53:19 INFO Shibboleth.Config : automatically blacklisting security algorithm (http://www.w3.org/2001/04/xmlenc#rsa-1_5)
2014-11-03 12:53:19 INFO Shibboleth.Config : building ProtocolProvider of type XML...
2014-11-03 12:53:19 DEBUG Shibboleth.ProtocolProvider.XML : using local resource (C:/opt/shibboleth-sp/etc/shibboleth/protocols.xml), will not monitor for changes
2014-11-03 12:53:19 DEBUG Shibboleth.ProtocolProvider.XML : loading configuration from external resource...
2014-11-03 12:53:19 INFO Shibboleth.ProtocolProvider.XML : loaded XML resource (C:/opt/shibboleth-sp/etc/shibboleth/protocols.xml)
2014-11-03 12:53:19 INFO Shibboleth.Application : auto-configuring SSO initiation for protocol (SAML2)
2014-11-03 12:53:19 INFO Shibboleth.Application : adding SessionInitiator of type (SAML2) to chain (/Login)
2014-11-03 12:53:19 INFO Shibboleth.Application : auto-configuring ArtifactResolution endpoints for protocol (SAML2)
2014-11-03 12:53:19 INFO Shibboleth.Application : adding ArtifactResolutionService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:SOAP) at (/Artifact/SOAP)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/Artifact/SOAP::run::SAML2Artifact)
2014-11-03 12:53:19 INFO Shibboleth.Application : auto-configuring SSO endpoints for protocol (SAML2)
2014-11-03 12:53:19 INFO Shibboleth.Application : adding AssertionConsumerService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST) at (/SAML2/POST)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML2/POST)
2014-11-03 12:53:19 INFO Shibboleth.Application : adding AssertionConsumerService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign) at (/SAML2/POST-SimpleSign)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML2/POST-SimpleSign)
2014-11-03 12:53:19 INFO Shibboleth.Application : adding AssertionConsumerService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact) at (/SAML2/Artifact)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML2/Artifact)
2014-11-03 12:53:19 INFO Shibboleth.Application : adding AssertionConsumerService for Binding (urn:oasis:names:tc:SAML:2.0:bindings:PAOS) at (/SAML2/ECP)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML2/ECP)
2014-11-03 12:53:19 INFO Shibboleth.Application : auto-configuring SSO initiation for protocol (SAML1)
2014-11-03 12:53:19 INFO Shibboleth.Application : adding SessionInitiator of type (Shib1) to chain (/Login)
2014-11-03 12:53:19 INFO Shibboleth.Application : auto-configuring SSO endpoints for protocol (SAML1)
2014-11-03 12:53:19 INFO Shibboleth.Application : adding AssertionConsumerService for Binding (urn:oasis:names:tc:SAML:1.0:profiles:browser-post) at (/SAML/POST)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML/POST)
2014-11-03 12:53:19 INFO Shibboleth.Application : adding AssertionConsumerService for Binding (urn:oasis:names:tc:SAML:1.0:profiles:artifact-01) at (/SAML/Artifact)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/SAML/Artifact)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/Login::run::SAML2SI)
2014-11-03 12:53:19 DEBUG Shibboleth.SessionInitiator.SAML2 : supporting outgoing binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect)
2014-11-03 12:53:19 DEBUG Shibboleth.SessionInitiator.SAML2 : supporting outgoing binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST)
2014-11-03 12:53:19 DEBUG Shibboleth.SessionInitiator.SAML2 : supporting outgoing binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign)
2014-11-03 12:53:19 DEBUG Shibboleth.SessionInitiator.SAML2 : supporting outgoing binding (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/Login::run::Shib1SI)
2014-11-03 12:53:19 INFO Shibboleth.Application : auto-configuring Logout initiation for protocol (Local)
2014-11-03 12:53:19 INFO Shibboleth.Application : adding LogoutInitiator of type (Local) to chain (/Logout)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/Logout::run::LocalLI)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/Metadata)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/Status)
2014-11-03 12:53:19 INFO Shibboleth.Listener : registered remoted message endpoint (default/DiscoFeed)
2014-11-03 12:53:19 INFO Shibboleth.DiscoveryFeed : feed files will be cached in C:/opt/shibboleth-sp/var/cache/shibboleth/
2014-11-03 12:53:19 INFO Shibboleth.Application : multiple MetadataProvider plugins, wrapping in a chain
2014-11-03 12:53:19 INFO Shibboleth.Application : building MetadataProvider of type Chaining...
2014-11-03 12:53:19 INFO OpenSAML.Metadata.Chaining : building MetadataProvider of type XML
2014-11-03 12:53:19 DEBUG OpenSAML.MetadataProvider.XML : using remote resource (http://www.testshib.org/metadata/testshib-providers.xml)
2014-11-03 12:53:19 DEBUG OpenSAML.MetadataProvider.XML : backup remote resource to (C:/opt/shibboleth-sp/var/cache/shibboleth/testshib-two-idp-metadata.xml)
2014-11-03 12:53:19 DEBUG OpenSAML.MetadataProvider.XML : loaded initial cache tag (If-None-Match: "100cbb-4ba1-4e1a76d51d5d9")
2014-11-03 12:53:19 DEBUG OpenSAML.MetadataProvider.XML : will reload remote resource at most every 180000 seconds
2014-11-03 12:53:19 INFO OpenSAML.Metadata.Chaining : building MetadataProvider of type XML
2014-11-03 12:53:19 DEBUG OpenSAML.MetadataProvider.XML : using remote resource (http://idp.cafesoft.com/idp/shibboleth)
2014-11-03 12:53:19 DEBUG OpenSAML.MetadataProvider.XML : backup remote resource to (C:/opt/shibboleth-sp/var/cache/shibboleth/idp.cafesoft.com-metadata.xml)
2014-11-03 12:53:19 DEBUG OpenSAML.MetadataProvider.XML : will reload remote resource at most every 180000 seconds
2014-11-03 12:53:19 INFO OpenSAML.Metadata.Chaining : building MetadataProvider of type XML
2014-11-03 12:53:19 DEBUG OpenSAML.MetadataProvider.XML : using remote resource (https://openidp.feide.no/simplesaml/saml2/idp/metadata.php)
2014-11-03 12:53:19 DEBUG OpenSAML.MetadataProvider.XML : backup remote resource to (C:/opt/shibboleth-sp/var/cache/shibboleth/openidp.feide.no-idp-metadata.xml)
2014-11-03 12:53:19 DEBUG OpenSAML.MetadataProvider.XML : will reload remote resource at most every 180000 seconds
2014-11-03 12:53:19 DEBUG OpenSAML.MetadataProvider.XML : loading configuration from external resource...
2014-11-03 12:53:19 INFO Shibboleth.Config : reload thread started...running when signaled
2014-11-03 12:53:19 INFO XMLTooling.StorageService : cleanup thread started...running every 900 seconds
2014-11-03 12:53:19 INFO Shibboleth.SecurityPolicyProvider.XML : reload thread started...running when signaled
2014-11-03 12:53:20 INFO OpenSAML.MetadataProvider.XML : remote resource (http://www.testshib.org/metadata/testshib-providers.xml) unchanged, adjusted reload interval to 180000 seconds
2014-11-03 12:53:20 INFO OpenSAML.MetadataProvider.XML : using local backup of remote resource
2014-11-03 12:53:20 INFO OpenSAML.MetadataProvider.XML : loaded XML resource (C:/opt/shibboleth-sp/var/cache/shibboleth/testshib-two-idp-metadata.xml)
2014-11-03 12:53:21 DEBUG OpenSAML.MetadataProvider.XML : loading configuration from external resource...
2014-11-03 12:53:21 INFO OpenSAML.MetadataProvider.XML : reload thread started...running every 180000 seconds
2014-11-03 12:53:22 INFO OpenSAML.MetadataProvider.XML : loaded XML resource (http://idp.cafesoft.com/idp/shibboleth)
2014-11-03 12:53:22 DEBUG OpenSAML.MetadataProvider.XML : backing up remote metadata resource to (C:/opt/shibboleth-sp/var/cache/shibboleth/idp.cafesoft.com-metadata.xml.58d8)
2014-11-03 12:53:22 DEBUG OpenSAML.MetadataProvider.XML : committing backup file to permanent location (C:/opt/shibboleth-sp/var/cache/shibboleth/idp.cafesoft.com.org-metadata.xml)
2014-11-03 12:53:22 INFO OpenSAML.MetadataProvider.XML : adjusted reload interval to 180000 seconds
2014-11-03 12:53:22 DEBUG OpenSAML.MetadataProvider.XML : loading configuration from external resource...
2014-11-03 12:53:22 INFO OpenSAML.MetadataProvider.XML : reload thread started...running every 180000 seconds
2014-11-03 12:53:23 INFO OpenSAML.MetadataProvider.XML : loaded XML resource (https://openidp.feide.no/simplesaml/saml2/idp/metadata.php)
2014-11-03 12:53:23 DEBUG OpenSAML.MetadataProvider.XML : backing up remote metadata resource to (C:/opt/shibboleth-sp/var/cache/shibboleth/openidp.feide.no-idp-metadata.xml.57f4)
2014-11-03 12:53:23 DEBUG OpenSAML.MetadataProvider.XML : committing backup file to permanent location (C:/opt/shibboleth-sp/var/cache/shibboleth/openidp.feide.no-idp-metadata.xml)
2014-11-03 12:53:23 INFO OpenSAML.MetadataProvider.XML : adjusted reload interval to 180000 seconds
2014-11-03 12:53:23 INFO Shibboleth.Application : no TrustEngine specified or installed, using default chain {ExplicitKey, PKIX}
2014-11-03 12:53:23 INFO Shibboleth.Application : building AttributeExtractor of type XML...
2014-11-03 12:53:23 DEBUG Shibboleth.AttributeExtractor.XML : using local resource (C:/opt/shibboleth-sp/etc/shibboleth/attribute-map.xml), will monitor for changes
2014-11-03 12:53:23 WARN Shibboleth.AttributeExtractor.XML : attribute mappings are reloadable; be sure to restart web server when adding new attribute IDs
2014-11-03 12:53:23 DEBUG Shibboleth.AttributeExtractor.XML : loading configuration from external resource...
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : loaded XML resource (C:/opt/shibboleth-sp/etc/shibboleth/attribute-map.xml)
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.18.0.2.4.318
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute https://www.cafesoft.com/attributes/idpName
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute https://www.cafesoft.com/attributes/idpCredential
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonPrincipalName
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.6
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonScopedAffiliation
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.9
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonAffiliation
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.1
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonEntitlement
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.7
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:eduPersonTargetedID
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:1.3.6.1.4.1.5923.1.1.1.10
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:0.9.2342.19200300.100.1.1
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:uid
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:oid:2.5.4.3
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : creating mapping for Attribute urn:mace:dir:attribute-def:cn
2014-11-03 12:53:23 INFO Shibboleth.Application : building AttributeFilter of type XML...
2014-11-03 12:53:23 DEBUG Shibboleth.AttributeFilter : using local resource (C:/opt/shibboleth-sp/etc/shibboleth/attribute-policy.xml), will monitor for changes
2014-11-03 12:53:23 DEBUG Shibboleth.AttributeFilter : loading configuration from external resource...
2014-11-03 12:53:23 INFO Shibboleth.AttributeFilter : loaded XML resource (C:/opt/shibboleth-sp/etc/shibboleth/attribute-policy.xml)
2014-11-03 12:53:23 INFO Shibboleth.Application : building AttributeResolver of type Query...
2014-11-03 12:53:23 INFO Shibboleth.Application : building CredentialResolver of type File...
2014-11-03 12:53:23 INFO XMLTooling.SecurityHelper : loading private key from file (C:/opt/shibboleth-sp/etc/shibboleth/sp-key.pem)
2014-11-03 12:53:23 DEBUG XMLTooling.SecurityHelper : key encoding format for (C:/opt/shibboleth-sp/etc/shibboleth/sp-key.pem) dynamically resolved as (PEM)
2014-11-03 12:53:23 INFO XMLTooling.SecurityHelper : loading certificate(s) from file (C:/opt/shibboleth-sp/etc/shibboleth/sp-cert.pem)
2014-11-03 12:53:23 INFO Shibboleth.Listener : registered remoted message endpoint (default::getHeaders::Application)
2014-11-03 12:53:23 INFO OpenSAML.MetadataProvider.XML : reload thread started...running every 180000 seconds
2014-11-03 12:53:23 INFO Shibboleth.AttributeExtractor.XML : reload thread started...running when signaled
2014-11-03 12:53:23 INFO Shibboleth.AttributeFilter : reload thread started...running when signaled
2014-11-03 12:53:23 INFO Shibboleth.Listener : listener service starting
2014-11-03 12:53:28 DEBUG Shibboleth.Listener [1]: dispatching message (default::getHeaders::Application)
2014-11-03 12:53:31 DEBUG Shibboleth.Listener [1]: dispatching message (default/Login::run::SAML2SI)
2014-11-03 12:53:31 DEBUG XMLTooling.StorageService [1]: inserted record (14a7bdfdb3e8bc478a2d6febb7264571d716571dd1774429ca080d533d44f1fb) in context (RelayState) with expiration (1415045011)
2014-11-03 12:53:31 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]: validating input
2014-11-03 12:53:31 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]: marshalling, deflating, base64-encoding the message
2014-11-03 12:53:31 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]: marshalled message:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://sp.cafesoft.com/Shibboleth.sso/SAML2/POST" Destination="https://idp.cafesoft.com/idp/profile/SAML2/Redirect/SSO" ID="_0502c6f83195d2cc35c5206803d71ab6" IssueInstant="2014-11-03T19:53:31Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sp.cafesoft.com/shibboleth</saml:Issuer><samlp:NameIDPolicy AllowCreate="1"/></samlp:AuthnRequest>
2014-11-03 12:53:31 DEBUG OpenSAML.MessageEncoder.SAML2Redirect [1]: message encoded, sending redirect to client
2014-11-03 12:53:31 DEBUG Shibboleth.Listener [1]: dispatching message (default/SAML2/POST)
2014-11-03 12:53:31 DEBUG OpenSAML.MessageDecoder.SAML2POST [1]: validating input
2014-11-03 12:53:31 DEBUG OpenSAML.MessageDecoder.SAML2POST [1]: decoded SAML message:
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://sp.cafesoft.com/Shibboleth.sso/SAML2/POST" ID="_42ded4c4a9e269d9b55d1416c80425b3" InResponseTo="_0502c6f83195d2cc35c5206803d71ab6" IssueInstant="2014-11-03T19:53:31.890Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.cafesoft.com/idp/shibboleth</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_4ba4a94044c8eb4c304ef85565fbbb76" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey Id="_9e641295494434e57c978388c8e9b237" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/></xenc:EncryptionMethod><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDJzCCAg+gAwIBAgIJAOr6nFVmwgKVMA0GCSqGSIb3DQEBBQUAMCsxKTAnBgNVBAMTIHdpbjIw

MDgud2luMjAwODY0Yml0LmNhZmVuZXQuY29tMB4XDTE0MDcxOTAwMDEwM1oXDTI0MDcxNjAwMDEw

M1owKzEpMCcGA1UEAxMgd2luMjAwOC53aW4yMDA4NjRiaXQuY2FmZW5ldC5jb20wggEiMA0GCSqG

SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJL9Wtpztig601ZhbKF0kBIZ0hQ5K5ApodjWgrvBmrFljw

XKSRmbDN4QhaVtwjsM0TywYsLdQ3Mi/ZGXQQX1inXsLKuXyPspdQHkJ2at77ywZ8MIDOsanFPKfT

0GJ4C1oxXrG4QRwCTYoS8ZZJw54SRh8aVZR+ZZyXfJ8AlAiCbzne3h5xiD4X7Z0suhhT4OnKTkF5

xtcCo65Zy7SLJq7aRo3LntrZYtA3o8hMmcE03y9RbpE/XKSCQJhKtGXM68CtL1ZnjnKhIKcxG79/

FcnQby8k05clhzJSrt/i2lNaKsVIBIiHwpQwxmC0Yjtkxy5gznxQBR9VZnvL/0TrU6QPAgMBAAGj

TjBMMCsGA1UdEQQkMCKCIHdpbjIwMDgud2luMjAwODY0Yml0LmNhZmVuZXQuY29tMB0GA1UdDgQW

BBRnH4srWfBfkxEJcDgFmJ9tlBmk3zANBgkqhkiG9w0BAQUFAAOCAQEAPgJmU78p/OShoaopaXl5

f8bosNNJ3C8pX+YHOYQGLNv4K7AuD52NZmy3Nq0UTkua+UZ0nDQO2Mqijx7bhbiCxhTKT+WLQXrH

Bh54+lhf/ECBz6EnXFxY6DUXrFSvVOnou/MA5k3uIXHiQ4uX01Q4IByAFNcq5VrBiQgiY6f6wrqa

0vX6vZGgmLeSMgRtI8l+DwPFhvYsH6kTYoASLqrZfwhdYaUCdwQQf6E5N5DbWucwMZbWSqKjxmYE

BtRQky8Z7oWcyucdvhT/g53iRAaGkQTrUbGg+6d8sZIPsrn5y2dJDp8N92lI+fTKiqOFmPr28c0z

SFCjSdlGTAH0sA+aBA==</ds:X509Certificate></ds:X509Data></ds:KeyInfo><xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:CipherValue>N3YqK3oyaPueaPkRj87WHXDPZZ3MMH6ut3cLRuPFvHr8UnvzY4JbcOHGwEi6nFwD0q3TvVRwY98jqAlIdB01S9NHiTSxJhKQedALd/5JMOUnIS0+8loRwLocrpmIMpxKL7Nyewh0zv2RTfxRVlSGUXSshsFbFG+SasRAu9TU4RKIc+I/37kbIUy8QIbtrSQBxJPpVYs5pOnUblRwcNWaluFgTmayUA7syDUkoGyporblmD5Mkk0f+z6zco6GeKDGu+J2aD8f2eXUMZUAzc01MVP5W9WSQhW4X22F0QLy4N4cSRVF+rvm2j5e9EmNxQeH18xtmqS65xL2EdkvedAqAg==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:CipherValue>dGLhkQsqMOkjOQv3G8HKe5cV+Tp7aVdeB5OBVNCr8mJWPolmz6qt7p0rofKUFxCBfwPpSDyFbW1GQUKF7beFYFcy84xs7H5ylDophw5CT8rbWz6M+jBpVY8Cw4Xhmzk1QZLM0QI1esC554CNTGjuqUhrh/floAHTJzsSgeO03n/uUx2YfxLRgcsTPZecp6+rjivWQjWTEi2G0vEKSnXzqk628Tb9e2eewBeoB79FXED+6TssLlg45b9MIkNfoVgDEZCQYdqhH/gi6q08YJ6zSvqv/J+EQsAzZPpsppj2zAQuZBmrc1FIO3ui6f5cGudZ6w9pOW1sl+/+Sbw7iTfiDkUvXEIWFge6y/Zk66PZN8P9eyn4DW9bjBjvFBUazTZiYumVcBqvBQX4BkL0pyIbjt2HIs1boJKJ8jMN0XXrldCbybgzZkxd0lT4M1bwfhrTCfteySK9dF2ahUnQpYUb7oipPlDwOyIsUYlAo7xBS8ExxPXlfARZKwJSzKegoMC0cGKkb6lUgzVwwHY5DXmIJV+M5fiJ4PCL+5mPShq6LuXkYIaLrBR2ZJR3MKu7L2VmLmOlvWgtcstBbnfmLOwAVTL58mDXQ+jfLEOb5qpt0gpDB8pAoPmx9O/9s04W/Rk7fxqAp17QkqX7QS4w5NwW3sgaiPapFHASo2BPAoxrJiaNRWsWp0NVXJ6tICEtieMzSjQltWAxsUMqcFplEgoSafbrKmiNi6iojas2bdEbp//bNGE2s3Lxm3ca/wdfafWFIuHSNEGkAikTSDmDH9ibKG30G9yhU17VF15VgVAPnvVgtdxkk8GZra8U62WK7fLrAxvGIxN7FTIcj4T7YOdIIZCMxwhgV7ykaw6o0sdufOj1xrEMrrGGliNvdFk57SNNUwb6dk3TplZslq9zVsFowfbWxTIGOAQzU3o3iOR16b5Cre8a5JQVn+1J1evRzLLIlbkH1aRB9R/zi8pdv9UUg2f4aRa5AOgmfwuuVUWtIv/yeS5qbwXxdt8zUOjUa0j288PwiELiMCTNEuE8mnB+cE44+ISlkmmxfGhnGpkYicuSR9xsxbPtrxxx85kg2W6+uLZawon7O+5W/RtHYRAQqX6ILZxvKQK/jbyLlZ6ovQFAJbqlMgj88yCF3s8TAktRSkae3BC1oXbHBLE/gi2siNY8lWNcO76hWD+ShIpFmqA+dTqGChn0ECLELD+uqp0jBfrATeenwhzzURY23KvtZ8tSzyIiy1cBxJtKtadnA0R6Rf7zMLByy5tczIGmV2O4imF/WeDW7G1FpUwnoSn/QeBgAaSZNOpFm+Mgea6xu/9x9Z9n4nZn+OvGMxkaxeY3shdcdOw1SXydikn1npwhtd8H1Vo9eN1ZEwZbw/Nmv7fuwE2yIYYSdLqSI12HDEN/VVWmrgWooUHDL+iSiBryrSgPlS1A7q0I+PMHIZe4qWJKDsCKk3cJuWsLN+L5u5R9eAVrqI6wlUoob1r4At4wAEyoH8Fab1BmQZ9cx+mQVQm5dEwXNm10yYb+4ehC8vUOZiZ9tnKUnm1Phlrx9ZOObt2PukZZdFVhkBp/fLDwzCDIiWlwdMfKg7iKdRHMosxLY1Y2GDEpBcdMVqDLA9l7jR/t7csB/oIyu/R6oGwgynq3t5IgBBWvAJgYCbiR9CijiQ290pDCkCRYRMAYCeyBr2Pc4BjopAgRIiL3vQJWYcCBoUebHTmHgqr1a4ehstQvOo3EagfRbiKHyXGdTQ65pSZc/3wIz4Uqk5OTYz31BOYHDGiax4qizBrwT3YKm7NF9+d4fwnnWJYijxyUTqmxNiAd13C1a+wNgUFp+Jl9eLiCdZka93ihOsM+aEsafa6X6TJfFYpZcSzaUaoeX0nh6o1WAUlDi0/AexHjgXyGJ1psWfYG8SYi88GXaxGcsA+f5SfEef+P/bDtY/SJINEtlhZirf6HzUHTVJbJGOczzVcx3cM+ujSDhprU5vVyrxD0CDolqWrrO/fSZzYPILAzTHcbethJfZKI0DoT5See/2u7e41Acw4g71/wAxCsqGyh9U9FgC6iBHgC5qWLl4/cTHJI6EpBg+lrENQABQM224k2VdM3V3nosfmOfw438ZT4hNKfH4+lUxgb0O3N606NXXCYqEQ/v7aiDl4MpXRQjTCKn9fJtLx+ymLQVzRKLpRCeeM4Cj+DTLUHo+QYegxqQU5ctlKS3iuqzI58eJjgxQBsV7yVh1iZPBZkXm/7MtAkLBps0dsUIOng+OlS0/iOqk+95PkW7NHJpV1vZgnfiEMiapnx16GGliJPEJU5vqxPF1eJJYiUha7+3z2ptxsISE6h4D8xGmK9ZGd0ibD7pp6BTo+YgIhaocgU/X3JkxHh43BnOxwNto0RBJpTvZ4GEcIH/Jl7kU55fpnUVF4JEY65D7S74KT6fbb/9DYpDiBtAqs9COURckKrkWRbaM26K83NxMgKG1059uLqw6fk/U8m+uzDYn650M0gmnC1YbGzHQATU+dZw4k4ntbKf1ERZBElXT8zoo8unRABbC4Xt+fdv/tRq0hB3E4IDyrTaidRxUvg6fAaah1Nj7wbRp/cakCDPkfQ2203Zu0ibH68DHPTzinp9UhXVSVgUg4kjmXLS7c/8srSSpiLG/9ahUyPvIN6CSMH1nQQFF4Y9+IhoMoH2QdEnM3jseUbWMcN1L/W4KwkFvV1OJM/dk1a+cKQdxO4bKNCbffYpJACI4nOi90tcd2kOC1Z7VozI5W930IbpDWn85Cy+B9OH4IsTppSqaOFujdnI6JP40//66r/oUyj1NOlPmisCALk2HxLQQwIR7z9mjZ74Zj7ljnbMwsLeEYtww01qcdBu1A26kpl2vUU2dg/gX7aWfWpNKcDFW3/8JxqqQz/cnBPF/GthG7bHIaRC7Gx1pIaLzEEkwqfHD9KQ0qwaIKByYvjSjtE1yJI/mMw7dMxIatz/7bLjizxTuz7yUfMv8cltA3QstQrOCb1nW5Rzz7trqywF/g6gmfr5ruhHLcfsaThPtYkXPy0PznYcp1PMTs8URGK9r7WhUAm0s5cFxpxnMF72gsTl9/mKs9SFG8D9nhkroiVnuJJ1rTAYfFN4XgAd9H6PDN0Jh7EiHBeR0EmzE8sy/nANpshMBFRQuIWiF0N+K2ftoJA15GRM3f4tOebfUwWIvTggak4NYWk6cVWJ5LYpxsM1HVNhvipqedv20ZzvTh72xCtG15cxtBv0ndeG6mS4W4NG+FRCgRjiSHMYVLy+QdbWNAe+b9h+uOAlSJJcNXxNvNyaGV2OglCrPJTVMP3fWKF+/N04TvVl8cqG6wlDjdEpt+uhqCVzkwu2Wip06abA3ls/knE6Zm9RwS0qQs3DrxbQuR/NhLCg7rHb1yNrgoOnnEVdja6MWp/5q71mIY8aboRMXtRwf9UwhcBPVPYG83+iT/0VxXlE4oIu2mJxe5ecQ0Gf6ZLAh08NWMXmIxc/2KLXCY0zFas7nbUUNfTQCyTJ+HqXZN28C0F1wxGV64zvx0+gzJ8AL06I1inpAr9HK7fD+VgLqY866jszil9PEwgQZbzazyJHEQylo3rQGDwydGLpQ/sR51kmamwfoIAPcD1T319y707eu9v5zBNzIBEPtytF9n6Hc1UFb97Qn8BnVN2IBtflMEDeacEA/dUc3f0DTovxfuqodKMtc+DzYEiSHl99IfUQLAa4TKlgjT57ZyLwVnTV9mTjWY1v63IEiQA46VrF28e6J9VL/OJPdS5Z2+SSaypCkf2HTePZbmeRxPjloZy1CBvUCbgi0Olw9nWLx6zkZ+T9QQe3Dw3YfDpaZoKglEwfVvjwTa0BJ2iu2yXCNpbCDP1b5tLGh0r8TAzzJRj0bGESEQIpj/fjeUWU7Ap2/9PFtpHBFvdLeO/GE/DHLXyICx/TMTxXWcl0nPUm0syKPp9OBN7TmlW2Xv0Yy9AKLnfV+qoHES4USva+ze4J69tTRbiZGWzdpG+L2xNXRFuwrgGmYLk2YKJZFIU0Dx3tIMvJm9ENhmAYK+QMGKUQQQ0BPj80997RULjRKhyP+fzOs5UvDVQHGZKWpbmGskzwQQ2B+jHbYIKlGczB4HE7hfXBcu6n4yxvQTPZfWAj0k8hJfaIGkwUUfucW5kYTRBD/KIG2iFw7BW+St7iH4txlmQingAdKlNOXdR9LzBTsYHbMdqDsfmgmNyHVxCerFQvFPRsVxARKN988OZw9VHZp2gZP16G5NRFLKC+K9DhQQX39R8/cD/mTmvI21LaEzbRsMTVzUNmesTa0/ogiL8TqqsCyfwnveJk35O0gQeSb+D+uiH8rg4JZZd8j2uuwmA1MkYla1M1w0gkFp9GPm+Q26TejXj8+/dGxPtsjY2G5LYyx29AovXTABI01yqe79NOqyAdnMjy3kdo31YfHiEM+GAqos2cycUGWSYe8XLwerkX2JaNGJbbk9otiydEuaXp+dF3U/rlk5/7U/NanI4RuyqDwqWqyGkThvqq1e0+n7iB77KBTgD7ok/P/X/ED3u6UV246/BQ7zRsW4qGAR8MMAYs42S0110hPJg4FeH5+Se/Fogo7lcBV/R9Q59jfT5bhYrVcw7KgWSn96bBTKEFLzKxSIXLkdhNpHz/zBcPVwI0UdG7fmOAgWyLa0aQUUuUpegpM1CJvKXnNrE0vL3Dl5cyFRhpsrsrepV+LIuuykY85A6w8YyCGhBqsJ8sT+uLR9dczfjA6d9R3ZDRGCBTqNZElH/+PVWnc1OzamGhvrBvmKQPuo7TTyBTFMhsmgNg1lr8p45Nf4AruQohpugXkEkLLgwBYFVlJ/xXwYURfFt18rDp7OmnVaLZLVfhuDbLvQAXIHAKW8Rs2PHZw+2aYduJhvO/Kfp5pDuF9lgVI0nqLMUA7OE0er/gLr2mu7IK0V3cXA+AUbKy8Tj2QTq1NxDcPh9MMDBuTz+jXDwt8kOpBd0vVFnnr9fl1RhHxBnY1mZ63SDaHr4nTo6fj8U7tN+T9lM3WIzKyUlUfKpalEMv8ZmItAkO0yks4qUcpQRei9S/ESc5fd3Z2oOUvHpbGQVvekECG7dN9/OcykU4DJGqx6M3iQ27B7ZZi5j7yYIvgY1z2V6ZpfLYSt75WSf2GYv+O/Q/6S7x3ZqI1zqVvjRANTPpD4OUY3DM8bL3ID/tueIAu+uEioyjxch5N6U4kYWmxC/pg4Uh2NFvDBaoj/d3sgfsjBVK6101vIAH3Vm2ByW8nZk31t/oKZAGeC+lKdF8F92A+6c2tPNVMQTECl2R7+Up1O3QuRrXYm7H+GXx/nmFyvvKDeWitboz6rScCkONuFda5hq2j0m8fQ+F50iTHfyZB0Q8ETh01eI2VmB8bi4pR2/zxN8nwxAuwMWI34rHAKG2SPgIVq4vcLHpNltt+IsUXsRkSWiYIqDi5umMoKnfWmu3aIBWBatB+YN1fslFrF5/2FjnCwZxGM+LA==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></saml2:EncryptedAssertion></saml2p:Response>
2014-11-03 12:53:31 DEBUG OpenSAML.MessageDecoder.SAML2 [1]: extracting issuer from SAML 2.0 protocol message
2014-11-03 12:53:31 DEBUG OpenSAML.MessageDecoder.SAML2 [1]: message from (https://idp.cafesoft.com/idp/shibboleth)
2014-11-03 12:53:31 DEBUG OpenSAML.MessageDecoder.SAML2 [1]: searching metadata for message issuer...
2014-11-03 12:53:31 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [1]: evaluating message flow policy (replay checking on, expiration 60)
2014-11-03 12:53:31 DEBUG XMLTooling.StorageService [1]: inserted record (_42ded4c4a9e269d9b55d1416c80425b3) in context (MessageFlow) with expiration (1415046271)
2014-11-03 12:53:31 DEBUG Shibboleth.SSO.SAML2 [1]: processing message against SAML 2.0 SSO profile
2014-11-03 12:53:31 DEBUG XMLTooling.CredentialCriteria [1]: key algorithm didn't match ('AES' != 'RSA')
2014-11-03 12:53:31 DEBUG Shibboleth.SSO.SAML2 [1]: decrypted Assertion: <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_cf9e90e1777c9f9782fed2bbe6bc1ea5" IssueInstant="2014-11-03T19:53:31.890Z" Version="2.0"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.cafesoft.com/idp/shibboleth</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://idp.cafesoft.com/idp/shibboleth" SPNameQualifier="https://sp.cafesoft.com/shibboleth">_76337b90b5b49988c03933e3e4b6a126</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData Address="65.129.69.230" InResponseTo="_0502c6f83195d2cc35c5206803d71ab6" NotOnOrAfter="2014-11-03T19:58:31.890Z" Recipient="https://sp.cafesoft.com/Shibboleth.sso/SAML2/POST"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2014-11-03T19:53:31.890Z" NotOnOrAfter="2014-11-03T19:58:31.890Z"><saml2:AudienceRestriction><saml2:Audience>https://sp.cafesoft.com/shibboleth</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2014-11-03T19:44:11.717Z" SessionIndex="_f2831099e9b709fd12458af907007576"><saml2:SubjectLocality Address="65.129.69.230"/><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute FriendlyName="eduPersonAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">member</saml2:AttributeValue><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">alum</saml2:AttributeValue><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">faculty</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName="principalName" Name="urn:oid:1.3.18.0.2.4.318" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">goober at cafesoft.com</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:example.org:entitlement:entitlement1</saml2:AttributeValue><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:example.org:entitlement:entitlement2</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName="idpCredential" Name="https://www.cafesoft.com/attributes/idpCredential" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">goober</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName="idpName" Name="https://www.cafesoft.com/attributes/idpName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">cafesoft</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion>
2014-11-03 12:53:32 DEBUG Shibboleth.SSO.SAML2 [1]: extracting issuer from SAML 2.0 assertion
2014-11-03 12:53:32 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [1]: evaluating message flow policy (replay checking on, expiration 60)
2014-11-03 12:53:32 DEBUG XMLTooling.StorageService [1]: inserted record (_cf9e90e1777c9f9782fed2bbe6bc1ea5) in context (MessageFlow) with expiration (1415046271)
2014-11-03 12:53:32 DEBUG OpenSAML.SecurityPolicyRule.BearerConfirmation [1]: assertion satisfied bearer confirmation requirements
2014-11-03 12:53:32 WARN Shibboleth.SSO.SAML2 [1]: detected a problem with assertion: Unable to establish security of incoming assertion.