Issue with upgrade 3.3 to 4.1 no attributes released
Powell, Keith A
PowellKeithA at uams.edu
Fri Nov 12 16:05:15 UTC 2021
Well we are using the SAML 2 plugin for CAS as an SP in the InCommon federation to hook into several application in CAS, so I would expect there to be some SAML involved.
I was a little short on time the other day and did not have time to pull out the whole debug for the session conversation which I am providing here as I am not seeing where I should be troubleshooting. I would appreciate help in looking at this to see if something sticks out as something that I need look further into.
Also, FWIW, it's all SP's not just CAS SP's that we are experiencing the issue of not returning attributes. I posted follow-up before your first response that indicated so SAML decoding issues.
The only thing different with other SP's is we see something like this after the last entry:
2021-11-10 13:27:52,960 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:88] - Decoded SAML relay state of: null
2021-11-10 13:27:52,961 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:117] - Getting Base64 encoded message from request
2021-11-10 13:27:52,961 - ERROR [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:124] - Request did not contain either a SAMLRequest or SAMLResponse paramter. Invalid request for SAML 2 HTTP POST binding.
2021-11-10 13:27:52,961 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:73] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: No SAML message present in request
at org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder.getBase64DecodedMessage(HTTPPostDecoder.java:126)
2021-11-10 13:27:52,962 - WARN [org.opensaml.profile.action.impl.LogEvent:101] - A non-proceed event occurred while processing the request: UnableToDecode
2021-11-10 13:27:52,962 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:142] - No SAMLBindingContext or binding URI available, error must be handled locally
Here is the debug:
2021-11-10 12:13:08,938 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:88] - Decoded SAML relay state of: https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1
2021-11-10 12:13:08,938 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:117] - Getting Base64 encoded message from request
2021-11-10 12:13:08,940 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:96] - Decoded SAML message
2021-11-10 12:13:08,941 - DEBUG [PROTOCOL_MESSAGE:124] -
<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1" Destination="https://shibboleth.uams.edu/idp/profile/SAML2/POST/SSO" ForceAuthn="false" ID="_lfskrohz0yd34xv0girdczvgmbkmkz5ectuxmom" IsPassive="false" IssueInstant="2021-11-10T18:13:08.811Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="pac4j-saml" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://dcocsso.uams.edu/cas/login</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_lfskrohz0yd34xv0girdczvgmbkmkz5ectuxmom">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<ds:DigestValue>s7wru2979haGSkGj6oBjJXSZ7Hh6/wm+jQ4f+RcIrjbvktEXeXH97Yy+vrXfXB07oFB036haRnWX
pFmxP7qTIw==</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
SKozg4X/8PMEjvasekDrZm0H1Pd9je7aTdaXDFiiFlkYuIEBHoqvpfNp1suLcP9h8qRbZHXm/H5B
WjTQL1j6pB887H55FRfOJ2yj/4D865yDpZxqmYpxjIISvGF5tRo85aMv2L9tnBIlwXBpqWqM2UQy
pjJVRsb/jSc3v4QAvYc+2z+/zZFN1009xJFx8G64wiWD+tqv6fp/BfTUrZIGpX6EbhenVazfkYFI
upC6h6O0jITVM7imX03Ml0SdmiBIw5uZrfaoc2iGnURNUy1FNX574xqz/QrYSb3rYSrc9wInM4Av
OP0YJuBz8TkGnHFbpekP4p1v/kWUE5hw5qVm8w==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIID7TCCAtWgAwIBAgIENfFYZTANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCVVMxETAPBgNV
BAgTCEFya2Fuc2FzMRQwEgYDVQQHEwtMaXR0bGUgUm9jazE0MDIGA1UEChMrVW5pdmVyc2l0eSBv
ZiBBcmthbnNhcyBmb3IgTWVkaWNhbCBTY2llbmNlczELMAkGA1UECxMCSVQxKzApBgNVBAMTImh0
dHBzOi8vZGNvY3Nzby51YW1zLmVkdS9jYXMvbG9naW4wHhcNMTcwMjA3MjEwNjIxWhcNMjcwMjA1
MjEwNjIxWjCBpjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCEFya2Fuc2FzMRQwEgYDVQQHEwtMaXR0
bGUgUm9jazE0MDIGA1UEChMrVW5pdmVyc2l0eSBvZiBBcmthbnNhcyBmb3IgTWVkaWNhbCBTY2ll
bmNlczELMAkGA1UECxMCSVQxKzApBgNVBAMTImh0dHBzOi8vZGNvY3Nzby51YW1zLmVkdS9jYXMv
bG9naW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCClBVErx/FQ462OltaxbLlHPnE
32UdWR0olZjSi093q7jRXbC9FE74/Y2ic/ci/LF9zdfcBRKGkUdKzJi8wTBtJLxW5df5wTiiMB4e
WWBxpKKMsvHuVOewXxH28+Np3w4leHcDlJ6K/J2f/2X+xf1j5HBUJOuOns/DgeDd2+zBnyGOxGDu
eKVHeLf0ITd403TlAOtqhAhstY/lWP2UBL3TysmNpY7qoYTEllEuj92wwf6mZ1J9kL7k3FJlcN9H
KhTP5VBbv3W7gJj1j1B6c4S3l5TLCSHY3MZQW+JyWmepJtG8lKd11W2tLhOkX5t9JSsRivmBhW9S
a+EYKhBKGjMzAgMBAAGjITAfMB0GA1UdDgQWBBTFcDuMWsJhpHr3Li8sWYdcSaCM6zANBgkqhkiG
9w0BAQsFAAOCAQEAOaE4UAxzA3paIwxwH7lu8+59B3x7gb0kMGEMac01t1Mnwx1YVWuL/d9oQn5o
64IDUW5mj0DLRpw0wxbCu3UkVdQl1IY/7jPRtx6+WQjh6XbsqItifumsOtmDBeaAzS8D20HSDSJq
1yHnVuUlVGT9kL4SfRVs38I+PB/kvPPfJwrzRdVy5jEDHHPcz/+ux53kfOlDba+/wab6YY+ZSCqB
mpWLmm26+nm+mRDXvfIB1eMQhm32EzjcHMvCZfNYI9bQwv4Ibf5jq7K6djAbeYdFjEy3TSNZ2d0d
Or5yOK1Aaxs5L8TyCRw8A0Q+cXUJg9aJFpjVAzqwcogfyGY+qAdwkg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</saml2p:AuthnRequest>
2021-11-10 12:13:08,968 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:178] - Metadata Resolver FileBackedHTTPMetadataResolver URLMD: Resolved 1 candidates via EntityIdCriterion: EntityIdCriterion [id=https://dcocsso.uams.edu/cas/login]
2021-11-10 12:13:08,968 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:610] - Metadata Resolver FileBackedHTTPMetadataResolver URLMD: Attempting to filter candidate EntityDescriptors via resolved Predicates
2021-11-10 12:13:08,968 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:632] - Metadata Resolver FileBackedHTTPMetadataResolver URLMD: After predicate filtering 1 EntityDescriptors remain
2021-11-10 12:13:08,969 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:267] - Resolved 1 source EntityDescriptors
2021-11-10 12:13:08,969 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:277] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-11-10 12:13:08,969 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:378] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-11-10 12:13:08,969 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:400] - After predicate filtering 1 RoleDescriptors remain
2021-11-10 12:13:08,969 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:183] - Message Handler: org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-11-10 12:13:08,971 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:154] - Message Handler: Selecting default AttributeConsumingService, if any
2021-11-10 12:13:08,971 - DEBUG [org.opensaml.saml.metadata.support.AttributeConsumingServiceSelector:186] - Resolving AttributeConsumingService candidates from SPSSODescriptor
2021-11-10 12:13:08,971 - DEBUG [org.opensaml.saml.metadata.support.AttributeConsumingServiceSelector:141] - AttributeConsumingService candidate list was empty, can not select service
2021-11-10 12:13:08,971 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:163] - Message Handler: No AttributeConsumingService selected
2021-11-10 12:13:08,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:156] - Message Handler: Checking SAML message intended destination endpoint against receiver endpoint
2021-11-10 12:13:08,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:188] - Message Handler: Intended message destination endpoint: https://shibboleth.uams.edu/idp/profile/SAML2/POST/SSO
2021-11-10 12:13:08,978 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:189] - Message Handler: Actual message receiver endpoint: https://shibboleth.uams.edu/idp/profile/SAML2/POST/SSO
2021-11-10 12:13:08,978 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:202] - Message Handler: SAML message intended destination endpoint matched recipient endpoint
2021-11-10 12:13:08,978 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:154] - Message Handler: Evaluating message replay for message ID '_lfskrohz0yd34xv0girdczvgmbkmkz5ectuxmom', issue instant '2021-11-10T18:13:08.811Z', entityID 'https://dcocsso.uams.edu/cas/login'
2021-11-10 12:13:08,979 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:82] - SPSSODescriptor for entity ID 'https://dcocsso.uams.edu/cas/login' does not require AuthnRequests to be signed
2021-11-10 12:13:08,980 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:234] - Saw Enveloped signature transform
2021-11-10 12:13:08,980 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:238] - Saw Exclusive C14N signature transform
2021-11-10 12:13:08,980 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:132] - Message Handler: Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-11-10 12:13:08,981 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:285] - Resolving credentials from metadata using entityID: https://dcocsso.uams.edu/cas/login, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-11-10 12:13:08,981 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:434] - Retrieving role descriptor metadata for entity 'https://dcocsso.uams.edu/cas/login' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-11-10 12:13:08,981 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:178] - Metadata Resolver FileBackedHTTPMetadataResolver URLMD: Resolved 1 candidates via EntityIdCriterion: EntityIdCriterion [id=https://dcocsso.uams.edu/cas/login]
2021-11-10 12:13:08,981 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:610] - Metadata Resolver FileBackedHTTPMetadataResolver URLMD: Attempting to filter candidate EntityDescriptors via resolved Predicates
2021-11-10 12:13:08,981 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:632] - Metadata Resolver FileBackedHTTPMetadataResolver URLMD: After predicate filtering 1 EntityDescriptors remain
2021-11-10 12:13:08,981 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:267] - Resolved 1 source EntityDescriptors
2021-11-10 12:13:08,981 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:277] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-11-10 12:13:08,981 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:378] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-11-10 12:13:08,982 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:400] - After predicate filtering 1 RoleDescriptors remain
2021-11-10 12:13:08,982 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:350] - Resolved cached credentials from KeyDescriptor object metadata
2021-11-10 12:13:08,983 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:136] - Message Handler: Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-11-10 12:13:08,983 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:139] - Message Handler: Authentication via protocol message signature succeeded for context issuer entity ID https://dcocsso.uams.edu/cas/login
2021-11-10 12:13:08,984 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:149] - Message Handler: Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-11-10 12:13:08,984 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:152] - Message Handler: Handler can not handle this request, skipping
2021-11-10 12:13:08,985 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:149] - Message Handler: Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-11-10 12:13:08,985 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:158] - Message Handler: HTTP request was not signed via simple signature mechanism, skipping
2021-11-10 12:13:08,986 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:264] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 11 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-11-10 12:13:08,986 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:129] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://dcocsso.uams.edu/cas/login?client_name=SAML2Client' nor response location 'null' matched 'https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1'
2021-11-10 12:13:08,987 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:210] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-11-10 12:13:08,991 - DEBUG [org.opensaml.saml.common.binding.impl.PopulateSignatureSigningParametersHandler:192] - Message Handler: Signing enabled
2021-11-10 12:13:08,991 - DEBUG [org.opensaml.saml.common.binding.impl.PopulateSignatureSigningParametersHandler:204] - Message Handler: Resolving SignatureSigningParameters for request
2021-11-10 12:13:08,991 - DEBUG [org.opensaml.saml.common.binding.impl.PopulateSignatureSigningParametersHandler:234] - Message Handler: Adding metadata to resolution criteria for signing/digest algorithms
2021-11-10 12:13:08,991 - DEBUG [org.opensaml.saml.common.binding.impl.PopulateSignatureSigningParametersHandler:245] - Message Handler: Resolved SignatureSigningParameters
2021-11-10 12:13:08,993 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:213] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-11-10 12:13:08,994 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:258] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION. Effective entityID was: https://dcocsso.uams.edu/cas/login
2021-11-10 12:13:08,994 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:350] - Resolved cached credentials from KeyDescriptor object metadata
2021-11-10 12:13:08,994 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:570] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-11-10 12:13:08,994 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:533] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-11-10 12:13:09,008 - DEBUG [org.opensaml.saml.common.profile.impl.VerifyChannelBindings:156] - Profile Action VerifyChannelBindings: No channel bindings found to verify, nothing to do
2021-11-10 12:13:10,280 - INFO [org.ldaptive.auth.Authenticator:291] - Authentication succeeded for dn: CN=BanksjohnsonCatriceR,OU=UAMS Users,DC=ad,DC=uams,DC=edu
2021-11-10 12:13:10,280 - INFO [net.shibboleth.idp.authn.impl.LDAPCredentialValidator:163] - Credential Validator ldap: Login by 'banksjohnsoncatricer' succeeded
2021-11-10 12:13:10,318 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:216] - Profile Action AddStatusResponseShell: Setting Issuer to https://shibboleth.uams.edu/idp/shibboleth
2021-11-10 12:13:10,319 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:107] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-11-10 12:13:10,321 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:78] - Profile Action AddAuthnStatementToAssertion: Created Assertion _323d99a77004a80340dd5d5b6b087499
2021-11-10 12:13:10,322 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:102] - Profile Action AddAuthnStatementToAssertion: Added Assertion _323d99a77004a80340dd5d5b6b087499 to Response _3626c31ec7a54a19bcd8317d5f5c3da5
2021-11-10 12:13:10,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:284] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-11-10 12:13:10,326 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:132] - No object to operate on, returning true
2021-11-10 12:13:10,326 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:80] - Metadata specifies the following formats: []
2021-11-10 12:13:10,326 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:321] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-11-10 12:13:10,326 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:393] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-11-10 12:13:10,326 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:103] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-11-10 12:13:10,329 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:95] - Generating NameID AAdzZWNyZXQxtYfi6WzUVobWre7WatOkdktOnoQg5RfoanQNNZZNi96t8ujbnyf8ELt+3rQ09pvpi81tPrZVxkxddYhINqIKsOC0ce91+2enMg0ZV+OhRHpD+sO+tD6figcGSozGZUHV2tEkBZGWcpRPc3dItV2YW6zaRLUY with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-11-10 12:13:10,329 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:115] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-11-10 12:13:10,329 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:397] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-11-10 12:13:10,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:355] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-11-10 12:13:10,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:259] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-11-10 12:13:10,330 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:125] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _lfskrohz0yd34xv0girdczvgmbkmkz5ectuxmom
2021-11-10 12:13:10,331 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:142] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1
2021-11-10 12:13:10,331 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:157] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-11-10 12:13:10,331 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:327] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-11-10 12:13:10,331 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:77] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-11-10 12:13:10,332 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:119] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _323d99a77004a80340dd5d5b6b087499
2021-11-10 12:13:10,332 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:127] - Profile Action AddNotBeforeConditionToAssertions: Assertion _323d99a77004a80340dd5d5b6b087499 did not already contain Conditions, one was added
2021-11-10 12:13:10,333 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:111] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-11-10 12:13:10,333 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:166] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-11-10T18:18:10.317996Z, to Assertion _323d99a77004a80340dd5d5b6b087499
2021-11-10 12:13:10,333 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:130] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _323d99a77004a80340dd5d5b6b087499 already contained Conditions, nothing was done
2021-11-10 12:13:10,334 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:144] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-11-10 12:13:10,334 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:130] - Profile Action AddAudienceRestrictionToAssertions: Assertion _323d99a77004a80340dd5d5b6b087499 already contained Conditions, nothing was done
2021-11-10 12:13:10,334 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:287] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-11-10 12:13:10,334 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:235] - Profile Action AddAudienceRestrictionToAssertions: Adding https://dcocsso.uams.edu/cas/login as an Audience of the AudienceRestriction
2021-11-10 12:13:10,334 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:189] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _323d99a77004a80340dd5d5b6b087499
2021-11-10 12:13:10,336 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddProxyRestrictionToAssertions:131] - Profile Action AddProxyRestrictionToAssertions: No restrictions to add, nothing to do
2021-11-10 12:13:10,336 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddChannelBindingsToAssertions:116] - Profile Action AddChannelBindingsToAssertions: No ChannelBindings to add, nothing to do
2021-11-10 12:13:10,336 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddGeneratedKeyToAssertions:118] - Profile Action AddGeneratedKeyToAssertions: No session key to add, nothing to do
2021-11-10 12:13:10,339 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:184] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-11-10 12:13:10,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:184] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-11-10 12:13:10,341 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:144] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-11-10 12:13:10,344 - DEBUG [PROTOCOL_MESSAGE:130] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="_3626c31ec7a54a19bcd8317d5f5c3da5" InResponseTo="_lfskrohz0yd34xv0girdczvgmbkmkz5ectuxmom" IssueInstant="2021-11-10T18:13:10.317Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://shibboleth.uams.edu/idp/shibboleth</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_323d99a77004a80340dd5d5b6b087499" IssueInstant="2021-11-10T18:13:10.317Z" Version="2.0">
<saml2:Issuer>https://shibboleth.uams.edu/idp/shibboleth</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://shibboleth.uams.edu/idp/shibboleth" SPNameQualifier="https://dcocsso.uams.edu/cas/login">AAdzZWNyZXQxtYfi6WzUVobWre7WatOkdktOnoQg5RfoanQNNZZNi96t8ujbnyf8ELt+3rQ09pvpi81tPrZVxkxddYhINqIKsOC0ce91+2enMg0ZV+OhRHpD+sO+tD6figcGSozGZUHV2tEkBZGWcpRPc3dItV2YW6zaRLUY</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData Address="10.173.0.74" InResponseTo="_lfskrohz0yd34xv0girdczvgmbkmkz5ectuxmom" NotOnOrAfter="2021-11-10T18:18:10.331Z" Recipient="https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2021-11-10T18:13:10.317Z" NotOnOrAfter="2021-11-10T18:18:10.317Z">
<saml2:AudienceRestriction>
<saml2:Audience>https://dcocsso.uams.edu/cas/login</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2021-11-10T18:13:10.281Z" SessionIndex="_577d4efd850ba8a5df18da7c6940fe0d">
<saml2:SubjectLocality Address="10.173.0.74"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>
2021-11-10 12:13:10,345 - DEBUG [org.opensaml.saml.saml2.encryption.Encrypter:339] - Assertion before encryption:
<?xml version="1.0" encoding="UTF-8"?><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_323d99a77004a80340dd5d5b6b087499" IssueInstant="2021-11-10T18:13:10.317Z" Version="2.0">
<saml2:Issuer>https://shibboleth.uams.edu/idp/shibboleth</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://shibboleth.uams.edu/idp/shibboleth" SPNameQualifier="https://dcocsso.uams.edu/cas/login">AAdzZWNyZXQxtYfi6WzUVobWre7WatOkdktOnoQg5RfoanQNNZZNi96t8ujbnyf8ELt+3rQ09pvpi81tPrZVxkxddYhINqIKsOC0ce91+2enMg0ZV+OhRHpD+sO+tD6figcGSozGZUHV2tEkBZGWcpRPc3dItV2YW6zaRLUY</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData Address="10.173.0.74" InResponseTo="_lfskrohz0yd34xv0girdczvgmbkmkz5ectuxmom" NotOnOrAfter="2021-11-10T18:18:10.331Z" Recipient="https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2021-11-10T18:13:10.317Z" NotOnOrAfter="2021-11-10T18:18:10.317Z">
<saml2:AudienceRestriction>
<saml2:Audience>https://dcocsso.uams.edu/cas/login</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2021-11-10T18:13:10.281Z" SessionIndex="_577d4efd850ba8a5df18da7c6940fe0d">
<saml2:SubjectLocality Address="10.173.0.74"/>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
2021-11-10 12:13:10,347 - DEBUG [org.opensaml.saml.saml2.encryption.Encrypter:452] - Placing EncryptedKey elements inline inside EncryptedData
2021-11-10 12:13:10,353 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:62] - Adding destination to outbound SAML 2 protocol message: https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1
2021-11-10 12:13:10,353 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:52] - Message Handler: Checking outbound endpoint for allowed URL scheme: https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1
2021-11-10 12:13:10,353 - DEBUG [org.opensaml.saml.common.SAMLObjectSupport:56] - Examining signed object for content references with exclusive canonicalization transform
2021-11-10 12:13:10,354 - DEBUG [org.opensaml.saml.common.SAMLObjectSupport:70] - Saw exclusive transform, declaring non-visible namespaces on signed object
2021-11-10 12:13:10,354 - DEBUG [org.opensaml.saml.common.SAMLObjectContentReference:167] - Adding list of inclusive namespaces for signature exclusive canonicalization transform
2021-11-10 12:13:10,395 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:160] - Invoking Velocity template to create POST body
2021-11-10 12:13:10,395 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:194] - Encoding action url of 'https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1' with encoded value 'https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1'
2021-11-10 12:13:10,396 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:200] - Marshalling and Base64 encoding SAML message
2021-11-10 12:13:10,398 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:225] - Setting RelayState parameter to: 'https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1', encoded as 'https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1'
2021-11-10 12:13:10,404 - DEBUG [PROTOCOL_MESSAGE:70] -
<?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://dcocsso.uams.edu/cas/login?client_name=SAML2Client.1" ID="_3626c31ec7a54a19bcd8317d5f5c3da5" InResponseTo="_lfskrohz0yd34xv0girdczvgmbkmkz5ectuxmom" IssueInstant="2021-11-10T18:13:10.317Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://shibboleth.uams.edu/idp/shibboleth</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_3626c31ec7a54a19bcd8317d5f5c3da5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>BapeFA6CTccHj6EZ/wBeGKp76I/3JZEsnNNUQ+ElsQE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>SSn7ki50uhuuKjP4VeewWHRFrdqUM1on8E69iv/sXPQtKT3LYOAnklWGp9jECPgjsPyncGonLW2Vf7vZuy6wmJcERYuD9E0p2HmMieq9udgVZ5EkcjEbma3ZBZrIrQaXVE0GbcNeKBnUxTYSrdXdv/BJeXy+zcfyfIyLUmiQoytNxRl1JmS6DPKdpg6vc7xW4jQw1vgau7tqBV4JHcilpolAprP1PFuu71Vv4/ZxTXJtpt1Xw0iHIkiXKIR7fhYvcCswnFwkGkRqwthkNCmKvXJMTA7SmxgtC0rBJxyrR7JdGn307h97x0dg1AxsA8V1bAHE5997gUNzNDNFq7LEwQsCO/y/FODNAEuGgW0SiWxEg1VUgCkAaA5Od2MWKGEQrZcuuL7ljf+8BxM4Zjqu4olP8DgfCQYoN6s/GuZ3NhlAviG2lMlF6tNDGKdQPf1nrAKqGATL/EeojtxgZuZY5AHw7zMLTiSAMvK+BzRlKUTX5qRwmWcX0EzpgCVFS1hyXMscCIdjn79gIn4onbh75nu2oPd6D41TFYbdnFlQNFdBP4zv3ddsUHaY6tNEaSt/3kZIdiEnAZ+FfMDLTQSAw1NofZEYnOCh14NLL21kdMUM4KACSugiNiAHA5vSBk4qzP7VYl8FHUTFJdUjP60wMH2ny2Nqw8bJJWf47NRr0og=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIF6DCCA9ACAQIwDQYJKoZIhvcNAQEFBQAwgbkxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhBcmth
bnNhczEUMBIGA1UEBwwLTGl0dGxlIFJvY2sxNDAyBgNVBAoMK1VuaXZlcnNpdHkgb2YgQXJrYW5z
YXMgZm9yIE1lZGljYWwgU2NpZW5jZXMxCzAJBgNVBAsMAklUMRwwGgYDVQQDDBNzaGliYm9sZXRo
LnVhbXMuZWR1MSAwHgYJKoZIhvcNAQkBFhFrYXBvd2VsbEB1YW1zLmVkdTAeFw0yMDA5MDExNTA2
MTRaFw0zNzA4MjgxNTA2MTRaMIG5MQswCQYDVQQGEwJVUzERMA8GA1UECAwIQXJrYW5zYXMxFDAS
BgNVBAcMC0xpdHRsZSBSb2NrMTQwMgYDVQQKDCtVbml2ZXJzaXR5IG9mIEFya2Fuc2FzIGZvciBN
ZWRpY2FsIFNjaWVuY2VzMQswCQYDVQQLDAJJVDEcMBoGA1UEAwwTc2hpYmJvbGV0aC51YW1zLmVk
dTEgMB4GCSqGSIb3DQEJARYRa2Fwb3dlbGxAdWFtcy5lZHUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQDapCNeAVKCWNiHQRJapDPCakS/QlvegGP4ez7XOF2kY+/U6KCcmtCkZzpauKG6
jO4mvF9/6Z1gufVRKZ0wkSb7x980nd95w0dhhz6jVRy5Lm7JY9BRKcWE8zm9bPHzbbsPwxMtBWJH
Bbid7CRUY22//mIMZZbOGowpwZy1TMURDu+EfIIMyqmFr5dKfU65tdPf+U7SETFiRqOC1UVDgrzh
tlRysP7JNhfYLiPUNuYEex/fygICQeIHXamocUKBkd4iIllKdeefOkvP7eW7aLotGRyPQ5buDmsH
WTKCI5fZc2IC5F5B4EARyNLSXiSBRhptRDqXU5BtI6DaeeHrAhA4XkAqEH+2/fc6LRwpjq339Ykp
VxPwwH5oD1hgIsccA04mTGSGhVmpCXJLHGuj8CTc1FDZDhv4Zp9MhmmpUsiIWtheQR2pws3h34j/
R5BRfV9BjcJKqo/n+R6Ogiw5ix5owSjOYWYmlfF2bHRoTKGB3OI/qR7sgJMOvF7q65C2yz5Mw6cZ
o+ONN5sFnVZhwHI/tStSz1rdlQOUP3CehQk57nv/WfaVXGFbuIeRXZM6dP9t9le8lcmfDFFv51G2
kdUs5rFSK85tPwMAe1mGOt4HPB9Tc8+U8OmXW88aOJDM7SetXS6FSqnDsOfXupiBGjB2JMkvtVci
yBxICw48zejXEwIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQA2mFt6LR+m7keG1abGzV+wuQpTiSFD
UAtKQ+qtj7s+L8405HoS2+VDdP5dSErQdEzd2vlhtpXZ6AD9LtEjOCyI7QvH2P2CqvTSqNl3kwxZ
Gpt+3Jk0+1luGOQUH3t/2zm/ZWfj39RT8Z9f8SeGyRJVYm8j1f64OWbXXVw0LCDn5s8sEun2mIKH
4w+yckPBzrpklBMr3kEk6AhltHaAjBxxE5/gxIDe2k4/lUCmMbZeE95jrnNe0Nn4NnhVP3CCb2g8
BHfkX5M7JcUWuQGzFTfHPs2eTcMOb4N1vs7K1XvP9KzmaBRCbYm39/K+iFLYcrxdS22MLb1MvPq4
YDFNjVBopp77d1N23TGv6NrUGQ9Nu4pardmvh/kxv1UZmhUm61z8j3/lOJAc4RmGv/zQ895VlD0v
Iqj4bc/SmKTWM8g2RZ2TmOabcDInrLrLKMySBijL3JnewFmxPe0uJ9cveJ6CQtRr4qA2d1tq8zVe
o2qfmw8A81dOyiGVPQOl/D8+z7YAhwQCdyb4zrRnog1mUjrTZNUHdhNjwjDrrOmAvn+CMf2V3quR
OeJI4gWN5bhxLP8DoBkVjsT9s7TCvyyJ/vjyKzN4zEOkUbpFRYJTbeubRi+q/t9AZu5NjnRVynF5
wqcx/ixxFAY/JDwNjpT6QdFkmBeW93X8pyBkyzauov4Hgw==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_96a870f761149971a944d5688312d3e5" Type="http://www.w3.org/2001/04/xmlenc#Element">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey Id="_60126e1760aab9051d0d0f0d26032a74" Recipient="https://dcocsso.uams.edu/cas/login" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
</xenc:EncryptionMethod>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIID7TCCAtWgAwIBAgIENfFYZTANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCVVMxETAPBgNV
BAgTCEFya2Fuc2FzMRQwEgYDVQQHEwtMaXR0bGUgUm9jazE0MDIGA1UEChMrVW5pdmVyc2l0eSBv
ZiBBcmthbnNhcyBmb3IgTWVkaWNhbCBTY2llbmNlczELMAkGA1UECxMCSVQxKzApBgNVBAMTImh0
dHBzOi8vZGNvY3Nzby51YW1zLmVkdS9jYXMvbG9naW4wHhcNMTcwMjA3MjEwNjIxWhcNMjcwMjA1
MjEwNjIxWjCBpjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCEFya2Fuc2FzMRQwEgYDVQQHEwtMaXR0
bGUgUm9jazE0MDIGA1UEChMrVW5pdmVyc2l0eSBvZiBBcmthbnNhcyBmb3IgTWVkaWNhbCBTY2ll
bmNlczELMAkGA1UECxMCSVQxKzApBgNVBAMTImh0dHBzOi8vZGNvY3Nzby51YW1zLmVkdS9jYXMv
bG9naW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCClBVErx/FQ462OltaxbLlHPnE
32UdWR0olZjSi093q7jRXbC9FE74/Y2ic/ci/LF9zdfcBRKGkUdKzJi8wTBtJLxW5df5wTiiMB4e
WWBxpKKMsvHuVOewXxH28+Np3w4leHcDlJ6K/J2f/2X+xf1j5HBUJOuOns/DgeDd2+zBnyGOxGDu
eKVHeLf0ITd403TlAOtqhAhstY/lWP2UBL3TysmNpY7qoYTEllEuj92wwf6mZ1J9kL7k3FJlcN9H
KhTP5VBbv3W7gJj1j1B6c4S3l5TLCSHY3MZQW+JyWmepJtG8lKd11W2tLhOkX5t9JSsRivmBhW9S
a+EYKhBKGjMzAgMBAAGjITAfMB0GA1UdDgQWBBTFcDuMWsJhpHr3Li8sWYdcSaCM6zANBgkqhkiG
9w0BAQsFAAOCAQEAOaE4UAxzA3paIwxwH7lu8+59B3x7gb0kMGEMac01t1Mnwx1YVWuL/d9oQn5o
64IDUW5mj0DLRpw0wxbCu3UkVdQl1IY/7jPRtx6+WQjh6XbsqItifumsOtmDBeaAzS8D20HSDSJq
1yHnVuUlVGT9kL4SfRVs38I+PB/kvPPfJwrzRdVy5jEDHHPcz/+ux53kfOlDba+/wab6YY+ZSCqB
mpWLmm26+nm+mRDXvfIB1eMQhm32EzjcHMvCZfNYI9bQwv4Ibf5jq7K6djAbeYdFjEy3TSNZ2d0d
Or5yOK1Aaxs5L8TyCRw8A0Q+cXUJg9aJFpjVAzqwcogfyGY+qAdwkg==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>bHS5zzNJHQZm8alUbjuUS7QF8sKEd/xCsH2L8SDQPTIaboqdEH/cj0V5qyMr6x06cCJFjiUC7WbzrORksI9WSaF+vtwIhkVZGHVlQDObTzEA/REWbNPrUtVlLsEs+sFvuyMGaeYw75cVIkND2yumi3swYdBjNNsso9wJQfpEP5vLgKBOcPUnqZY0bKKAuLgmPBTGnQjKLchTxDzk8xVfZMrW4FeMvDphhecwLRnWdkvNflUPXDlBr4OWfOi02IvemuFURoEgSG6WPCzH4tdXUjZp7HPMBPFIQgucFEDLS3WIKruVDV7ySTDq2I/Dwh+I/UvVf9UE74kyu4biZt2cYQ==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue>ZOX7svvaI4GpRIQWGRxKLHd0/phS6ZgWQ/hP7+EMETHbWTSJBLKk/cI+t245yI0/O4dfao+eMBkjfe0grLrJyyU9fzsxGrC1nvhn2rJL9/lF6MKRi9dbvt9LemXxofXk1yrcFDPFdGDJKx4db/Hr2NXiiiNvpmfi9pakG+rL5HTiO2mvCnlP8g1D368dJXvxgDIF72Exz96zuUwmkLhEdGE/703z6wVXg+aAUHbKYy2txLD7rfOImiyCXcEORjyRensCd9cpvorwqYABRaEjAw4bMRDJ78l9VRHoLa1+sfGsVzGbjYH+WEGEUG3Bl5bN4xvFYB4ELO1ILbP8qoKLcNnp5/ncZOUt9OecT+FWcQO7TNUYIqNfsfhtN0WZw8jGC81A7b4SuEU2jVuuQBlFYhpYuyEDx9EiIIA8kpu1sNkiNyEUROOK0CNBXkwlVUgFfYzx6n0TyKdgKNghdVQ9Lqkz9NOac71sLCwWq1sgaJTWv8n/8Tw942+KdnsYsY+/GB/RvjfshXW1uqQ71XCNN63pbDowdiKWpQc/EHygsG5qOPICDh9V6trxP03HHyy3ZcZ6lPeHaA+LM3mml+UY7rBQu5MXMTFEDeSEGniFxGzFY3IqP09fEay0hGz36J4iB4BzRp7uBPCJcK93PuUI8VoqiWGNfxD2vUvOsQeYBgxxEarnMkXR2AeEflFA9ndz64lWFCBUxRjkqzipNar3Fg4/YQj/jm2QAWf7bia3oEbxTGXIqvLdl+c+6QAdSelDftU3tdcR736u0UBoFQGY9ZdICM5H1HxDZuOkzQEBhrXgncGKNRgmm91FP4rTlOtj/qjNrvCvxYqQNk6/DFggv7dQGDojhOQq78iQ4VMNSFNluwFY+bdGmVuPsi/Ogb39hr5wTy4RedS3AtOn3YOYY2v9vNYAeax4UlvRbhWa6dBeZDTNg5qtydoEBw97rqLHln0lxneev6qdOa+F2r2oBH/Ut1RAAiARkm7jDqDzQiQJAz/Rrm3Rh8fQGu+22YhZk9KPY0jzYjJRyDPUNbF8P8wtmsC6aTO5JH6d5Thd/EajJeuemzAWD6Yvq7dlFJhgoQyI6oFBhOynqHTjoBe3UBObCmZDe7DMUiT7ktFLImv5Lv6MM8JkG3ZP0Qb1PXRxyijJa64+pvQb63+jQBHEMVWk5C0Qyfbjqa6DgqFbGajkTPSdY1uFpewkAOUPd3DkFxMu/13WHgy3/sqYaDlhluyauaGAH+fl97srK6YCKJ/uNiDkgDVIq+m8+LdUHZuxAtE+s7oQAIHr61JtWZoPh+EYEAInYSho+3Qq8KmEXZK9er+xzgKv9UDIbTaqOi/zhZVUElLrG7hWPSp3SH7cbnAcEKcfCr+JjWchtVXw+0fpCjmLpd3co6dBfBWvmuIyayAKA32MkOW5XnrCRMzPhGITDkCIcMvxJc3MpcNnu83S5g6vURZTdJEY5ZiequHsyqL78zKFM/8HZK3dvzy1QGag0bxsYT8rsTy3l79IQ3sTxcvzVAao8ZA7pbj1KO0WUmI4Ug19AgcXZCvi9mAUHtCSkQrWfbecUG4VKDogS0aICkGreWNxYzk10HT1XRVxG28r18JGgBQpHE+usWrx5dtpTSm12vQ5RIkOQYJBJWiGufPpEzzQG1NnEgH9K3vFe34kern30uQ1azDHMq+hvVkt1NeLR3w4bW0+nQa1tgzJhUDnfGZzgkaq82LT12rqTP+om+yRboBAYJkELXk+ras8r0vVqP1gpYjYQKWnAd4wlsN6eHrTlY1QfA8WMteDvdAHrcMRVE78QUju2CX2897SaCUvTYY873LExRI02NSuF6ak+M2zZzN9o+TOGXY3uoj3IkK6RtJvB31kad0TxRCQrvYae9Ty6tsP7x2pMVzROZ7y2Al+waqIs+hQXK7hfEQ3Ckc1qrx+CGpHylPF5o6EoDTHBE+lc9odtZX8CIt1/HDH/TV2fxcfX/EXllGfWcdq//VwpFTqfi8VE4U+bRUqcb7/YwsCZURU8L2kuklwrTHzoaAJ6+mO50l3RdveVz8gO73hIjPq4xrvSYvJzCfV5ZIHxN82aK5iOmDP/2Gu9P2G4DDf3JIqb9C/Vj1os28vmUodGFbb2nyGmNS9xCMttj+vSI1TfDQ+b+eViPtMpcYbNKqgofhVVIZeXSsc</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml2:EncryptedAssertion>
</saml2p:Response>
2021-11-10 12:13:10,405 - INFO [Shibboleth-Audit.SSO:283] - 2021-11-10T18:13:10.405008Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_lfskrohz0yd34xv0girdczvgmbkmkz5ectuxmom|https://dcocsso.uams.edu/cas/login|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://shibboleth.uams.edu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_3626c31ec7a54a19bcd8317d5f5c3da5|banksjohnsoncatricer|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonAssurance,eduPersonPrincipalName,mail,surname,givenName|AAdzZWNyZXQxtYfi6WzUVobWre7WatOkdktOnoQg5RfoanQNNZZNi96t8ujbnyf8ELt+3rQ09pvpi81tPrZVxkxddYhINqIKsOC0ce91+2enMg0ZV+OhRHpD+sO+tD6figcGSozGZUHV2tEkBZGWcpRPc3dItV2YW6zaRLUY|_323d99a77004a80340dd5d5b6b087499|
On 11/10/21, 5:04 PM, "users on behalf of Cantor, Scott" <users-bounces at shibboleth.net on behalf of cantor.2 at osu.edu> wrote:
On 11/10/21, 5:28 PM, "users on behalf of Powell, Keith A" <users-bounces at shibboleth.net on behalf of PowellKeithA at uams.edu> wrote:
> Maybe I should have phrased my query more simply: What sort of issues / configuration files would I look
> for after users have already authenticated, been presented with the attribute consent form, hit ok in the
> browser? I do believe that some SAML response is not making it to or being properly communicated to the
> SP.
That's CAS, so there is no SAML involved.
> This is the last thing I see in the debug line:
That's an audit entry echoed into the process log for the ticket issue. You have logs for the back channel ticket validation that probably indicate a problem or the validate call isn't even making it to the IdP. The login/ticket issue is fine, the problem is after that.
-- Scott
--
For Consortium Member technical support, see https://urldefense.proofpoint.com/v2/url?u=https-3A__shibboleth.atlassian.net_wiki_x_ZYEpPw&d=DwICAg&c=27AKQ-AFTMvLXtgZ7shZqsfSXu-Fwzpqk4BoASshREk&r=ALmgjisEdZjuYwvQf78ccYCV50oA0rSf5tQ7KUj2gVI&m=tp9PnrhWtFC3B-YXIWPuOVPZCDvHGr1pVtKOi8LGlfA&s=GpgKskvO3roRkSIcyK7vKUI1LcXZWNEEruJaZLctEAM&e=
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
----------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
More information about the users
mailing list