Spring Boot Server Logs Viewer
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown attribute index
2025-08-28 09:58:16 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown attribute index
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown attribute index
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 09:58:17 [https-jsse-nio-443-exec-478] DEBUG o.o.c.x.i.AbstractXMLObjectUnmarshaller - Ignoring unknown child element {urn:oasis:names:tc:SAML:2.0:metadata}RoleDescriptor
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.algorithm.AlgorithmRegistry - Runtime support eval for algorithm URI 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': supported
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.algorithm.AlgorithmRegistry - Runtime support eval for algorithm URI 'http://www.w3.org/2001/04/xmlenc#sha256': supported
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Resolved SignatureSigningParameters:
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signing credential with key algorithm: RSA
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signature KeyInfoGenerator: org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory$X509KeyInfoGenerator
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Reference digest method algorithm URI: http://www.w3.org/2001/04/xmlenc#sha256
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Reference canonicalization algorithm URI: null
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Canonicalization algorithm URI: http://www.w3.org/2001/10/xml-exc-c14n#
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - HMAC output length: null
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.saml.common.SAMLObjectSupport - Examining signed object for content references with exclusive canonicalization transform
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.saml.common.SAMLObjectSupport - Saw exclusive transform, declaring non-visible namespaces on signed object
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureMarshaller - Starting to marshall {http://www.w3.org/2000/09/xmldsig#}Signature
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureMarshaller - Creating XMLSignature object
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureMarshaller - Adding content to XMLSignature.
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.s.c.SAMLObjectContentReference - Adding list of inclusive namespaces for signature exclusive canonicalization transform
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureMarshaller - Creating Signature DOM element
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.xmlsec.signature.support.Signer - Using a signer of implemenation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl
2025-08-28 10:00:11 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignerProviderImpl - Computing signature over XMLSignature object
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.algorithm.AlgorithmRegistry - Runtime support eval for algorithm URI 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': supported
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.algorithm.AlgorithmRegistry - Runtime support eval for algorithm URI 'http://www.w3.org/2001/04/xmlenc#sha256': supported
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Resolved SignatureSigningParameters:
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signing credential with key algorithm: RSA
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signature KeyInfoGenerator: org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory$X509KeyInfoGenerator
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Reference digest method algorithm URI: http://www.w3.org/2001/04/xmlenc#sha256
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Reference canonicalization algorithm URI: null
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Canonicalization algorithm URI: http://www.w3.org/2001/10/xml-exc-c14n#
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - HMAC output length: null
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.saml.common.SAMLObjectSupport - Examining signed object for content references with exclusive canonicalization transform
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.saml.common.SAMLObjectSupport - Saw exclusive transform, declaring non-visible namespaces on signed object
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureMarshaller - Starting to marshall {http://www.w3.org/2000/09/xmldsig#}Signature
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureMarshaller - Creating XMLSignature object
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureMarshaller - Adding content to XMLSignature.
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.s.c.SAMLObjectContentReference - Adding list of inclusive namespaces for signature exclusive canonicalization transform
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureMarshaller - Creating Signature DOM element
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.xmlsec.signature.support.Signer - Using a signer of implemenation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl
2025-08-28 10:02:25 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignerProviderImpl - Computing signature over XMLSignature object
2025-08-28 10:02:55 [https-jsse-nio-443-exec-393] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Processing SAML response from http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 10:02:55 [https-jsse-nio-443-exec-393] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Found 3 validation errors in SAML response [_9801552d-9575-4a86-be7f-c8af55d54172]
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.algorithm.AlgorithmRegistry - Runtime support eval for algorithm URI 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': supported
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.algorithm.AlgorithmRegistry - Runtime support eval for algorithm URI 'http://www.w3.org/2001/04/xmlenc#sha256': supported
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Resolved SignatureSigningParameters:
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signing credential with key algorithm: RSA
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signature KeyInfoGenerator: org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory$X509KeyInfoGenerator
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Reference digest method algorithm URI: http://www.w3.org/2001/04/xmlenc#sha256
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Reference canonicalization algorithm URI: null
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Canonicalization algorithm URI: http://www.w3.org/2001/10/xml-exc-c14n#
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - HMAC output length: null
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.saml.common.SAMLObjectSupport - Examining signed object for content references with exclusive canonicalization transform
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.saml.common.SAMLObjectSupport - Saw exclusive transform, declaring non-visible namespaces on signed object
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureMarshaller - Starting to marshall {http://www.w3.org/2000/09/xmldsig#}Signature
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureMarshaller - Creating XMLSignature object
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureMarshaller - Adding content to XMLSignature.
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.s.c.SAMLObjectContentReference - Adding list of inclusive namespaces for signature exclusive canonicalization transform
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureMarshaller - Creating Signature DOM element
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.xmlsec.signature.support.Signer - Using a signer of implemenation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl
2025-08-28 10:05:43 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignerProviderImpl - Computing signature over XMLSignature object
2025-08-28 10:05:44 [https-jsse-nio-443-exec-485] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Processing SAML response from http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 10:05:44 [https-jsse-nio-443-exec-485] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Found 3 validation errors in SAML response [_77926087-ab89-49c8-8a57-bb095724c816]
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.algorithm.AlgorithmRegistry - Runtime support eval for algorithm URI 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': supported
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.algorithm.AlgorithmRegistry - Runtime support eval for algorithm URI 'http://www.w3.org/2001/04/xmlenc#sha256': supported
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Resolved SignatureSigningParameters:
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signing credential with key algorithm: RSA
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signature KeyInfoGenerator: org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory$X509KeyInfoGenerator
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Reference digest method algorithm URI: http://www.w3.org/2001/04/xmlenc#sha256
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Reference canonicalization algorithm URI: null
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Canonicalization algorithm URI: http://www.w3.org/2001/10/xml-exc-c14n#
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - HMAC output length: null
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.saml.common.SAMLObjectSupport - Examining signed object for content references with exclusive canonicalization transform
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.saml.common.SAMLObjectSupport - Saw exclusive transform, declaring non-visible namespaces on signed object
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.s.impl.SignatureMarshaller - Starting to marshall {http://www.w3.org/2000/09/xmldsig#}Signature
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.s.impl.SignatureMarshaller - Creating XMLSignature object
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.s.impl.SignatureMarshaller - Adding content to XMLSignature.
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.s.c.SAMLObjectContentReference - Adding list of inclusive namespaces for signature exclusive canonicalization transform
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.s.impl.SignatureMarshaller - Creating Signature DOM element
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.xmlsec.signature.support.Signer - Using a signer of implemenation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl
2025-08-28 10:11:16 [https-jsse-nio-443-exec-552] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignerProviderImpl - Computing signature over XMLSignature object
2025-08-28 10:11:16 [https-jsse-nio-443-exec-468] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Processing SAML response from http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 10:11:16 [https-jsse-nio-443-exec-468] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Found 3 validation errors in SAML response [_4f83906a-5e9e-44e0-ad1d-44ef4bac9e3f]
2025-08-28 12:04:52 [https-jsse-nio-443-exec-393] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Processing SAML response from http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:04:52 [https-jsse-nio-443-exec-393] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Found 2 validation errors in SAML response [_d084db0c-b38c-4ff4-9335-a03aae9afe1e]
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Processing SAML response from http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Enveloped signature transform
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Exclusive C14N signature transform
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion for criteria class org.opensaml.security.criteria.KeyAlgorithmCriterion
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.metadata.criteria.role.impl.EvaluableProtocolRoleDescriptorCriterion
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion for criteria class org.opensaml.security.criteria.UsageCriterion
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to verify signature and establish trust using KeyInfo-derived credentials
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Found 0 key names: []
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child with QName: {http://www.w3.org/2000/09/xmldsig#}X509Data
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.ECKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child {http://www.w3.org/2000/09/xmldsig#}X509Data with provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Attempting to extract credential from an X509Data
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 1 X509Certificates
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 0 X509CRLs
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Single certificate was present, treating as end-entity certificate
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Credentials successfully extracted from child {http://www.w3.org/2000/09/xmldsig#}X509Data by provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - A total of 1 credentials were resolved
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.xmlsec.keyinfo.KeyInfoCriterion
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Signature validation using candidate credential was successful
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully verified signature using KeyInfo-derived credential
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to establish trust of KeyInfo-derived credential
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.t.i.ExplicitKeyTrustEvaluator - Successfully validated untrusted credential against trusted key
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully established trust of KeyInfo-derived credential
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Assertion Issuer of : http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.SAML20AssertionValidator - Matched valid issuer: http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.SAML20AssertionValidator - No Conditions were indicated as required
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotBefore '2025-08-28T12:09:07.403Z' against 'skewed now' time '2025-08-28T12:14:08.354416527Z'
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotOnOrAfter '2025-08-28T13:09:07.403Z' against 'skewed now' time '2025-08-28T12:04:08.354416527Z'
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Evaluating the Assertion's AudienceRestriction/Audience values against the list of valid audiences: [saml-box]
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Matched valid audience: saml-box
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.SAML20AssertionValidator - Assertion contains at least 1 SubjectConfirmation, proceeding with subject confirmation
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData NotOnOrAfter '2025-08-28T12:14:07.406Z' against 'skewed now' time '2025-08-28T12:04:08.354839276Z'
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@Recipient of : https://saml-box.com/login/saml2/sso
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Matched valid recipient: https://saml-box.com/login/saml2/sso
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@InResponseTo of: ARQfba4d44-cc85-4f9c-bd3b-469745ce0b1c
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] WARN o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Valid InResponseTo was not available from the validation context, unable to evaluate SubjectConfirmationData@InResponseTo
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.o.s.s.a.SAML20AssertionValidator - No subject confirmation methods were met for assertion with ID '_84dfd451-1757-429c-a285-d8ce189614f5'
2025-08-28 12:09:08 [https-jsse-nio-443-exec-429] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Found 3 validation errors in SAML response [_b634a2a0-2826-4d6b-b87a-8964c3101e9a]
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Processing SAML response from http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Enveloped signature transform
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Exclusive C14N signature transform
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion for criteria class org.opensaml.security.criteria.KeyAlgorithmCriterion
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.metadata.criteria.role.impl.EvaluableProtocolRoleDescriptorCriterion
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion for criteria class org.opensaml.security.criteria.UsageCriterion
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to verify signature and establish trust using KeyInfo-derived credentials
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Found 0 key names: []
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child with QName: {http://www.w3.org/2000/09/xmldsig#}X509Data
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.ECKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child {http://www.w3.org/2000/09/xmldsig#}X509Data with provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Attempting to extract credential from an X509Data
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 1 X509Certificates
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 0 X509CRLs
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Single certificate was present, treating as end-entity certificate
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Credentials successfully extracted from child {http://www.w3.org/2000/09/xmldsig#}X509Data by provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - A total of 1 credentials were resolved
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.xmlsec.keyinfo.KeyInfoCriterion
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Signature validation using candidate credential was successful
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully verified signature using KeyInfo-derived credential
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to establish trust of KeyInfo-derived credential
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.t.i.ExplicitKeyTrustEvaluator - Successfully validated untrusted credential against trusted key
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully established trust of KeyInfo-derived credential
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Assertion Issuer of : http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.SAML20AssertionValidator - Matched valid issuer: http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.SAML20AssertionValidator - No Conditions were indicated as required
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotBefore '2025-08-28T12:12:29.815Z' against 'skewed now' time '2025-08-28T12:17:30.771243811Z'
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotOnOrAfter '2025-08-28T13:12:29.815Z' against 'skewed now' time '2025-08-28T12:07:30.771243811Z'
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Evaluating the Assertion's AudienceRestriction/Audience values against the list of valid audiences: [saml-box]
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Matched valid audience: saml-box
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.SAML20AssertionValidator - Assertion contains at least 1 SubjectConfirmation, proceeding with subject confirmation
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData NotOnOrAfter '2025-08-28T12:17:29.824Z' against 'skewed now' time '2025-08-28T12:07:30.771960451Z'
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@Recipient of : https://saml-box.com/login/saml2/sso
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Matched valid recipient: https://saml-box.com/login/saml2/sso
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@InResponseTo of: ARQ2045aa1-7bf8-4a87-97e2-32e32a4bafce
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] WARN o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Valid InResponseTo was not available from the validation context, unable to evaluate SubjectConfirmationData@InResponseTo
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.o.s.s.a.SAML20AssertionValidator - No subject confirmation methods were met for assertion with ID '_f9793990-fe28-4722-b44c-ea98c3592105'
2025-08-28 12:12:30 [https-jsse-nio-443-exec-401] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Found 3 validation errors in SAML response [_b9e1cc9d-e98d-442d-8e20-f5fe619541d3]
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Processing SAML response from http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Enveloped signature transform
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Exclusive C14N signature transform
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion for criteria class org.opensaml.security.criteria.KeyAlgorithmCriterion
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.metadata.criteria.role.impl.EvaluableProtocolRoleDescriptorCriterion
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion for criteria class org.opensaml.security.criteria.UsageCriterion
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to verify signature and establish trust using KeyInfo-derived credentials
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Found 0 key names: []
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child with QName: {http://www.w3.org/2000/09/xmldsig#}X509Data
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.ECKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child {http://www.w3.org/2000/09/xmldsig#}X509Data with provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Attempting to extract credential from an X509Data
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 1 X509Certificates
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 0 X509CRLs
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Single certificate was present, treating as end-entity certificate
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Credentials successfully extracted from child {http://www.w3.org/2000/09/xmldsig#}X509Data by provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - A total of 1 credentials were resolved
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.xmlsec.keyinfo.KeyInfoCriterion
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Signature validation using candidate credential was successful
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully verified signature using KeyInfo-derived credential
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to establish trust of KeyInfo-derived credential
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.t.i.ExplicitKeyTrustEvaluator - Successfully validated untrusted credential against trusted key
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully established trust of KeyInfo-derived credential
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Assertion Issuer of : http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.SAML20AssertionValidator - Matched valid issuer: http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.SAML20AssertionValidator - No Conditions were indicated as required
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotBefore '2025-08-28T12:15:02.452Z' against 'skewed now' time '2025-08-28T12:20:03.434744424Z'
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotOnOrAfter '2025-08-28T13:15:02.452Z' against 'skewed now' time '2025-08-28T12:10:03.434744424Z'
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Evaluating the Assertion's AudienceRestriction/Audience values against the list of valid audiences: [saml-box]
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Matched valid audience: saml-box
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.SAML20AssertionValidator - Assertion contains at least 1 SubjectConfirmation, proceeding with subject confirmation
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData NotOnOrAfter '2025-08-28T12:20:02.455Z' against 'skewed now' time '2025-08-28T12:10:03.435435501Z'
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@Recipient of : https://saml-box.com/login/saml2/sso
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Matched valid recipient: https://saml-box.com/login/saml2/sso
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@InResponseTo of: ARQa33a757-da51-4541-936e-025f4d32c173
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] WARN o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Valid InResponseTo was not available from the validation context, unable to evaluate SubjectConfirmationData@InResponseTo
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.o.s.s.a.SAML20AssertionValidator - No subject confirmation methods were met for assertion with ID '_fc0d65df-8565-44a9-b91e-48fff41bb840'
2025-08-28 12:15:03 [https-jsse-nio-443-exec-487] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Found 2 validation errors in SAML response [_b99bb263-b79d-4256-a1d6-27b8602baa95]
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Processing SAML response from http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Enveloped signature transform
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Exclusive C14N signature transform
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion for criteria class org.opensaml.security.criteria.KeyAlgorithmCriterion
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.metadata.criteria.role.impl.EvaluableProtocolRoleDescriptorCriterion
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion for criteria class org.opensaml.security.criteria.UsageCriterion
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to verify signature and establish trust using KeyInfo-derived credentials
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Found 0 key names: []
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child with QName: {http://www.w3.org/2000/09/xmldsig#}X509Data
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.ECKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child {http://www.w3.org/2000/09/xmldsig#}X509Data with provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Attempting to extract credential from an X509Data
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 1 X509Certificates
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 0 X509CRLs
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Single certificate was present, treating as end-entity certificate
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Credentials successfully extracted from child {http://www.w3.org/2000/09/xmldsig#}X509Data by provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - A total of 1 credentials were resolved
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.xmlsec.keyinfo.KeyInfoCriterion
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Signature validation using candidate credential was successful
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully verified signature using KeyInfo-derived credential
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to establish trust of KeyInfo-derived credential
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.t.i.ExplicitKeyTrustEvaluator - Successfully validated untrusted credential against trusted key
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully established trust of KeyInfo-derived credential
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Assertion Issuer of : http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.SAML20AssertionValidator - Matched valid issuer: http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.SAML20AssertionValidator - No Conditions were indicated as required
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotBefore '2025-08-28T12:16:52.442Z' against 'skewed now' time '2025-08-28T12:21:53.397234557Z'
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotOnOrAfter '2025-08-28T13:16:52.442Z' against 'skewed now' time '2025-08-28T12:11:53.397234557Z'
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Evaluating the Assertion's AudienceRestriction/Audience values against the list of valid audiences: [saml-box]
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Matched valid audience: saml-box
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.SAML20AssertionValidator - Assertion contains at least 1 SubjectConfirmation, proceeding with subject confirmation
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData NotOnOrAfter '2025-08-28T12:21:52.445Z' against 'skewed now' time '2025-08-28T12:11:53.397507869Z'
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@Recipient of : https://saml-box.com/login/saml2/sso
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Matched valid recipient: https://saml-box.com/login/saml2/sso
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@InResponseTo of: ARQ3d01342-5d6a-4f40-80c5-e0525e29116e
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Matched valid InResponseTo: ARQ3d01342-5d6a-4f40-80c5-e0525e29116e
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Successfully processed SAML Response [_bdda797c-ea14-41d8-a5d1-7b29b695b7ed]
2025-08-28 12:16:53 [https-jsse-nio-443-exec-467] DEBUG o.s.s.s.p.s.w.a.Saml2WebSsoAuthenticationFilter - Set SecurityContextHolder to Saml2Authentication [Principal=org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal@44825bb4, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=90.7.160.116, SessionId=61A2545832AD1A1166D99B367FEB10E5], Granted Authorities=[ROLE_USER]]
2025-08-28 12:16:53 [https-jsse-nio-443-exec-401] INFO c.b.s.c.SamlResponseController - SAML Response: PHNhbWxwOlJlc3BvbnNlIElEPSJfYmRkYTc5N2MtZWExNC00MWQ4LWE1ZDEtN2IyOWI2OTViN2VkIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyNS0wOC0yOFQxMjoxNjo1Mi40NDVaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9zYW1sLWJveC5jb20vbG9naW4vc2FtbDIvc3NvIiBDb25zZW50PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y29uc2VudDp1bnNwZWNpZmllZCIgSW5SZXNwb25zZVRvPSJBUlEzZDAxMzQyLTVkNmEtNGY0MC04MGM1LWUwNTI1ZTI5MTE2ZSIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PElzc3VlciB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cDovL2lkcC5hZC0xLmplZ2dhLmxhbi9hZGZzL3NlcnZpY2VzL3RydXN0PC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIiAvPjwvc2FtbHA6U3RhdHVzPjxBc3NlcnRpb24gSUQ9Il9kZTc1YzNiMi03YWFlLTRkOTMtYTM5ZS1iOGViMDhlN2MwOWUiIElzc3VlSW5zdGFudD0iMjAyNS0wOC0yOFQxMjoxNjo1Mi40NDRaIiBWZXJzaW9uPSIyLjAiIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48SXNzdWVyPmh0dHA6Ly9pZHAuYWQtMS5qZWdnYS5sYW4vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkczpSZWZlcmVuY2UgVVJJPSIjX2RlNzVjM2IyLTdhYWUtNGQ5My1hMzllLWI4ZWIwOGU3YzA5ZSI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiIC8+PGRzOkRpZ2VzdFZhbHVlPi96Ylg0UEo2RndENnY2d1VHa0RWNjliQXNpNFdQZmdoS3lxSHNDUlV1cmM9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPmU1UHdHZHpQVzNnUGZGVk5rSTBIK3dMSVRuYkdlOWJBQUFWaDB0Rm1SbkdYZ3hzYmtCb1dHNS93WElEaHJMQjlpTC9qbllhT1VkVjJwVWxzclAvQkdqV2RUdkk5OTN1THdpYVZUb2x6N2FkZy9rUThraTExMWhWbGJJM29YUHVCYW00K21XbU1BU1hJaWtkWlRMUDFSU1AzQjUzcWdKR2VleUowMFNZeHJEQ3hFZnkyR2FkYmxVTm1aVElBRmFwS21VNkoxVWRsZkZySUhQVkVMT0pCbzdWUVAwMkZ0Qyt3TFhLTkM0K0F5Qm5YNVplS0FPY1NDN3ZzcExUV0ZuYzlBYktiVFFQSUxEZktBdjNMNjUxd3lHY1FobitIbU1hZjNzWlRDd2FZdzROOUJ0dC9LVkY0TTMxTTdCdEd5cGQ3TUhHbTNQVDBwdisxajJ4ZEF6cE5uREFSNkRIT0c0M3J6aHRIRDlGd2VvTGcrUVVndW9UYVRZR0RJWmF3dXRGeWJkVkZJMHhsd0ZGT2Z6OHdLSU4xc3hKeUF0emNWZFVjUzllS1dWYUN3M24vZEVPVGNueVZnRitRdk5UaHd1VEJFOGdzUGM0dUJkcHlpSE9nVUt4VVlhLzl3d3BkbTBnRkVhMjF5bXA4KzlwUGpwUElZL2RTVkk1Z3g4R1loanhUZG5yYW9ROSt0L1I3Z2JSTjdkaEZlaXBoRXE1ZTFaa0JaL2VRa1NjaG1LNlJkc1Qyb0x4ZTVHZ1I1aGEzWXYxWkIyRHlqM0g4SkxsOVdSdlp2ZDd3UVdpQlhDN2d6ZUtIZWxPY2srK28xT0pQR0Z3cjhvNXJUbE0zR2UrUld4R2JLbFFPWFhiSGYvKyt3TXBtakVJTHNsRjczZGNSaTY4SkhjTGk4WVR6Q05jPTwvZHM6U2lnbmF0dXJlVmFsdWU+PEtleUluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUU0RENDQXNpZ0F3SUJBZ0lRU05pTC9SbndMYVZFWnMrampHbVMwakFOQmdrcWhraUc5dzBCQVFzRkFEQXNNU293S0FZRFZRUURFeUZCUkVaVElGTnBaMjVwYm1jZ0xTQnBaSEF1WVdRdE1TNXFaV2RuWVM1c1lXNHdIaGNOTWpVd09ESTRNRGt6TWpFeVdoY05Nall3T0RJNE1Ea3pNakV5V2pBc01Tb3dLQVlEVlFRREV5RkJSRVpUSUZOcFoyNXBibWNnTFNCcFpIQXVZV1F0TVM1cVpXZG5ZUzVzWVc0d2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURXbU1Iak95cFFraDcxSzBTeVFHNkFzVUlvSjBiZVArZVBvb3pZc254WXNyS0J4ZklvOGduMTQ1bmRiWWVsSS9Cdi9EeWJVUjgwOTIzaVFUVDBzTFFaZ2pYQXBYV1BKTld1VHlrMzF4ZW00YmFNdE05Z0hjZmY2WnVMNlNybExGZ2NvY1RpSzluY0szL1FnRjFRZFlJdDF1ZDVqKzRlWlpERzk2RnpEQTdXZVhpVzE1T0hqbEpzMHo1OUNmQ3MyZHBWVVIyNzRTYnZyRWFmWlFIUFFmZjhqZTNpekR6dkJPWnVGVC85dE04Ukd3WUpBZlpNWjBNT1Y2MXc5blZTTGJpUm43QTVrRFB1cVBVY3c0am9VbG52eGRDOGFPUWpLUjNKaTVnTkxJV0JhL3l0STJMd0FzSXl1RkZXdllJeGthTUVUdElQb3B2NDVwM2dmd1ZmYXc2ejBxWlp3WkVJSnY2REF1UXJNSkZjZ1NySWF5dUFYVHl5bDlVbHIxaDNCSnZDWUtZTXNlTkx5WHF3dXhvbExGdkppNHhQS24veklGVWlUNElEd04zeFdhNW84NGNhZVlQWURCK29ZMnFwb0JuTWI1YWlyWlpCZGRJVjhLaDZTaEI5TnFna1RZbTVoNng5VUNpemFpSnFORjhRakR4RHdXTHBEajRNUmFBZEh0K29xOXVydTZkQnQxVjM4ajdTVlZQaWFveDNxUkNET0ltT01aUEo4TVhVRXF2MzZzSnVmSmNJRjhwREM1VVdMSUdHYTF3U0g2N3Y1WHFCemtuNlMrZDlFQ3Z1UFFoeG1VSzN1R25XSlpXQjFkRGYrM2NPalUzZ2F4TTdCbGs5bFg4Slpsd2hCVVdIRkJhMGpSUkVneWVzRCtNRUo3TFpmQnpZbDdyZFI2OGNVUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ1MwR2ZjYnZSNGdnN3NvRUtEZ05QRnpPT05JZ2xubkJvS3A2TWJmYXFrcy9sVHlDWHBEaGlqRjFwZEhOYTVmUnlDZ1YyNFk2N2hzY0NwMjY5ZG92cjFPMHlPSm5mU0o4Qk1jY2hVWGNoY0dTSHd0ZjZpY2JvcndYaW0yV0dCS0hPZnpTcHVNYTFOaVAxNWxkSkpaYmVhNktLU1pUbk94QmFVNHdBMGlHcEZzMStoZGxhVjhYWndTVXN4NEkzN25JSFhPLzVXNlJVTU5Sek5ZbVZnc1Y5Q3dyN042MGRxc1k2T0FwWmxmK3g5MmRSWVBPSDBDRVRQMGtiZ0wxdUFrL0JzanlxcXNLTGIwWTBoR0NnQ2dmSWVYSlhIc1F0YWJLajhoL2ZZbTNqLzhTWnBDdEtvS1RCU3lXYUcxamcyTkJkMzdLK1UxanJyQVZRcDVaR21KanBJUXdhYmFJamVqUUtvRno4MnNyQnlKcVBDRm5Od1JoQktxV3dkaUtOeG9yaXY3NmxyemxyZmxrZSs4TFpDeGRlTkZQNkthWVpyRDJYbDIraEtLaEw0K1o0MWlIb25xM3pIZS9sWjFCR0FmSktUODVPTGxtL2FEeW1MQk5MR2dYdjBXN0pibVFZN3lURmJBL3g1RTFXY0lTMFNPWlphbFlyYVNTb1VPalFwZ055cVVrbjJFUmdoZHk0djA5TnliWEZ5ZEg4VDI3c2YrRWR3U09SU0xPa2pKRFhGc01zR2k0WVBMNVVIL2xnN0pPVGNnT2kzWEt2Y3ZVdnRvNGJhN2ZHV3JsVnNxY3NYdjBhbzhHandINlFyS1lEeTMvTjN6RGh3OUhoOUdQL1Y4NHM5WlR1UmJsWS8xQTNaQWxUTitlTzZvK1ZNZ2x0QTJ5YXc3MUVvNFJ3VERRPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48L2RzOlNpZ25hdHVyZT48U3ViamVjdD48TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPnVzZXIxQGplZ2dhLmxhbjwvTmFtZUlEPjxTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PFN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iQVJRM2QwMTM0Mi01ZDZhLTRmNDAtODBjNS1lMDUyNWUyOTExNmUiIE5vdE9uT3JBZnRlcj0iMjAyNS0wOC0yOFQxMjoyMTo1Mi40NDVaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc2FtbC1ib3guY29tL2xvZ2luL3NhbWwyL3NzbyIgLz48L1N1YmplY3RDb25maXJtYXRpb24+PC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyNS0wOC0yOFQxMjoxNjo1Mi40NDJaIiBOb3RPbk9yQWZ0ZXI9IjIwMjUtMDgtMjhUMTM6MTY6NTIuNDQyWiI+PEF1ZGllbmNlUmVzdHJpY3Rpb24+PEF1ZGllbmNlPnNhbWwtYm94PC9BdWRpZW5jZT48L0F1ZGllbmNlUmVzdHJpY3Rpb24+PC9Db25kaXRpb25zPjxBdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiPjxBdHRyaWJ1dGVWYWx1ZT51c2VyMUBqZWdnYS5sYW48L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvY2xhaW1zL0NvbW1vbk5hbWUiPjxBdHRyaWJ1dGVWYWx1ZT51c2VyMTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PC9BdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAyNS0wOC0yOFQxMDowMjo1My41NzJaIiBTZXNzaW9uSW5kZXg9Il9kZTc1YzNiMi03YWFlLTRkOTMtYTM5ZS1iOGViMDhlN2MwOWUiPjxBdXRobkNvbnRleHQ+PEF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9BdXRobkNvbnRleHRDbGFzc1JlZj48L0F1dGhuQ29udGV4dD48L0F1dGhuU3RhdGVtZW50PjwvQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+
2025-08-28 12:16:53 [https-jsse-nio-443-exec-401] INFO c.b.s.c.SamlResponseController - Relay State: e614f565-c6d6-42eb-9047-002054c6c562
2025-08-28 12:16:53 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:16:53 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:16:53 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:16:53 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:16:53 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 12:16:53 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 12:16:53 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 12:16:53 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 12:16:53 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 12:16:53 [https-jsse-nio-443-exec-401] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Processing SAML response from http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Enveloped signature transform
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Exclusive C14N signature transform
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion for criteria class org.opensaml.security.criteria.KeyAlgorithmCriterion
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.metadata.criteria.role.impl.EvaluableProtocolRoleDescriptorCriterion
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion for criteria class org.opensaml.security.criteria.UsageCriterion
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to verify signature and establish trust using KeyInfo-derived credentials
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Found 0 key names: []
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child with QName: {http://www.w3.org/2000/09/xmldsig#}X509Data
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.ECKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child {http://www.w3.org/2000/09/xmldsig#}X509Data with provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Attempting to extract credential from an X509Data
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 1 X509Certificates
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 0 X509CRLs
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Single certificate was present, treating as end-entity certificate
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Credentials successfully extracted from child {http://www.w3.org/2000/09/xmldsig#}X509Data by provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - A total of 1 credentials were resolved
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.xmlsec.keyinfo.KeyInfoCriterion
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Signature validation using candidate credential was successful
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully verified signature using KeyInfo-derived credential
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to establish trust of KeyInfo-derived credential
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.t.i.ExplicitKeyTrustEvaluator - Successfully validated untrusted credential against trusted key
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully established trust of KeyInfo-derived credential
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Assertion Issuer of : http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.SAML20AssertionValidator - Matched valid issuer: http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.SAML20AssertionValidator - No Conditions were indicated as required
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotBefore '2025-08-28T12:40:01.994Z' against 'skewed now' time '2025-08-28T12:45:03.145611732Z'
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotOnOrAfter '2025-08-28T13:40:01.994Z' against 'skewed now' time '2025-08-28T12:35:03.145611732Z'
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Evaluating the Assertion's AudienceRestriction/Audience values against the list of valid audiences: [saml-box]
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Matched valid audience: saml-box
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.SAML20AssertionValidator - Assertion contains at least 1 SubjectConfirmation, proceeding with subject confirmation
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData NotOnOrAfter '2025-08-28T12:45:01.997Z' against 'skewed now' time '2025-08-28T12:35:03.147287562Z'
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@Recipient of : https://saml-box.com/login/saml2/sso
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Matched valid recipient: https://saml-box.com/login/saml2/sso
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@InResponseTo of: ARQ41fe338-54e4-4a13-a84d-3e66a5bccefe
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] WARN o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Valid InResponseTo was not available from the validation context, unable to evaluate SubjectConfirmationData@InResponseTo
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.o.s.s.a.SAML20AssertionValidator - No subject confirmation methods were met for assertion with ID '_7daa3d45-1ab5-4ea6-84f6-9a1c947fab27'
2025-08-28 12:40:03 [https-jsse-nio-443-exec-484] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Found 3 validation errors in SAML response [_5fd960aa-d04e-4ade-bc1b-c41797182f2f]
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Processing SAML response from http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Enveloped signature transform
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Exclusive C14N signature transform
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion for criteria class org.opensaml.security.criteria.KeyAlgorithmCriterion
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.metadata.criteria.role.impl.EvaluableProtocolRoleDescriptorCriterion
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion for criteria class org.opensaml.security.criteria.UsageCriterion
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to verify signature and establish trust using KeyInfo-derived credentials
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Found 0 key names: []
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child with QName: {http://www.w3.org/2000/09/xmldsig#}X509Data
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.ECKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child {http://www.w3.org/2000/09/xmldsig#}X509Data with provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Attempting to extract credential from an X509Data
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 1 X509Certificates
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 0 X509CRLs
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Single certificate was present, treating as end-entity certificate
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Credentials successfully extracted from child {http://www.w3.org/2000/09/xmldsig#}X509Data by provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - A total of 1 credentials were resolved
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.xmlsec.keyinfo.KeyInfoCriterion
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Signature validation using candidate credential was successful
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully verified signature using KeyInfo-derived credential
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to establish trust of KeyInfo-derived credential
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.t.i.ExplicitKeyTrustEvaluator - Successfully validated untrusted credential against trusted key
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully established trust of KeyInfo-derived credential
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Assertion Issuer of : http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.SAML20AssertionValidator - Matched valid issuer: http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.SAML20AssertionValidator - No Conditions were indicated as required
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotBefore '2025-08-28T14:02:23.475Z' against 'skewed now' time '2025-08-28T14:07:24.612157957Z'
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotOnOrAfter '2025-08-28T15:02:23.475Z' against 'skewed now' time '2025-08-28T13:57:24.612157957Z'
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Evaluating the Assertion's AudienceRestriction/Audience values against the list of valid audiences: [saml-box]
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Matched valid audience: saml-box
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.SAML20AssertionValidator - Assertion contains at least 1 SubjectConfirmation, proceeding with subject confirmation
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData NotOnOrAfter '2025-08-28T14:07:23.517Z' against 'skewed now' time '2025-08-28T13:57:24.612479266Z'
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@Recipient of : https://saml-box.com/login/saml2/sso
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Matched valid recipient: https://saml-box.com/login/saml2/sso
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@InResponseTo of: ARQ4bbfed2-646a-4961-855c-c91620567401
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Matched valid InResponseTo: ARQ4bbfed2-646a-4961-855c-c91620567401
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Successfully processed SAML Response [_ad8278c5-9641-48a4-ac86-454c32862024]
2025-08-28 14:02:24 [https-jsse-nio-443-exec-478] DEBUG o.s.s.s.p.s.w.a.Saml2WebSsoAuthenticationFilter - Set SecurityContextHolder to Saml2Authentication [Principal=org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal@44825bb4, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=90.7.160.116, SessionId=9ABA520ECBC77670B67466C0CD8CC8A5], Granted Authorities=[ROLE_USER]]
2025-08-28 14:02:24 [https-jsse-nio-443-exec-467] INFO c.b.s.c.SamlResponseController - SAML Response: PHNhbWxwOlJlc3BvbnNlIElEPSJfYWQ4Mjc4YzUtOTY0MS00OGE0LWFjODYtNDU0YzMyODYyMDI0IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyNS0wOC0yOFQxNDowMjoyMy41MTdaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9zYW1sLWJveC5jb20vbG9naW4vc2FtbDIvc3NvIiBDb25zZW50PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y29uc2VudDp1bnNwZWNpZmllZCIgSW5SZXNwb25zZVRvPSJBUlE0YmJmZWQyLTY0NmEtNDk2MS04NTVjLWM5MTYyMDU2NzQwMSIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PElzc3VlciB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cDovL2lkcC5hZC0xLmplZ2dhLmxhbi9hZGZzL3NlcnZpY2VzL3RydXN0PC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIiAvPjwvc2FtbHA6U3RhdHVzPjxBc3NlcnRpb24gSUQ9Il82YzU2YzI0My03MDNlLTRmNmUtOTQ0Yi00N2I2ZDA3YmE2ZjAiIElzc3VlSW5zdGFudD0iMjAyNS0wOC0yOFQxNDowMjoyMy40ODVaIiBWZXJzaW9uPSIyLjAiIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48SXNzdWVyPmh0dHA6Ly9pZHAuYWQtMS5qZWdnYS5sYW4vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkczpSZWZlcmVuY2UgVVJJPSIjXzZjNTZjMjQzLTcwM2UtNGY2ZS05NDRiLTQ3YjZkMDdiYTZmMCI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiIC8+PGRzOkRpZ2VzdFZhbHVlPlRJTmtPZU1iMWZUamQzazFGdkdubzFSMzFyVW9NeWxWeDJQbUZBVHFWNDQ9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPkNZbkc3YU0wK2ZaYlB2L25OaTZqeDB6M0xPNW5tZ2QyMzY1NDdHeDA4MGVqT0ZFL2dhQmUvWDMxL1ZOSmNoSHJIZFc2Sm1SbGlvcGlUQ2JuSEVINE8vU3VLWGlEd2VxeFNqYlhqVHFMUUhVc0JYWDlmdTVlcWtpZmRwVkIwbkkreG9yNU1NZ09nSWIvOUNqaDY0RjZHVGZJUStMbGErUnJ2djFiKzBIODI1Uk5JdWc0bE9TK2VweGVNeDFsZ2RPb1J2WmxNOHVlbkh5V29hbFNiQVFLdVcvNXFNelEyMkpSWXdVTWFoOWY5b3ZlVG5laTRUZ2dWSEpTVTdBSkZ1aXRFYUFhYUd0SngwSlBsdURGODl6aEZRZWk3ejlmWStmQ0NnbmJRUXhabzBMMmZMS1NNWWt5ejBOYzNiV3l0eWVtbmVGYmpCSlA4Z0RIU0hkSmpmRHVoYjRGWDhBT2FPVHlSK3MxTXZhSEl1ejBwRG9JbW40b2xEalcvaEVvZTBhNFlnOGpZVXdKOGlMWEpPamJ0UXVvaVQyWDJuTnI5SkU2dW5sbXMyK1hUUXdpSFRnZTdDQzArRDlJWEwrWUJ0eWFJVUo4bmZoQW1uWGY0QUZmNTFOU0YxNDVaNmhsdkFNWDVnL3JCYWtpbythekJzaDlQbXQwQUM1S0w3OFhmV29LT09ZZkptckNnMU13N0ZTUGRSV09pUklXazVwQnNLSFhQd0xiZWpLMUYyT3AwTk5zNFd1RzFPWHZFQmp4cGhMUVhpQ3l3dGNmeHhCaWE4a29yR1pnOGFObUtNejROYnd3R0RkZjR0Rmh5TEs3YzVGQUlqbmpzWDFKSHlGV1czN0pJbnBKdDVtYlBYZ09sWDVJMXRzL0cwTU03bXV2QWtnd2pZdFBTcHBHT0JRPTwvZHM6U2lnbmF0dXJlVmFsdWU+PEtleUluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUU0RENDQXNpZ0F3SUJBZ0lRU05pTC9SbndMYVZFWnMrampHbVMwakFOQmdrcWhraUc5dzBCQVFzRkFEQXNNU293S0FZRFZRUURFeUZCUkVaVElGTnBaMjVwYm1jZ0xTQnBaSEF1WVdRdE1TNXFaV2RuWVM1c1lXNHdIaGNOTWpVd09ESTRNRGt6TWpFeVdoY05Nall3T0RJNE1Ea3pNakV5V2pBc01Tb3dLQVlEVlFRREV5RkJSRVpUSUZOcFoyNXBibWNnTFNCcFpIQXVZV1F0TVM1cVpXZG5ZUzVzWVc0d2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURXbU1Iak95cFFraDcxSzBTeVFHNkFzVUlvSjBiZVArZVBvb3pZc254WXNyS0J4ZklvOGduMTQ1bmRiWWVsSS9Cdi9EeWJVUjgwOTIzaVFUVDBzTFFaZ2pYQXBYV1BKTld1VHlrMzF4ZW00YmFNdE05Z0hjZmY2WnVMNlNybExGZ2NvY1RpSzluY0szL1FnRjFRZFlJdDF1ZDVqKzRlWlpERzk2RnpEQTdXZVhpVzE1T0hqbEpzMHo1OUNmQ3MyZHBWVVIyNzRTYnZyRWFmWlFIUFFmZjhqZTNpekR6dkJPWnVGVC85dE04Ukd3WUpBZlpNWjBNT1Y2MXc5blZTTGJpUm43QTVrRFB1cVBVY3c0am9VbG52eGRDOGFPUWpLUjNKaTVnTkxJV0JhL3l0STJMd0FzSXl1RkZXdllJeGthTUVUdElQb3B2NDVwM2dmd1ZmYXc2ejBxWlp3WkVJSnY2REF1UXJNSkZjZ1NySWF5dUFYVHl5bDlVbHIxaDNCSnZDWUtZTXNlTkx5WHF3dXhvbExGdkppNHhQS24veklGVWlUNElEd04zeFdhNW84NGNhZVlQWURCK29ZMnFwb0JuTWI1YWlyWlpCZGRJVjhLaDZTaEI5TnFna1RZbTVoNng5VUNpemFpSnFORjhRakR4RHdXTHBEajRNUmFBZEh0K29xOXVydTZkQnQxVjM4ajdTVlZQaWFveDNxUkNET0ltT01aUEo4TVhVRXF2MzZzSnVmSmNJRjhwREM1VVdMSUdHYTF3U0g2N3Y1WHFCemtuNlMrZDlFQ3Z1UFFoeG1VSzN1R25XSlpXQjFkRGYrM2NPalUzZ2F4TTdCbGs5bFg4Slpsd2hCVVdIRkJhMGpSUkVneWVzRCtNRUo3TFpmQnpZbDdyZFI2OGNVUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ1MwR2ZjYnZSNGdnN3NvRUtEZ05QRnpPT05JZ2xubkJvS3A2TWJmYXFrcy9sVHlDWHBEaGlqRjFwZEhOYTVmUnlDZ1YyNFk2N2hzY0NwMjY5ZG92cjFPMHlPSm5mU0o4Qk1jY2hVWGNoY0dTSHd0ZjZpY2JvcndYaW0yV0dCS0hPZnpTcHVNYTFOaVAxNWxkSkpaYmVhNktLU1pUbk94QmFVNHdBMGlHcEZzMStoZGxhVjhYWndTVXN4NEkzN25JSFhPLzVXNlJVTU5Sek5ZbVZnc1Y5Q3dyN042MGRxc1k2T0FwWmxmK3g5MmRSWVBPSDBDRVRQMGtiZ0wxdUFrL0JzanlxcXNLTGIwWTBoR0NnQ2dmSWVYSlhIc1F0YWJLajhoL2ZZbTNqLzhTWnBDdEtvS1RCU3lXYUcxamcyTkJkMzdLK1UxanJyQVZRcDVaR21KanBJUXdhYmFJamVqUUtvRno4MnNyQnlKcVBDRm5Od1JoQktxV3dkaUtOeG9yaXY3NmxyemxyZmxrZSs4TFpDeGRlTkZQNkthWVpyRDJYbDIraEtLaEw0K1o0MWlIb25xM3pIZS9sWjFCR0FmSktUODVPTGxtL2FEeW1MQk5MR2dYdjBXN0pibVFZN3lURmJBL3g1RTFXY0lTMFNPWlphbFlyYVNTb1VPalFwZ055cVVrbjJFUmdoZHk0djA5TnliWEZ5ZEg4VDI3c2YrRWR3U09SU0xPa2pKRFhGc01zR2k0WVBMNVVIL2xnN0pPVGNnT2kzWEt2Y3ZVdnRvNGJhN2ZHV3JsVnNxY3NYdjBhbzhHandINlFyS1lEeTMvTjN6RGh3OUhoOUdQL1Y4NHM5WlR1UmJsWS8xQTNaQWxUTitlTzZvK1ZNZ2x0QTJ5YXc3MUVvNFJ3VERRPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48L2RzOlNpZ25hdHVyZT48U3ViamVjdD48TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPnVzZXIxQGplZ2dhLmxhbjwvTmFtZUlEPjxTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PFN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iQVJRNGJiZmVkMi02NDZhLTQ5NjEtODU1Yy1jOTE2MjA1Njc0MDEiIE5vdE9uT3JBZnRlcj0iMjAyNS0wOC0yOFQxNDowNzoyMy41MTdaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc2FtbC1ib3guY29tL2xvZ2luL3NhbWwyL3NzbyIgLz48L1N1YmplY3RDb25maXJtYXRpb24+PC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyNS0wOC0yOFQxNDowMjoyMy40NzVaIiBOb3RPbk9yQWZ0ZXI9IjIwMjUtMDgtMjhUMTU6MDI6MjMuNDc1WiI+PEF1ZGllbmNlUmVzdHJpY3Rpb24+PEF1ZGllbmNlPnNhbWwtYm94PC9BdWRpZW5jZT48L0F1ZGllbmNlUmVzdHJpY3Rpb24+PC9Db25kaXRpb25zPjxBdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiPjxBdHRyaWJ1dGVWYWx1ZT51c2VyMUBqZWdnYS5sYW48L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvY2xhaW1zL0NvbW1vbk5hbWUiPjxBdHRyaWJ1dGVWYWx1ZT51c2VyMTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PC9BdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAyNS0wOC0yOFQxNDowMjoyMi44MjRaIiBTZXNzaW9uSW5kZXg9Il82YzU2YzI0My03MDNlLTRmNmUtOTQ0Yi00N2I2ZDA3YmE2ZjAiPjxBdXRobkNvbnRleHQ+PEF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9BdXRobkNvbnRleHRDbGFzc1JlZj48L0F1dGhuQ29udGV4dD48L0F1dGhuU3RhdGVtZW50PjwvQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+
2025-08-28 14:02:24 [https-jsse-nio-443-exec-467] INFO c.b.s.c.SamlResponseController - Relay State: 90540ead-d4de-4da3-9d30-01aa862ac2d2
2025-08-28 14:02:24 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:02:24 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:02:24 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:02:24 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:02:24 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 14:02:24 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 14:02:24 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 14:02:24 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 14:02:24 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 14:02:24 [https-jsse-nio-443-exec-467] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.algorithm.AlgorithmRegistry - Runtime support eval for algorithm URI 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256': supported
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.algorithm.AlgorithmRegistry - Runtime support eval for algorithm URI 'http://www.w3.org/2001/04/xmlenc#sha256': supported
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Resolved SignatureSigningParameters:
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signing credential with key algorithm: RSA
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Signature KeyInfoGenerator: org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory$X509KeyInfoGenerator
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Reference digest method algorithm URI: http://www.w3.org/2001/04/xmlenc#sha256
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Reference canonicalization algorithm URI: null
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - Canonicalization algorithm URI: http://www.w3.org/2001/10/xml-exc-c14n#
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.i.BasicSignatureSigningParametersResolver - HMAC output length: null
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.saml.common.SAMLObjectSupport - Examining signed object for content references with exclusive canonicalization transform
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.saml.common.SAMLObjectSupport - Saw exclusive transform, declaring non-visible namespaces on signed object
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureMarshaller - Starting to marshall {http://www.w3.org/2000/09/xmldsig#}Signature
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureMarshaller - Creating XMLSignature object
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureMarshaller - Adding content to XMLSignature.
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.s.c.SAMLObjectContentReference - Adding list of inclusive namespaces for signature exclusive canonicalization transform
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureMarshaller - Creating Signature DOM element
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.xmlsec.signature.support.Signer - Using a signer of implemenation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignerProviderImpl
2025-08-28 14:03:08 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignerProviderImpl - Computing signature over XMLSignature object
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Enveloped signature transform
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Exclusive C14N signature transform
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion for criteria class org.opensaml.security.criteria.KeyAlgorithmCriterion
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.metadata.criteria.role.impl.EvaluableProtocolRoleDescriptorCriterion
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion for criteria class org.opensaml.security.criteria.UsageCriterion
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to verify signature and establish trust using KeyInfo-derived credentials
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Found 0 key names: []
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child with QName: {http://www.w3.org/2000/09/xmldsig#}X509Data
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.ECKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child {http://www.w3.org/2000/09/xmldsig#}X509Data with provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Attempting to extract credential from an X509Data
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 1 X509Certificates
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 0 X509CRLs
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Single certificate was present, treating as end-entity certificate
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Credentials successfully extracted from child {http://www.w3.org/2000/09/xmldsig#}X509Data by provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - A total of 1 credentials were resolved
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.xmlsec.keyinfo.KeyInfoCriterion
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Signature validation using candidate credential was successful
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully verified signature using KeyInfo-derived credential
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to establish trust of KeyInfo-derived credential
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.s.t.i.ExplicitKeyTrustEvaluator - Successfully validated untrusted credential against trusted key
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully established trust of KeyInfo-derived credential
2025-08-28 14:03:08 [https-jsse-nio-443-exec-485] DEBUG o.s.s.s.p.s.w.a.l.Saml2LogoutResponseFilter - Failed to validate LogoutResponse: [[invalid_response] Response indicated logout failed]
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Processing SAML response from http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Enveloped signature transform
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Exclusive C14N signature transform
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion for criteria class org.opensaml.security.criteria.KeyAlgorithmCriterion
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.metadata.criteria.role.impl.EvaluableProtocolRoleDescriptorCriterion
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion for criteria class org.opensaml.security.criteria.UsageCriterion
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to verify signature and establish trust using KeyInfo-derived credentials
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Found 0 key names: []
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child with QName: {http://www.w3.org/2000/09/xmldsig#}X509Data
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.ECKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child {http://www.w3.org/2000/09/xmldsig#}X509Data with provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Attempting to extract credential from an X509Data
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 1 X509Certificates
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 0 X509CRLs
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Single certificate was present, treating as end-entity certificate
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Credentials successfully extracted from child {http://www.w3.org/2000/09/xmldsig#}X509Data by provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - A total of 1 credentials were resolved
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.xmlsec.keyinfo.KeyInfoCriterion
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Signature validation using candidate credential was successful
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully verified signature using KeyInfo-derived credential
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to establish trust of KeyInfo-derived credential
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.t.i.ExplicitKeyTrustEvaluator - Successfully validated untrusted credential against trusted key
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully established trust of KeyInfo-derived credential
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Assertion Issuer of : http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.SAML20AssertionValidator - Matched valid issuer: http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.SAML20AssertionValidator - No Conditions were indicated as required
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotBefore '2025-08-28T14:03:22.200Z' against 'skewed now' time '2025-08-28T14:08:23.036530926Z'
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotOnOrAfter '2025-08-28T15:03:22.200Z' against 'skewed now' time '2025-08-28T13:58:23.036530926Z'
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Evaluating the Assertion's AudienceRestriction/Audience values against the list of valid audiences: [saml-box]
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Matched valid audience: saml-box
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.SAML20AssertionValidator - Assertion contains at least 1 SubjectConfirmation, proceeding with subject confirmation
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData NotOnOrAfter '2025-08-28T14:08:22.202Z' against 'skewed now' time '2025-08-28T13:58:23.036842699Z'
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@Recipient of : https://saml-box.com/login/saml2/sso
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Matched valid recipient: https://saml-box.com/login/saml2/sso
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@InResponseTo of: ARQ2541dce-6648-4511-baa7-4fb71ab50505
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Matched valid InResponseTo: ARQ2541dce-6648-4511-baa7-4fb71ab50505
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Successfully processed SAML Response [_5e244547-5115-4b49-bf0f-53588b7db21f]
2025-08-28 14:03:23 [https-jsse-nio-443-exec-393] DEBUG o.s.s.s.p.s.w.a.Saml2WebSsoAuthenticationFilter - Set SecurityContextHolder to Saml2Authentication [Principal=org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal@44825bb4, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=90.7.160.116, SessionId=D44B32C39EE3A880663FBDC5662643FD], Granted Authorities=[ROLE_USER]]
2025-08-28 14:03:23 [https-jsse-nio-443-exec-478] INFO c.b.s.c.SamlResponseController - SAML Response: PHNhbWxwOlJlc3BvbnNlIElEPSJfNWUyNDQ1NDctNTExNS00YjQ5LWJmMGYtNTM1ODhiN2RiMjFmIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyNS0wOC0yOFQxNDowMzoyMi4yMDJaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9zYW1sLWJveC5jb20vbG9naW4vc2FtbDIvc3NvIiBDb25zZW50PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y29uc2VudDp1bnNwZWNpZmllZCIgSW5SZXNwb25zZVRvPSJBUlEyNTQxZGNlLTY2NDgtNDUxMS1iYWE3LTRmYjcxYWI1MDUwNSIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PElzc3VlciB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cDovL2lkcC5hZC0xLmplZ2dhLmxhbi9hZGZzL3NlcnZpY2VzL3RydXN0PC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIiAvPjwvc2FtbHA6U3RhdHVzPjxBc3NlcnRpb24gSUQ9Il8zOTBmY2E5ZS1mZDM3LTQ2ZDktYjY3YS04YTA3N2FkZjRlYTkiIElzc3VlSW5zdGFudD0iMjAyNS0wOC0yOFQxNDowMzoyMi4yMDJaIiBWZXJzaW9uPSIyLjAiIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48SXNzdWVyPmh0dHA6Ly9pZHAuYWQtMS5qZWdnYS5sYW4vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkczpSZWZlcmVuY2UgVVJJPSIjXzM5MGZjYTllLWZkMzctNDZkOS1iNjdhLThhMDc3YWRmNGVhOSI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiIC8+PGRzOkRpZ2VzdFZhbHVlPkMrTUdRMTVWYzdjOFhBOXptN2RrUC8xb0tmbDZMbnVxYzdFL2RhUGI1Z2c9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPktpVmFERmM3cDhuUDlvY0lYTnZBVENOMG5GSjFQaTVtSWx4TGhDcmlMOG44TU5NSloxSHZvUEs0UkoyWkNkU1BBRDVaMEkyS1czME9RYlhTTXR2OE84TkFtUGhBKzVEUS9KRERmSHFlUmsrbkJsYUJQZXp6OWlDSWJxbllxUkwwcFAzaEs4YU5Oc1g0enlJOUFqMTlUQnE1RHE4VTlxMWNZYVNWV1pzVXhrTWlCYVNrWUJrbjg4WGdaS0dFa1dkZ2s2ZVYycFhTdktub0VIY1ZEdWlBTTd2Vm91VWRrekp0Wm15QVVBUUFMVUU0aXF2Ri9DaWFQbFAycWZvN1ZZWVplOTNWQnZudVVSbTR0ZUtzb1BjQlRHaUtrWncwUjYxYVFOaUx6elFnblhMUXNaWVhJd2JzNlRIMjFRQllXNTlpS3M3ZXVpNHdHWmRGNHlUWWN1Q2NzZ2hManJuSlgvUEFPaTU4NjBnRWJPSkNqQUNYWWF2MWxCaEw0VWVhUU5vc0xkdTBER0FaVUs2WllYT2FzaytGZEYwYitNS09xRGU5ZnV4MEpjM3lDS2szUUdPaDBpaW1mMGRnTURkMVRibDFldHJVQXUwNkJmOHM5cUkwWnNmMHlKc25Wdm8xYkpBY3NoYktXVU82dzVCMFVJK1MzZm1KczkrR1lPa3VLYmQxQkhjNlZhcFhMQ005UVNBckR1VjB4WEhJM1E3MmNPTHRpQlNtaGJuMmVZbnBKcVJzTGFVTGNXU0F1VFRsQnV6V0xpYko1cmJXdnhKcDVlNHQrWSt6Z0RpQWlLRTA2aXJxS3lxNUdZMlVrYi9wZkEwMFpQM1gzWmtUNTRhUzZNS0xUSHR5YzdUbjJOUVJXamQ2eTJ5dWVsYjd5VkZhK0s5bjJkMG15L2Q3azAwPTwvZHM6U2lnbmF0dXJlVmFsdWU+PEtleUluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUU0RENDQXNpZ0F3SUJBZ0lRU05pTC9SbndMYVZFWnMrampHbVMwakFOQmdrcWhraUc5dzBCQVFzRkFEQXNNU293S0FZRFZRUURFeUZCUkVaVElGTnBaMjVwYm1jZ0xTQnBaSEF1WVdRdE1TNXFaV2RuWVM1c1lXNHdIaGNOTWpVd09ESTRNRGt6TWpFeVdoY05Nall3T0RJNE1Ea3pNakV5V2pBc01Tb3dLQVlEVlFRREV5RkJSRVpUSUZOcFoyNXBibWNnTFNCcFpIQXVZV1F0TVM1cVpXZG5ZUzVzWVc0d2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURXbU1Iak95cFFraDcxSzBTeVFHNkFzVUlvSjBiZVArZVBvb3pZc254WXNyS0J4ZklvOGduMTQ1bmRiWWVsSS9Cdi9EeWJVUjgwOTIzaVFUVDBzTFFaZ2pYQXBYV1BKTld1VHlrMzF4ZW00YmFNdE05Z0hjZmY2WnVMNlNybExGZ2NvY1RpSzluY0szL1FnRjFRZFlJdDF1ZDVqKzRlWlpERzk2RnpEQTdXZVhpVzE1T0hqbEpzMHo1OUNmQ3MyZHBWVVIyNzRTYnZyRWFmWlFIUFFmZjhqZTNpekR6dkJPWnVGVC85dE04Ukd3WUpBZlpNWjBNT1Y2MXc5blZTTGJpUm43QTVrRFB1cVBVY3c0am9VbG52eGRDOGFPUWpLUjNKaTVnTkxJV0JhL3l0STJMd0FzSXl1RkZXdllJeGthTUVUdElQb3B2NDVwM2dmd1ZmYXc2ejBxWlp3WkVJSnY2REF1UXJNSkZjZ1NySWF5dUFYVHl5bDlVbHIxaDNCSnZDWUtZTXNlTkx5WHF3dXhvbExGdkppNHhQS24veklGVWlUNElEd04zeFdhNW84NGNhZVlQWURCK29ZMnFwb0JuTWI1YWlyWlpCZGRJVjhLaDZTaEI5TnFna1RZbTVoNng5VUNpemFpSnFORjhRakR4RHdXTHBEajRNUmFBZEh0K29xOXVydTZkQnQxVjM4ajdTVlZQaWFveDNxUkNET0ltT01aUEo4TVhVRXF2MzZzSnVmSmNJRjhwREM1VVdMSUdHYTF3U0g2N3Y1WHFCemtuNlMrZDlFQ3Z1UFFoeG1VSzN1R25XSlpXQjFkRGYrM2NPalUzZ2F4TTdCbGs5bFg4Slpsd2hCVVdIRkJhMGpSUkVneWVzRCtNRUo3TFpmQnpZbDdyZFI2OGNVUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ1MwR2ZjYnZSNGdnN3NvRUtEZ05QRnpPT05JZ2xubkJvS3A2TWJmYXFrcy9sVHlDWHBEaGlqRjFwZEhOYTVmUnlDZ1YyNFk2N2hzY0NwMjY5ZG92cjFPMHlPSm5mU0o4Qk1jY2hVWGNoY0dTSHd0ZjZpY2JvcndYaW0yV0dCS0hPZnpTcHVNYTFOaVAxNWxkSkpaYmVhNktLU1pUbk94QmFVNHdBMGlHcEZzMStoZGxhVjhYWndTVXN4NEkzN25JSFhPLzVXNlJVTU5Sek5ZbVZnc1Y5Q3dyN042MGRxc1k2T0FwWmxmK3g5MmRSWVBPSDBDRVRQMGtiZ0wxdUFrL0JzanlxcXNLTGIwWTBoR0NnQ2dmSWVYSlhIc1F0YWJLajhoL2ZZbTNqLzhTWnBDdEtvS1RCU3lXYUcxamcyTkJkMzdLK1UxanJyQVZRcDVaR21KanBJUXdhYmFJamVqUUtvRno4MnNyQnlKcVBDRm5Od1JoQktxV3dkaUtOeG9yaXY3NmxyemxyZmxrZSs4TFpDeGRlTkZQNkthWVpyRDJYbDIraEtLaEw0K1o0MWlIb25xM3pIZS9sWjFCR0FmSktUODVPTGxtL2FEeW1MQk5MR2dYdjBXN0pibVFZN3lURmJBL3g1RTFXY0lTMFNPWlphbFlyYVNTb1VPalFwZ055cVVrbjJFUmdoZHk0djA5TnliWEZ5ZEg4VDI3c2YrRWR3U09SU0xPa2pKRFhGc01zR2k0WVBMNVVIL2xnN0pPVGNnT2kzWEt2Y3ZVdnRvNGJhN2ZHV3JsVnNxY3NYdjBhbzhHandINlFyS1lEeTMvTjN6RGh3OUhoOUdQL1Y4NHM5WlR1UmJsWS8xQTNaQWxUTitlTzZvK1ZNZ2x0QTJ5YXc3MUVvNFJ3VERRPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48L2RzOlNpZ25hdHVyZT48U3ViamVjdD48TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPnVzZXIxQGplZ2dhLmxhbjwvTmFtZUlEPjxTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PFN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iQVJRMjU0MWRjZS02NjQ4LTQ1MTEtYmFhNy00ZmI3MWFiNTA1MDUiIE5vdE9uT3JBZnRlcj0iMjAyNS0wOC0yOFQxNDowODoyMi4yMDJaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc2FtbC1ib3guY29tL2xvZ2luL3NhbWwyL3NzbyIgLz48L1N1YmplY3RDb25maXJtYXRpb24+PC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyNS0wOC0yOFQxNDowMzoyMi4yMDBaIiBOb3RPbk9yQWZ0ZXI9IjIwMjUtMDgtMjhUMTU6MDM6MjIuMjAwWiI+PEF1ZGllbmNlUmVzdHJpY3Rpb24+PEF1ZGllbmNlPnNhbWwtYm94PC9BdWRpZW5jZT48L0F1ZGllbmNlUmVzdHJpY3Rpb24+PC9Db25kaXRpb25zPjxBdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiPjxBdHRyaWJ1dGVWYWx1ZT51c2VyMUBqZWdnYS5sYW48L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvY2xhaW1zL0NvbW1vbk5hbWUiPjxBdHRyaWJ1dGVWYWx1ZT51c2VyMTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PC9BdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAyNS0wOC0yOFQxNDowMzoyMi4xNzJaIiBTZXNzaW9uSW5kZXg9Il8zOTBmY2E5ZS1mZDM3LTQ2ZDktYjY3YS04YTA3N2FkZjRlYTkiPjxBdXRobkNvbnRleHQ+PEF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9BdXRobkNvbnRleHRDbGFzc1JlZj48L0F1dGhuQ29udGV4dD48L0F1dGhuU3RhdGVtZW50PjwvQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+
2025-08-28 14:03:23 [https-jsse-nio-443-exec-478] INFO c.b.s.c.SamlResponseController - Relay State: 97187710-3abb-4c2c-a5c5-591d08aa0870
2025-08-28 14:03:23 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:03:23 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:03:23 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:03:23 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:03:23 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 14:03:23 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 14:03:23 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 14:03:23 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 14:03:23 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 14:03:23 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Processing SAML response from http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Enveloped signature transform
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.i.SAMLSignatureProfileValidator - Saw Exclusive C14N signature transform
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion for criteria class org.opensaml.security.criteria.KeyAlgorithmCriterion
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.metadata.criteria.role.impl.EvaluableProtocolRoleDescriptorCriterion
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion for criteria class org.opensaml.security.criteria.UsageCriterion
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to verify signature and establish trust using KeyInfo-derived credentials
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Found 0 key names: []
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child with QName: {http://www.w3.org/2000/09/xmldsig#}X509Data
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.ECKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Processing KeyInfo child {http://www.w3.org/2000/09/xmldsig#}X509Data with provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Attempting to extract credential from an X509Data
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 1 X509Certificates
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Found 0 X509CRLs
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.p.InlineX509DataProvider - Single certificate was present, treating as end-entity certificate
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - Credentials successfully extracted from child {http://www.w3.org/2000/09/xmldsig#}X509Data by provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.k.i.BasicProviderKeyInfoCredentialResolver - A total of 1 credentials were resolved
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.c.c.i.EvaluableCredentialCriteriaRegistry - Registry could not locate evaluable criteria for criteria class org.opensaml.xmlsec.keyinfo.KeyInfoCriterion
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Signature validation using candidate credential was successful
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully verified signature using KeyInfo-derived credential
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Attempting to establish trust of KeyInfo-derived credential
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.t.i.ExplicitKeyTrustEvaluator - Successfully validated untrusted credential against trusted key
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.x.s.s.i.BaseSignatureTrustEngine - Successfully established trust of KeyInfo-derived credential
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Assertion Issuer of : http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.SAML20AssertionValidator - Matched valid issuer: http://idp.ad-1.jegga.lan/adfs/services/trust
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.SAML20AssertionValidator - No Conditions were indicated as required
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotBefore '2025-08-28T14:03:39.713Z' against 'skewed now' time '2025-08-28T14:08:40.569780135Z'
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.SAML20AssertionValidator - Evaluating Conditions NotOnOrAfter '2025-08-28T15:03:39.713Z' against 'skewed now' time '2025-08-28T13:58:40.569780135Z'
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Evaluating the Assertion's AudienceRestriction/Audience values against the list of valid audiences: [saml-box]
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.i.AudienceRestrictionConditionValidator - Matched valid audience: saml-box
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.SAML20AssertionValidator - Assertion contains at least 1 SubjectConfirmation, proceeding with subject confirmation
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData NotOnOrAfter '2025-08-28T14:08:39.716Z' against 'skewed now' time '2025-08-28T13:58:40.569996858Z'
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@Recipient of : https://saml-box.com/login/saml2/sso
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Matched valid recipient: https://saml-box.com/login/saml2/sso
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Evaluating SubjectConfirmationData@InResponseTo of: ARQ1dd7e63-b037-4970-a9b0-593fb21b582c
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.o.s.s.a.i.AbstractSubjectConfirmationValidator - Matched valid InResponseTo: ARQ1dd7e63-b037-4970-a9b0-593fb21b582c
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.s.s.s.p.s.a.BaseOpenSamlAuthenticationProvider - Successfully processed SAML Response [_034e4ea1-296b-4b33-92ec-f2a4b10fdeb4]
2025-08-28 14:03:40 [https-jsse-nio-443-exec-485] DEBUG o.s.s.s.p.s.w.a.Saml2WebSsoAuthenticationFilter - Set SecurityContextHolder to Saml2Authentication [Principal=org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal@44825bb4, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=90.7.160.116, SessionId=E5587B3CC670BA80F7EFDE27B18541D9], Granted Authorities=[ROLE_USER]]
2025-08-28 14:03:40 [https-jsse-nio-443-exec-478] INFO c.b.s.c.SamlResponseController - SAML Response: PHNhbWxwOlJlc3BvbnNlIElEPSJfMDM0ZTRlYTEtMjk2Yi00YjMzLTkyZWMtZjJhNGIxMGZkZWI0IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyNS0wOC0yOFQxNDowMzozOS43MTZaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9zYW1sLWJveC5jb20vbG9naW4vc2FtbDIvc3NvIiBDb25zZW50PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y29uc2VudDp1bnNwZWNpZmllZCIgSW5SZXNwb25zZVRvPSJBUlExZGQ3ZTYzLWIwMzctNDk3MC1hOWIwLTU5M2ZiMjFiNTgyYyIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PElzc3VlciB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cDovL2lkcC5hZC0xLmplZ2dhLmxhbi9hZGZzL3NlcnZpY2VzL3RydXN0PC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIiAvPjwvc2FtbHA6U3RhdHVzPjxBc3NlcnRpb24gSUQ9Il85N2Q0YmM1Ny01NjI4LTQzYmQtOGYzNC05ZWM3YjMwNTVjMmQiIElzc3VlSW5zdGFudD0iMjAyNS0wOC0yOFQxNDowMzozOS43MTRaIiBWZXJzaW9uPSIyLjAiIHhtbG5zPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48SXNzdWVyPmh0dHA6Ly9pZHAuYWQtMS5qZWdnYS5sYW4vYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpTaWduZWRJbmZvPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkczpSZWZlcmVuY2UgVVJJPSIjXzk3ZDRiYzU3LTU2MjgtNDNiZC04ZjM0LTllYzdiMzA1NWMyZCI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIiAvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiIC8+PGRzOkRpZ2VzdFZhbHVlPlVJTTFuQnlOQm9WTHg2c0tBNldDOWh3SExwU1JzKy9RcFYzbHlTRUNNQzA9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPldMUHNEbXMzdDVHT2ptNk9McmhSRTdwZVlIOUlUcGxMbzJFdE9MZWI4Q0ZmUlVCUmpVamk1OGRSTi9KOXpnVCtRS25HTDFsd1F4MktsbjZwaUZrWU9iQTNCTFQzL3Q3VkpUNm9hTGNLbjAwYjc3Z2phQWExS3B6YkZQQnBkRDVEeXFhWUk1MlRreEQ0L0phVS9pLy9DS3pRZGI5aElKdTN5K0JZeVpDYVZWdS92U2dlRGVoWmYxRHNmeW1tME1sdFF5VkpDbUFZMFM1alE0Z1NvUkxLYWJjZzBTbWVTcms4ZkJXdzhSb3ZpcXpNL0NSNUZIRnhJWWE4YmpscFAyQnVMK2c4S1JsQ1pFZTFxaXNHaFV4b2QyWkVYY21WQjEzY3hTVzRlL0JQdlk5QkN5d3p0elNGMzhxY1B6THZHU0t6WTFRaW5WbVZZR2E5K0xWV3IzYW9GbEJLREZ6ZGZCZ0VUK0U3NWJRYVRNQUxDNmkrd29uYzRSQXFrVUp1aVFDekxPMFNHVE05OWJ5Ukg3TWM5THBYcjdxOERNY0lUZUczQStyQS9XWTJDT1VrcWY5elpOM2VUa0g5c0dab3VIZWtSb0I2TW5wcEpnc1pIS1NZakZERUF3bjdXSlIzYkR5cXNNSkR4MlZCRGo1RUxkUlJoNTk3WHdHaHRIQWlhT1Z5N1pOYTg4ZEJPaHhCWU1WaVhzdXB1Rm5PS1dWRkpHQ3owTFBkSlVrQWlyQ2lyWk1lT3ptcTJPeWFMcUhrd3dSdURuZkM4WU1CZFJ4Zk5haEpPWmdxWjNXZHlJWnJHRHBQc0tEOEcwbkdEcFZuV21NeDkycVpUMEpNTW5CaVE1VVBlekV6TTlHb2tVQ1pPVGRiSmdGaEI3TW5nRTNzMVUybFBvcFdrR0pwM29VPTwvZHM6U2lnbmF0dXJlVmFsdWU+PEtleUluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUU0RENDQXNpZ0F3SUJBZ0lRU05pTC9SbndMYVZFWnMrampHbVMwakFOQmdrcWhraUc5dzBCQVFzRkFEQXNNU293S0FZRFZRUURFeUZCUkVaVElGTnBaMjVwYm1jZ0xTQnBaSEF1WVdRdE1TNXFaV2RuWVM1c1lXNHdIaGNOTWpVd09ESTRNRGt6TWpFeVdoY05Nall3T0RJNE1Ea3pNakV5V2pBc01Tb3dLQVlEVlFRREV5RkJSRVpUSUZOcFoyNXBibWNnTFNCcFpIQXVZV1F0TVM1cVpXZG5ZUzVzWVc0d2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURXbU1Iak95cFFraDcxSzBTeVFHNkFzVUlvSjBiZVArZVBvb3pZc254WXNyS0J4ZklvOGduMTQ1bmRiWWVsSS9Cdi9EeWJVUjgwOTIzaVFUVDBzTFFaZ2pYQXBYV1BKTld1VHlrMzF4ZW00YmFNdE05Z0hjZmY2WnVMNlNybExGZ2NvY1RpSzluY0szL1FnRjFRZFlJdDF1ZDVqKzRlWlpERzk2RnpEQTdXZVhpVzE1T0hqbEpzMHo1OUNmQ3MyZHBWVVIyNzRTYnZyRWFmWlFIUFFmZjhqZTNpekR6dkJPWnVGVC85dE04Ukd3WUpBZlpNWjBNT1Y2MXc5blZTTGJpUm43QTVrRFB1cVBVY3c0am9VbG52eGRDOGFPUWpLUjNKaTVnTkxJV0JhL3l0STJMd0FzSXl1RkZXdllJeGthTUVUdElQb3B2NDVwM2dmd1ZmYXc2ejBxWlp3WkVJSnY2REF1UXJNSkZjZ1NySWF5dUFYVHl5bDlVbHIxaDNCSnZDWUtZTXNlTkx5WHF3dXhvbExGdkppNHhQS24veklGVWlUNElEd04zeFdhNW84NGNhZVlQWURCK29ZMnFwb0JuTWI1YWlyWlpCZGRJVjhLaDZTaEI5TnFna1RZbTVoNng5VUNpemFpSnFORjhRakR4RHdXTHBEajRNUmFBZEh0K29xOXVydTZkQnQxVjM4ajdTVlZQaWFveDNxUkNET0ltT01aUEo4TVhVRXF2MzZzSnVmSmNJRjhwREM1VVdMSUdHYTF3U0g2N3Y1WHFCemtuNlMrZDlFQ3Z1UFFoeG1VSzN1R25XSlpXQjFkRGYrM2NPalUzZ2F4TTdCbGs5bFg4Slpsd2hCVVdIRkJhMGpSUkVneWVzRCtNRUo3TFpmQnpZbDdyZFI2OGNVUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ1MwR2ZjYnZSNGdnN3NvRUtEZ05QRnpPT05JZ2xubkJvS3A2TWJmYXFrcy9sVHlDWHBEaGlqRjFwZEhOYTVmUnlDZ1YyNFk2N2hzY0NwMjY5ZG92cjFPMHlPSm5mU0o4Qk1jY2hVWGNoY0dTSHd0ZjZpY2JvcndYaW0yV0dCS0hPZnpTcHVNYTFOaVAxNWxkSkpaYmVhNktLU1pUbk94QmFVNHdBMGlHcEZzMStoZGxhVjhYWndTVXN4NEkzN25JSFhPLzVXNlJVTU5Sek5ZbVZnc1Y5Q3dyN042MGRxc1k2T0FwWmxmK3g5MmRSWVBPSDBDRVRQMGtiZ0wxdUFrL0JzanlxcXNLTGIwWTBoR0NnQ2dmSWVYSlhIc1F0YWJLajhoL2ZZbTNqLzhTWnBDdEtvS1RCU3lXYUcxamcyTkJkMzdLK1UxanJyQVZRcDVaR21KanBJUXdhYmFJamVqUUtvRno4MnNyQnlKcVBDRm5Od1JoQktxV3dkaUtOeG9yaXY3NmxyemxyZmxrZSs4TFpDeGRlTkZQNkthWVpyRDJYbDIraEtLaEw0K1o0MWlIb25xM3pIZS9sWjFCR0FmSktUODVPTGxtL2FEeW1MQk5MR2dYdjBXN0pibVFZN3lURmJBL3g1RTFXY0lTMFNPWlphbFlyYVNTb1VPalFwZ055cVVrbjJFUmdoZHk0djA5TnliWEZ5ZEg4VDI3c2YrRWR3U09SU0xPa2pKRFhGc01zR2k0WVBMNVVIL2xnN0pPVGNnT2kzWEt2Y3ZVdnRvNGJhN2ZHV3JsVnNxY3NYdjBhbzhHandINlFyS1lEeTMvTjN6RGh3OUhoOUdQL1Y4NHM5WlR1UmJsWS8xQTNaQWxUTitlTzZvK1ZNZ2x0QTJ5YXc3MUVvNFJ3VERRPT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvS2V5SW5mbz48L2RzOlNpZ25hdHVyZT48U3ViamVjdD48TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6dW5zcGVjaWZpZWQiPnVzZXIxQGplZ2dhLmxhbjwvTmFtZUlEPjxTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PFN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iQVJRMWRkN2U2My1iMDM3LTQ5NzAtYTliMC01OTNmYjIxYjU4MmMiIE5vdE9uT3JBZnRlcj0iMjAyNS0wOC0yOFQxNDowODozOS43MTZaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc2FtbC1ib3guY29tL2xvZ2luL3NhbWwyL3NzbyIgLz48L1N1YmplY3RDb25maXJtYXRpb24+PC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyNS0wOC0yOFQxNDowMzozOS43MTNaIiBOb3RPbk9yQWZ0ZXI9IjIwMjUtMDgtMjhUMTU6MDM6MzkuNzEzWiI+PEF1ZGllbmNlUmVzdHJpY3Rpb24+PEF1ZGllbmNlPnNhbWwtYm94PC9BdWRpZW5jZT48L0F1ZGllbmNlUmVzdHJpY3Rpb24+PC9Db25kaXRpb25zPjxBdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiPjxBdHRyaWJ1dGVWYWx1ZT51c2VyMUBqZWdnYS5sYW48L0F0dHJpYnV0ZVZhbHVlPjwvQXR0cmlidXRlPjxBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvY2xhaW1zL0NvbW1vbk5hbWUiPjxBdHRyaWJ1dGVWYWx1ZT51c2VyMTwvQXR0cmlidXRlVmFsdWU+PC9BdHRyaWJ1dGU+PC9BdHRyaWJ1dGVTdGF0ZW1lbnQ+PEF1dGhuU3RhdGVtZW50IEF1dGhuSW5zdGFudD0iMjAyNS0wOC0yOFQxNDowMzoyMi4xNzJaIiBTZXNzaW9uSW5kZXg9Il85N2Q0YmM1Ny01NjI4LTQzYmQtOGYzNC05ZWM3YjMwNTVjMmQiPjxBdXRobkNvbnRleHQ+PEF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9BdXRobkNvbnRleHRDbGFzc1JlZj48L0F1dGhuQ29udGV4dD48L0F1dGhuU3RhdGVtZW50PjwvQXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+
2025-08-28 14:03:40 [https-jsse-nio-443-exec-478] INFO c.b.s.c.SamlResponseController - Relay State: 54adc643-65bb-41e8-9d81-990566959a5d
2025-08-28 14:03:40 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2025-08-28 14:03:40 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Constructing Apache XMLSignature object
2025-08-28 14:03:40 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2025-08-28 14:03:40 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.impl.SignatureUnmarshaller - Adding KeyInfo to Signature
2025-08-28 14:03:40 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.SignatureValidationProvider - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.impl.provider.ApacheSantuarioSignatureValidationProviderImpl
2025-08-28 14:03:40 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Attempting to validate signature using key from supplied credential
2025-08-28 14:03:40 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Accessing XMLSignature object
2025-08-28 14:03:40 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2025-08-28 14:03:40 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2025-08-28 14:03:40 [https-jsse-nio-443-exec-478] DEBUG o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl - Signature validated with key from supplied credential
2025-08-28 23:24:22 [https-jsse-nio-443-exec-552] INFO o.a.coyote.http11.Http11Processor - Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name [0x000x000x070x000x080x000x030x000x040x000x050x000x06...]. HTTP method names must be tokens
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:409)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:270)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:905)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
at java.base/java.lang.Thread.run(Thread.java:1583)
SAML BOX
SAML BOX is brought to you by Boston Identity