Highlighted
fartyalvikram Contributor.
Contributor.
2316 views

IDP response was received that failed to authenticate

I am trying to Integrating Access Manager with Shibboleth IDP Server.
In my scenario Access Manager is Service Provider and Shibboleth IDP is Identity Provider.
I have installed Shibboleth IDP 2.4.5 on Ubuntu 14.04 and Access Manager Appliance 4.4.
I follow the below URL
https://www.netiq.com/communities/cool-solutions/integrating-novells-access-manager-shibboleths-idp-server/
After all configuration using above URL when I hit the below URL
https://nam.demo.local/nidp/saml2/spsend?id=Shibboleth&sid=1&TARGET=https://userapp.demo.local
It redirect to Shibboleth IDP login page, after successfully authenticate from IDP it redirect me to the below URL
https://nam.demo.local/nidp/app?first=false
With below Error Message on browser
An Identity Provider response was received that failed to authenticate this session. (300101017-6CF8D8AFC3EC4E16)
My Access Manager logs (/opt/novell/nam/idp/logs/catalina.out) are given below
<amLogEntry> 2018-03-09T14:47:12Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-5

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: ajp-bio-127.0.0.1-9019-exec-4
****** HttpServletRequest Information:
Method: POST
Scheme: https
Context Path: /nidp
Servlet Path: /saml2
Query String: null
Path Info: /spassertion_consumer
Server Name: nam.demo.local
Server Port: 443
Content Length: 7643
Content Type: application/x-www-form-urlencoded
Auth Type: null
Request URL: https://nam.demo.local/nidp/saml2/spassertion_consumer
Host IP Address: 192.168.1.197
Remote Client IP Address: 192.168.1.84
Cookie: (0 of 1): JSESSIONID, eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=
Header: Name: host, Value: nam.demo.local
Header: Name: user-agent, Value: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Header: Name: accept, Value: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Header: Name: accept-language, Value: en-US,en;q=0.5
Header: Name: accept-encoding, Value: gzip, br
Header: Name: referer, Value: https://shibbolethidp.demo.local/idp/profile/SAML2/POST/SSO
Header: Name: content-type, Value: application/x-www-form-urlencoded
Header: Name: content-length, Value: 7643
Header: Name: DNT, Value: 1
Header: Name: connection, Value: keep-alive
Header: Name: Upgrade-Insecure-Requests, Value: 1
Header: Name: Via, Value: 1.1 nam.demo.local (Access Gateway-ag-AF05FE6544A72488-55324)
Session Id: eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=
Session Last Accessed Time: 1520606832668
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: AM#600105011: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#CLeXrIpKcg7Ety+R0yPKw78IX2Q8cuDSOZdR+60QiLE=: SP saml2 handler to process request received for /nidp/saml2 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2:
Method: SAML2SSOProfile.processResponse
Thread: ajp-bio-127.0.0.1-9019-exec-4
Received assertion consumer response </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPContext.getRelayStateDecode
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from local file --------> Property:decodeRelayStateParam Value: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Input param url: MQ== :: web.xml param value to decode: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPContext.getRelayStateDecode
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from local file --------> Property:decodeRelayStateParam Value: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.isPostInFlate
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from local file --------> Property:IS_SAML2_POST_INFLATE Value: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2:
Method: SAML2Profile.handleInBoundMessage
Thread: ajp-bio-127.0.0.1-9019-exec-4
InBound POST message was NOT inflated. </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2:
Method: SAML2Profile.traceMessage
Thread: ajp-bio-127.0.0.1-9019-exec-4


************************* SAML2 POST message ********************************

Type: received
RelayState: MQ==
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://nam.demo.local/nidp/saml2/spassertion_consumer" ID="_28ca3617ca0ed234eacb9a000dd14bc7" InResponseTo="idm-4Awt-53IoKDU7IKZkM12lLGqs" IssueInstant="2018-03-09T14:47:38.687Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://shibbolethidp.demo.local/idp/shibboleth</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion ID="_47cf17413b4f57955a4b30c6a641773c" IssueInstant="2018-03-09T14:47:38.687Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://shibbolethidp.demo.local/idp/shibboleth</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_47cf17413b4f57955a4b30c6a641773c"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>yj6pHPakEvFGQqs5UNZnn/dGdh4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>IOXdzou8ppycmF5z1yHuM4QYLEJHtcbuhB0krBpH0JUZCC8YcwHz/Xymxwo4Bu/YZvo+QSfJWuXaRtMN0WZ973vyzUFC0/O2icZr26CSX0JmpH+nhCo3MW7axHjqmB70pgkPiOgmAE7DN94jZDyOZx3LfaMthsjeR/DEIII7spO0ROOJLhWCa23lB+CWlpaPc+4fkgmNmQtgcuImZdhC/Gn4nzsQLz1pPixOHIV9Z7YR3FWvITiD/VSlrmRr1hSBN1BMzqZIXVBVb9PBqic+iUMoTVgdF7awTTzwqha/3RWqIOeq4XOjaCIlnh1vwEdbF36H2dVOgv4D7M/A60TX9Q==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDTDCCAjSgAwIBAgIVANTp/dbPi/kd5ocXK/PXcVwSn5gNMA0GCSqGSIb3DQEBBQUAMCMxITAf
BgNVBAMMGHNoaWJib2xldGhpZHAuYWl0Yy5sb2NhbDAeFw0xODAyMjcwNzM4MTNaFw0zODAyMjcw
NzM4MTNaMCMxITAfBgNVBAMMGHNoaWJib2xldGhpZHAuYWl0Yy5sb2NhbDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMqwO3dHFGsFULUDr6XwKYIOJ5qWbxiy6xZlAPytzC24w4AO6hMa
PnFSD86RJVOjUZdzyra77q0wZjowBoIKm7RXTLh8tiXTy6fYl27CHE7VnCegt6jFEje4znPbytqi
JCuU94k5slVBK9fjw72N0patppzGVBigzjDJEq5zQK1F3Sh2PSBLOxch0V01exjVQnskIi7OY/E1
ZLKFWBHTXWq1SEcqwQhq/HZ6atIuCV8WX0O26uKjRX/N9LMiA/jyrpzfivw4nB9A4Kmo5Yopb9CJ
JmdrflF7LqIcLKh3EiKwjUkGRULz5J/KvFtFEuyC8l4QDzIxnBRHHin5qbcextcCAwEAAaN3MHUw
HQYDVR0OBBYEFKL3dDqL+6e+r6uLt/oiPGUTcYywMFQGA1UdEQRNMEuCGHNoaWJib2xldGhpZHAu
YWl0Yy5sb2NhbIYvaHR0cHM6Ly9zaGliYm9sZXRoaWRwLmFpdGMubG9jYWwvaWRwL3NoaWJib2xl
dGgwDQYJKoZIhvcNAQEFBQADggEBALFdRzQmDZTMF0m6tG6wY7I95gNrDbV+QSmcdox6I8hS5UXx
/peLKGlqV5vnH2VIy2qyNKdiGXtCglVMOnc4cOpY4nCAvA7/nOPd3dyaRpat/p8T6Jcuue3V9+ta
9wVemLxe5odP9tEVBZUDPexwsY36lBZByDgUFTL+QH6eMjP3Gid0RIUiOmUWYWBmIDMqLHzBL52S
cd02p+m99Zvrh0NAwUi/CPW0Uu/UzPjvcO+E+bJfm+G7sZRQyJ0IhbODVr/rtjmzyXMAPMRa9Usy
FePSIVzEM8TitTTZCJEkYehGt1zOig/IQ5ZavY6//ny3OL2eXx9tbAuSszDOpgh4PZQ=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://shibbolethidp.demo.local/idp/shibboleth" SPNameQualifier="https://nam.demo.local/nidp/saml2/metadata">_7b12013841226a132105c13394f4841d</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData Address="192.168.1.84" InResponseTo="idm-4Awt-53IoKDU7IKZkM12lLGqs" NotOnOrAfter="2018-03-09T14:52:38.687Z" Recipient="https://nam.demo.local/nidp/saml2/spassertion_consumer"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2018-03-09T14:47:38.687Z" NotOnOrAfter="2018-03-09T14:52:38.687Z"><saml2:AudienceRestriction><saml2:Audience>https://nam.demo.local/nidp/saml2/metadata</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2018-03-09T14:47:38.631Z" SessionIndex="_73a50b0ab726048e21cad78d8c937149"><saml2:SubjectLocality Address="192.168.1.84"/><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute Name="urn:oscar:names:idm:attribute:mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="urn:oscar:names:idm:attribute:givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="urn:oscar:names:idm:attribute:cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="urn:oscar:names:idm:attribute:sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></saml2p:Response>
************************* End SAML2 message ****************************

</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from local file --------> Property:XML_PARSE_ALLOW_DTD Value: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2:
Method: SAML2AuthnContext.parse
Thread: ajp-bio-127.0.0.1-9019-exec-4
expiration: 0 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2:
Method: SAML2AuthnContext.parse
Thread: ajp-bio-127.0.0.1-9019-exec-4
AssuranceLevel: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: XMLSignable.logEncryptInfo
Thread: ajp-bio-127.0.0.1-9019-exec-4
Encrypted element [[urn:oasis:names:tc:SAML:2.0:assertion-saml-AttributeStatement]] was decrypted using encryption cert [CN=*.demo.local] having serial no [117708264469420193563469560508705801671968629393] </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: XMLSignable.logEncryptInfo
Thread: ajp-bio-127.0.0.1-9019-exec-4
Encrypted element [[urn:oasis:names:tc:SAML:2.0:assertion-saml-Subject]] was decrypted using encryption cert [CN=*.demo.local] having serial no [117708264469420193563469560508705801671968629393] </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2AvoidSignAndValidateAssertion
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from edirectory configuration store --------> Property:SAML2_AVOID_SIGN_AND_VALIDATE_ASSERTION_TRUSTEDPROVIDERS Value: true Trusted Provider: https://shibbolethidp.demo.local/idp/shibboleth </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: XMLSignable.logEncryptInfo
Thread: ajp-bio-127.0.0.1-9019-exec-4
Encrypted element [[urn:oasis:names:tc:SAML:2.0:assertion-saml-EncryptedAssertion]s (0)] was decrypted using encryption cert [CN=*.demo.local] having serial no [117708264469420193563469560508705801671968629393] </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2:
Method: SAML2Profile.A
Thread: ajp-bio-127.0.0.1-9019-exec-4
Processing artifact for pre-brokering, provider= https://shibbolethidp.demo.local/idp/shibboleth and relayState = MQ== </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2:
Method: SAML2Profile.A
Thread: ajp-bio-127.0.0.1-9019-exec-4
Relaystate does not have Intersite Transfer request.. no brokering policy enforcement is needed </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2PostSignResponse
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from file as global for all trusted providers --------> Property:IS_SAML2_POST_SIGN_RESPONSE Value: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2PostSignResponseProvider
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from file for Trusted Provider https://shibbolethidp.demo.local/idp/shibboleth --------> Property:SAML2_POST_SIGN_RESPONSE_TRUSTEDPROVIDERS Value: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2AvoidSignAndValidateAssertion
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from edirectory configuration store --------> Property:SAML2_AVOID_SIGN_AND_VALIDATE_ASSERTION_TRUSTEDPROVIDERS Value: true Trusted Provider: https://shibbolethidp.demo.local/idp/shibboleth </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2:
Method: SAML2AuthenticationHandler.verifyResponse
Thread: ajp-bio-127.0.0.1-9019-exec-4
Avoid assertion signature validation: true SAML2Response is not signed: false throwing bad_signature exception. </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: IDPAuthenticationHandler.handleAuthentication
Thread: ajp-bio-127.0.0.1-9019-exec-4
Was authnResponse verified: No </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: IDP response failed to authenticate: NIDPLOGGING.300101017 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2:
Method: SAML2Utils.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-4
SAML2_REQUEST_IGNORE_AUTHNCONTEXT is not configured as service provider's ui option </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.getSaml2TPValueBoolean
Thread: ajp-bio-127.0.0.1-9019-exec-4
[nidpconfig.properties] Options - https://shibbolethidp.demo.local/idp/shibboleth->SAML2_REQUEST_IGNORE_AUTHNCONTEXT value returned: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPServletContext.goJSP
Thread: ajp-bio-127.0.0.1-9019-exec-4
Forwarding to JSP: /jsp/top.jsp </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z INFO NIDS Application: AM#500105039: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#CLeXrIpKcg7Ety+R0yPKw78IX2Q8cuDSOZdR+60QiLE=: Error on session id eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=, error 300101017-6CF8D8AFC3EC4E16, An Identity Provider response was received that failed to authenticate this session.:Missing or invalid signature on assertion: </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: ajp-bio-127.0.0.1-9019-exec-4
****** HttpServletRequest Information:
Method: GET
Scheme: https
Context Path: /nidp
Servlet Path: /app
Query String: first=false
Path Info: null
Server Name: nam.demo.local
Server Port: 443
Content Length: -1
Content Type: null
Auth Type: null
Request URL: https://nam.demo.local/nidp/app
Host IP Address: 192.168.1.197
Remote Client IP Address: 192.168.1.84
Cookie: (0 of 1): JSESSIONID, eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=
Header: Name: host, Value: nam.demo.local
Header: Name: user-agent, Value: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Header: Name: accept, Value: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Header: Name: accept-language, Value: en-US,en;q=0.5
Header: Name: accept-encoding, Value: gzip, br
Header: Name: referer, Value: https://nam.demo.local/nidp/saml2/spassertion_consumer
Header: Name: DNT, Value: 1
Header: Name: connection, Value: keep-alive
Header: Name: Upgrade-Insecure-Requests, Value: 1
Header: Name: Via, Value: 1.1 nam.demo.local (Access Gateway-ag-AF05FE6544A72488-55325)
Session Id: eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=
Session Last Accessed Time: 1520606859662
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPServletURLSchemaManager.getUrlCategory
Thread: ajp-bio-127.0.0.1-9019-exec-4
Unable to Categorize URL: /nidp </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPServletURLSchemaManager.getUrlCategory
Thread: ajp-bio-127.0.0.1-9019-exec-4
Unable to Categorize URL: /nidp </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CommonHandler.handleRequest
Thread: ajp-bio-127.0.0.1-9019-exec-4
Handling request: app </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: ProxyProfile.isProxyRequest
Thread: ajp-bio-127.0.0.1-9019-exec-4
/nidp/app is a ProxyRequest: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z INFO NIDS Application: AM#500105015: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#CLeXrIpKcg7Ety+R0yPKw78IX2Q8cuDSOZdR+60QiLE=: Processing login request with TARGET = , saved TARGET = . </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z INFO NIDS Application: AM#500105009: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#CLeXrIpKcg7Ety+R0yPKw78IX2Q8cuDSOZdR+60QiLE=: Executing contract IDP Select. </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: LocalAuthenticationClass.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-4
Parameter m_ExpiredCheck(ExpiredCheck) = false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: LocalAuthenticationClass.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-4
Parameter m_AuthenticateExpiredPassword(AuthenticateExpiredPassword) = false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Executing authentication method Introduction </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: ProviderDiscoveryProfile.getIntroductions
Thread: ajp-bio-127.0.0.1-9019-exec-4
GetIntroductions _saml_idp null </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Authentication method Introduction failed while executing the class com.novell.nidp.authentication.local.IntroductionClass@736b46e4 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: LocalAuthenticationClass.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-4
Parameter m_ExpiredCheck(ExpiredCheck) = false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: LocalAuthenticationClass.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-4
Parameter m_AuthenticateExpiredPassword(AuthenticateExpiredPassword) = false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Executing authentication method IDP Select </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Authentication method IDP Select requires additional interaction. </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: ContractExecutionState.exec
Thread: ajp-bio-127.0.0.1-9019-exec-4
Just returned from call to doContract():
Status: SHOW_PAGE
Contract: IDP Select
Auth Class: com.novell.nidp.authentication.local.IDPSelectionClass
Auth Class Page to Show: None
Request Param: option: null
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPServletContext.goJSP
Thread: ajp-bio-127.0.0.1-9019-exec-4
Forwarding to JSP: /jsp/main.jsp </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPResourceManager.A
Thread: ajp-bio-127.0.0.1-9019-exec-4
Locale: en_US mapped to directory en </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: NIDPResourceManager.A
Thread: ajp-bio-127.0.0.1-9019-exec-4
Locale: en_US mapped to directory en </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=. Cache size is 17
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: LDAPAuthority.getObjectByDn
Thread: ajp-bio-127.0.0.1-9019-exec-7
dn = cn=mobileAccess,cn=SCCpqaf3f,ou=idpClusters,o=amSystem </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: LDAPAuthority.getObjectByDn
Thread: ajp-bio-127.0.0.1-9019-exec-7
dn1 = cn=mobileAccess,cn=SCCpqaf3f,ou=idpClusters,o=amSystem </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-7
Target object dn: cn=mobileAccess,cn=SCCpqaf3f,ou=idpClusters,o=amSystem
Acting as: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell
Attrs: null or zero! </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-7
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-7
Closing LDAP connection due to connection timeout! Interval: 163743, Timeout: 10000, Connection: Id: 6b396ced-9b84-44d3-82ff-c2e7fb7d2c02, host: ldaps://192.168.1.197 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-7
Connection: 39aac35d-75ff-44dd-bbc6-9d85cd0226fa, Environment Parameters for InitialDirContext() method call:
Key: java.naming.factory.initial, Value: com.sun.jndi.ldap.LdapCtxFactory
Key: java.naming.provider.url, Value: ldaps://192.168.1.197:636
Key: com.sun.jndi.ldap.connect.timeout, Value: 0
Key: java.naming.security.principal, Value: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell
Key: java.naming.security.authentication, Value: simple
Key: java.naming.security.credentials, Value: *****
Key: java.naming.security.protocol, Value: ssl
Key: java.naming.ldap.factory.socket, Value: com.novell.nidp.common.util.net.client.NIDP_SSLSocketFactory
</amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-7
Added property to DirContext Environment: Property Name: java.naming.ldap.attributes.binary, Value: GUID nDSPKITrustedRootCertificate </amLogEntry>

My Shibboleth IDP logs (/opt/shibboleth-idp/logs/idp-process.log) are given below
20:17:38.628 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:144] - Returning control to authentication engine
20:17:38.629 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:209] - Processing incoming request
20:17:38.629 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:514] - Completing user authentication process
20:17:38.629 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:585] - Validating authentication was performed successfully
20:17:38.630 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:696] - Updating session information for principal vikram
20:17:38.630 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:700] - Creating shibboleth session for principal vikram
20:17:38.630 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:815] - Adding IdP session cookie to HTTP response
20:17:38.631 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:715] - Recording authentication and service information in Shibboleth session for principal: vikram
20:17:38.631 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:560] - User vikram authenticated with method urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
20:17:38.632 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:161] - Returning control to profile handler
20:17:38.632 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:177] - Redirecting user to profile handler at https://shibbolethidp.demo.local:443/idp/profile/SAML2/POST/SSO
20:17:38.653 - INFO [Shibboleth-Access:73] - 20180309T144738Z|192.168.1.84|shibbolethidp.demo.local:443|/profile/SAML2/POST/SSO|
20:17:38.653 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:86] - shibboleth.HandlerManager: Looking up profile handler for request path: /SAML2/POST/SSO
20:17:38.653 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:97] - shibboleth.HandlerManager: Located profile handler of the following type for the request path: edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
20:17:38.654 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:588] - Unbinding LoginContext
20:17:38.654 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:614] - Expiring LoginContext cookie
20:17:38.654 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:625] - Removed LoginContext, with key f8428ffbc09dc1533131a09b3ef8b4fc9e9f455c2064f4a87b7d45d391aaf2b7, from StorageService partition loginContexts
20:17:38.655 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:172] - Incoming request contains a login context and indicates principal was authenticated, processing second leg of request
20:17:38.655 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:128] - Looking up relying party configuration for https://nam.demo.local/nidp/saml2/metadata
20:17:38.655 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:134] - No custom relying party configuration found for https://nam.demo.local/nidp/saml2/metadata, looking up configuration based on metadata groups.
20:17:38.655 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:157] - No custom or group-based relying party configuration found for https://nam.demo.local/nidp/saml2/metadata. Using default relying party configuration.
20:17:38.659 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:478] - Resolving attributes for principal 'vikram' for SAML request from relying party 'https://nam.demo.local/nidp/saml2/metadata'
20:17:38.659 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:326] - metadata contains the following attributes: []
20:17:38.659 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:119] - shibboleth.AttributeResolver resolving attributes for principal vikram
20:17:38.660 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:275] - Specific attributes for principal vikram were not requested, resolving all attributes.
20:17:38.660 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute mail for principal vikram
20:17:38.660 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:354] - Resolving data connector mySIS for principal vikram
20:17:38.667 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:262] - RDBMS data connector mySIS - Search Query: SELECT security.provider_no, security.user_name, security.security_no, provider.last_name, provider.first_name,provider.email FROM security inner join provider on security.provider_no=provider.provider_no WHERE user_name = 'vikram'
20:17:38.668 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:323] - RDBMS data connector mySIS - Querying database for attributes with query SELECT security.provider_no, security.user_name, security.security_no, provider.last_name, provider.first_name,provider.email FROM security inner join provider on security.provider_no=provider.provider_no WHERE user_name = 'vikram'
20:17:38.673 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:332] - RDBMS data connector mySIS - Retrieved attributes: [security_no, mail, givenName, cn, sn, provider_no]
20:17:38.674 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute mail containing 1 values
20:17:38.675 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute transientId for principal vikram
20:17:38.675 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdAttributeDefinition:97] - Building transient ID for request idm-4Awt-53IoKDU7IKZkM12lLGqs; outbound message issuer: https://shibbolethidp.demo.local/idp/shibboleth, inbound message issuer: https://nam.demo.local/nidp/saml2/metadata, principal identifer: vikram
20:17:38.675 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdAttributeDefinition:115] - Created transient ID _7b12013841226a132105c13394f4841d for request idm-4Awt-53IoKDU7IKZkM12lLGqs
20:17:38.676 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute transientId containing 1 values
20:17:38.676 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute givenName for principal vikram
20:17:38.676 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute givenName containing 1 values
20:17:38.676 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute cn for principal vikram
20:17:38.677 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute cn containing 1 values
20:17:38.677 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute sn for principal vikram
20:17:38.677 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute sn containing 1 values
20:17:38.678 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute mail has 1 values after post-processing
20:17:38.678 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute transientId has 1 values after post-processing
20:17:38.678 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute givenName has 1 values after post-processing
20:17:38.678 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute cn has 1 values after post-processing
20:17:38.678 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute sn has 1 values after post-processing
20:17:38.679 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:137] - shibboleth.AttributeResolver resolved, for principal vikram, the attributes: [mail, transientId, givenName, cn, sn]
20:17:38.679 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:71] - shibboleth.AttributeFilterEngine filtering 5 attributes for principal vikram
20:17:38.679 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releaseTransientIdToAnyone is active for principal vikram
20:17:38.679 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releaseTransientIdToAnyone is active for principal vikram
20:17:38.680 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute transientId for principal vikram
20:17:38.680 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasecnToAnyone is active for principal vikram
20:17:38.680 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasecnToAnyone is active for principal vikram
20:17:38.680 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute cn for principal vikram
20:17:38.680 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasegivenNameToAnyone is active for principal vikram
20:17:38.681 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasegivenNameToAnyone is active for principal vikram
20:17:38.681 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute givenName for principal vikram
20:17:38.681 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasesnToAnyone is active for principal vikram
20:17:38.681 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasesnToAnyone is active for principal vikram
20:17:38.682 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute sn for principal vikram
20:17:38.682 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasemailToAnyone is active for principal vikram
20:17:38.682 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasemailToAnyone is active for principal vikram
20:17:38.682 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute mail for principal vikram
20:17:38.683 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute mail has 1 values after filtering
20:17:38.683 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute transientId has 1 values after filtering
20:17:38.683 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute givenName has 1 values after filtering
20:17:38.684 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute cn has 1 values after filtering
20:17:38.684 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute sn has 1 values after filtering
20:17:38.684 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:114] - Filtered attributes for principal vikram. The following attributes remain: [mail, transientId, givenName, cn, sn]
20:17:38.685 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:505] - Creating attribute statement in response to SAML request 'idm-4Awt-53IoKDU7IKZkM12lLGqs' from relying party 'https://nam.demo.local/nidp/saml2/metadata'
20:17:38.685 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute mail with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
20:17:38.685 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:263] - Attribute transientId was not encoded (filtered by query, or no SAML2AttributeEncoder attached).
20:17:38.686 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute givenName with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
20:17:38.686 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute cn with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
20:17:38.687 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute sn with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
20:17:38.687 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:528] - Filtering out potential name identifier attributes which can not be encoded by edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.688 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute mail, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.688 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:542] - Retaining attribute transientId which may be encoded to via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.688 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute givenName, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.688 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute cn, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.688 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute sn, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.689 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:484] - Attempting to select name identifier attribute for relying party 'https://nam.demo.local/nidp/saml2/metadata' that requires format 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
20:17:38.689 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:567] - Filtering out potential name identifier attributes which do not support one of the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
20:17:38.689 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:586] - Retaining attribute transientId which may be encoded as a name identifier of format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
20:17:38.689 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:691] - Selecting attribute to be encoded as a name identifier by encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.690 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:718] - Selecting the first attribute that can be encoded in to a name identifier
20:17:38.690 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:502] - Name identifier for relying party 'https://nam.demo.local/nidp/saml2/metadata' will be built from attribute 'transientId'
20:17:38.690 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:868] - Using attribute 'transientId' supporting NameID format 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' to create the NameID for relying party 'https://nam.demo.local/nidp/saml2/metadata'
20:17:38.690 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:572] - Determining if SAML assertion to relying party 'https://nam.demo.local/nidp/saml2/metadata' should be signed
20:17:38.691 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:653] - IdP relying party configuration 'default' indicates to sign assertions: true
20:17:38.691 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:583] - Determining signing credntial for assertion to relying party 'https://nam.demo.local/nidp/saml2/metadata'
20:17:38.691 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:599] - Signing assertion to relying party https://nam.demo.local/nidp/saml2/metadata
20:17:38.702 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:331] - secondarily indexing user session by name identifier
20:17:38.702 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:797] - Encoding response to SAML request idm-4Awt-53IoKDU7IKZkM12lLGqs from relying party https://nam.demo.local/nidp/saml2/metadata
20:17:38.713 - INFO [Shibboleth-Audit:1028] - 20180309T144738Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|idm-4Awt-53IoKDU7IKZkM12lLGqs|https://nam.demo.local/nidp/saml2/metadata|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://shibbolethidp.demo.local/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_28ca3617ca0ed234eacb9a000dd14bc7|vikram|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|mail,transientId,givenName,cn,sn,|_7b12013841226a132105c13394f4841d|_47cf17413b4f57955a4b30c6a641773c,|
0 Likes
9 Replies
Knowledge Partner
Knowledge Partner

Re: IDP response was received that failed to authenticate

On 10-03-2018 1:44 AM, fartyalvikram wrote:

Uhm....this kinda gives it away i guess

> <amLogEntry> 2018-03-09T14:47:39Z INFO NIDS Application: AM#500105039: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#CLeXrIpKcg7Ety+R0yPKw78IX2Q8cuDSOZdR+60QiLE=: Error on session id eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=, error 300101017-6CF8D8AFC3EC4E16, An Identity Provider response was received that failed to authenticate this session.:Missing or invalid signature on assertion: </amLogEntry>



--
Cheers,
Edward
0 Likes
fartyalvikram Contributor.
Contributor.

Re: IDP response was received that failed to authenticate

How can I troubleshoot this issue,
Please see below SAML Assertion response
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://nam.demo.local/nidp/saml2/spassertion_consumer" ID="_f3358b13a7608ea9c93e48562782decf" InResponseTo="idP28NxmkfLMIGoi20LWukXfDDi50" IssueInstant="2018-03-10T15:25:01.427Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://shibbolethidp.demo.local/idp/shibboleth</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_79697ae955c18fab9102f550737cd462" IssueInstant="2018-03-10T15:25:01.427Z" Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://shibbolethidp.demo.local/idp/shibboleth</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_79697ae955c18fab9102f550737cd462">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>c72ISCt9QXBFKMPNiPRkGQ6UnO4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>waP4ZelLV+ZrkiMC2KMmR/eMhlG2p+UHZ/z9Tcf1CuaZNHf8vVSavUEgk+bsaoNgu2BIsYCRxiLfeS2NrsxQ0hHzcRIhkLTatcpDt13z2Y6jIPlKApAlCMgXluzFKhzmRs5/CCvt3WyRyNDubglloU/vowVY+n5w2sOnVDcZjtr3RonDsk3j/NKbvrm5DZUvdyJtOcRlwAHbBggI+9l+oYR0/Oopc9S8TCnGVk7Vt1hXVkfgOh+k8LsfC8XrNS0clnDXLeFsdaZPb+kRnew4Ks2datwEM8MY14EHUc50ApSke4o6/5Me1qmsP/BEGkWyEzqVQFLGqekVVipUsNlImg==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDTDCCAjSgAwIBAgIVANTp/dbPi/kd5ocXK/PXcVwSn5gNMA0GCSqGSIb3DQEBBQUAMCMxITAf BgNVBAMMGHNoaWJib2xldGhpZHAuYWl0Yy5sb2NhbDAeFw0xODAyMjcwNzM4MTNaFw0zODAyMjcw NzM4MTNaMCMxITAfBgNVBAMMGHNoaWJib2xldGhpZHAuYWl0Yy5sb2NhbDCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMqwO3dHFGsFULUDr6XwKYIOJ5qWbxiy6xZlAPytzC24w4AO6hMa PnFSD86RJVOjUZdzyra77q0wZjowBoIKm7RXTLh8tiXTy6fYl27CHE7VnCegt6jFEje4znPbytqi JCuU94k5slVBK9fjw72N0patppzGVBigzjDJEq5zQK1F3Sh2PSBLOxch0V01exjVQnskIi7OY/E1 ZLKFWBHTXWq1SEcqwQhq/HZ6atIuCV8WX0O26uKjRX/N9LMiA/jyrpzfivw4nB9A4Kmo5Yopb9CJ JmdrflF7LqIcLKh3EiKwjUkGRULz5J/KvFtFEuyC8l4QDzIxnBRHHin5qbcextcCAwEAAaN3MHUw HQYDVR0OBBYEFKL3dDqL+6e+r6uLt/oiPGUTcYywMFQGA1UdEQRNMEuCGHNoaWJib2xldGhpZHAu YWl0Yy5sb2NhbIYvaHR0cHM6Ly9zaGliYm9sZXRoaWRwLmFpdGMubG9jYWwvaWRwL3NoaWJib2xl dGgwDQYJKoZIhvcNAQEFBQADggEBALFdRzQmDZTMF0m6tG6wY7I95gNrDbV+QSmcdox6I8hS5UXx /peLKGlqV5vnH2VIy2qyNKdiGXtCglVMOnc4cOpY4nCAvA7/nOPd3dyaRpat/p8T6Jcuue3V9+ta 9wVemLxe5odP9tEVBZUDPexwsY36lBZByDgUFTL+QH6eMjP3Gid0RIUiOmUWYWBmIDMqLHzBL52S cd02p+m99Zvrh0NAwUi/CPW0Uu/UzPjvcO+E+bJfm+G7sZRQyJ0IhbODVr/rtjmzyXMAPMRa9Usy FePSIVzEM8TitTTZCJEkYehGt1zOig/IQ5ZavY6//ny3OL2eXx9tbAuSszDOpgh4PZQ=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://shibbolethidp.demo.local/idp/shibboleth" SPNameQualifier="https://nam.demo.local/nidp/saml2/metadata">_e6aa154abf9d22d268e9de11346c4543</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData Address="192.168.1.1" InResponseTo="idP28NxmkfLMIGoi20LWukXfDDi50" NotOnOrAfter="2018-03-10T15:30:01.427Z" Recipient="https://nam.demo.local/nidp/saml2/spassertion_consumer" />
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2018-03-10T15:25:01.427Z" NotOnOrAfter="2018-03-10T15:30:01.427Z">
<saml2:AudienceRestriction>
<saml2:Audience>https://nam.demo.local/nidp/saml2/metadata</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2018-03-10T15:25:01.361Z" SessionIndex="_5bd32f927129e943669829200b877011">
<saml2:SubjectLocality Address="192.168.1.1" />
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute Name="urn:oscar:names:idm:attribute:mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">tuser01@demo.com</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oscar:names:idm:attribute:givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Test</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oscar:names:idm:attribute:cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">tuser01</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oscar:names:idm:attribute:sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">User01</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2p:Response>
0 Likes
fartyalvikram Contributor.
Contributor.

Re: IDP response was received that failed to authenticate

Now my user is Provision into eDirectory (User Store), means User is created successfully inside eDirectory User Store but after that I am getting the below error on browser URL is https://nam.demo.local/nidp/saml2/spassertion_consumer
Error: HTTP 500 Internal Server Error

My Access Manager IDP logs are given below
<amLogEntry> 2018-03-12T12:30:24Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-14
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@6afba39c from cache session succeeded using key zOWsLzIcyBdG7jZ448so/wpVFQ9Dp5mNIsg0HYmVgj4=. Cache size is 6
</amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: ajp-bio-127.0.0.1-9019-exec-16
****** HttpServletRequest Information:
Method: POST
Scheme: https
Context Path: /nidp
Servlet Path: /saml2
Query String: null
Path Info: /spassertion_consumer
Server Name: nam.demo.local
Server Port: 443
Content Length: 7283
Content Type: application/x-www-form-urlencoded
Auth Type: null
Request URL: https://nam.demo.local/nidp/saml2/spassertion_consumer
Host IP Address: 192.168.1.197
Remote Client IP Address: 192.168.1.84
Cookie: (0 of 1): JSESSIONID, zOWsLzIcyBdG7jZ448so/wpVFQ9Dp5mNIsg0HYmVgj4=
Header: Name: host, Value: nam.demo.local
Header: Name: user-agent, Value: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Header: Name: accept, Value: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Header: Name: accept-language, Value: en-US,en;q=0.5
Header: Name: accept-encoding, Value: gzip, br
Header: Name: referer, Value: https://shibbolethidp.demo.local/idp/profile/SAML2/POST/SSO
Header: Name: content-type, Value: application/x-www-form-urlencoded
Header: Name: content-length, Value: 7283
Header: Name: DNT, Value: 1
Header: Name: connection, Value: keep-alive
Header: Name: Upgrade-Insecure-Requests, Value: 1
Header: Name: Via, Value: 1.1 nam.demo.local (Access Gateway-ag-AF05FE6544A72488-63958)
Session Id: zOWsLzIcyBdG7jZ448so/wpVFQ9Dp5mNIsg0HYmVgj4=
Session Last Accessed Time: 1520857824899
</amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@6afba39c from cache session succeeded using key zOWsLzIcyBdG7jZ448so/wpVFQ9Dp5mNIsg0HYmVgj4=. Cache size is 6
</amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@6afba39c from cache session succeeded using key zOWsLzIcyBdG7jZ448so/wpVFQ9Dp5mNIsg0HYmVgj4=. Cache size is 6
</amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application: AM#600105011: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#I1ypeT3ZK/ygPAJimO9F+XWw2/CEA+tK1LN9GZljnqo=: SP saml2 handler to process request received for /nidp/saml2 </amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@6afba39c from cache session succeeded using key zOWsLzIcyBdG7jZ448so/wpVFQ9Dp5mNIsg0HYmVgj4=. Cache size is 6
</amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2SSOProfile.processResponse
Thread: ajp-bio-127.0.0.1-9019-exec-16
Received assertion consumer response </amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPContext.getRelayStateDecode
Thread: ajp-bio-127.0.0.1-9019-exec-16
Property read from local file --------> Property:decodeRelayStateParam Value: false </amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Input param url: MQ== :: web.xml param value to decode: false </amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPContext.getRelayStateDecode
Thread: ajp-bio-127.0.0.1-9019-exec-16
Property read from local file --------> Property:decodeRelayStateParam Value: false </amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.isPostInFlate
Thread: ajp-bio-127.0.0.1-9019-exec-16
Property read from local file --------> Property:IS_SAML2_POST_INFLATE Value: false </amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2Profile.handleInBoundMessage
Thread: ajp-bio-127.0.0.1-9019-exec-16
InBound POST message was NOT inflated. </amLogEntry>
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2Profile.traceMessage
Thread: ajp-bio-127.0.0.1-9019-exec-16

************************* SAML2 POST message ********************************
Type: received
RelayState: MQ==
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://nam.demo.local/nidp/saml2/spassertion_consumer" ID="_bfc4f85ba3fa25a4d3edc6d3d32570b6" InResponseTo="idDNsLm9j9g_M9ZD1LXmpeDH7fDJ0" IssueInstant="2018-03-12T12:31:19.537Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://shibbolethidp.demo.local/idp/shibboleth</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion ID="_747f2bbf3ace700c57a0e87712f3e067" IssueInstant="2018-03-12T12:31:19.537Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://shibbolethidp.demo.local/idp/shibboleth</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_747f2bbf3ace700c57a0e87712f3e067"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>rQIZ8hTXsIsgGUx6rV9bX5CxOkU=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>kj5oKP3hpRVGPa/wPXfXOIu0zrS45KK+xTsjZFG9xUnzpx3n0fsYg/gtCvlS/zaJhC0pj9uRZprYbi1KpXA2vycO8ixNqOKdVmeka5LccT1bqiRTgYIXaOj2osfTcLSALWWCUBneLJonfyj6GLwVeuIisZJI/e8G7yWDq+b+BVrZUPtRz96HxdsUr2eNZrYrQLj6NCYw4xeLPs1zSXQ29J9HC/11Zcxpo3qoZYaN6HeB09HgMZuwTYabgV6PZZ7MG33L3vu1TSF/Hy0sP5qdaxAe2E7yKfK2q7G4lbEIJcg/qlyPW5QTHpojy8sevrZ5JvSxnnJR9MQ/rlqTTkI/WA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDTDCCAjSgAwIBAgIVANTp/dbPi/kd5ocXK/PXcVwSn5gNMA0GCSqGSIb3DQEBBQUAMCMxITAf
BgNVBAMMGHNoaWJib2xldGhpZHAuYWl0Yy5sb2NhbDAeFw0xODAyMjcwNzM4MTNaFw0zODAyMjcw
NzM4MTNaMCMxITAfBgNVBAMMGHNoaWJib2xldGhpZHAuYWl0Yy5sb2NhbDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMqwO3dHFGsFULUDr6XwKYIOJ5qWbxiy6xZlAPytzC24w4AO6hMa
PnFSD86RJVOjUZdzyra77q0wZjowBoIKm7RXTLh8tiXTy6fYl27CHE7VnCegt6jFEje4znPbytqi
JCuU94k5slVBK9fjw72N0patppzGVBigzjDJEq5zQK1F3Sh2PSBLOxch0V01exjVQnskIi7OY/E1
ZLKFWBHTXWq1SEcqwQhq/HZ6atIuCV8WX0O26uKjRX/N9LMiA/jyrpzfivw4nB9A4Kmo5Yopb9CJ
JmdrflF7LqIcLKh3EiKwjUkGRULz5J/KvFtFEuyC8l4QDzIxnBRHHin5qbcextcCAwEAAaN3MHUw
HQYDVR0OBBYEFKL3dDqL+6e+r6uLt/oiPGUTcYywMFQGA1UdEQRNMEuCGHNoaWJib2xldGhpZHAu
YWl0Yy5sb2NhbIYvaHR0cHM6Ly9zaGliYm9sZXRoaWRwLmFpdGMubG9jYWwvaWRwL3NoaWJib2xl
dGgwDQYJKoZIhvcNAQEFBQADggEBALFdRzQmDZTMF0m6tG6wY7I95gNrDbV+QSmcdox6I8hS5UXx
/peLKGlqV5vnH2VIy2qyNKdiGXtCglVMOnc4cOpY4nCAvA7/nOPd3dyaRpat/p8T6Jcuue3V9+ta
9wVemLxe5odP9tEVBZUDPexwsY36lBZByDgUFTL+QH6eMjP3Gid0RIUiOmUWYWBmIDMqLHzBL52S
cd02p+m99Zvrh0NAwUi/CPW0Uu/UzPjvcO+E+bJfm+G7sZRQyJ0IhbODVr/rtjmzyXMAPMRa9Usy
FePSIVzEM8TitTTZCJEkYehGt1zOig/IQ5ZavY6//ny3OL2eXx9tbAuSszDOpgh4PZQ=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://shibbolethidp.demo.local/idp/shibboleth" SPNameQualifier="https://nam.demo.local/nidp/saml2/metadata">_55f35ab135ab99a4206fe57fbf592fba</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData Address="192.168.1.84" InResponseTo="idDNsLm9j9g_M9ZD1LXmpeDH7fDJ0" NotOnOrAfter="2018-03-12T12:36:19.537Z" Recipient="https://nam.demo.local/nidp/saml2/spassertion_consumer"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2018-03-12T12:31:19.537Z" NotOnOrAfter="2018-03-12T12:36:19.537Z"><saml2:AudienceRestriction><saml2:Audience>https://nam.demo.local/nidp/saml2/metadata</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2018-03-12T12:31:19.481Z" SessionIndex="_cf77b8bbb4ea8a4b6584babf943fb741"><saml2:SubjectLocality Address="192.168.1.84"/><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute Name="urn:oscar:names:idm:attribute:mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="urn:oscar:names:idm:attribute:givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="urn:oscar:names:idm:attribute:sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></saml2p:Response>
************************* End SAML2 message ****************************
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-16
Property read from local file --------> Property:XML_PARSE_ALLOW_DTD Value: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2AuthnContext.parse
Thread: ajp-bio-127.0.0.1-9019-exec-16
expiration: 0 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2AuthnContext.parse
Thread: ajp-bio-127.0.0.1-9019-exec-16
AssuranceLevel: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: XMLSignable.logEncryptInfo
Thread: ajp-bio-127.0.0.1-9019-exec-16
Encrypted element [[urn:oasis:names:tc:SAML:2.0:assertion-saml-AttributeStatement]] was decrypted using encryption cert [CN=*.demo.local] having serial no [117708264469420193563469560508705801671968629393] </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: XMLSignable.logEncryptInfo
Thread: ajp-bio-127.0.0.1-9019-exec-16
Encrypted element [[urn:oasis:names:tc:SAML:2.0:assertion-saml-Subject]] was decrypted using encryption cert [CN=*.demo.local] having serial no [117708264469420193563469560508705801671968629393] </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2AvoidSignAndValidateAssertion
Thread: ajp-bio-127.0.0.1-9019-exec-16
Property read from edirectory configuration store --------> Property:SAML2_AVOID_SIGN_AND_VALIDATE_ASSERTION_TRUSTEDPROVIDERS Value: false Trusted Provider: https://shibbolethidp.demo.local/idp/shibboleth </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: XMLSignable.logEncryptInfo
Thread: ajp-bio-127.0.0.1-9019-exec-16
Encrypted element [[urn:oasis:names:tc:SAML:2.0:assertion-saml-EncryptedAssertion]s (0)] was decrypted using encryption cert [CN=*.demo.local] having serial no [117708264469420193563469560508705801671968629393] </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2Profile.A
Thread: ajp-bio-127.0.0.1-9019-exec-16
Processing artifact for pre-brokering, provider= https://shibbolethidp.demo.local/idp/shibboleth and relayState = MQ== </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2Profile.A
Thread: ajp-bio-127.0.0.1-9019-exec-16
Relaystate does not have Intersite Transfer request.. no brokering policy enforcement is needed </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2PostSignResponse
Thread: ajp-bio-127.0.0.1-9019-exec-16
Property read from file as global for all trusted providers --------> Property:IS_SAML2_POST_SIGN_RESPONSE Value: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2PostSignResponseProvider
Thread: ajp-bio-127.0.0.1-9019-exec-16
Property read from file for Trusted Provider https://shibbolethidp.demo.local/idp/shibboleth --------> Property:SAML2_POST_SIGN_RESPONSE_TRUSTEDPROVIDERS Value: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2AvoidSignAndValidateAssertion
Thread: ajp-bio-127.0.0.1-9019-exec-16
Property read from edirectory configuration store --------> Property:SAML2_AVOID_SIGN_AND_VALIDATE_ASSERTION_TRUSTEDPROVIDERS Value: false Trusted Provider: https://shibbolethidp.demo.local/idp/shibboleth </amLogEntry>

Mar 12, 2018 6:01:21 PM org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#_747f2bbf3ace700c57a0e87712f3e067"
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2Utils.getOptionValue
Thread: ajp-bio-127.0.0.1-9019-exec-16
SAML2_CHANGE_ISSUER is not configured as service provider's ui option </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: IDPAuthenticationHandler.handleAuthentication
Thread: ajp-bio-127.0.0.1-9019-exec-16
Was authnResponse verified: Yes </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: IDP response validated successfully, now attempting to authenticate </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Authenticate by identity false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: LDAPAuthority.B
Thread: ajp-bio-127.0.0.1-9019-exec-16
Get IDentity DN nidsIdentityName=_55f35ab135ab99a4206fe57fbf592fba </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: LDAPAuthority.getPrincipalByIdentityName
Thread: ajp-bio-127.0.0.1-9019-exec-16
Searching for Identity using dn nidsIdentityName=_55f35ab135ab99a4206fe57fbf592fba </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Base context: cn=STIDPli992h,cn=SMSPvoci7h,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell, Filter: nidsIdentityName=_55f35ab135ab99a4206fe57fbf592fba, Scope: 1, Request Controls: null, UserId: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Closing LDAP connection due to connection timeout! Interval: 110482, Timeout: 10000, Connection: Id: 54e71f77-42b2-4f60-b2c5-748d74d4171d, host: ldaps://192.168.1.197 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Connection: 0bfb66f6-ac57-4a90-b4a0-297455e5cf53, Environment Parameters for InitialDirContext() method call:
Key: java.naming.factory.initial, Value: com.sun.jndi.ldap.LdapCtxFactory
Key: java.naming.provider.url, Value: ldaps://192.168.1.197:636
Key: com.sun.jndi.ldap.connect.timeout, Value: 0
Key: java.naming.security.principal, Value: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell
Key: java.naming.security.authentication, Value: simple
Key: java.naming.security.credentials, Value: *****
Key: java.naming.security.protocol, Value: ssl
Key: java.naming.ldap.factory.socket, Value: com.novell.nidp.common.util.net.client.NIDP_SSLSocketFactory
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Added property to DirContext Environment: Property Name: java.naming.ldap.attributes.binary, Value: GUID nDSPKITrustedRootCertificate </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Try connection: ldaps://192.168.1.197 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Found 0 results! </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Federation not found </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Base context: ou=users,o=data, Filter: (&(|(sn=User01))(objectClass=User)), Scope: 2, Request Controls: null, UserId: cn=admin,ou=sa,o=system </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Closing LDAP connection due to connection timeout! Interval: 101023, Timeout: 10000, Connection: Id: defa15cb-f6d9-40eb-82d7-5d2c22bf7ce3, host: ldaps://192.168.1.115 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Connection: 3f10c553-604f-47f8-974b-7138dae70e8d, Environment Parameters for InitialDirContext() method call:
Key: java.naming.factory.initial, Value: com.sun.jndi.ldap.LdapCtxFactory
Key: java.naming.provider.url, Value: ldaps://192.168.1.115:636
Key: com.sun.jndi.ldap.connect.timeout, Value: 0
Key: java.naming.security.principal, Value: cn=admin,ou=sa,o=system
Key: java.naming.security.authentication, Value: simple
Key: java.naming.security.credentials, Value: *****
Key: java.naming.security.protocol, Value: ssl
Key: java.naming.ldap.factory.socket, Value: com.novell.nidp.common.util.net.client.NIDP_SSLSocketFactory
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Added property to DirContext Environment: Property Name: java.naming.ldap.attributes.binary, Value: GUID nDSPKITrustedRootCertificate </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Try connection: ldaps://192.168.1.115 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Found 0 results! </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Base context: ou=groups,o=data, Filter: (&(|(sn=User01))(objectClass=User)), Scope: 2, Request Controls: null, UserId: cn=admin,ou=sa,o=system </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Try connection: ldaps://192.168.1.115 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Found 0 results! </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Base context: ou=users,o=data, Filter: (&(&(givenName=Test))(objectClass=User)), Scope: 2, Request Controls: null, UserId: cn=admin,ou=sa,o=system </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Try connection: ldaps://192.168.1.115 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Found 0 results! </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Base context: ou=groups,o=data, Filter: (&(&(givenName=Test))(objectClass=User)), Scope: 2, Request Controls: null, UserId: cn=admin,ou=sa,o=system </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Try connection: ldaps://192.168.1.115 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Found 0 results! </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z INFO NIDS IDFF: AM#500106007: AMDEVICEID#6CF8D8AFC3EC4E16: Could not uniquely identify a user account using the following lookup expression: ((NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22sn~22~5D"Singh") AND NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22givenName~22~5D"Test") </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: ProvisionProfile.doProvisioning
Thread: ajp-bio-127.0.0.1-9019-exec-16
Method Parameter loginScreen: false
Can Provision: true
Instance Variable: State:
SAML2ProvisionProfileState
State: Map
Has Attributes?: true
Federated?: false
SAML Map: cn=SAMlqijqo,cn=map
Attribute Array Size: 3
Modify Tokens Array Size: 3
Credentials Array Size: 0
Instance Variable: Policy:
SAML2IDPAccessPolicy
SSO Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
SLO Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
RNI Binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Display Name: Shibboleth
CRL Check Period Binding: 0
Validate Password on Match: false
Provision from Login: false
Force Unique User Name: true
Delete Provisioned Users: false
Identify User Account Action: Map User
Failed Mapping Action: Map User
User Name Creation Action: Auto Generate
Password Creation Action: Auto Generate
First Segment Length: -1
Second Segment Length: -1
First Segment: NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22sn~22~5D
Second Segment: NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22givenName~22~5D
Junction: -
User Name Length: 50
User Store DN: cn=USabeawl,cn=Am6qqf6,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell
User Store Account Creation Context: ou=users,o=data
Password Min Length: 8
Password Max Length: 15
Overwrite Real User: false
Overwrite Temporary User: false
Logout on Post Method Exec Error: false
Required Attributes Length: 3
Required Attributes: NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22givenName~22~5D, NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22sn~22~5D, NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22mail~22~5D
Optional Attributes Length: 0
Optional Attributes:
PreFetch Attributes Length: 3
PreFetch Attributes: NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22sn~22~5D, NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22givenName~22~5D, NEPXurn~3Anovell~3Aldap~3A2006-02~2Fldap~3AUserAttribute~40~40~40~40WSCQLDAPToken~40~40~40~40~2FUserAttribute~5B~40ldap~3AtargetAttribute~3D~22mail~22~5D
SAML 1 Contract URI: /uri/anyauthentication
Encrypt Identifier: false
SAML1?: false
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Performing LDAP search (&(cn=user01-test)(objectClass=User)) in context com.novell.nam.common.ldap.jndi.JNDIUserStoreSearchContext@2912ffd4 </amLogEntry>

1011790: Searching: (&(cn=user01-test)(objectClass=User)) in context com.novell.nam.common.ldap.jndi.JNDIUserStoreSearchContext@2912ffd4preferredReplica ID: null
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Base context: ou=users,o=data, Filter: (&(cn=user01-test)(objectClass=User)), Scope: 2, Request Controls: null, UserId: jeo7ijw7vgf4b </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Try connection: ldaps://192.168.1.115 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Found 0 results! </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Performing LDAP search (&(cn=user01-test)(objectClass=User)) in context com.novell.nam.common.ldap.jndi.JNDIUserStoreSearchContext@405b3ea8 </amLogEntry>

1011790: Searching: (&(cn=user01-test)(objectClass=User)) in context com.novell.nam.common.ldap.jndi.JNDIUserStoreSearchContext@405b3ea8preferredReplica ID: 430a21b6-2839-4023-9011-9cd83befa941
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Base context: ou=groups,o=data, Filter: (&(cn=user01-test)(objectClass=User)), Scope: 2, Request Controls: null, UserId: jeo7ijwdgbo4c </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() replica selected from preferred </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Try connection: ldaps://192.168.1.115 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Found 0 results! </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: LDAP search objects found: 0 </amLogEntry>

1011790:LDAPUserAuthority.addUser | Attempting to create user in user store replica with id - 430a21b6-2839-4023-9011-9cd83befa941
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() replica selected from preferred </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Performing LDAP search (&(cn=user01-test)(objectClass=User)) in context com.novell.nam.common.ldap.jndi.JNDIUserStoreSearchContext@2912ffd4 </amLogEntry>

1011790: Searching: (&(cn=user01-test)(objectClass=User)) in context com.novell.nam.common.ldap.jndi.JNDIUserStoreSearchContext@2912ffd4preferredReplica ID: 430a21b6-2839-4023-9011-9cd83befa941
<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Base context: ou=users,o=data, Filter: (&(cn=user01-test)(objectClass=User)), Scope: 2, Request Controls: null, UserId: jeo7ijxy4ip4e </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() replica selected from preferred </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Try connection: ldaps://192.168.1.115 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Found 1 results! </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: LDAP search objects found: 1 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Authenticate by identity false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: LDAPAuthority.B
Thread: ajp-bio-127.0.0.1-9019-exec-16
Get IDentity DN nidsIdentityName=_55f35ab135ab99a4206fe57fbf592fba </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: LDAPAuthority.getPrincipalByIdentityName
Thread: ajp-bio-127.0.0.1-9019-exec-16
Searching for Identity using dn nidsIdentityName=_55f35ab135ab99a4206fe57fbf592fba </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Base context: cn=STIDPli992h,cn=SMSPvoci7h,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell, Filter: nidsIdentityName=_55f35ab135ab99a4206fe57fbf592fba, Scope: 1, Request Controls: null, UserId: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() replica selected from preferred </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Try connection: ldaps://192.168.1.197 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Found 0 results! </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Federation not found </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.addIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Adding identity: identityId: https://shibbolethidp.demo.local/idp/shibboleth, federated: false, is identity cachable: true, ok to put in cache: true </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.removeIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Remove the identity for: Identity Id: https://shibbolethidp.demo.local/idp/shibboleth, provided: false, federated: false, Principal: cn=user01-test,ou=users,o=data </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.removeIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Done with removal of the identity for: Identity Id: https://shibbolethidp.demo.local/idp/shibboleth because the identityList is null </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.cacheIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Add cache entry mapping this principal [cn=user01-test,ou=users,o=data] by this identity id: true
Adding Identity:
NIDPIdentity
Identifier: _55f35ab135ab99a4206fe57fbf592fba
Qualifier: https://shibbolethidp.demo.local/idp/shibboleth
SPQualifier: https://nam.demo.local/nidp/saml2/metadata
IdentityID: https://shibbolethidp.demo.local/idp/shibboleth
Provider: https://shibbolethidp.demo.local/idp/shibboleth
IsConsumed: true
Format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
SPName:
Provisioned: false
Cluster DN: cn=USabeawl,cn=Am6qqf6,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell
GUID: 5b19e929b5362d49649b5b19e929b536
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.cacheIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Building new identity list entry for principal </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Retrieval of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@34dd242c from cache principal succeeded using key M8Ly4sUyRI6WibypPRkTHd4xaQGeHMgsnRHYm/XhlSg=. Cache size is 2
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z INFO NIDS IDFF: AM#500106004: AMDEVICEID#6CF8D8AFC3EC4E16: Created new identity for 5b19e929b5362d49649b5b19e929b536 with identity id of https://shibbolethidp.demo.local/idp/shibboleth </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2AuthenticationHandler.getExpiration
Thread: ajp-bio-127.0.0.1-9019-exec-16
Can IDP limit SP session based on SessionNotOnOrAfter value recieved? : false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-16
Property read from local file --------> Property:RENAME_SESSIONID Value: true </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Removal of object from cache ImpersonationSession failed using key zOWsLzIcyBdG7jZ448so/wpVFQ9Dp5mNIsg0HYmVgj4=. Cache size is 0
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Removal of object com.novell.nidp.servlets.NIDPServletSession@6afba39c from cache session succeeded using key zOWsLzIcyBdG7jZ448so/wpVFQ9Dp5mNIsg0HYmVgj4=. Cache size is 5
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Removal of object from cache ImpersonationSession failed using key zOWsLzIcyBdG7jZ448so/wpVFQ9Dp5mNIsg0HYmVgj4=. Cache size is 0
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Addition of object com.novell.nidp.servlets.NIDPServletSession@6afba39c to cache session succeeded using key WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ=. Cache size is 6
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPSession.rename
Thread: ajp-bio-127.0.0.1-9019-exec-16
Change in session id from zOWsLzIcyBdG7jZ448so/wpVFQ9Dp5mNIsg0HYmVgj4= to WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ= </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2AuthenticationHandler.getExpiration
Thread: ajp-bio-127.0.0.1-9019-exec-16
Can IDP limit SP session based on SessionNotOnOrAfter value recieved? : false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: setExpiration hard: 0 soft: 1520857881743 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPAuthentication.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-16
Created new Authentication:
protocol: https://nam.demo.local/nidp/saml2/metadata
expiration: 0 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2AuthenticationHandler.getExpiration
Thread: ajp-bio-127.0.0.1-9019-exec-16
Can IDP limit SP session based on SessionNotOnOrAfter value recieved? : false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-16
Object gotten from in memory HashMap: Key: WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ=, Object: null </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-16
Object gotten from swap file: Key: WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ=, low memory: false, Object: null </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-16
Object gotten from in memory HashMap: Key: WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ=, Object: null </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-16
Object gotten from swap file: Key: WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ=, low memory: false, Object: null </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: SwapHashMap.put
Thread: ajp-bio-127.0.0.1-9019-exec-16
Object put: Key: WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ= </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Retrieval of object from cache principal failed using key JUSQxE4/hV3FIFMZF61PHPFzbzE+gz6fGhveaFC1Nmo=. Cache size is 2
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Retrieval of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@34dd242c from cache principal succeeded using key M8Ly4sUyRI6WibypPRkTHd4xaQGeHMgsnRHYm/XhlSg=. Cache size is 2
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Retrieval of object from cache subject failed using key a4ayc/80/OGda4BO/1o/V0etpOqiLx1JwB5S3beHW0s=. Cache size is 0
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Addition of object com.novell.nidp.NIDPSubject@10bbe6e2 to cache subject succeeded using key 1HNeOiZeFu7gP1lxi5tdAwGcB9i2xR+Q2jpmbuwTqzU=. Cache size is 1
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Addition of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@44eb047c to cache principal succeeded using key M8Ly4sUyRI6WibypPRkTHd4xaQGeHMgsnRHYm/XhlSg=. Cache size is 2
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-16
Property read from local file --------> Property:DELETE_OLD_SESSIONS_OF_USER Value: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Retrieval of object com.novell.nidp.NIDPSubject@10bbe6e2 from cache subject succeeded using key 1HNeOiZeFu7gP1lxi5tdAwGcB9i2xR+Q2jpmbuwTqzU=. Cache size is 1
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPConsumedAuthentications.addAuthentication
Thread: ajp-bio-127.0.0.1-9019-exec-16
try and set up local services for 5b19e929b5362d49649b5b19e929b536 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.cacheIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Add cache entry mapping this principal [cn=user01-test,ou=users,o=data] by this identity id: true
Adding Identity:
NIDPIdentity
Identifier: 5b19e929b5362d49649b5b19e929b536
Qualifier: local
SPQualifier: local
IdentityID: local
Provider: local
IsConsumed: true
Format: federated
SPName: null
Provisioned: false
Cluster DN: cn=USabeawl,cn=Am6qqf6,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell
GUID: 5b19e929b5362d49649b5b19e929b536
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.cacheIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Building new identity list entry for principal </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Retrieval of object from cache principal failed using key JUSQxE4/hV3FIFMZF61PHPFzbzE+gz6fGhveaFC1Nmo=. Cache size is 2
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Addition of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@44eb047c to cache principal succeeded using key JUSQxE4/hV3FIFMZF61PHPFzbzE+gz6fGhveaFC1Nmo=. Cache size is 3
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Retrieval of object com.novell.nidp.NIDPSubject@10bbe6e2 from cache subject succeeded using key 1HNeOiZeFu7gP1lxi5tdAwGcB9i2xR+Q2jpmbuwTqzU=. Cache size is 1
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z INFO NIDS Application: AM#500199050: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ=: IDP RolesPep.evaluate(), policy trace:
~~RL~1~~~~Rule Count: 0~~Success(67)
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z INFO NIDS Application: AM#500105013: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#ximFA3cnThsbeNEQllsUX2juVuWclDEbuHMBkNAPoe4=: Authenticated user cn=user01-test,ou=users,o=data in User Store IDM with roles "authenticated". </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@6afba39c from cache session succeeded using key WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ=. Cache size is 6
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Retrieval of object com.novell.nidp.NIDPSubject@10bbe6e2 from cache subject succeeded using key 1HNeOiZeFu7gP1lxi5tdAwGcB9i2xR+Q2jpmbuwTqzU=. Cache size is 1
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() replica selected from preferred </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() replica selected from preferred </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() replica selected from preferred </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Session consumed authentications is 0 and is considered authenticated: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Retrieval of object com.novell.nidp.NIDPSubject@10bbe6e2 from cache subject succeeded using key 1HNeOiZeFu7gP1lxi5tdAwGcB9i2xR+Q2jpmbuwTqzU=. Cache size is 1
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z INFO NIDS Application: AM#500105029: AMDEVICEID#6CF8D8AFC3EC4E16: Logged out session id: WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ= </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: NIDPSubject=null </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Removal of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@44eb047c from cache principal succeeded using key M8Ly4sUyRI6WibypPRkTHd4xaQGeHMgsnRHYm/XhlSg=. Cache size is 2
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Removal of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@44eb047c from cache principal succeeded using key JUSQxE4/hV3FIFMZF61PHPFzbzE+gz6fGhveaFC1Nmo=. Cache size is 1
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Removal of object com.novell.nidp.NIDPSubject@10bbe6e2 from cache subject succeeded using key 1HNeOiZeFu7gP1lxi5tdAwGcB9i2xR+Q2jpmbuwTqzU=. Cache size is 0
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Removal of object from cache ImpersonationSession failed using key WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ=. Cache size is 0
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Removal of object from cache ImpersonationSession failed using key WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ=. Cache size is 0
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Authenticate by identity false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: LDAPAuthority.B
Thread: ajp-bio-127.0.0.1-9019-exec-16
Get IDentity DN nidsIdentityName=_55f35ab135ab99a4206fe57fbf592fba </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: LDAPAuthority.getPrincipalByIdentityName
Thread: ajp-bio-127.0.0.1-9019-exec-16
Searching for Identity using dn nidsIdentityName=_55f35ab135ab99a4206fe57fbf592fba </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Base context: cn=STIDPli992h,cn=SMSPvoci7h,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell, Filter: nidsIdentityName=_55f35ab135ab99a4206fe57fbf592fba, Scope: 1, Request Controls: null, UserId: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
getNextConnection() replica selected from preferred </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Try connection: ldaps://192.168.1.197 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-16
Found 0 results! </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Federation not found </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.addIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Adding identity: identityId: https://shibbolethidp.demo.local/idp/shibboleth, federated: false, is identity cachable: true, ok to put in cache: true </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.removeIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Remove the identity for: Identity Id: https://shibbolethidp.demo.local/idp/shibboleth, provided: false, federated: false, Principal: cn=user01-test,ou=users,o=data </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.removeIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Removing identity for: Identity Id: https://shibbolethidp.demo.local/idp/shibboleth from the Principal identity list at index: 1: ( isTemporary: true) ( isProvisioned: false) </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.removeIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Removing the entire Principal identity list entry because both elements are null </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Removal of object from cache principal failed using key M8Ly4sUyRI6WibypPRkTHd4xaQGeHMgsnRHYm/XhlSg=. Cache size is 1
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Retrieval of object from cache subject failed using key 1HNeOiZeFu7gP1lxi5tdAwGcB9i2xR+Q2jpmbuwTqzU=. Cache size is 0
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.cacheIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Add cache entry mapping this principal [cn=user01-test,ou=users,o=data] by this identity id: true
Adding Identity:
NIDPIdentity
Identifier: _55f35ab135ab99a4206fe57fbf592fba
Qualifier: https://shibbolethidp.demo.local/idp/shibboleth
SPQualifier: https://nam.demo.local/nidp/saml2/metadata
IdentityID: https://shibbolethidp.demo.local/idp/shibboleth
Provider: https://shibbolethidp.demo.local/idp/shibboleth
IsConsumed: true
Format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
SPName:
Provisioned: false
Cluster DN: cn=USabeawl,cn=Am6qqf6,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell
GUID: 5b19e929b5362d49649b5b19e929b536
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPPrincipal.cacheIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-16
Building new identity list entry for principal </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Retrieval of object from cache principal failed using key M8Ly4sUyRI6WibypPRkTHd4xaQGeHMgsnRHYm/XhlSg=. Cache size is 1
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Addition of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@44eb047c to cache principal succeeded using key M8Ly4sUyRI6WibypPRkTHd4xaQGeHMgsnRHYm/XhlSg=. Cache size is 2
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z INFO NIDS IDFF: AM#500106004: AMDEVICEID#6CF8D8AFC3EC4E16: Created new identity for 5b19e929b5362d49649b5b19e929b536 with identity id of https://shibbolethidp.demo.local/idp/shibboleth </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2AuthenticationHandler.getExpiration
Thread: ajp-bio-127.0.0.1-9019-exec-16
Can IDP limit SP session based on SessionNotOnOrAfter value recieved? : false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-16
Property read from local file --------> Property:RENAME_SESSIONID Value: true </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Removal of object from cache ImpersonationSession failed using key WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ=. Cache size is 0
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Removal of object com.novell.nidp.servlets.NIDPServletSession@6afba39c from cache session succeeded using key WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ=. Cache size is 5
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Removal of object from cache ImpersonationSession failed using key WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ=. Cache size is 0
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-16

Addition of object com.novell.nidp.servlets.NIDPServletSession@6afba39c to cache session succeeded using key tnz07BUQ3y9/u1qKFBWU0HyZ63qV9IEty3Pjy/lnToQ=. Cache size is 6
</amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPSession.rename
Thread: ajp-bio-127.0.0.1-9019-exec-16
Change in session id from WkiJmymjBZDWntfgwEjr+VBTuv4fkzqKO8jB1bSIyFQ= to tnz07BUQ3y9/u1qKFBWU0HyZ63qV9IEty3Pjy/lnToQ= </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2AuthenticationHandler.getExpiration
Thread: ajp-bio-127.0.0.1-9019-exec-16
Can IDP limit SP session based on SessionNotOnOrAfter value recieved? : false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z VERBOSE NIDS Application: setExpiration hard: 0 soft: 1520857881864 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPAuthentication.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-16
Created new Authentication:
protocol: https://nam.demo.local/nidp/saml2/metadata
expiration: 0 </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2AuthenticationHandler.getExpiration
Thread: ajp-bio-127.0.0.1-9019-exec-16
Can IDP limit SP session based on SessionNotOnOrAfter value recieved? : false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS SAML2:
Method: SAML2Utils.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-16
SAML2_REQUEST_IGNORE_AUTHNCONTEXT is not configured as service provider's ui option </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.getSaml2TPValueBoolean
Thread: ajp-bio-127.0.0.1-9019-exec-16
[nidpconfig.properties] Options - https://shibbolethidp.demo.local/idp/shibboleth->SAML2_REQUEST_IGNORE_AUTHNCONTEXT value returned: false </amLogEntry>

<amLogEntry> 2018-03-12T12:31:21Z SEVERE NIDS Application: java.lang.ClassCastException
java.lang.NullPointerException cannot be cast to com.novell.nidp.NIDPException
com.novell.nidp.saml2.profile.SAML2SSOProfile: y: A: 2,095
com.novell.nidp.saml2.profile.SAML2SSOProfile: y: processResponse: 2,138
com.novell.nidp.saml2.profile.SAML2SSOProfile: y: processResponse: 739
com.novell.nidp.saml2.profile.SAML2Profile: y: handleInBoundMessage: 2,803
com.novell.nidp.saml2.profile.SAML2SSOProfile: y: processResponse: 1,697
com.novell.nidp.saml2.SAML2Handler: y: A: 1,027
com.novell.nidp.saml2.SAML2Handler: y: handleRequest: 2,785
com.novell.nidp.saml2.SAML2MeDescriptor: y: handleRequest: 1,554
com.novell.nidp.servlets.NIDPServlet: y: myDoGet: 2,001
com.novell.nidp.servlets.NIDPBaseServlet: y: doGet: 1,530
com.novell.nidp.servlets.NIDPBaseServlet: y: doPost: 1,810
javax.servlet.http.HttpServlet: HttpServlet.java: service: 648
javax.servlet.http.HttpServlet: HttpServlet.java: service: 729
org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 292
org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 207
org.apache.tomcat.websocket.server.WsFilter: WsFilter.java: doFilter: 52
org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 240
org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 207
com.google.inject.servlet.FilterChainInvocation: FilterChainInvocation.java: doFilter: 66
com.google.inject.servlet.FilterDefinition: FilterDefinition.java: doFilter: 168
com.google.inject.servlet.FilterChainInvocation: FilterChainInvocation.java: doFilter: 58
com.google.inject.servlet.ManagedFilterPipeline: ManagedFilterPipeline.java: dispatch: 118
com.google.inject.servlet.GuiceFilter: GuiceFilter.java: doFilter: 113
org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 240
org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 207
com.novell.nidp.servlets.filters.xss.XSSDetectionFilter: y: doFilter: 265
org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 240
org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 207
org.apache.catalina.filters.HttpHeaderSecurityFilter: HttpHeaderSecurityFilter.java: doFilter: 124
org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 240
org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 207
com.novell.nidp.servlets.filters.jsp.SameOriginFramingFilter: y: doFilter: 777
org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 240
org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 207
org.apache.catalina.core.StandardWrapperValve: StandardWrapperValve.java: invoke: 212
org.apache.catalina.core.StandardContextValve: StandardContextValve.java: invoke: 94
org.apache.catalina.authenticator.AuthenticatorBase: AuthenticatorBase.java: invoke: 504
org.apache.catalina.core.StandardHostValve: StandardHostValve.java: invoke: 141
org.apache.catalina.valves.ErrorReportValve: ErrorReportValve.java: invoke: 79
org.apache.catalina.core.StandardEngineValve: StandardEngineValve.java: invoke: 88
org.apache.catalina.connector.CoyoteAdapter: CoyoteAdapter.java: service: 502
com.novell.nam.tomcat.ajp.NAMAbstractAjpProcessor: NAMAbstractAjpProcessor.java: process: 832
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler: AbstractProtocol.java: process: 684
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor: JIoEndpoint.java: run: 283
java.util.concurrent.ThreadPoolExecutor: ThreadPoolExecutor.java: runWorker: 1,149
java.util.concurrent.ThreadPoolExecutor$Worker: ThreadPoolExecutor.java: run: 624
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable: TaskThread.java: run: 61
java.lang.Thread: Thread.java: run: 748 </amLogEntry>

My Shibboleth IDP logs are given below
18:01:19.474 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:144] - Returning control to authentication engine
18:01:19.475 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:209] - Processing incoming request
18:01:19.475 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:514] - Completing user authentication process
18:01:19.475 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:585] - Validating authentication was performed successfully
18:01:19.476 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:696] - Updating session information for principal test
18:01:19.476 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:700] - Creating shibboleth session for principal test
18:01:19.476 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:815] - Adding IdP session cookie to HTTP response
18:01:19.481 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:715] - Recording authentication and service information in Shibboleth session for principal: test
18:01:19.481 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:560] - User test authenticated with method urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
18:01:19.482 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:161] - Returning control to profile handler
18:01:19.482 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:177] - Redirecting user to profile handler at https://shibbolethidp.demo.local:443/idp/profile/SAML2/POST/SSO
18:01:19.500 - INFO [Shibboleth-Access:73] - 20180312T123119Z|192.168.1.84|shibbolethidp.demo.local:443|/profile/SAML2/POST/SSO|
18:01:19.500 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:86] - shibboleth.HandlerManager: Looking up profile handler for request path: /SAML2/POST/SSO
18:01:19.501 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:97] - shibboleth.HandlerManager: Located profile handler of the following type for the request path: edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
18:01:19.501 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:588] - Unbinding LoginContext
18:01:19.501 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:614] - Expiring LoginContext cookie
18:01:19.502 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:625] - Removed LoginContext, with key ba9b27c1549e6146434eaaac70ac7cfe49dd471db768cac8366b1d1351401351, from StorageService partition loginContexts
18:01:19.502 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:172] - Incoming request contains a login context and indicates principal was authenticated, processing second leg of request
18:01:19.502 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:128] - Looking up relying party configuration for https://nam.demo.local/nidp/saml2/metadata
18:01:19.503 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:134] - No custom relying party configuration found for https://nam.demo.local/nidp/saml2/metadata, looking up configuration based on metadata groups.
18:01:19.503 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:157] - No custom or group-based relying party configuration found for https://nam.demo.local/nidp/saml2/metadata. Using default relying party configuration.
18:01:19.506 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:478] - Resolving attributes for principal 'test' for SAML request from relying party 'https://nam.demo.local/nidp/saml2/metadata'
18:01:19.506 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:326] - metadata contains the following attributes: []
18:01:19.506 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:119] - shibboleth.AttributeResolver resolving attributes for principal test
18:01:19.507 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:275] - Specific attributes for principal test were not requested, resolving all attributes.
18:01:19.507 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute mail for principal test
18:01:19.507 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:354] - Resolving data connector mySIS for principal test
18:01:19.514 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:262] - RDBMS data connector mySIS - Search Query: SELECT security.provider_no, security.user_name, security.security_no, provider.last_name, provider.first_name,provider.email FROM security inner join provider on security.provider_no=provider.provider_no WHERE user_name = 'test'
18:01:19.514 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:323] - RDBMS data connector mySIS - Querying database for attributes with query SELECT security.provider_no, security.user_name, security.security_no, provider.last_name, provider.first_name,provider.email FROM security inner join provider on security.provider_no=provider.provider_no WHERE user_name = 'test'
18:01:19.526 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:332] - RDBMS data connector mySIS - Retrieved attributes: [security_no, mail, user_name, givenName, sn, provider_no]
18:01:19.527 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute mail containing 1 values
18:01:19.527 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute transientId for principal test
18:01:19.528 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdAttributeDefinition:97] - Building transient ID for request idDNsLm9j9g_M9ZD1LXmpeDH7fDJ0; outbound message issuer: https://shibbolethidp.demo.local/idp/shibboleth, inbound message issuer: https://nam.demo.local/nidp/saml2/metadata, principal identifer: test
18:01:19.528 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdAttributeDefinition:115] - Created transient ID _55f35ab135ab99a4206fe57fbf592fba for request idDNsLm9j9g_M9ZD1LXmpeDH7fDJ0
18:01:19.528 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute transientId containing 1 values
18:01:19.529 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute givenName for principal test
18:01:19.529 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute givenName containing 1 values
18:01:19.529 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute sn for principal test
18:01:19.529 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute sn containing 1 values
18:01:19.530 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute mail has 1 values after post-processing
18:01:19.530 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute transientId has 1 values after post-processing
18:01:19.530 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute givenName has 1 values after post-processing
18:01:19.530 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute sn has 1 values after post-processing
18:01:19.531 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:137] - shibboleth.AttributeResolver resolved, for principal test, the attributes: [mail, transientId, givenName, sn]
18:01:19.531 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:71] - shibboleth.AttributeFilterEngine filtering 4 attributes for principal test
18:01:19.531 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releaseTransientIdToAnyone is active for principal test
18:01:19.531 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releaseTransientIdToAnyone is active for principal test
18:01:19.532 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute transientId for principal test
18:01:19.532 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasegivenNameToAnyone is active for principal test
18:01:19.532 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasegivenNameToAnyone is active for principal test
18:01:19.532 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute givenName for principal test
18:01:19.533 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasesnToAnyone is active for principal test
18:01:19.533 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasesnToAnyone is active for principal test
18:01:19.533 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute sn for principal test
18:01:19.533 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasemailToAnyone is active for principal test
18:01:19.534 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasemailToAnyone is active for principal test
18:01:19.534 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute mail for principal test
18:01:19.534 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute mail has 1 values after filtering
18:01:19.534 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute transientId has 1 values after filtering
18:01:19.535 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute givenName has 1 values after filtering
18:01:19.535 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute sn has 1 values after filtering
18:01:19.535 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:114] - Filtered attributes for principal test. The following attributes remain: [mail, transientId, givenName, sn]
18:01:19.536 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:505] - Creating attribute statement in response to SAML request 'idDNsLm9j9g_M9ZD1LXmpeDH7fDJ0' from relying party 'https://nam.demo.local/nidp/saml2/metadata'
18:01:19.536 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute mail with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
18:01:19.536 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:263] - Attribute transientId was not encoded (filtered by query, or no SAML2AttributeEncoder attached).
18:01:19.537 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute givenName with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
18:01:19.537 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute sn with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
18:01:19.538 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:528] - Filtering out potential name identifier attributes which can not be encoded by edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
18:01:19.538 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute mail, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
18:01:19.538 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:542] - Retaining attribute transientId which may be encoded to via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
18:01:19.539 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute givenName, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
18:01:19.539 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute sn, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
18:01:19.539 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:484] - Attempting to select name identifier attribute for relying party 'https://nam.demo.local/nidp/saml2/metadata' that requires format 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
18:01:19.539 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:567] - Filtering out potential name identifier attributes which do not support one of the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
18:01:19.540 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:586] - Retaining attribute transientId which may be encoded as a name identifier of format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
18:01:19.540 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:691] - Selecting attribute to be encoded as a name identifier by encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
18:01:19.540 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:718] - Selecting the first attribute that can be encoded in to a name identifier
18:01:19.541 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:502] - Name identifier for relying party 'https://nam.demo.local/nidp/saml2/metadata' will be built from attribute 'transientId'
18:01:19.541 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:868] - Using attribute 'transientId' supporting NameID format 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' to create the NameID for relying party 'https://nam.demo.local/nidp/saml2/metadata'
18:01:19.541 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:572] - Determining if SAML assertion to relying party 'https://nam.demo.local/nidp/saml2/metadata' should be signed
18:01:19.542 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:653] - IdP relying party configuration 'default' indicates to sign assertions: true
18:01:19.542 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:583] - Determining signing credntial for assertion to relying party 'https://nam.demo.local/nidp/saml2/metadata'
18:01:19.542 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:599] - Signing assertion to relying party https://nam.demo.local/nidp/saml2/metadata
18:01:19.554 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:331] - secondarily indexing user session by name identifier
18:01:19.555 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:797] - Encoding response to SAML request idDNsLm9j9g_M9ZD1LXmpeDH7fDJ0 from relying party https://nam.demo.local/nidp/saml2/metadata
18:01:19.565 - INFO [Shibboleth-Audit:1028] - 20180312T123119Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|idDNsLm9j9g_M9ZD1LXmpeDH7fDJ0|https://nam.demo.local/nidp/saml2/metadata|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://shibbolethidp.demo.local/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_bfc4f85ba3fa25a4d3edc6d3d32570b6|test|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|mail,transientId,givenName,sn,|_55f35ab135ab99a4206fe57fbf592fba|_747f2bbf3ace700c57a0e87712f3e067,|

I am getting following response on SAML Assertion URL (https://nam.demo.local/nidp/saml2/spassertion_consumer)
<saml2p:Response Destination="https://nam.demo.local/nidp/saml2/spassertion_consumer" ID="_bfc4f85ba3fa25a4d3edc6d3d32570b6" InResponseTo="idDNsLm9j9g_M9ZD1LXmpeDH7fDJ0" IssueInstant="2018-03-12T12:31:19.537Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://shibbolethidp.demo.local/idp/shibboleth</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</saml2p:Status>
<saml2:Assertion ID="_747f2bbf3ace700c57a0e87712f3e067" IssueInstant="2018-03-12T12:31:19.537Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://shibbolethidp.demo.local/idp/shibboleth</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_747f2bbf3ace700c57a0e87712f3e067">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>rQIZ8hTXsIsgGUx6rV9bX5CxOkU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo> <ds:SignatureValue>kj5oKP3hpRVGPa/wPXfXOIu0zrS45KK+xTsjZFG9xUnzpx3n0fsYg/gtCvlS/zaJhC0pj9uRZprYbi1KpXA2vycO8ixNqOKdVmeka5LccT1bqiRTgYIXaOj2osfTcLSALWWCUBneLJonfyj6GLwVeuIisZJI/e8G7yWDq+b+BVrZUPtRz96HxdsUr2eNZrYrQLj6NCYw4xeLPs1zSXQ29J9HC/11Zcxpo3qoZYaN6HeB09HgMZuwTYabgV6PZZ7MG33L3vu1TSF/Hy0sP5qdaxAe2E7yKfK2q7G4lbEIJcg/qlyPW5QTHpojy8sevrZ5JvSxnnJR9MQ/rlqTTkI/WA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIDTDCCAjSgAwIBAgIVANTp/dbPi/kd5ocXK/PXcVwSn5gNMA0GCSqGSIb3DQEBBQUAMCMxITAf
BgNVBAMMGHNoaWJib2xldGhpZHAuYWl0Yy5sb2NhbDAeFw0xODAyMjcwNzM4MTNaFw0zODAyMjcw
NzM4MTNaMCMxITAfBgNVBAMMGHNoaWJib2xldGhpZHAuYWl0Yy5sb2NhbDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMqwO3dHFGsFULUDr6XwKYIOJ5qWbxiy6xZlAPytzC24w4AO6hMa
PnFSD86RJVOjUZdzyra77q0wZjowBoIKm7RXTLh8tiXTy6fYl27CHE7VnCegt6jFEje4znPbytqi
JCuU94k5slVBK9fjw72N0patppzGVBigzjDJEq5zQK1F3Sh2PSBLOxch0V01exjVQnskIi7OY/E1
ZLKFWBHTXWq1SEcqwQhq/HZ6atIuCV8WX0O26uKjRX/N9LMiA/jyrpzfivw4nB9A4Kmo5Yopb9CJ
JmdrflF7LqIcLKh3EiKwjUkGRULz5J/KvFtFEuyC8l4QDzIxnBRHHin5qbcextcCAwEAAaN3MHUw
HQYDVR0OBBYEFKL3dDqL+6e+r6uLt/oiPGUTcYywMFQGA1UdEQRNMEuCGHNoaWJib2xldGhpZHAu
YWl0Yy5sb2NhbIYvaHR0cHM6Ly9zaGliYm9sZXRoaWRwLmFpdGMubG9jYWwvaWRwL3NoaWJib2xl
dGgwDQYJKoZIhvcNAQEFBQADggEBALFdRzQmDZTMF0m6tG6wY7I95gNrDbV+QSmcdox6I8hS5UXx
/peLKGlqV5vnH2VIy2qyNKdiGXtCglVMOnc4cOpY4nCAvA7/nOPd3dyaRpat/p8T6Jcuue3V9+ta
9wVemLxe5odP9tEVBZUDPexwsY36lBZByDgUFTL+QH6eMjP3Gid0RIUiOmUWYWBmIDMqLHzBL52S
cd02p+m99Zvrh0NAwUi/CPW0Uu/UzPjvcO+E+bJfm+G7sZRQyJ0IhbODVr/rtjmzyXMAPMRa9Usy
FePSIVzEM8TitTTZCJEkYehGt1zOig/IQ5ZavY6//ny3OL2eXx9tbAuSszDOpgh4PZQ=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://shibbolethidp.demo.local/idp/shibboleth" SPNameQualifier="https://nam.demo.local/nidp/saml2/metadata">_55f35ab135ab99a4206fe57fbf592fba</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData Address="192.168.1.84" InResponseTo="idDNsLm9j9g_M9ZD1LXmpeDH7fDJ0" NotOnOrAfter="2018-03-12T12:36:19.537Z" Recipient="https://nam.demo.local/nidp/saml2/spassertion_consumer"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2018-03-12T12:31:19.537Z" NotOnOrAfter="2018-03-12T12:36:19.537Z">
<saml2:AudienceRestriction>
<saml2:Audience>https://nam.demo.local/nidp/saml2/metadata</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2018-03-12T12:31:19.481Z" SessionIndex="_cf77b8bbb4ea8a4b6584babf943fb741">
<saml2:SubjectLocality Address="192.168.1.84" />
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute Name="urn:oscar:names:idm:attribute:mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">tuser01@demo.com</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oscar:names:idm:attribute:givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Test</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oscar:names:idm:attribute:sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">User01</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2p:Response>
0 Likes
fartyalvikram Contributor.
Contributor.

Re: IDP response was received that failed to authenticate

Now I am getting below Error on browser
An Identity Provider response was received that failed to authenticate this session. (300101011-6CF8D8AFC3EC4E16)
Scenario is given below
1. Hit https://nam.demo.local/nidp/saml2/spsend?id=Shibboleth&sid=1&TARGET=https://userapp.demo.local URL on browser.
2. Redirect to Shibboleth IDP login page, Enter credentials and hit Login button.
3. At spassertion it create user inside User Store (eDirectory).
4. Redirect to https://nam.demo.local/nidp/app?first=false URL with given error Message
An Identity Provider response was received that failed to authenticate this session. (300101011-6CF8D8AFC3EC4E16)
But on the same tab when I hit https://userapp.demo.local URL it redirect me to the User App successfully without any login.

So please help me to fix this issue, why they did not redirect to TARGET URL (https://userapp.demo.local) automatically.

Please check Access Manager IDP logs below
<amLogEntry> 2018-03-13T10:42:16Z DEBUG NIDS Application: 
Method: NIDPContextListener.sessionDestroyed
Thread: ContainerBackgroundProcessor[StandardEngine[Catalina]]
Destroyed session AMAUTHID#LbfsWlUYEAiiaG5lXcNybEIpSxYGbpShOn6RhL4nuik= </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: ajp-bio-127.0.0.1-9019-exec-11
****** HttpServletRequest Information:
Method: POST
Scheme: https
Context Path: /nidp
Servlet Path: /saml2
Query String: null
Path Info: /spassertion_consumer
Server Name: nam.demo.local
Server Port: 443
Content Length: 7283
Content Type: application/x-www-form-urlencoded
Auth Type: null
Request URL: https://nam.demo.local/nidp/saml2/spassertion_consumer
Host IP Address: 192.168.1.197
Remote Client IP Address: 192.168.1.84
Cookie: (0 of 1): JSESSIONID, yxj7bWTblpJnDtYtFocksr8ebRrksNTskcnFxgc/31s=
Header: Name: host, Value: nam.demo.local
Header: Name: connection, Value: keep-alive
Header: Name: content-length, Value: 7283
Header: Name: Cache-Control, Value: max-age=0
Header: Name: Origin, Value: https://shibbolethidp.demo.local
Header: Name: Upgrade-Insecure-Requests, Value: 1
Header: Name: content-type, Value: application/x-www-form-urlencoded
Header: Name: user-agent, Value: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Header: Name: accept, Value: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Header: Name: referer, Value: https://shibbolethidp.demo.local/idp/profile/SAML2/POST/SSO
Header: Name: accept-encoding, Value: gzip, br
Header: Name: accept-language, Value: en-US,en;q=0.9
Header: Name: Via, Value: 1.1 nam.demo.local (Access Gateway-ag-AF05FE6544A72488-1400)
Session Id: yxj7bWTblpJnDtYtFocksr8ebRrksNTskcnFxgc/31s=
Session Last Accessed Time: 1520937708466
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key yxj7bWTblpJnDtYtFocksr8ebRrksNTskcnFxgc/31s=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key yxj7bWTblpJnDtYtFocksr8ebRrksNTskcnFxgc/31s=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application: AM#600105011: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#WuNMWyulOXkJfFtYIvLXtkGVBOL4ddfXg1z5Em1ftRU=: SP saml2 handler to process request received for /nidp/saml2 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key yxj7bWTblpJnDtYtFocksr8ebRrksNTskcnFxgc/31s=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS SAML2:
Method: SAML2SSOProfile.processResponse
Thread: ajp-bio-127.0.0.1-9019-exec-11
Received assertion consumer response </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: NIDPContext.getRelayStateDecode
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from local file --------> Property:decodeRelayStateParam Value: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z VERBOSE NIDS Application: Input param url: MQ== :: web.xml param value to decode: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: NIDPContext.getRelayStateDecode
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from local file --------> Property:decodeRelayStateParam Value: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.isPostInFlate
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from local file --------> Property:IS_SAML2_POST_INFLATE Value: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS SAML2:
Method: SAML2Profile.handleInBoundMessage
Thread: ajp-bio-127.0.0.1-9019-exec-11
InBound POST message was NOT inflated. </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS SAML2:
Method: SAML2Profile.traceMessage
Thread: ajp-bio-127.0.0.1-9019-exec-11

************************* SAML2 POST message ********************************
Type: received
RelayState: MQ==
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://nam.demo.local/nidp/saml2/spassertion_consumer" ID="_e4a54d21f8f1c4637ca184e1e9f0910b" InResponseTo="idL0qUL3lB8vN5hRmRJohilZ-k7b0" IssueInstant="2018-03-13T10:42:21.710Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://shibbolethidp.demo.local/idp/shibboleth</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion ID="_4db7f3503001cd2247bc98804c73b286" IssueInstant="2018-03-13T10:42:21.710Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://shibbolethidp.demo.local/idp/shibboleth</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_4db7f3503001cd2247bc98804c73b286"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>B67dQjYuxnqisu6bkj0HV91RWeU=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>p/H7tesGXEbIwg9uSprirh3LgL6/GeQrQE4jvLLp7fvP5iesldJFUTbQJo/bOPeEpVySexL3pn7uEZc9NdIY4653dDFhsSdxQlmUT0gWcvSBPeGkwh/wUiFUrHPLISLvxrPpxcny9z8/kuLch0sYbxFArb0wVKy4HyA2FmrkcY/kthbHoQ5GfNSr+sx/GYykwVhOyO08a5bL08L2sAKvonbNZgdXf/whKnaRcdQSpCYlCvxTMiJDHcl6RkDKMVzyEav4tDCuZ2DwaHJ5JGonvzPS8Wt8kzo9gNzr9o28IXI/vCKBauhwAPTU2Y9F5t2hbjqC6iVlirUJeS4SJLdTTA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDTDCCAjSgAwIBAgIVANTp/dbPi/kd5ocXK/PXcVwSn5gNMA0GCSqGSIb3DQEBBQUAMCMxITAf
BgNVBAMMGHNoaWJib2xldGhpZHAuYWl0Yy5sb2NhbDAeFw0xODAyMjcwNzM4MTNaFw0zODAyMjcw
NzM4MTNaMCMxITAfBgNVBAMMGHNoaWJib2xldGhpZHAuYWl0Yy5sb2NhbDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMqwO3dHFGsFULUDr6XwKYIOJ5qWbxiy6xZlAPytzC24w4AO6hMa
PnFSD86RJVOjUZdzyra77q0wZjowBoIKm7RXTLh8tiXTy6fYl27CHE7VnCegt6jFEje4znPbytqi
JCuU94k5slVBK9fjw72N0patppzGVBigzjDJEq5zQK1F3Sh2PSBLOxch0V01exjVQnskIi7OY/E1
ZLKFWBHTXWq1SEcqwQhq/HZ6atIuCV8WX0O26uKjRX/N9LMiA/jyrpzfivw4nB9A4Kmo5Yopb9CJ
JmdrflF7LqIcLKh3EiKwjUkGRULz5J/KvFtFEuyC8l4QDzIxnBRHHin5qbcextcCAwEAAaN3MHUw
HQYDVR0OBBYEFKL3dDqL+6e+r6uLt/oiPGUTcYywMFQGA1UdEQRNMEuCGHNoaWJib2xldGhpZHAu
YWl0Yy5sb2NhbIYvaHR0cHM6Ly9zaGliYm9sZXRoaWRwLmFpdGMubG9jYWwvaWRwL3NoaWJib2xl
dGgwDQYJKoZIhvcNAQEFBQADggEBALFdRzQmDZTMF0m6tG6wY7I95gNrDbV+QSmcdox6I8hS5UXx
/peLKGlqV5vnH2VIy2qyNKdiGXtCglVMOnc4cOpY4nCAvA7/nOPd3dyaRpat/p8T6Jcuue3V9+ta
9wVemLxe5odP9tEVBZUDPexwsY36lBZByDgUFTL+QH6eMjP3Gid0RIUiOmUWYWBmIDMqLHzBL52S
cd02p+m99Zvrh0NAwUi/CPW0Uu/UzPjvcO+E+bJfm+G7sZRQyJ0IhbODVr/rtjmzyXMAPMRa9Usy
FePSIVzEM8TitTTZCJEkYehGt1zOig/IQ5ZavY6//ny3OL2eXx9tbAuSszDOpgh4PZQ=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://shibbolethidp.demo.local/idp/shibboleth" SPNameQualifier="https://nam.demo.local/nidp/saml2/metadata">_ff006de26ebc638b8bc287b3f7ec6274</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData Address="192.168.1.84" InResponseTo="idL0qUL3lB8vN5hRmRJohilZ-k7b0" NotOnOrAfter="2018-03-13T10:47:21.710Z" Recipient="https://nam.demo.local/nidp/saml2/spassertion_consumer"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2018-03-13T10:42:21.710Z" NotOnOrAfter="2018-03-13T10:47:21.710Z"><saml2:AudienceRestriction><saml2:Audience>https://nam.demo.local/nidp/saml2/metadata</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2018-03-13T10:42:21.579Z" SessionIndex="_3557b30b2912f82e0676bade14afc083"><saml2:SubjectLocality Address="192.168.1.84"/><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute Name="urn:oscar:names:idm:attribute:mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="urn:oscar:names:idm:attribute:givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="urn:oscar:names:idm:attribute:sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></saml2p:Response>
************************* End SAML2 message ****************************
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from local file --------> Property:XML_PARSE_ALLOW_DTD Value: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS SAML2:
Method: SAML2AuthnContext.parse
Thread: ajp-bio-127.0.0.1-9019-exec-11
expiration: 0 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS SAML2:
Method: SAML2AuthnContext.parse
Thread: ajp-bio-127.0.0.1-9019-exec-11
AssuranceLevel: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: XMLSignable.logEncryptInfo
Thread: ajp-bio-127.0.0.1-9019-exec-11
Encrypted element [[urn:oasis:names:tc:SAML:2.0:assertion-saml-AttributeStatement]] was decrypted using encryption cert [CN=*.demo.local] having serial no [117708264469420193563469560508705801671968629393] </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: XMLSignable.logEncryptInfo
Thread: ajp-bio-127.0.0.1-9019-exec-11
Encrypted element [[urn:oasis:names:tc:SAML:2.0:assertion-saml-Subject]] was decrypted using encryption cert [CN=*.demo.local] having serial no [117708264469420193563469560508705801671968629393] </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2AvoidSignAndValidateAssertion
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from edirectory configuration store --------> Property:SAML2_AVOID_SIGN_AND_VALIDATE_ASSERTION_TRUSTEDPROVIDERS Value: false Trusted Provider: https://shibbolethidp.demo.local/idp/shibboleth </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: XMLSignable.logEncryptInfo
Thread: ajp-bio-127.0.0.1-9019-exec-11
Encrypted element [[urn:oasis:names:tc:SAML:2.0:assertion-saml-EncryptedAssertion]s (0)] was decrypted using encryption cert [CN=*.demo.local] having serial no [117708264469420193563469560508705801671968629393] </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS SAML2:
Method: SAML2Profile.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Processing artifact for pre-brokering, provider= https://shibbolethidp.demo.local/idp/shibboleth and relayState = MQ== </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS SAML2:
Method: SAML2Profile.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Relaystate does not have Intersite Transfer request.. no brokering policy enforcement is needed </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2PostSignResponse
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from file as global for all trusted providers --------> Property:IS_SAML2_POST_SIGN_RESPONSE Value: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2PostSignResponseProvider
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from file for Trusted Provider https://shibbolethidp.demo.local/idp/shibboleth --------> Property:SAML2_POST_SIGN_RESPONSE_TRUSTEDPROVIDERS Value: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2AvoidSignAndValidateAssertion
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from edirectory configuration store --------> Property:SAML2_AVOID_SIGN_AND_VALIDATE_ASSERTION_TRUSTEDPROVIDERS Value: false Trusted Provider: https://shibbolethidp.demo.local/idp/shibboleth </amLogEntry>
Mar 13, 2018 4:12:23 PM org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#_4db7f3503001cd2247bc98804c73b286"
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS SAML2:
Method: SAML2Utils.getOptionValue
Thread: ajp-bio-127.0.0.1-9019-exec-11
SAML2_CHANGE_ISSUER is not configured as service provider's ui option </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: IDPAuthenticationHandler.handleAuthentication
Thread: ajp-bio-127.0.0.1-9019-exec-11
Was authnResponse verified: Yes </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z VERBOSE NIDS Application: IDP response validated successfully, now attempting to authenticate </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z VERBOSE NIDS Application: Authenticate by identity false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: LDAPAuthority.B
Thread: ajp-bio-127.0.0.1-9019-exec-11
Get IDentity DN nidsIdentityName=_ff006de26ebc638b8bc287b3f7ec6274 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: LDAPAuthority.getPrincipalByIdentityName
Thread: ajp-bio-127.0.0.1-9019-exec-11
Searching for Identity using dn nidsIdentityName=_ff006de26ebc638b8bc287b3f7ec6274 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Base context: cn=STIDPli992h,cn=SMSPvoci7h,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell, Filter: nidsIdentityName=_ff006de26ebc638b8bc287b3f7ec6274, Scope: 1, Request Controls: null, UserId: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Closing LDAP connection due to connection timeout! Interval: 164766, Timeout: 10000, Connection: Id: cba784f9-4694-4ce0-9f3b-d89bb5e278b2, host: ldaps://192.168.1.197 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Connection: 1d4113d4-2dc5-4382-8ee5-d77f13df5d1e, Environment Parameters for InitialDirContext() method call:
Key: java.naming.factory.initial, Value: com.sun.jndi.ldap.LdapCtxFactory
Key: java.naming.provider.url, Value: ldaps://192.168.1.197:636
Key: com.sun.jndi.ldap.connect.timeout, Value: 0
Key: java.naming.security.principal, Value: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell
Key: java.naming.security.authentication, Value: simple
Key: java.naming.security.credentials, Value: *****
Key: java.naming.security.protocol, Value: ssl
Key: java.naming.ldap.factory.socket, Value: com.novell.nidp.common.util.net.client.NIDP_SSLSocketFactory
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Added property to DirContext Environment: Property Name: java.naming.ldap.attributes.binary, Value: GUID nDSPKITrustedRootCertificate </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Try connection: ldaps://192.168.1.197 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Found 0 results! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z VERBOSE NIDS Application: Federation not found </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Base context: ou=users,o=data, Filter: (&(|(sn=User01))(objectClass=User)), Scope: 2, Request Controls: null, UserId: cn=admin,ou=sa,o=system </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>
<amLogEntry> 2018-03-13T10:42:23Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Closing LDAP connection due to connection timeout! Interval: 144362, Timeout: 10000, Connection: Id: 006daad9-bb0f-4c7b-9382-d085bfa858e7, host: ldaps://192.168.1.115 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Connection: 958d58ec-16fe-485b-9f92-38d39480a8e8, Environment Parameters for InitialDirContext() method call:
Key: java.naming.factory.initial, Value: com.sun.jndi.ldap.LdapCtxFactory
Key: java.naming.provider.url, Value: ldaps://192.168.1.115:636
Key: com.sun.jndi.ldap.connect.timeout, Value: 0
Key: java.naming.security.principal, Value: cn=admin,ou=sa,o=system
Key: java.naming.security.authentication, Value: simple
Key: java.naming.security.credentials, Value: *****
Key: java.naming.security.protocol, Value: ssl
Key: java.naming.ldap.factory.socket, Value: com.novell.nidp.common.util.net.client.NIDP_SSLSocketFactory
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Added property to DirContext Environment: Property Name: java.naming.ldap.attributes.binary, Value: GUID nDSPKITrustedRootCertificate </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Try connection: ldaps://192.168.1.115 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Found 1 results! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Base context: ou=groups,o=data, Filter: (&(|(sn=User01))(objectClass=User)), Scope: 2, Request Controls: null, UserId: cn=admin,ou=sa,o=system </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Try connection: ldaps://192.168.1.115 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Found 0 results! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Base context: ou=users,o=data, Filter: (&(&(givenName=Test))(objectClass=User)), Scope: 2, Request Controls: null, UserId: cn=admin,ou=sa,o=system </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Try connection: ldaps://192.168.1.115 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Found 1 results! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Base context: ou=groups,o=data, Filter: (&(&(givenName=Test))(objectClass=User)), Scope: 2, Request Controls: null, UserId: cn=admin,ou=sa,o=system </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Try connection: ldaps://192.168.1.115 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Found 0 results! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Target object dn: cn=user01-test,ou=users,o=data
Acting as: cn=user01-test,ou=users,o=data
Attr: GUID
Attr: fullname
Attr: cn
Attr: loginIntruderAttempts
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Authenticate by identity false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: LDAPAuthority.B
Thread: ajp-bio-127.0.0.1-9019-exec-11
Get IDentity DN nidsIdentityName=_ff006de26ebc638b8bc287b3f7ec6274 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: LDAPAuthority.getPrincipalByIdentityName
Thread: ajp-bio-127.0.0.1-9019-exec-11
Searching for Identity using dn nidsIdentityName=_ff006de26ebc638b8bc287b3f7ec6274 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Base context: cn=STIDPli992h,cn=SMSPvoci7h,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell, Filter: nidsIdentityName=_ff006de26ebc638b8bc287b3f7ec6274, Scope: 1, Request Controls: null, UserId: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
getNextConnection() replica selected from preferred </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Try connection: ldaps://192.168.1.197 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Found 0 results! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Federation not found </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPPrincipal.addIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-11
Adding identity: identityId: https://shibbolethidp.demo.local/idp/shibboleth, federated: false, is identity cachable: true, ok to put in cache: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPPrincipal.removeIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-11
Remove the identity for: Identity Id: https://shibbolethidp.demo.local/idp/shibboleth, provided: false, federated: false, Principal: cn=user01-test,ou=users,o=data </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPPrincipal.removeIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-11
Done with removal of the identity for: Identity Id: https://shibbolethidp.demo.local/idp/shibboleth because the identityList is null </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPPrincipal.cacheIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-11
Add cache entry mapping this principal [cn=user01-test,ou=users,o=data] by this identity id: true
Adding Identity:
NIDPIdentity
Identifier: _ff006de26ebc638b8bc287b3f7ec6274
Qualifier: https://shibbolethidp.demo.local/idp/shibboleth
SPQualifier: https://nam.demo.local/nidp/saml2/metadata
IdentityID: https://shibbolethidp.demo.local/idp/shibboleth
Provider: https://shibbolethidp.demo.local/idp/shibboleth
IsConsumed: true
Format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
SPName:
Provisioned: false
Cluster DN: cn=USabeawl,cn=Am6qqf6,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell
GUID: 9c234b2e6871714cb7879c234b2e6871
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPPrincipal.cacheIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-11
Building new identity list entry for principal </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@22909567 from cache principal succeeded using key nebSuEuBbYNFMi0c2VSd0AFmLKjznmHCyBzVOzsdueA=. Cache size is 5
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z INFO NIDS IDFF: AM#500106004: AMDEVICEID#6CF8D8AFC3EC4E16: Created new identity for 9c234b2e6871714cb7879c234b2e6871 with identity id of https://shibbolethidp.demo.local/idp/shibboleth </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS SAML2:
Method: SAML2AuthenticationHandler.getExpiration
Thread: ajp-bio-127.0.0.1-9019-exec-11
Can IDP limit SP session based on SessionNotOnOrAfter value recieved? : false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from local file --------> Property:RENAME_SESSIONID Value: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Removal of object from cache ImpersonationSession failed using key yxj7bWTblpJnDtYtFocksr8ebRrksNTskcnFxgc/31s=. Cache size is 0
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Removal of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key yxj7bWTblpJnDtYtFocksr8ebRrksNTskcnFxgc/31s=. Cache size is 12
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Removal of object from cache ImpersonationSession failed using key yxj7bWTblpJnDtYtFocksr8ebRrksNTskcnFxgc/31s=. Cache size is 0
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Addition of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a to cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSession.rename
Thread: ajp-bio-127.0.0.1-9019-exec-11
Change in session id from yxj7bWTblpJnDtYtFocksr8ebRrksNTskcnFxgc/31s= to vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc= </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS SAML2:
Method: SAML2AuthenticationHandler.getExpiration
Thread: ajp-bio-127.0.0.1-9019-exec-11
Can IDP limit SP session based on SessionNotOnOrAfter value recieved? : false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: setExpiration hard: 0 soft: 1520937744099 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPAuthentication.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-11
Created new Authentication:
protocol: https://nam.demo.local/nidp/saml2/metadata
expiration: 0 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS SAML2:
Method: SAML2AuthenticationHandler.getExpiration
Thread: ajp-bio-127.0.0.1-9019-exec-11
Can IDP limit SP session based on SessionNotOnOrAfter value recieved? : false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object gotten from in memory HashMap: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=, Object: null </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object gotten from swap file: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=, low memory: false, Object: null </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object gotten from in memory HashMap: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=, Object: null </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object gotten from swap file: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=, low memory: false, Object: null </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.put
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object put: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc= </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@22909567 from cache principal succeeded using key IMOBZqhgMzTQoG3/PPwo0Ilj4Sp1tG5Tkf3+LcIgaXo=. Cache size is 5
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Addition of object com.novell.nidp.NIDPSubject@417e70df to cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@22909567 from cache principal succeeded using key nebSuEuBbYNFMi0c2VSd0AFmLKjznmHCyBzVOzsdueA=. Cache size is 5
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from local file --------> Property:DELETE_OLD_SESSIONS_OF_USER Value: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPConsumedAuthentications.addAuthentication
Thread: ajp-bio-127.0.0.1-9019-exec-11
try and set up local services for 9c234b2e6871714cb7879c234b2e6871 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPPrincipal.cacheIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-11
Add cache entry mapping this principal [cn=user01-test,ou=users,o=data] by this identity id: true
Adding Identity:
NIDPIdentity
Identifier: 9c234b2e6871714cb7879c234b2e6871
Qualifier: local
SPQualifier: local
IdentityID: local
Provider: local
IsConsumed: true
Format: federated
SPName: null
Provisioned: false
Cluster DN: cn=USabeawl,cn=Am6qqf6,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell
GUID: 9c234b2e6871714cb7879c234b2e6871
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Removal of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@22909567 from cache principal succeeded using key IMOBZqhgMzTQoG3/PPwo0Ilj4Sp1tG5Tkf3+LcIgaXo=. Cache size is 4
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object from cache principal failed using key IMOBZqhgMzTQoG3/PPwo0Ilj4Sp1tG5Tkf3+LcIgaXo=. Cache size is 4
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Addition of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@22909567 to cache principal succeeded using key IMOBZqhgMzTQoG3/PPwo0Ilj4Sp1tG5Tkf3+LcIgaXo=. Cache size is 5
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object gotten from in memory HashMap: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=, Object: com.novell.nidp.liberty.wsc.cache.pushed.WSCCachePushedCache@404bf247 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object gotten from in memory HashMap: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=, Object: null </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object gotten from swap file: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=, low memory: false, Object: null </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.put
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object put: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc= </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z INFO NIDS Application: AM#500199050: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=: IDP RolesPep.evaluate(), policy trace:
~~RL~1~~~~Rule Count: 0~~Success(67)
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z INFO NIDS Application: AM#500105013: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#8t+WPelZUb3eOQPahxsWuAR050LrA1UxJr6Bxe/tfyA=: Authenticated user cn=user01-test,ou=users,o=data in User Store IDM with roles "authenticated". </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z INFO NIDS Application: AM#500105009: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#8t+WPelZUb3eOQPahxsWuAR050LrA1UxJr6Bxe/tfyA=: Executing contract postAuthContract. </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: LocalAuthenticationClass.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-11
Parameter m_ExpiredCheck(ExpiredCheck) = false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: LocalAuthenticationClass.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-11
Parameter m_AuthenticateExpiredPassword(AuthenticateExpiredPassword) = false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: PasswordFetchClass.readPropertyValues
Thread: ajp-bio-127.0.0.1-9019-exec-11
useLocalUserStores = true , userLookupUsingAttr = false, fetchSimplePassword = false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: LocalAuthenticationClass.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-11
Parameter m_ExpiredCheck(ExpiredCheck) = false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: LocalAuthenticationClass.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-11
Parameter m_AuthenticateExpiredPassword(AuthenticateExpiredPassword) = false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Executing authentication method Password Fetch </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Performing LDAP search (&(cn=user01-test)(objectClass=User)) in context com.novell.nam.common.ldap.jndi.JNDIUserStoreSearchContext@5caded5d </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Base context: ou=users,o=data, Filter: (&(cn=user01-test)(objectClass=User)), Scope: 2, Request Controls: null, UserId: jepj2a5x7amgw </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Try connection: ldaps://192.168.1.115 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Found 1 results! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: LDAP search objects found: 1 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: PasswordFetchClass.lookupUserInLocalStores
Thread: ajp-bio-127.0.0.1-9019-exec-11
Password Fetch Class: Principal username is : cn=user01-test,ou=users,o=data </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Authentication method Password Fetch succeeded </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: ContractExecutionState.exec
Thread: ajp-bio-127.0.0.1-9019-exec-11
Just returned from call to doContract():
Status: AUTHENTICATED
Contract: postAuthContract
Contract Authentication Card: com.novell.nidp.authentication.card.LocalAuthenticationCard@48747b5a
Contract Authentication Card Id: postAuthContract
Request Param: option: null
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: LDAPAuthority.getPrincipalIdentities
Thread: ajp-bio-127.0.0.1-9019-exec-11
Searching for Identity using filter (&(objectClass=nidsIdentity)(nidsUserStoreReference=cn=USabeawl,cn=Am6qqf6,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell)(nidsGUID=9c234b2e6871714cb7879c234b2e6871)) </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Base context: cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell, Filter: (&(objectClass=nidsIdentity)(nidsUserStoreReference=cn=USabeawl,cn=Am6qqf6,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell)(nidsGUID=9c234b2e6871714cb7879c234b2e6871)), Scope: 2, Request Controls: null, UserId: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Try connection: ldaps://192.168.1.197 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Found 0 results! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPAuthentication.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-11
Created new Authentication:
protocol: Local
expiration: 0 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@22909567 from cache principal succeeded using key IMOBZqhgMzTQoG3/PPwo0Ilj4Sp1tG5Tkf3+LcIgaXo=. Cache size is 5
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from local file --------> Property:DELETE_OLD_SESSIONS_OF_USER Value: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPConsumedAuthentications.addAuthentication
Thread: ajp-bio-127.0.0.1-9019-exec-11
try and set up local services for 9c234b2e6871714cb7879c234b2e6871 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPPrincipal.cacheIdentity
Thread: ajp-bio-127.0.0.1-9019-exec-11
Add cache entry mapping this principal [cn=user01-test,ou=users,o=data] by this identity id: true
Adding Identity:
NIDPIdentity
Identifier: 9c234b2e6871714cb7879c234b2e6871
Qualifier: local
SPQualifier: local
IdentityID: local
Provider: local
IsConsumed: true
Format: federated
SPName: null
Provisioned: false
Cluster DN: cn=USabeawl,cn=Am6qqf6,cn=SCCpqaf3f,cn=cluster,cn=nids,ou=accessManagerContainer,o=novell
GUID: 9c234b2e6871714cb7879c234b2e6871
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Removal of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@22909567 from cache principal succeeded using key IMOBZqhgMzTQoG3/PPwo0Ilj4Sp1tG5Tkf3+LcIgaXo=. Cache size is 4
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object from cache principal failed using key IMOBZqhgMzTQoG3/PPwo0Ilj4Sp1tG5Tkf3+LcIgaXo=. Cache size is 4
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Addition of object com.novell.nidp.common.authority.ldap.LDAPPrincipal@22909567 to cache principal succeeded using key IMOBZqhgMzTQoG3/PPwo0Ilj4Sp1tG5Tkf3+LcIgaXo=. Cache size is 5
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object gotten from in memory HashMap: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=, Object: com.novell.nidp.liberty.wsc.cache.pushed.WSCCachePushedCache@404bf247 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object gotten from in memory HashMap: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=, Object: null </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.get
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object gotten from swap file: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=, low memory: false, Object: null </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SwapHashMap.put
Thread: ajp-bio-127.0.0.1-9019-exec-11
Object put: Key: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc= </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z INFO NIDS Application: AM#500199050: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=: IDP RolesPep.evaluate(), policy trace:
~~RL~1~~~~Rule Count: 0~~Success(67)
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z INFO NIDS Application: AM#500105013: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#8t+WPelZUb3eOQPahxsWuAR050LrA1UxJr6Bxe/tfyA=: Authenticated user cn=user01-test,ou=users,o=data in User Store IDM with roles "authenticated". </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Request url https://nam.demo.local/nidp/saml2/spassertion_consumer </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
This is a normal http request expecting an HTML response! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Request url https://nam.demo.local/nidp/saml2/spassertion_consumer </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
This is a normal http request expecting an HTML response! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.fingerprintDevice
Thread: ajp-bio-127.0.0.1-9019-exec-11
Redirecting to deviceRecon.jsp for device fingerprinting for session assurance </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: PageToShow.addAttribute
Thread: ajp-bio-127.0.0.1-9019-exec-11
Attribute added to page [DeviceRecon] is [rid]=[1]. </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: PageToShow.addAttribute
Thread: ajp-bio-127.0.0.1-9019-exec-11
Attribute added to page [DeviceRecon] is [innerCall]=[true]. </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: PageToShow.addAttribute
Thread: ajp-bio-127.0.0.1-9019-exec-11
Attribute added to page [DeviceRecon] is [firstTimeFingerprint]=[true]. </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: PageToShow.addAttribute
Thread: ajp-bio-127.0.0.1-9019-exec-11
Attribute added to page [DeviceRecon] is [DFP_NONCE]=[1520937744210]. </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: PageToShow.addAttribute
Thread: ajp-bio-127.0.0.1-9019-exec-11
Attribute added to page [DeviceRecon] is [DFP_S_KEY]=[{"kty":"oct","use":"sig","alg":"HS256","k":"4MXmLNx4Vr22jxOe2XDBE1BfsIrgXV35fxi3Ib4XWiw="}]. </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: PageToShow.addAttribute
Thread: ajp-bio-127.0.0.1-9019-exec-11
Attribute added to page [DeviceRecon] is [DFP_E_KEY]=[{"kty":"oct","use":"enc","alg":"A128CBC-HS256","k":"wiUtgqFfuDLMlsqOOLEJjEPr8APNcEUzIGvMP5m2l7Q="}]. </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: PageToShow.addAttribute
Thread: ajp-bio-127.0.0.1-9019-exec-11
Attribute added to page [DeviceRecon] is [DFP_S_KEY_NAME]=[621199]. </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: PageToShow.addAttribute
Thread: ajp-bio-127.0.0.1-9019-exec-11
Attribute added to page [DeviceRecon] is [DFP_E_KEY_NAME]=[408342]. </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: PageToShow.addAttribute
Thread: ajp-bio-127.0.0.1-9019-exec-11
Attribute added to page [DeviceRecon] is [DFP_KEY_EXT]=[_dreanskasjeaidp]. </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: PageToShow.addAttribute
Thread: ajp-bio-127.0.0.1-9019-exec-11
Attribute added to page [DeviceRecon] is [url]=[/nidp/app?sid=1]. </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPServletContext.goJSP
Thread: ajp-bio-127.0.0.1-9019-exec-11
Forwarding to JSP: /jsp/DeviceRecon.jsp </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.initiateDeviceFingerprint
Thread: ajp-bio-127.0.0.1-9019-exec-11
User authenticated to the IDP for the first time, so initiating device fingerprinting for session assurance! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: ajp-bio-127.0.0.1-9019-exec-3
****** HttpServletRequest Information:
Method: POST
Scheme: https
Context Path: /nidp
Servlet Path: /app
Query String: sid=1
Path Info: null
Server Name: nam.demo.local
Server Port: 443
Content Length: 1862
Content Type: application/x-www-form-urlencoded
Auth Type: null
Request URL: https://nam.demo.local/nidp/app
Host IP Address: 192.168.1.197
Remote Client IP Address: 192.168.1.84
Cookie: (0 of 1): JSESSIONID, vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=
Header: Name: host, Value: nam.demo.local
Header: Name: connection, Value: keep-alive
Header: Name: content-length, Value: 1862
Header: Name: Cache-Control, Value: max-age=0
Header: Name: Origin, Value: https://nam.demo.local
Header: Name: Upgrade-Insecure-Requests, Value: 1
Header: Name: content-type, Value: application/x-www-form-urlencoded
Header: Name: user-agent, Value: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Header: Name: accept, Value: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Header: Name: referer, Value: https://nam.demo.local/nidp/saml2/spassertion_consumer
Header: Name: accept-encoding, Value: gzip, br
Header: Name: accept-language, Value: en-US,en;q=0.9
Header: Name: Via, Value: 1.1 nam.demo.local (Access Gateway-ag-AF05FE6544A72488-1408)
Session Id: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=
Session Last Accessed Time: 1520937744220
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPServletURLSchemaManager.getUrlCategory
Thread: ajp-bio-127.0.0.1-9019-exec-3
Unable to Categorize URL: /nidp </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPServletURLSchemaManager.getUrlCategory
Thread: ajp-bio-127.0.0.1-9019-exec-3
Unable to Categorize URL: /nidp </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Request url https://nam.demo.local/nidp/app </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
This is a normal http request expecting an HTML response! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.evaluateFingeprint
Thread: ajp-bio-127.0.0.1-9019-exec-3
Evaluating the fingerprint obtained from the device Recon.jsp for Session assurance </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.evaluateFingeprint
Thread: ajp-bio-127.0.0.1-9019-exec-3
obtainedDFJSON eyJhbGciOiJkaXIiLCJraWQiOiJuWDFGektpT29FRHUyd2tNU1lRWHh2OGMzRzZIdk1mSUU0dGktVWM0bE53IiwiZW5jIjoiQTEyOENCQy1IUzI1NiJ9..enYWqvR6V8Oy9o80rmJg3w.bYio9wADAX6fSu-3k3C_rwVUN_xwlG72AdlTiN7CTViRFNbmkZ-7Sc1yHMsKfmL-4L8kQtVA4tEeANk0hpLjy7j1mD3vB8MnE1k4E6Iky2bH8qvhanGNMgYAgAjWdWeQsRFR5reXcQGoIg2YjPyfTEwoN1ChKjk4lT4kCqWHARInLjgtZyoJSgTphHBJ9x6GfmG5dMXY1nR9H4ECS3lkv5otxC5Ytxsb-bX0Muioua5UGCtL6Sm1V2CwIzkg0B2oxFfyv0c98WJmGo2Dd1afOpJvMHTdnV44YWUdn4UCoOJI8mLnH3P8WpTEZKis7A1zE4-CPr9ErQa9RCAO0BkMZtcvdJOF0xt94Iua6AAUuXu_CZEZPG4xDCuiD3iWSDhj4Q2xBCw65Txfa1blPNc28uL79UJvPUUjz9dmSwhEyaniFK_RCy7cFuCx8OC-r5G7iEifIpxG-iyr44Cxbz8U5dHCG_E-IpTy_iqJEK6FFknpV7VKYtDtJcb4jKNbsdY9t_Zjl4ByNKWlYgwX6lQVksOgNPe_7sSH1i8pqv_rGFrWOG0uSYk0GkX39Hc2MBUNwDm7N7bSDY0KOM_p-YBMQ0cCJDoySjNGuH8xDeJyGzYq3tpYStPukO1BNS7cYdAoFfiuZMbaEpPvl2xejvTpHBsBZRor4ghYuUNxLUJaCOuKfqDIxOP5lEx2mik2EqTxVxG9SUFswXYWtQCefnXMmkWJ26OYWBweVgTdbSdBJzlPEtPAefcTiPopoMrsf8Pe8bIsECe8UDBt_mEYunYBWjjdhfFAquhBeyK3gdPc7t8373RteZs3QdF0lftKPST1z6h0-pDA7ZUu4U-BS-6iBVbWOaAoyciJhPvIaX8q92gt-2RlO79vdoX7YaPy013py1pTTt7nLS8ovDwh4wZfx_mErDZdf_ZfcB2VU6_d6RSPAPjiEs9_232FVUG3V_FzXbvtI7LvAXQxcRxKE_uzDdzxcMnNyjMleirNTC7sbnf5XZpeF1A5GHeIxgqBUQ8ogQvC98FQtoVsNvg9SP2a-c5UnxDQaGTtM58zTYzYV4ZFQSv-Lba8a7eF-kfGKYVzI2YxJPKXERvLnZcMrYBbyLOaGGSR5tCmVWnTWk_vtfI2hR0-7B4hUdPJ-Rxsd3pWCyjXe4Gg-bNTzIci1udhirTA27dkf8kqd_Mg9t2nyQ7XiNvmF6jtyMjHo6IX-TALdTfibUR-oAxnrUB_JHMonjGboHObGN8yT1jKo3c9txoZpjkwotEAPICtH8bijXx_-moD6mvrRQbgHL-S8bR6Qe4DskjB3-k9kb9acbL_xX5VAxn4epB75MrKS3OTY6WUJJvT9GtXWGCbb_4XD2KL4Xgtp6827O8skiumjD2S3wIfSUdkDlJK4HjvniBCZOHYsV51laRDM6WxMB8L14vGtsXLfG9QRUmS38tedk8h1PsBf-gba6j9lpN9MqCaar67nD49UOGPFwKDSTlxkLyDDY1N91p_7nb-sqVUHzMQ4HbyGwUhrCV3_lT6UyFyxEW_f05dxLpV01tBH6V4f4mSGL36sUBJLN5ONn6sOsxOO2KYgMR6aNQqEu66c49t9RTo.nxzFda2o8MfHY4jkBTXy4g </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.evaluateFingeprint
Thread: ajp-bio-127.0.0.1-9019-exec-3
storedDFJSON null </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SessionDeviceFingerprint.setFpLastCalculatedTimeStamp_IDC
Thread: ajp-bio-127.0.0.1-9019-exec-3
LastCalculatedTimeStamp IDC Mar 13,2018 16:12:24 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPContext.getSecureClusterCookie
Thread: ajp-bio-127.0.0.1-9019-exec-3
Property read from local file --------> Property:secureClusterCookie Value: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPContext.getHttponlyClusterCookie
Thread: ajp-bio-127.0.0.1-9019-exec-3
Property read from local file --------> Property:httponlyClusterCookie Value: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Successful fingerprint response: Added new header Set-Cookie: NidpIDC=Mj5kiMcDaLBb9vWYBvMV; Path=/nidp/; Secure; HttpOnly; Previous NidpIDC Cookie value = null </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SessionDeviceFingerprint.setFpLastCalculatedTimeStamp_ClientSide
Thread: ajp-bio-127.0.0.1-9019-exec-3
LastCalculatedTimeStamp Client Side Mar 13,2018 16:12:24 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: SessionDeviceFingerprint.setFpLastCalculatedTimeStamp_ServerSide
Thread: ajp-bio-127.0.0.1-9019-exec-3
LastCalculatedTimeStamp Server Side Mar 13,2018 16:12:24 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.evaluateFingeprint
Thread: ajp-bio-127.0.0.1-9019-exec-3
Fingeprinting evaluation done for the first time for the device.Fingerprint matched </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CommonHandler.handleRequest
Thread: ajp-bio-127.0.0.1-9019-exec-3
Handling request: app </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session refresh - index: -2 force: false last time: 0 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPServletContext.goJSP
Thread: ajp-bio-127.0.0.1-9019-exec-3
Forwarding to JSP: /jsp/main.jsp </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPResourceManager.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Locale: en_US mapped to directory en </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPResourceManager.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Locale: en_US mapped to directory en </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPResourceManager.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Locale: en_US mapped to directory en </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-3
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Request url https://nam.demo.local/nidp/jsp/content.jsp </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.B
Thread: ajp-bio-127.0.0.1-9019-exec-11
Session Assurance : NidpIDC cookie current value (Mj5kiMcDaLBb9vWYBvMV) , previous value (null) </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.B
Thread: ajp-bio-127.0.0.1-9019-exec-11
Session Assurance : NidpIDC cookie obtained value (Mj5kiMcDaLBb9vWYBvMV) </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.B
Thread: ajp-bio-127.0.0.1-9019-exec-11
Session Assurance : NidpIDC cookie current and obtained cookie value (Mj5kiMcDaLBb9vWYBvMV) matched! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: ajp-bio-127.0.0.1-9019-exec-11
****** HttpServletRequest Information:
Method: GET
Scheme: https
Context Path: /nidp
Servlet Path: /jsp/content.jsp
Query String: sid=1&uiDestination=contentDiv
Path Info: null
Server Name: nam.demo.local
Server Port: 443
Content Length: -1
Content Type: null
Auth Type: null
Request URL: https://nam.demo.local/nidp/jsp/content.jsp
Host IP Address: 192.168.1.197
Remote Client IP Address: 192.168.1.84
Cookie: (0 of 2): NidpIDC, Mj5kiMcDaLBb9vWYBvMV
Cookie: (1 of 2): JSESSIONID, vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=
Header: Name: host, Value: nam.demo.local
Header: Name: connection, Value: keep-alive
Header: Name: accept, Value: */*
Header: Name: X-Requested-With, Value: XMLHttpRequest
Header: Name: user-agent, Value: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Header: Name: referer, Value: https://nam.demo.local/nidp/app?sid=1
Header: Name: accept-encoding, Value: gzip, br
Header: Name: accept-language, Value: en-US,en;q=0.9
Header: Name: Via, Value: 1.1 nam.demo.local (Access Gateway-ag-AF05FE6544A72488-1416)
Session Id: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=
Session Last Accessed Time: 1520937744885
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: NIDPJspFilter.doFilter
Thread: ajp-bio-127.0.0.1-9019-exec-11
JSP request did not need to be proxied to a different server! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: LDAPAuthority.getObjectByDn
Thread: ajp-bio-127.0.0.1-9019-exec-7
dn = cn=mobileAccess,cn=SCCpqaf3f,ou=idpClusters,o=amSystem </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: LDAPAuthority.getObjectByDn
Thread: ajp-bio-127.0.0.1-9019-exec-7
dn1 = cn=mobileAccess,cn=SCCpqaf3f,ou=idpClusters,o=amSystem </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-7
Target object dn: cn=mobileAccess,cn=SCCpqaf3f,ou=idpClusters,o=amSystem
Acting as: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell
Attrs: null or zero! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:24Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-7
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: ajp-bio-127.0.0.1-9019-exec-11
****** HttpServletRequest Information:
Method: GET
Scheme: https
Context Path: /nidp
Servlet Path: /saml2
Query String: create.x=1&sid=1&uiDestination=contentDiv
Path Info: /spassertion_consumer
Server Name: nam.demo.local
Server Port: 443
Content Length: -1
Content Type: null
Auth Type: null
Request URL: https://nam.demo.local/nidp/saml2/spassertion_consumer
Host IP Address: 192.168.1.197
Remote Client IP Address: 192.168.1.84
Cookie: (0 of 2): NidpIDC, Mj5kiMcDaLBb9vWYBvMV
Cookie: (1 of 2): JSESSIONID, vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=
Header: Name: host, Value: nam.demo.local
Header: Name: connection, Value: keep-alive
Header: Name: accept, Value: */*
Header: Name: X-Requested-With, Value: XMLHttpRequest
Header: Name: user-agent, Value: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Header: Name: referer, Value: https://nam.demo.local/nidp/app?sid=1
Header: Name: accept-encoding, Value: gzip, br
Header: Name: accept-language, Value: en-US,en;q=0.9
Header: Name: Via, Value: 1.1 nam.demo.local (Access Gateway-ag-AF05FE6544A72488-1418)
Session Id: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=
Session Last Accessed Time: 1520937744990
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Request url https://nam.demo.local/nidp/saml2/spassertion_consumer </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.B
Thread: ajp-bio-127.0.0.1-9019-exec-11
Session Assurance : NidpIDC cookie current value (Mj5kiMcDaLBb9vWYBvMV) , previous value (null) </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.B
Thread: ajp-bio-127.0.0.1-9019-exec-11
Session Assurance : NidpIDC cookie obtained value (Mj5kiMcDaLBb9vWYBvMV) </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.B
Thread: ajp-bio-127.0.0.1-9019-exec-11
Session Assurance : NidpIDC cookie current and obtained cookie value (Mj5kiMcDaLBb9vWYBvMV) matched! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application: AM#600105011: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#8t+WPelZUb3eOQPahxsWuAR050LrA1UxJr6Bxe/tfyA=: SP saml2 handler to process request received for /nidp/saml2 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS SAML2:
Method: SAML2SSOProfile.processResponse
Thread: ajp-bio-127.0.0.1-9019-exec-11
Received assertion consumer response </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPContext.getRelayStateDecode
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from local file --------> Property:decodeRelayStateParam Value: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z VERBOSE NIDS Application: Input param url: null :: web.xml param value to decode: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPContext.getRelayStateDecode
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from local file --------> Property:decodeRelayStateParam Value: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2PostSignResponse
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from file as global for all trusted providers --------> Property:IS_SAML2_POST_SIGN_RESPONSE Value: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2PostSignResponseProvider
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from file for Trusted Provider https://shibbolethidp.demo.local/idp/shibboleth --------> Property:SAML2_POST_SIGN_RESPONSE_TRUSTEDPROVIDERS Value: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: SAML2Utils.isSaml2AvoidSignAndValidateAssertion
Thread: ajp-bio-127.0.0.1-9019-exec-11
Property read from edirectory configuration store --------> Property:SAML2_AVOID_SIGN_AND_VALIDATE_ASSERTION_TRUSTEDPROVIDERS Value: false Trusted Provider: https://shibbolethidp.demo.local/idp/shibboleth </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z WARNING NIDS IDFF: AM#300106002: AMDEVICEID#6CF8D8AFC3EC4E16: An attempt was made to replay an assertion: https://shibbolethidp.demo.local/idp/shibboleth_4db7f3503001cd2247bc98804c73b286 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: IDPAuthenticationHandler.handleAuthentication
Thread: ajp-bio-127.0.0.1-9019-exec-11
Was authnResponse verified: No </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z VERBOSE NIDS Application: IDP response failed to authenticate: NIDPLOGGING.300101011 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS SAML2:
Method: SAML2Utils.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-11
SAML2_REQUEST_IGNORE_AUTHNCONTEXT is not configured as service provider's ui option </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPLocalConfigUtil.getSaml2TPValueBoolean
Thread: ajp-bio-127.0.0.1-9019-exec-11
[nidpconfig.properties] Options - https://shibbolethidp.demo.local/idp/shibboleth->SAML2_REQUEST_IGNORE_AUTHNCONTEXT value returned: false </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPServletContext.goJSP
Thread: ajp-bio-127.0.0.1-9019-exec-11
Forwarding to JSP: /jsp/top.jsp </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z INFO NIDS Application: AM#500105039: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#8t+WPelZUb3eOQPahxsWuAR050LrA1UxJr6Bxe/tfyA=: Error on session id vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=, error 300101011-6CF8D8AFC3EC4E16, An Identity Provider response was received that failed to authenticate this session.:Assertion is being replayed: </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: ajp-bio-127.0.0.1-9019-exec-11
****** HttpServletRequest Information:
Method: GET
Scheme: https
Context Path: /nidp
Servlet Path: /app
Query String: first=false
Path Info: null
Server Name: nam.demo.local
Server Port: 443
Content Length: -1
Content Type: null
Auth Type: null
Request URL: https://nam.demo.local/nidp/app
Host IP Address: 192.168.1.197
Remote Client IP Address: 192.168.1.84
Cookie: (0 of 2): NidpIDC, Mj5kiMcDaLBb9vWYBvMV
Cookie: (1 of 2): JSESSIONID, vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=
Header: Name: host, Value: nam.demo.local
Header: Name: connection, Value: keep-alive
Header: Name: Upgrade-Insecure-Requests, Value: 1
Header: Name: user-agent, Value: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Header: Name: accept, Value: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Header: Name: referer, Value: https://nam.demo.local/nidp/app?sid=1
Header: Name: accept-encoding, Value: gzip, br
Header: Name: accept-language, Value: en-US,en;q=0.9
Header: Name: Via, Value: 1.1 nam.demo.local (Access Gateway-ag-AF05FE6544A72488-1419)
Session Id: vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=
Session Last Accessed Time: 1520937745016
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPServletURLSchemaManager.getUrlCategory
Thread: ajp-bio-127.0.0.1-9019-exec-11
Unable to Categorize URL: /nidp </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPServletURLSchemaManager.getUrlCategory
Thread: ajp-bio-127.0.0.1-9019-exec-11
Unable to Categorize URL: /nidp </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Request url https://nam.demo.local/nidp/app </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
This is a normal http request expecting an HTML response! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.B
Thread: ajp-bio-127.0.0.1-9019-exec-11
Session Assurance : NidpIDC cookie current value (Mj5kiMcDaLBb9vWYBvMV) , previous value (null) </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.B
Thread: ajp-bio-127.0.0.1-9019-exec-11
Session Assurance : NidpIDC cookie obtained value (Mj5kiMcDaLBb9vWYBvMV) </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPSessionAssurance.B
Thread: ajp-bio-127.0.0.1-9019-exec-11
Session Assurance : NidpIDC cookie current and obtained cookie value (Mj5kiMcDaLBb9vWYBvMV) matched! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CommonHandler.handleRequest
Thread: ajp-bio-127.0.0.1-9019-exec-11
Handling request: app </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z VERBOSE NIDS Application: Session refresh - index: -1 force: false last time: 1520937744798 </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPServletContext.goJSP
Thread: ajp-bio-127.0.0.1-9019-exec-11
Forwarding to JSP: /jsp/main.jsp </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPResourceManager.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Locale: en_US mapped to directory en </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPResourceManager.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Locale: en_US mapped to directory en </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: NIDPResourceManager.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Locale: en_US mapped to directory en </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.NIDPSubject@417e70df from cache subject succeeded using key a1HUMd9dfxQcvs7M957fPdhhw7QGnwsRZho+76y7qRg=. Cache size is 2
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-11
Retrieval of object com.novell.nidp.servlets.NIDPServletSession@54b2b53a from cache session succeeded using key vyvzuT7yhud0U+aLJwJG5iJhNJyDmP9jnOcVigqV7mc=. Cache size is 13
</amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: LDAPAuthority.getObjectByDn
Thread: ajp-bio-127.0.0.1-9019-exec-11
dn = cn=mobileAccess,cn=SCCpqaf3f,ou=idpClusters,o=amSystem </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: LDAPAuthority.getObjectByDn
Thread: ajp-bio-127.0.0.1-9019-exec-11
dn1 = cn=mobileAccess,cn=SCCpqaf3f,ou=idpClusters,o=amSystem </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
Target object dn: cn=mobileAccess,cn=SCCpqaf3f,ou=idpClusters,o=amSystem
Acting as: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell
Attrs: null or zero! </amLogEntry>
<amLogEntry> 2018-03-13T10:42:25Z DEBUG NIDS Application:
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-11
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>
0 Likes
Knowledge Partner
Knowledge Partner

Re: IDP response was received that failed to authenticate

On 12-03-2018 11:54 PM, fartyalvikram wrote:
>
> Now my user is Provision into eDirectory (User Store), means User is
> created successfully inside eDirectory User Store but after that I am
> getting the below error on browser URL is
> https://nam.demo.local/nidp/saml2/spassertion_consumer
>
> Code:
> --------------------
> Error: HTTP 500 Internal Server Error
> --------------------


So you fixed your other error or is this an additional error?

YOu are getting a NPE exception which can be really hard to troubleshoot. My first step would be to not consume any attributes from the assertion and
see if that makes the problem go away.

> <amLogEntry> 2018-03-12T12:31:21Z SEVERE NIDS Application: java.lang.ClassCastException
> java.lang.NullPointerException cannot be cast to com.novell.nidp.NIDPException
> com.novell.nidp.saml2.profile.SAML2SSOProfile: y: A: 2,095
> com.novell.nidp.saml2.profile.SAML2SSOProfile: y: processResponse: 2,138
> com.novell.nidp.saml2.profile.SAML2SSOProfile: y: processResponse: 739
> com.novell.nidp.saml2.profile.SAML2Profile: y: handleInBoundMessage: 2,803
> com.novell.nidp.saml2.profile.SAML2SSOProfile: y: processResponse: 1,697
> com.novell.nidp.saml2.SAML2Handler: y: A: 1,027
> com.novell.nidp.saml2.SAML2Handler: y: handleRequest: 2,785
> com.novell.nidp.saml2.SAML2MeDescriptor: y: handleRequest: 1,554
> com.novell.nidp.servlets.NIDPServlet: y: myDoGet: 2,001
> com.novell.nidp.servlets.NIDPBaseServlet: y: doGet: 1,530
> com.novell.nidp.servlets.NIDPBaseServlet: y: doPost: 1,810
> javax.servlet.http.HttpServlet: HttpServlet.java: service: 648
> javax.servlet.http.HttpServlet: HttpServlet.java: service: 729
> org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 292
> org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 207
> org.apache.tomcat.websocket.server.WsFilter: WsFilter.java: doFilter: 52
> org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 240
> org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 207
> com.google.inject.servlet.FilterChainInvocation: FilterChainInvocation.java: doFilter: 66
> com.google.inject.servlet.FilterDefinition: FilterDefinition.java: doFilter: 168
> com.google.inject.servlet.FilterChainInvocation: FilterChainInvocation.java: doFilter: 58
> com.google.inject.servlet.ManagedFilterPipeline: ManagedFilterPipeline.java: dispatch: 118
> com.google.inject.servlet.GuiceFilter: GuiceFilter.java: doFilter: 113
> org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 240
> org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 207
> com.novell.nidp.servlets.filters.xss.XSSDetectionFilter: y: doFilter: 265
> org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 240
> org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 207
> org.apache.catalina.filters.HttpHeaderSecurityFilter: HttpHeaderSecurityFilter.java: doFilter: 124
> org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 240
> org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 207
> com.novell.nidp.servlets.filters.jsp.SameOriginFramingFilter: y: doFilter: 777
> org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: internalDoFilter: 240
> org.apache.catalina.core.ApplicationFilterChain: ApplicationFilterChain.java: doFilter: 207
> org.apache.catalina.core.StandardWrapperValve: StandardWrapperValve.java: invoke: 212
> org.apache.catalina.core.StandardContextValve: StandardContextValve.java: invoke: 94
> org.apache.catalina.authenticator.AuthenticatorBase: AuthenticatorBase.java: invoke: 504
> org.apache.catalina.core.StandardHostValve: StandardHostValve.java: invoke: 141
> org.apache.catalina.valves.ErrorReportValve: ErrorReportValve.java: invoke: 79
> org.apache.catalina.core.StandardEngineValve: StandardEngineValve.java: invoke: 88
> org.apache.catalina.connector.CoyoteAdapter: CoyoteAdapter.java: service: 502
> com.novell.nam.tomcat.ajp.NAMAbstractAjpProcessor: NAMAbstractAjpProcessor.java: process: 832
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler: AbstractProtocol.java: process: 684
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor: JIoEndpoint.java: run: 283
> java.util.concurrent.ThreadPoolExecutor: ThreadPoolExecutor.java: runWorker: 1,149
> java.util.concurrent.ThreadPoolExecutor$Worker: ThreadPoolExecutor.java: run: 624
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable: TaskThread.java: run: 61
> java.lang.Thread: Thread.java: run: 748 </amLogEntry>
> --------------------
>



--
Cheers,
Edward
0 Likes
fartyalvikram Contributor.
Contributor.

Re: IDP response was received that failed to authenticate

Thanks for reply.
I have fixed my "Error: HTTP 500 Internal Server Error" Error.
Now I am getting below Error on browser
An Identity Provider response was received that failed to authenticate this session. (300101011-6CF8D8AFC3EC4E16)
Scenario is given below
1. Hit https://nam.demo.local/nidp/saml2/spsend?id=Shibboleth&sid=1&TARGET=https://userapp.demo.local URL on browser.
2. Redirect to Shibboleth IDP login page, Enter credentials and hit Login button.
3. At spassertion it create user inside User Store (eDirectory).
4. Redirect to https://nam.demo.local/nidp/app?first=false URL with given error Message
An Identity Provider response was received that failed to authenticate this session. (300101011-6CF8D8AFC3EC4E16)
But on the same tab when I hit https://userapp.demo.local URL it redirect me to the User App successfully without any login.

I have already share my Access Manager IDP logs in my previous reply.
If you need so please check my Shibboleth IDP logs below
16:12:21.576 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:144] - Returning control to authentication engine
16:12:21.577 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:209] - Processing incoming request
16:12:21.577 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:514] - Completing user authentication process
16:12:21.577 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:585] - Validating authentication was performed successfully
16:12:21.577 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:696] - Updating session information for principal test
16:12:21.578 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:700] - Creating shibboleth session for principal test
16:12:21.578 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:815] - Adding IdP session cookie to HTTP response
16:12:21.578 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:715] - Recording authentication and service information in Shibboleth session for principal: test
16:12:21.579 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:560] - User test authenticated with method urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
16:12:21.579 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:161] - Returning control to profile handler
16:12:21.579 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:177] - Redirecting user to profile handler at https://shibbolethidp.demo.local:443/idp/profile/SAML2/POST/SSO
16:12:21.683 - INFO [Shibboleth-Access:73] - 20180313T104221Z|192.168.1.84|shibbolethidp.demo.local:443|/profile/SAML2/POST/SSO|
16:12:21.683 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:86] - shibboleth.HandlerManager: Looking up profile handler for request path: /SAML2/POST/SSO
16:12:21.683 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:97] - shibboleth.HandlerManager: Located profile handler of the following type for the request path: edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
16:12:21.684 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:588] - Unbinding LoginContext
16:12:21.684 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:614] - Expiring LoginContext cookie
16:12:21.684 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:625] - Removed LoginContext, with key 42468a1de6824718b29ba8b4552aa6dad46c418bbc60429f49734830a7bbe617, from StorageService partition loginContexts
16:12:21.684 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:172] - Incoming request contains a login context and indicates principal was authenticated, processing second leg of request
16:12:21.685 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID: https://nam.demo.local/nidp/saml2/metadata
16:12:21.685 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of https://nam.demo.local/nidp/saml2/metadata
16:12:21.685 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:167] - Metadata document does not contain an EntityDescriptor with the ID https://nam.demo.local/nidp/saml2/metadata
16:12:21.685 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID: https://nam.demo.local/nidp/saml2/metadata
16:12:21.685 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of https://nam.demo.local/nidp/saml2/metadata
16:12:21.686 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID: https://nam.demo.local/nidp/saml2/metadata
16:12:21.686 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of https://nam.demo.local/nidp/saml2/metadata
16:12:21.686 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:167] - Metadata document does not contain an EntityDescriptor with the ID https://nam.demo.local/nidp/saml2/metadata
16:12:21.686 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID: https://nam.demo.local/nidp/saml2/metadata
16:12:21.687 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of https://nam.demo.local/nidp/saml2/metadata
16:12:21.687 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:128] - Looking up relying party configuration for https://nam.demo.local/nidp/saml2/metadata
16:12:21.687 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:134] - No custom relying party configuration found for https://nam.demo.local/nidp/saml2/metadata, looking up configuration based on metadata groups.
16:12:21.687 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID: https://nam.demo.local/nidp/saml2/metadata
16:12:21.687 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of https://nam.demo.local/nidp/saml2/metadata
16:12:21.688 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:167] - Metadata document does not contain an EntityDescriptor with the ID https://nam.demo.local/nidp/saml2/metadata
16:12:21.688 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID: https://nam.demo.local/nidp/saml2/metadata
16:12:21.688 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of https://nam.demo.local/nidp/saml2/metadata
16:12:21.688 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:157] - No custom or group-based relying party configuration found for https://nam.demo.local/nidp/saml2/metadata. Using default relying party configuration.
16:12:21.689 - DEBUG [org.opensaml.saml2.metadata.provider.ChainingMetadataProvider:253] - Checking child metadata provider for entity descriptor with entity ID: https://shibbolethidp.demo.local/idp/shibboleth
16:12:21.689 - DEBUG [org.opensaml.saml2.metadata.provider.AbstractMetadataProvider:520] - Searching for entity descriptor with an entity ID of https://shibbolethidp.demo.local/idp/shibboleth
16:12:21.690 - DEBUG [org.opensaml.saml2.binding.AuthnResponseEndpointSelector:99] - Filtering peer endpoints. Supported peer endpoint bindings: [urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact]
16:12:21.690 - DEBUG [org.opensaml.saml2.binding.AuthnResponseEndpointSelector:114] - Removing endpoint https://nam.demo.local/nidp/saml2/spassertion_consumer because its binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect is not supported
16:12:21.690 - DEBUG [org.opensaml.saml2.binding.AuthnResponseEndpointSelector:79] - No ACS index or URL given, selecting endpoint without additional constraints.
16:12:21.692 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:478] - Resolving attributes for principal 'test' for SAML request from relying party 'https://nam.demo.local/nidp/saml2/metadata'
16:12:21.692 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:326] - metadata contains the following attributes: []
16:12:21.692 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:119] - shibboleth.AttributeResolver resolving attributes for principal test
16:12:21.693 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:275] - Specific attributes for principal test were not requested, resolving all attributes.
16:12:21.693 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute mail for principal test
16:12:21.693 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:354] - Resolving data connector mySIS for principal test
16:12:21.699 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:262] - RDBMS data connector mySIS - Search Query: SELECT security.provider_no, security.user_name, security.security_no, provider.last_name, provider.first_name,provider.email FROM security inner join provider on security.provider_no=provider.provider_no WHERE user_name = 'test'
16:12:21.699 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:323] - RDBMS data connector mySIS - Querying database for attributes with query SELECT security.provider_no, security.user_name, security.security_no, provider.last_name, provider.first_name,provider.email FROM security inner join provider on security.provider_no=provider.provider_no WHERE user_name = 'test'
16:12:21.701 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:332] - RDBMS data connector mySIS - Retrieved attributes: [security_no, mail, user_name, givenName, sn, provider_no]
16:12:21.702 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute mail containing 1 values
16:12:21.702 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute transientId for principal test
16:12:21.702 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdAttributeDefinition:97] - Building transient ID for request idL0qUL3lB8vN5hRmRJohilZ-k7b0; outbound message issuer: https://shibbolethidp.demo.local/idp/shibboleth, inbound message issuer: https://nam.demo.local/nidp/saml2/metadata, principal identifer: test
16:12:21.703 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdAttributeDefinition:115] - Created transient ID _ff006de26ebc638b8bc287b3f7ec6274 for request idL0qUL3lB8vN5hRmRJohilZ-k7b0
16:12:21.703 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute transientId containing 1 values
16:12:21.703 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute givenName for principal test
16:12:21.703 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute givenName containing 1 values
16:12:21.704 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute sn for principal test
16:12:21.704 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute sn containing 1 values
16:12:21.704 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute mail has 1 values after post-processing
16:12:21.704 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute transientId has 1 values after post-processing
16:12:21.705 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute givenName has 1 values after post-processing
16:12:21.705 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute sn has 1 values after post-processing
16:12:21.705 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:137] - shibboleth.AttributeResolver resolved, for principal test, the attributes: [mail, transientId, givenName, sn]
16:12:21.705 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:71] - shibboleth.AttributeFilterEngine filtering 4 attributes for principal test
16:12:21.705 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releaseTransientIdToAnyone is active for principal test
16:12:21.706 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releaseTransientIdToAnyone is active for principal test
16:12:21.706 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute transientId for principal test
16:12:21.706 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasegivenNameToAnyone is active for principal test
16:12:21.706 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasegivenNameToAnyone is active for principal test
16:12:21.706 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute givenName for principal test
16:12:21.707 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasesnToAnyone is active for principal test
16:12:21.707 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasesnToAnyone is active for principal test
16:12:21.707 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute sn for principal test
16:12:21.707 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasemailToAnyone is active for principal test
16:12:21.707 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasemailToAnyone is active for principal test
16:12:21.708 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute mail for principal test
16:12:21.708 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute mail has 1 values after filtering
16:12:21.708 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute transientId has 1 values after filtering
16:12:21.708 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute givenName has 1 values after filtering
16:12:21.708 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute sn has 1 values after filtering
16:12:21.709 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:114] - Filtered attributes for principal test. The following attributes remain: [mail, transientId, givenName, sn]
16:12:21.709 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:505] - Creating attribute statement in response to SAML request 'idL0qUL3lB8vN5hRmRJohilZ-k7b0' from relying party 'https://nam.demo.local/nidp/saml2/metadata'
16:12:21.709 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute mail with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
16:12:21.710 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:263] - Attribute transientId was not encoded (filtered by query, or no SAML2AttributeEncoder attached).
16:12:21.710 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute givenName with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
16:12:21.710 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute sn with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
16:12:21.711 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:528] - Filtering out potential name identifier attributes which can not be encoded by edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
16:12:21.711 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute mail, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
16:12:21.711 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:542] - Retaining attribute transientId which may be encoded to via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
16:12:21.711 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute givenName, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
16:12:21.711 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute sn, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
16:12:21.712 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:484] - Attempting to select name identifier attribute for relying party 'https://nam.demo.local/nidp/saml2/metadata' that requires format 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
16:12:21.712 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:567] - Filtering out potential name identifier attributes which do not support one of the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
16:12:21.712 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:586] - Retaining attribute transientId which may be encoded as a name identifier of format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
16:12:21.713 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:691] - Selecting attribute to be encoded as a name identifier by encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
16:12:21.713 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:718] - Selecting the first attribute that can be encoded in to a name identifier
16:12:21.713 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:502] - Name identifier for relying party 'https://nam.demo.local/nidp/saml2/metadata' will be built from attribute 'transientId'
16:12:21.713 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:868] - Using attribute 'transientId' supporting NameID format 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' to create the NameID for relying party 'https://nam.demo.local/nidp/saml2/metadata'
16:12:21.713 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:572] - Determining if SAML assertion to relying party 'https://nam.demo.local/nidp/saml2/metadata' should be signed
16:12:21.714 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:653] - IdP relying party configuration 'default' indicates to sign assertions: true
16:12:21.714 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:583] - Determining signing credntial for assertion to relying party 'https://nam.demo.local/nidp/saml2/metadata'
16:12:21.714 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:599] - Signing assertion to relying party https://nam.demo.local/nidp/saml2/metadata
16:12:21.714 - DEBUG [org.opensaml.common.SAMLObjectHelper:56] - Examing signed object for content references with exclusive canonicalization transform
16:12:21.715 - DEBUG [org.opensaml.common.SAMLObjectHelper:70] - Saw exclusive transform, declaring non-visible namespaces on signed object
16:12:21.715 - DEBUG [org.opensaml.xml.signature.impl.SignatureMarshaller:100] - Starting to marshall {http://www.w3.org/2000/09/xmldsig#}Signature
16:12:21.716 - DEBUG [org.opensaml.xml.signature.impl.SignatureMarshaller:103] - Creating XMLSignature object
16:12:21.716 - DEBUG [org.opensaml.xml.signature.impl.SignatureMarshaller:113] - Adding content to XMLSignature.
16:12:21.716 - DEBUG [org.opensaml.common.impl.SAMLObjectContentReference:173] - Adding list of inclusive namespaces for signature exclusive canonicalization transform
16:12:21.717 - DEBUG [org.opensaml.xml.signature.impl.SignatureMarshaller:118] - Creating Signature DOM element
16:12:21.718 - DEBUG [org.opensaml.xml.signature.Signer:76] - Computing signature over XMLSignature object
16:12:21.723 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:331] - secondarily indexing user session by name identifier
16:12:21.724 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:797] - Encoding response to SAML request idL0qUL3lB8vN5hRmRJohilZ-k7b0 from relying party https://nam.demo.local/nidp/saml2/metadata
16:12:21.724 - DEBUG [org.opensaml.ws.message.encoder.BaseMessageEncoder:49] - Beginning encode message to outbound transport of type: org.opensaml.ws.transport.http.HttpServletResponseAdapter
16:12:21.724 - DEBUG [org.opensaml.saml2.binding.encoding.HTTPPostEncoder:124] - Invoking Velocity template to create POST body
16:12:21.724 - DEBUG [org.opensaml.saml2.binding.encoding.HTTPPostEncoder:158] - Encoding action url of 'https://nam.demo.local/nidp/saml2/spassertion_consumer' with encoded value 'https://nam.demo.local/nidp/saml2/spassertion_consumer'
16:12:21.725 - DEBUG [org.opensaml.saml2.binding.encoding.HTTPPostEncoder:162] - Marshalling and Base64 encoding SAML message
16:12:21.725 - DEBUG [org.opensaml.ws.message.encoder.BaseMessageEncoder:97] - Marshalling message
16:12:21.726 - DEBUG [org.opensaml.saml2.binding.encoding.HTTPPostEncoder:185] - Setting RelayState parameter to: 'MQ==', encoded as 'MQ=='
16:12:21.730 - DEBUG [org.opensaml.ws.message.encoder.BaseMessageEncoder:56] - Successfully encoded message.
16:12:21.731 - INFO [Shibboleth-Audit:1028] - 20180313T104221Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|idL0qUL3lB8vN5hRmRJohilZ-k7b0|https://nam.demo.local/nidp/saml2/metadata|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://shibbolethidp.demo.local/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_e4a54d21f8f1c4637ca184e1e9f0910b|test|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|mail,transientId,givenName,sn,|_ff006de26ebc638b8bc287b3f7ec6274|_4db7f3503001cd2247bc98804c73b286,|
0 Likes
Knowledge Partner
Knowledge Partner

Re: IDP response was received that failed to authenticate

On 14-03-2018 5:54 PM, fartyalvikram wrote:
>
> Thanks for reply.
> I have fixed my "Error: HTTP 500 Internal Server Error" Error.
> Now I am getting below Error on browser
> An Identity Provider response was received that failed to authenticate
> this session. (300101011-6CF8D8AFC3EC4E16)


From the documentation:
300101011 Assertion is being replayed.

> Scenario is given below
> 1. Hit
> https://nam.demo.local/nidp/saml2/spsend?id=Shibboleth&sid=1&TARGET=https://userapp.demo.local
> URL on browser.
> 2. Redirect to Shibboleth IDP login page, Enter credentials and hit
> Login button.
> 3. At spassertion it create user inside User Store (eDirectory).
> 4. Redirect to https://nam.demo.local/nidp/app?first=false URL with
> given error Message
> An Identity Provider response was received that failed to authenticate
> this session. (300101011-6CF8D8AFC3EC4E16)
> But on the same tab when I hit https://userapp.demo.local URL it
> redirect me to the User App successfully without any login.


I really wonder how you are generating these events.


--
Cheers,
Edward
0 Likes
fartyalvikram Contributor.
Contributor.

Re: IDP response was received that failed to authenticate

Please share your feedback, how can I troubleshoot this, if you need anything from my end I can provide you.
Do you need Java code which is executed at the time of Login button click of Shibboleth IDP Login Page, is that helpful to troubleshoot this issue?
0 Likes
Knowledge Partner
Knowledge Partner

Re: IDP response was received that failed to authenticate

On 15-03-2018 12:44 AM, fartyalvikram wrote:
>
> Please share your feedback, how can I troubleshoot this, if you need
> anything from my end I can provide you.
> Do you need Java code which is executed at the time of Login button
> click of Shibboleth IDP Login Page, is that helpful to troubleshoot this
> issue?


My gut feel is that you are replaying transactions somehow. NAM doesn't like that going by the error. No offense but I think you need to hire some
consulting as you seem to be posting every single issue here


--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.