Details

    • Branch Version/s:
      6.2.x, 6.1.x
    • Backported to Branch:
      Committed
    • Similar Issues:
      Show 5 results 

      Description

      When SAML Response is sent to a corresponding AuthnRequest the SubjectConfirmationData must have InResponseTo with message id of the AuthnRequest

        Issue Links

          Activity

          Hide
          Justin Choi added a comment -

          Per Mika: Yes, this can and should be tested thought it's not quite that trivial. Basically you do the normal IdP SP setup and also enable logging for org.opensaml in saml plugin. That will log the wire message and then you need to look at the SubjectConfirmationData section and see that there is InResponseTo when using SP initiated login.

          Show
          Justin Choi added a comment - Per Mika: Yes, this can and should be tested thought it's not quite that trivial. Basically you do the normal IdP SP setup and also enable logging for org.opensaml in saml plugin. That will log the wire message and then you need to look at the SubjectConfirmationData section and see that there is InResponseTo when using SP initiated login.
          Hide
          Justin Choi added a comment - - edited

          PASSED Manual Testing using the following steps:

          1. Go to \bundle\webapps\saml-portlet\WEB-INF\classes.
          2. Open log4j.properties
          3. Replace the contents with the following:
            log4j.rootLogger=DEBUG, CONSOLE
            log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
            log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
            log4j.appender.CONSOLE.layout.ConversionPattern=%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n
          
          1. Save the file.
          2. Start the first bundle configured as an IdP.
          3. Start the second bundle configured as an SP.
          4. In the IdP bundle, Go to Server Administration > Log Level.
          5. Add a new category: org.apache.xml.security.utils.DigesterOutputStream and set it as DEBUG.
          6. Save the category.
          7. Connect the IdP to the SP.
          8. On the IdP bundle, execute SP initiated SSO.
          9. The console will display something like the following:
          21:03:34,515 DEBUG [velocity:155] Velocimacro : Default library not found.
          21:03:34,516 DEBUG [velocity:155] Velocimacro : allowInline = true : VMs can be defined inline in templates
          21:03:34,524 DEBUG [velocity:155] Velocimacro : allowInlineToOverride = false : VMs defined inline may NOT replace previous VM definitions
          21:03:34,525 DEBUG [velocity:155] Velocimacro : allowInlineLocal = false : VMs defined inline will be global in scope if allowed.
          21:03:34,535 DEBUG [velocity:155] Velocimacro : autoload off : VM system will not automatically reload global library macros
          21:03:34,536 DEBUG [velocity:155] Velocimacro : Velocimacro : initialization complete.
          21:03:34,538 DEBUG [velocity:155] RuntimeInstance successfully initialized.
          21:03:34,590 DEBUG [DefaultHttpParams:151] Set parameter http.useragent = Jakarta Commons-HttpClient/3.1
          21:03:34,593 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.version = HTTP/1.1
          21:03:34,596 DEBUG [DefaultHttpParams:151] Set parameter http.connection-manager.class = class org.apache.commons.httpclient.SimpleHttpConnectionManager
          21:03:34,596 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.cookie-policy = default
          21:03:34,597 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.element-charset = US-ASCII
          21:03:34,599 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.content-charset = ISO-8859-1
          21:03:34,602 DEBUG [DefaultHttpParams:151] Set parameter http.method.retry-handler = org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@2b260a37
          21:03:34,603 DEBUG [DefaultHttpParams:151] Set parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z]
          21:03:34,612 DEBUG [DefaultHttpParams:151] Set parameter http.connection-manager.timeout = 60000
          21:03:34,612 DEBUG [DefaultHttpParams:151] Set parameter http.socket.timeout = 60000
          21:03:34,618 DEBUG [HttpClient:72] Java version: 1.7.0_09
          21:03:34,619 DEBUG [HttpClient:73] Java vendor: Oracle Corporation
          21:03:34,620 DEBUG [HttpClient:74] Java class path: D:\6.1.x-ee\bundles\tomcat-7.0.27\bin\bootstrap.jar;D:\6.1.x-ee\bundles\tomcat-7.0.27\bin\tomcat-juli.jar
          21:03:34,621 DEBUG [HttpClient:75] Operating system name: Windows 7
          21:03:34,623 DEBUG [HttpClient:76] Operating system architecture: amd64
          21:03:34,624 DEBUG [HttpClient:77] Operating system version: 6.1
          21:03:34,626 DEBUG [HttpClient:82] SUN 1.7: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)
          21:03:34,627 DEBUG [HttpClient:82] SunRsaSign 1.7: Sun RSA signature provider
          21:03:34,639 DEBUG [HttpClient:82] SunEC 1.7: Sun Elliptic Curve provider (EC, ECDSA, ECDH)
          21:03:34,640 DEBUG [HttpClient:82] SunJSSE 1.7: Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
          21:03:34,645 DEBUG [HttpClient:82] SunJCE 1.7: SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)
          21:03:34,648 DEBUG [HttpClient:82] SunJGSS 1.7: Sun (Kerberos v5, SPNEGO)
          21:03:34,649 DEBUG [HttpClient:82] SunSASL 1.7: Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM)
          21:03:34,650 DEBUG [HttpClient:82] XMLDSig 1.0: XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory)
          21:03:34,652 DEBUG [HttpClient:82] SunPCSC 1.7: Sun PC/SC provider
          21:03:34,653 DEBUG [HttpClient:82] SunMSCAPI 1.7: Sun's Microsoft Crypto API provider
          Loading file:/D:/6.1.x-ee/bundles/tomcat-7.0.27/temp/0-saml-portlet/WEB-INF/classes/service.properties
          21:03:35,366 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments)
          21:03:35,368 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments)
          21:03:35,371 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)
          21:03:35,374 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments)
          21:03:35,379 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments)
          21:03:35,380 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments)
          21:03:35,385 DEBUG [Init:?] Transform.register(http://www.w3.org/2000/09/xmldsig#base64, org.apache.xml.security.transforms.implementations.TransformBase64Decode)
          21:03:35,388 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.transforms.implementations.TransformC14N)
          21:03:35,389 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NWithComments)
          21:03:35,391 DEBUG [Init:?] Transform.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.transforms.implementations.TransformC14N11)
          21:03:35,393 DEBUG [Init:?] Transform.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments)
          21:03:35,395 DEBUG [Init:?] Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.transforms.implementations.TransformC14NExclusive)
          21:03:35,397 DEBUG [Init:?] Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments)
          21:03:35,400 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/1999/REC-xpath-19991116, org.apache.xml.security.transforms.implementations.TransformXPath)
          21:03:35,404 DEBUG [Init:?] Transform.register(http://www.w3.org/2000/09/xmldsig#enveloped-signature, org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature)
          21:03:35,408 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/1999/REC-xslt-19991116, org.apache.xml.security.transforms.implementations.TransformXSLT)
          21:03:35,409 DEBUG [Init:?] Transform.register(http://www.w3.org/2002/04/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)
          21:03:35,410 DEBUG [Init:?] Transform.register(http://www.w3.org/2002/06/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)
          21:03:35,415 DEBUG [SignatureAlgorithm:?] Init() called
          21:03:35,427 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#dsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureDSA)
          21:03:35,428 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2000/09/xmldsig#dsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureDSA
          21:03:35,431 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#rsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1)
          21:03:35,431 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2000/09/xmldsig#rsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1
          21:03:35,442 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#hmac-sha1, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1)
          21:03:35,442 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2000/09/xmldsig#hmac-sha1 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1
          21:03:35,443 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-md5, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5)
          21:03:35,444 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-md5 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5
          21:03:35,452 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160)
          21:03:35,453 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160
          21:03:35,454 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256)
          21:03:35,454 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256
          21:03:35,455 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384)
          21:03:35,455 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384
          21:03:35,456 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512)
          21:03:35,456 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512
          21:03:35,458 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1)
          21:03:35,458 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1
          21:03:35,459 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-md5, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5)
          21:03:35,459 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-md5 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5
          21:03:35,459 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160)
          21:03:35,460 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160
          21:03:35,460 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha256, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256)
          21:03:35,461 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256
          21:03:35,462 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha384, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384)
          21:03:35,462 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384
          21:03:35,463 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha512, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512)
          21:03:35,464 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512
          21:03:35,471 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP: A simple resolver for requests to HTTP space
          21:03:35,474 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem: A simple resolver for requests to the local file system
          21:03:35,475 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverFragment: A simple resolver for requests of same-document URIs
          21:03:35,476 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverXPointer: A simple resolver for requests of XPointer fragents
          21:03:35,478 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver: Can extract RSA public keys
          21:03:35,480 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver: Can extract DSA public keys
          21:03:35,481 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver: Can extract public keys from X509 certificates
          21:03:35,482 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver: Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages
          21:03:35,483 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver: Resolves keys and certificates using ResourceResolvers
          21:03:35,484 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver: Uses an X509 SubjectName to retrieve a certificate from the storages
          21:03:35,485 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver: Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages
          21:03:35,486 DEBUG [Init:?] Now I try to bind prefixes:
          21:03:35,487 DEBUG [Init:?] Now I try to bind ds to http://www.w3.org/2000/09/xmldsig#
          21:03:35,487 DEBUG [Init:?] Now I try to bind xenc to http://www.w3.org/2001/04/xmlenc#
          21:03:35,488 DEBUG [Init:?] Now I try to bind experimental to http://www.xmlsecurity.org/experimental#
          21:03:35,488 DEBUG [Init:?] Now I try to bind dsig-xpath-old to http://www.w3.org/2002/04/xmldsig-filter2
          21:03:35,488 DEBUG [Init:?] Now I try to bind dsig-xpath to http://www.w3.org/2002/06/xmldsig-filter2
          21:03:35,489 DEBUG [Init:?] Now I try to bind ec to http://www.w3.org/2001/10/xml-exc-c14n#
          21:03:35,489 DEBUG [Init:?] Now I try to bind xx to http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
          21:03:35,489 DEBUG [Init:?] XX_init                             267 ms
          21:03:35,489 DEBUG [Init:?]   XX_prng                           0 ms
          21:03:35,490 DEBUG [Init:?]   XX_parsing                        119 ms
          21:03:35,490 DEBUG [Init:?]   XX_configure_i18n                 2 ms
          21:03:35,490 DEBUG [Init:?]   XX_configure_reg_c14n             27 ms
          21:03:35,490 DEBUG [Init:?]   XX_configure_reg_jcemapper        4 ms
          21:03:35,491 DEBUG [Init:?]   XX_configure_reg_keyInfo          5 ms
          21:03:35,491 DEBUG [Init:?]   XX_configure_reg_keyResolver      9 ms
          21:03:35,491 DEBUG [Init:?]   XX_configure_reg_prefixes         3 ms
          21:03:35,492 DEBUG [Init:?]   XX_configure_reg_resourceresolver 7 ms
          21:03:35,492 DEBUG [Init:?]   XX_configure_reg_sigalgos         52 ms
          21:03:35,492 DEBUG [Init:?]   XX_configure_reg_transforms       31 ms
          21:03:36,235 INFO  [pool-2-thread-1][HookHotDeployListener:551] Registering hook for saml-portlet
          Loading file:/D:/6.1.x-ee/bundles/tomcat-7.0.27/temp/0-saml-portlet/WEB-INF/classes/portal.properties
          21:03:36,300 INFO  [pool-2-thread-1][HookHotDeployListener:689] Hook for saml-portlet is available for use
          Loading file:/D:/6.1.x-ee/bundles/tomcat-7.0.27/temp/0-saml-portlet/WEB-INF/classes/portlet.properties
          Dec 11, 2012 9:03:36 PM org.apache.coyote.AbstractProtocol start
          INFO: Starting ProtocolHandler ["http-bio-9080"]
          Dec 11, 2012 9:03:36 PM org.apache.coyote.AbstractProtocol start
          INFO: Starting ProtocolHandler ["ajp-bio-9009"]
          Dec 11, 2012 9:03:36 PM org.apache.catalina.startup.Catalina start
          INFO: Server startup in 36146 ms
          21:09:02,465 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
          21:09:02,477 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature)
          21:09:02,478 DEBUG [Transform:?] Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature"
          21:09:02,478 DEBUG [Transform:?] The NodeList is null
          21:09:02,479 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature)
          21:09:02,479 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#)
          21:09:02,480 DEBUG [Transform:?] Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
          21:09:02,480 DEBUG [Transform:?] The NodeList is null
          21:09:02,480 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#)
          21:09:02,481 DEBUG [ElementProxy:?] setElement("ds:Transform", "null")
          21:09:02,486 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#sha1
          21:09:02,489 DEBUG [SignatureAlgorithm:?] Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
          21:09:02,489 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
          21:09:02,490 DEBUG [SignatureBaseRSA:?] Created SignatureRSA using SHA1withRSA
          21:09:02,492 DEBUG [ResourceResolver:?] I was asked to create a ResourceResolver and got 0
          21:09:02,493 DEBUG [ResourceResolver:?]  extra resolvers to my existing 4 system-wide resolvers
          21:09:02,493 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP
          21:09:02,494 DEBUG [ResolverDirectHTTP:?] quick fail for empty URIs and local ones
          21:09:02,494 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem
          21:09:02,494 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverFragment
          21:09:02,495 DEBUG [ResolverFragment:?] State I can resolve reference: ""
          21:09:02,496 DEBUG [ResolverFragment:?] ResolverFragment with empty URI (means complete document)
          21:09:02,499 DEBUG [ElementProxy:?] setElement("ds:Transform", "null")
          21:09:02,500 DEBUG [Transforms:?] Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform
          21:09:02,501 DEBUG [ElementProxy:?] setElement("ds:Transform", "null")
          21:09:02,507 DEBUG [DigesterOutputStream:?] Pre-digested input:
          21:09:02,508 DEBUG [DigesterOutputStream:?] <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="samlidp"><md:IDPSSODescriptor ID="samlidp" WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDdzCCAl+gAwIBAgIET0oeJTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdsaWZlcmF5MRAw
          DgYDVQQIEwdsaWZlcmF5MRAwDgYDVQQHEwdsaWZlcmF5MRAwDgYDVQQKEwdsaWZlcmF5MRAwDgYD
          VQQLEwdsZmllcmF5MRAwDgYDVQQDEwdsaWZlcmF5MB4XDTEyMTIwNjE3NDI1OFoXDTEzMDMwNjE3
          NDI1OFowbDEQMA4GA1UEBhMHbGlmZXJheTEQMA4GA1UECBMHbGlmZXJheTEQMA4GA1UEBxMHbGlm
          ZXJheTEQMA4GA1UEChMHbGlmZXJheTEQMA4GA1UECxMHbGZpZXJheTEQMA4GA1UEAxMHbGlmZXJh
          eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDwtKSh2CEcELHXwbIFE5LFysdWQ0bk
          UAKnrjafNExgCT7oWNesIDl4Rh10+MvEx4ewBuLGQYErRZ5f3hhAIn+KZh23SPqFCmvixCvek0ea
          VcOlhmCI9igrKF5pABqt8x+zdOUtC5Tq2YySVbV3Ln+0+Fcyp6OWWxtd0IXkGHFsjijc0NULHGyq
          Ah3pmWpZ8onCCPOzW15FHnISGFyMZIvpP+Ek8us5eTQ5ofi5CwlJh7jPdx//GVTdrphzbKM5wvj6
          YtswXTh1x2YioVGwA7iNG2A0vev02ZJ3oXQEXvTh7X+2psV04+M3H8cMqUQFFOc1+6IM0WRY0PnY
          77yxDBECAwEAAaMhMB8wHQYDVR0OBBYEFA/9QELkUvrO/qSUNt8vrjMamAmKMA0GCSqGSIb3DQEB
          CwUAA4IBAQB3e980Lfgv4DUyr6xhhEQk7+OC2DcVbPgIjKBxkriGBs9UKJcIOCIpJ4wQQHLgOpmE
          O7womEWICvjeOkOlg3XdOcTJ4K5Lh+ucBx/shq5GzE6FyOjnFI20EWi42i/LDox9HH3UWuME3w9/
          oU079PUoRyEV6D+y9bF2qfYbSmw6Faua8cNPXLL05LhM08A2NUFrMGkPUOg5hmG81LqabXfwP1Wp
          peBNrEKouciWmhzgHEaKr065U7a2XLMqcly6rOChBhBjbH4slHNpK6N8KyEyKO8KPBWhs+9TKdTn
          EyE+O8ORKClIVu0OYtGkgLMWo2yfAnwsuCxpgx5RJKmpr3EH</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://172.16.14.22:9080/c/portal/saml/slo_redirect"></md:SingleLogoutService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://172.16.14.22:9080/c/portal/saml/sso"></md:SingleSignOnService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://172.16.14.22:9080/c/portal/saml/sso"></md:SingleSignOnService></md:IDPSSODescriptor></md:EntityDescriptor>
          21:09:02,513 DEBUG [SignerOutputStream:?] Canonicalized SignedInfo:
          21:09:02,514 DEBUG [SignerOutputStream:?] <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>83Aw7gLn82KPECP9E9Cw0td11sU=</ds:DigestValue></ds:Reference></ds:SignedInfo>
          21:09:03,094 DEBUG [HttpConnection:692] Open connection to 172.16.14.119:9080
          21:09:03,140 DEBUG [header:70] >> "GET /c/portal/saml/metadata HTTP/1.1[\r][\n]"
          21:09:03,141 DEBUG [HttpMethodBase:1352] Adding Host request header
          21:09:03,150 DEBUG [header:70] >> "Accept-Encoding: gzip,deflate[\r][\n]"
          21:09:03,151 DEBUG [header:70] >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
          21:09:03,151 DEBUG [header:70] >> "Host: 172.16.14.119:9080[\r][\n]"
          21:09:03,152 DEBUG [header:70] >> "[\r][\n]"
          21:09:03,166 DEBUG [header:70] << "HTTP/1.1 200 OK[\r][\n]"
          21:09:03,167 DEBUG [header:70] << "HTTP/1.1 200 OK[\r][\n]"
          21:09:03,168 DEBUG [header:70] << "Server: Apache-Coyote/1.1[\r][\n]"
          21:09:03,169 DEBUG [header:70] << "Set-Cookie: JSESSIONID=9888F890733EBD2C28F1A440BB2B3ECE; Path=/; HttpOnly[\r][\n]"
          21:09:03,169 DEBUG [header:70] << "Content-Encoding: gzip[\r][\n]"
          21:09:03,170 DEBUG [header:70] << "Set-Cookie: GUEST_LANGUAGE_ID=en_US; Expires=Wed, 11-Dec-2013 21:09:03 GMT; Path=/[\r][\n]"
          21:09:03,170 DEBUG [header:70] << "Set-Cookie: COOKIE_SUPPORT=true; Expires=Wed, 11-Dec-2013 21:09:03 GMT; Path=/[\r][\n]"
          21:09:03,171 DEBUG [header:70] << "Liferay-Portal: Liferay Portal Community Edition 6.1.20 EE (Paton / Build 6120 / July 23, 2012)[\r][\n]"
          21:09:03,171 DEBUG [header:70] << "Content-Type: text/xml;charset=UTF-8[\r][\n]"
          21:09:03,171 DEBUG [header:70] << "Transfer-Encoding: chunked[\r][\n]"
          21:09:03,172 DEBUG [header:70] << "Date: Tue, 11 Dec 2012 21:09:03 GMT[\r][\n]"
          21:09:03,172 DEBUG [header:70] << "[\r][\n]"
          21:09:03,176 DEBUG [CookieSpec:337] Unrecognized cookie attribute: name=HttpOnly, value=null
          21:09:03,177 DEBUG [HttpMethodBase:1651] Cookie accepted: "$Version=0; JSESSIONID=9888F890733EBD2C28F1A440BB2B3ECE; $Path=/"
          21:09:03,179 DEBUG [HttpMethodBase:1651] Cookie accepted: "$Version=0; GUEST_LANGUAGE_ID=en_US; $Path=/"
          21:09:03,179 DEBUG [HttpMethodBase:1651] Cookie accepted: "$Version=0; COOKIE_SUPPORT=true; $Path=/"
          21:09:03,181 DEBUG [content:84] << "a"
          21:09:03,182 DEBUG [content:84] << "[\r]"
          21:09:03,182 DEBUG [content:70] << "[\n]"
          21:09:03,183 DEBUG [content:84] << "[0x1f]"
          21:09:03,183 DEBUG [content:84] << "[0x8b]"
          21:09:03,184 DEBUG [content:84] << "[0x8]"
          21:09:03,184 DEBUG [content:84] << "[0x0][0x0][0x0][0x0][0x0][0x0]"
          21:09:03,184 DEBUG [content:84] << "[\r]"
          21:09:03,185 DEBUG [content:70] << "[\n]"
          21:09:03,185 DEBUG [content:84] << "4"
          21:09:03,185 DEBUG [content:84] << "b"
          21:09:03,186 DEBUG [content:84] << "1"
          21:09:03,186 DEBUG [content:84] << "[\r]"
          21:09:03,186 DEBUG [content:70] << "[\n]"
          21:09:03,187 DEBUG [content:70] << "[0xad]VY[0x93][0x9a]X[0x18][0xfd]+[0x94][0xf3]h[0xa5]Aq[0x1]+[0xdd][0xa9][0xcb][0x8e][0x88][0x88]l[0xea][0xcb][0x14][0xc2]e_[0x84][0xb][0xa2][0xfe][0xfa][0xc1][0xd8][0xe9]t2[0x9d]<d[0xe6][0x8d]{[0xbe][0xe5][0x9e][0xef][0xa3]8[0x87][0xcf]_.y[0x86][0x9d]a[0x8d][0xe2][0xb2]x[0x1e][0x8c][0x9e][0x88][0x1][0x6][0xb][0xaf][0xf4][0xe3]"|[0x1e]X[0xa6][0xf0][0x89][0x1a]|y[0xc1]>[0xe7][0xfe][0x82]/[0x9a][0xb8][0xb9]r[0x10]yu|j[0xca][0xba][0xcf][0xbb][0x3]2[0xf7]<@n[0x9e][0xa1][0xd3][0x0][0xeb]{[0x15]h[0x91][0xfb][0xcf][0x83][0xb6].[0x16][0xa5][0x8b]b[0xb4]([0xdc][0x1c][0xa2]E[0xe3]-[0xc][0xa0][0xae][0x16][0xe3]'b[0x91][0xc3][0xc6][0xf5][0xdd][0xc6][0x1d][0xbc][0xdc][0xdb][0x1a][0x1b][0xc3][0xd0][0xde]u[0x5]m[0x13][0x15][X[0xb5][0x10]5[0xc8][0x88][0xc3][0x2][0xf6][0xed][0x2]7Cp[0x80][0xbd][0xbf][0xcb]q[0x8b][0x6] [0x4][0xeb][0xa6]g[0xfe]s[0xe2][0xa9].[0x9b][0xd2]+3[0xa3]=[0x9d][0xca][0xba][0xe1][0x8b]6[0x87][0xb5][0xdb]|[0x9d][0xf1]w[0xd4][0xbe][0xd5]=[0xa8])[0
          xf0][0xfd][0xb8]-[0x82][0xfd][0xed][0xfd]=[0xfd]j[0xfa][0xb8][0x8f][0xee]q[0xb9][0x8][0xca][0xd7][0xb1]}[0xf4]<[0x88][0x9a][0xe6][0xb4][0xc0][0xf1][0xae][0xeb][0x9e]:[0xf2][0xa9][0xac]C|L[0x10][0x4]N[0xd0]x[0x9f][0xe3][0xf7][0xc5]⌂=*wS[0x82][0xe6][0xfa][0x15][0xbc][0x1d][0xd8][0xfb][0x1c]A[0xec][0xb9][\r]|Qe[0x99]3[0x12][0x96][0x5][0x89][0x12][0x82]Nf@([0xf3][0x96]L-i[0x13][0xac][0x99]0[0xad][0xa2]4[0x16][0xe9][0x8e]`[0x80]n[0x9][0x80]c[\n]"
          21:09:03,188 DEBUG [content:70] << "UG[0x1d][0xab][0xef]9[[0xd7]E[0xbe][r[0xba][0xc9][0xeb]*[0x98][0x88]`d[0xf1][0x18][0xcb][0xa8][0xd2]Q[0xcc][0xf2][0xc3]n[0x19][0xc1]w[0x1][0xe6][0xf2]1[0xce]F[0xbf][0xc0][0xfb]|[0xec][0xa3][0x0][0xf8][0xa1][0x11][0x80]BG\[0xd4][0x84][0xef][0xd4]$[0xbd][0xaa][0x89]E[0xae]M[0xdf][0xfd][0x8a][0xdd][0xfa][0xcc][0xc4]{[0xc3]0U[0xf4].[0xec][\r],[0x99]pm3`o[0x82]t[0xcd][0xa8][[0xd0]q[0xe1][0xd7]Qd[0xbe][0xf3][0x91][0xeb][0x1c]2/[0x17][0xa6][0xef]p[0xe9]#[0x1c][0xeb][0x3][0xca]/[\n]"
          21:09:03,188 DEBUG [content:70] << "V[0xbf][0xc0][0xb9][0x1f]pYf[0xe4][0xe4][0xb1]_[0xec][0xfb][0x82]y[0x1][0x0][0x8d][0x5]:[0x5][0xee][0x9]l[0xa8][0xf4][0xcf]<H[0xd9][0xbc]H[0x84]!aV[0xf6]6e[0xb]G[0xcd]o[0xb3]Y^x[0xc2]Pk[0xb5][0xa5][0xe1]K[0x96][0xab][0xed][0x86]u[0xa9][0xfb][0x1][0x89]M[0xcb][\n]"
          21:09:03,188 DEBUG [content:84] << "D[0x1d][0xcc]&[0xfe][0xb5]"
          21:09:03,189 DEBUG [content:70] << "-[0x15][0xb5][0xae][0xd6][0xd5]J[0xe8]jg[0x5][0x87]Ui9[0xc1]tC[0xf1][0x95][0xb9][0xd9][0xc9][0xa5]`[0xc4][0xcb][0xe9][0x94][0x0][0x7]M[0xa5][0xe8][0xa0]][0xe5][0xa9]|[0xcb][0xaf].[0xb5]tY[0xf2][0x9a][0xa7]g[0xfb][0x8c][0x9][0x13][0xe7]"[0xed][\r][0xf1][0xcc][0xcd][0xa7][0x89][0xe4][0xb]'[0xbd]⌂[0xfd]##[0x16][0xe6][0xe9]~^DZ[0xec]t[0x15]%[0xb7]xN@\C[0xb1][0xe8][0xae][0xbb][\r][0x1a][0xda]~[0xcc]x[0x84]bj[0xb6][0xc2]r[0xc1][0xfa]<[0x17][0x88][0xb3]y[0xc4][0x82],To[0x14][0xa5]][0xad][0xc0][0xae][0xed][0x9c][0xa7].[0x87][0xf2],[0x8c][0xb6][0xe3][0x1b][0xc9]C[0xb2][0x98][0xb5][0x89][0x92][0x4]W[0x9f]A)oH2"[0x95]}[0xac]T5~[0xc8][0xf2][0xcc]S3[0xe1][0x0]$[0xb2][0xaa]w[0xf9]A[0xf][0xed][0x12][0xa3]9J[0xd9]F[0xcc]D[0xa0][0x96][0x9d][0xa2]I[0x95]o[0xac][0x85]Pc[0x85][0xbd]u[0xed][0xcc][0x9a]S[0x97][0x9b][0xf6]d[0x11][0x92][0xb2][0x84]L[0xa4]g[0xdb][0xd1]Y[0xe5][0xe4]<[0xa0][0x85][0x9d][0x83]P[0x86][0xb]IE[0x87][0xb9][0xdd][0xc9][0x1c][0xd0][0x1][0x83][0xa9][0
          x80][0x10]Y[0xa3][0x12][\r][0xf9]Hr:[0xcf]0[0xba][0x5][0xc0][0xa4][0xff][0x12]t[0xa0][0x8a][0xe3][0x82][0xe]V[0x13][0xc3]W'[0x9a]g[0xcf]`DV[0x9b][0x89]!X[0x9b]Y([0x9f]=m[0xbf][0x89]TA9T[0x85][0xa2][0xab][0x8a]q[0xb2]5[0xc][0x85][0xad]3[0x83][0xdc][0x10]5e[0xb6]_[0xc9][0x9a]%[0x81][0xc8][0x9b][0xb9]3z[0xe2][0xe2][\n]"
          21:09:03,190 DEBUG [content:70] << ";[0xd9][0xd5][0xba][0xa0][0xb][0xb5][0xb4]S=D&[0xe1]D[0x90][0xed]U][0x13][0x87]5[0xdd][0xe5][0xe4]![0x92][0xb6][0xe7][0x9b][0xe9]$[0x1b][0xfc]b\[0x12][0x7][0xf3][0xdc]P[\n]"
          21:09:03,193 DEBUG [content:70] << "(*[0x8c][0xf7][0xb2]WG.[0xd3]I[0xb5][0xc8][0xeb][0x17][0xa7][[0x86][0xac]`[0xec]#[0xe8][0xb4][0xe2][0xf8][0xb4]s[0xaf]+bi[0x9e][0xe3][0xe9][0xf0][0x0][0xdb][0x12][0x1f][0xcf][0xe8][0xb3]4[0xd4]O[0xc7][0xa3][0xdc][0xca]g[0xad][0x93][0xf5][0x8e][0x9c]@l;S[0xf0]1[0xd2][0x8a][0xdd]U[0x14][0x3][0xce]R[0xe2][0xd4][0xb6][0xbd][0xd9]hI^K[0xd0]e[0xdb]5H[0xae][0xd3]V[0x18]M[0x8f])5[0xd4][0xe7]V[0xe0][0x87]a#[0xcd];[\n]"
          21:09:03,194 DEBUG [content:84] << "?[0x8c]bg[0x17]O[0x89]SJ^[0xbb][2[0x9a]QC,&:\[0xda][0x86][0x9e][0x9e][0x8f]E-U[0x85][0x9]uRI[0xe2][0xa2][0xb1]%3TV8Z[0xd3][0xe][0xe5]8i6[0x8c][0x9d]@[0xb8][0x15]W[0x0][0xe6][0xd5]fn"
          21:09:03,194 DEBUG [content:70] << "[0xac][0x82][0x9b]j[0x5][0x89]⌂[0xfb][0x8c]⌂ Eo[0xe0]C[0xac][0xf0][0xef][0xa2][0xd7][0x1f]~V[0xc8][0x87][0x9c][0xf7][0xea][0x98][0xc1]U[0x19][0x96]mc[0xc0][0xfa][0x1c]{[0x10]c[0xe2][0xe2][0xe1]'[0xbf][0x93][0xde][0xe3]#[0x9]-$[0xd3][0xdc]|[0xda]B?[0xae][0xa1][0xd7][0xc][0xb0]U[0xe9][0xbd][\n]"
          21:09:03,195 DEBUG [content:84] << "[0xf7][0xab][0xb8][0x8e][0xe6][0xe3][0xa7][0xd1][0xec]i4y[0x1a][0x8d][0xe8][0x5]MP[0x4][0xee][0xe1]w[0x95]w3[0xfc]n[0xe]8[0xca][0xca][0xbf][0xeb]o[0xf5][0xf8][0xff][0xc4][0xca][0xd0][0xc0][0xe6]O[0xc9][0xa0][0xd2]=[0xbd][0x12]ys,[0xb6]7[0xad][0xbb])[0xfd][0x87][0x1d]m4[0xc3][0xfc][0x13]J[0xae][0x87][0x6]X[0xdf][0x9]^z[0xc3][0xef][0x9f][0x10][0x7][0x3][0xb7][0xcd][0x9a][0xe7]AS[0xb7][0xf0]N[0x14][0xff][0xb7]/?[0xc0][0x9f][0xff][0x1]^[0xfe][0x1]D-[0x16][0xf8]@[0x8][0x0][0x0]"
          21:09:03,196 DEBUG [content:84] << "[\r]"
          21:09:03,196 DEBUG [content:70] << "[\n]"
          21:09:03,196 DEBUG [content:84] << "0"
          21:09:03,197 DEBUG [content:84] << "[\r]"
          21:09:03,197 DEBUG [content:70] << "[\n]"
          21:09:03,198 DEBUG [content:84] << "[\r]"
          21:09:03,198 DEBUG [content:70] << "[\n]"
          21:09:03,201 DEBUG [header:70] << "[\r][\n]"
          21:09:03,202 DEBUG [HttpMethodBase:1024] Resorting to protocol version default close connection policy
          21:09:03,202 DEBUG [HttpMethodBase:1028] Should NOT close connection, using HTTP/1.1
          21:09:03,203 DEBUG [HttpConnection:1178] Releasing connection back to connection manager.
          21:09:03,222 INFO  [http-bio-9080-exec-10][AbstractReloadingMetadataProvider:122] New metadata succesfully loaded for 'http://172.16.14.119:9080/c/portal/saml/metadata'
          21:09:03,223 INFO  [http-bio-9080-exec-10][AbstractReloadingMetadataProvider:142] Next refresh cycle for metadata provider 'http://172.16.14.119:9080/c/portal/saml/metadata' will occur on '2012-12-12T00:09:03.104Z' ('2012-12-12T00:09:03.104Z' local time)
          21:13:02,570 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
          21:13:02,577 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature)
          21:13:02,578 DEBUG [Transform:?] Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature"
          21:13:02,579 DEBUG [Transform:?] The NodeList is null
          21:13:02,580 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature)
          21:13:02,580 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#)
          21:13:02,581 DEBUG [Transform:?] Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
          21:13:02,581 DEBUG [Transform:?] The NodeList is null
          21:13:02,582 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#)
          21:13:02,583 DEBUG [ElementProxy:?] setElement("ds:Transform", "null")
          21:13:02,584 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#sha1
          21:13:02,587 DEBUG [SignatureAlgorithm:?] Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
          21:13:02,588 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
          21:13:02,588 DEBUG [SignatureBaseRSA:?] Created SignatureRSA using SHA1withRSA
          21:13:02,589 DEBUG [ResourceResolver:?] I was asked to create a ResourceResolver and got 0
          21:13:02,590 DEBUG [ResourceResolver:?]  extra resolvers to my existing 4 system-wide resolvers
          21:13:02,590 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP
          21:13:02,608 DEBUG [ResolverDirectHTTP:?] quick fail for empty URIs and local ones
          21:13:02,609 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem
          21:13:02,610 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverFragment
          21:13:02,613 DEBUG [ResolverFragment:?] State I can resolve reference: "#_33ce5e53f949c135aad2070293f6b494f0b3581d"
          21:13:02,618 DEBUG [IdResolver:?] getElementByIdType() Search for ID _33ce5e53f949c135aad2070293f6b494f0b3581d
          21:13:02,619 DEBUG [IdResolver:?] getElementByIdUsingDOM() Search for ID _33ce5e53f949c135aad2070293f6b494f0b3581d
          21:13:02,654 DEBUG [IdResolver:?] I could find an Element using the simple getElementByIdUsingDOM method: saml2p:Response
          21:13:02,655 DEBUG [ResolverFragment:?] Try to catch an Element with ID _33ce5e53f949c135aad2070293f6b494f0b3581d and Element was [saml2p:Response: null]
          21:13:02,656 DEBUG [ElementProxy:?] setElement("ds:Transform", "null")
          21:13:02,664 DEBUG [Transforms:?] Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform
          21:13:02,665 DEBUG [ElementProxy:?] setElement("ds:Transform", "null")
          21:13:02,666 DEBUG [DigesterOutputStream:?] Pre-digested input:
          21:13:02,667 DEBUG [DigesterOutputStream:?] <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://172.16.14.119:9080/c/portal/saml/acs" ID="_33ce5e53f949c135aad2070293f6b494f0b3581d" IssueInstant="2012-12-11T21:13:02.503Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">samlidp</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0cc757dd6215da67962ef72cc8c1da5f56cb0aae" IssueInstant="2012-12-11T21:13:02.503Z" Version="2.0"><saml2:Issuer>samlidp</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">test@liferay.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData NotOnOrAfter="2012-12-11T21:43:02.503Z" Recipient="http://172.16.14.119:9080/c/port
          al/saml/acs"></saml2:SubjectConfirmationData></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2012-12-11T21:13:02.503Z" NotOnOrAfter="2012-12-11T21:43:02.503Z"><saml2:AudienceRestriction><saml2:Audience>samlsp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2012-12-11T21:13:02.503Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>
          

          Fixed on:
          Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: fbd00ec296882230cd8908393fc08636d4b6dfa6. Plugins 6.1.x EE GIT ID: 7a206d80a39256aa5c912caf1bdd1f2a048989be.

          • User is able to view the confirmation messages during the SP initiated SSO/SLO
          Show
          Justin Choi added a comment - - edited PASSED Manual Testing using the following steps: Go to \bundle\webapps\saml-portlet\WEB-INF\classes. Open log4j.properties Replace the contents with the following: log4j.rootLogger=DEBUG, CONSOLE log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout log4j.appender.CONSOLE.layout.ConversionPattern=%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n Save the file. Start the first bundle configured as an IdP. Start the second bundle configured as an SP. In the IdP bundle, Go to Server Administration > Log Level. Add a new category: org.apache.xml.security.utils.DigesterOutputStream and set it as DEBUG. Save the category. Connect the IdP to the SP. On the IdP bundle, execute SP initiated SSO. The console will display something like the following: 21:03:34,515 DEBUG [velocity:155] Velocimacro : Default library not found. 21:03:34,516 DEBUG [velocity:155] Velocimacro : allowInline = true : VMs can be defined inline in templates 21:03:34,524 DEBUG [velocity:155] Velocimacro : allowInlineToOverride = false : VMs defined inline may NOT replace previous VM definitions 21:03:34,525 DEBUG [velocity:155] Velocimacro : allowInlineLocal = false : VMs defined inline will be global in scope if allowed. 21:03:34,535 DEBUG [velocity:155] Velocimacro : autoload off : VM system will not automatically reload global library macros 21:03:34,536 DEBUG [velocity:155] Velocimacro : Velocimacro : initialization complete. 21:03:34,538 DEBUG [velocity:155] RuntimeInstance successfully initialized. 21:03:34,590 DEBUG [DefaultHttpParams:151] Set parameter http.useragent = Jakarta Commons-HttpClient/3.1 21:03:34,593 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.version = HTTP/1.1 21:03:34,596 DEBUG [DefaultHttpParams:151] Set parameter http.connection-manager.class = class org.apache.commons.httpclient.SimpleHttpConnectionManager 21:03:34,596 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.cookie-policy = default 21:03:34,597 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.element-charset = US-ASCII 21:03:34,599 DEBUG [DefaultHttpParams:151] Set parameter http.protocol.content-charset = ISO-8859-1 21:03:34,602 DEBUG [DefaultHttpParams:151] Set parameter http.method.retry-handler = org.apache.commons.httpclient.DefaultHttpMethodRetryHandler@2b260a37 21:03:34,603 DEBUG [DefaultHttpParams:151] Set parameter http.dateparser.patterns = [EEE, dd MMM yyyy HH:mm:ss zzz, EEEE, dd-MMM-yy HH:mm:ss zzz, EEE MMM d HH:mm:ss yyyy, EEE, dd-MMM-yyyy HH:mm:ss z, EEE, dd-MMM-yyyy HH-mm-ss z, EEE, dd MMM yy HH:mm:ss z, EEE dd-MMM-yyyy HH:mm:ss z, EEE dd MMM yyyy HH:mm:ss z, EEE dd-MMM-yyyy HH-mm-ss z, EEE dd-MMM-yy HH:mm:ss z, EEE dd MMM yy HH:mm:ss z, EEE,dd-MMM-yy HH:mm:ss z, EEE,dd-MMM-yyyy HH:mm:ss z, EEE, dd-MM-yyyy HH:mm:ss z] 21:03:34,612 DEBUG [DefaultHttpParams:151] Set parameter http.connection-manager.timeout = 60000 21:03:34,612 DEBUG [DefaultHttpParams:151] Set parameter http.socket.timeout = 60000 21:03:34,618 DEBUG [HttpClient:72] Java version: 1.7.0_09 21:03:34,619 DEBUG [HttpClient:73] Java vendor: Oracle Corporation 21:03:34,620 DEBUG [HttpClient:74] Java class path: D:\6.1.x-ee\bundles\tomcat-7.0.27\bin\bootstrap.jar;D:\6.1.x-ee\bundles\tomcat-7.0.27\bin\tomcat-juli.jar 21:03:34,621 DEBUG [HttpClient:75] Operating system name: Windows 7 21:03:34,623 DEBUG [HttpClient:76] Operating system architecture: amd64 21:03:34,624 DEBUG [HttpClient:77] Operating system version: 6.1 21:03:34,626 DEBUG [HttpClient:82] SUN 1.7: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration) 21:03:34,627 DEBUG [HttpClient:82] SunRsaSign 1.7: Sun RSA signature provider 21:03:34,639 DEBUG [HttpClient:82] SunEC 1.7: Sun Elliptic Curve provider (EC, ECDSA, ECDH) 21:03:34,640 DEBUG [HttpClient:82] SunJSSE 1.7: Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1) 21:03:34,645 DEBUG [HttpClient:82] SunJCE 1.7: SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC) 21:03:34,648 DEBUG [HttpClient:82] SunJGSS 1.7: Sun (Kerberos v5, SPNEGO) 21:03:34,649 DEBUG [HttpClient:82] SunSASL 1.7: Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM) 21:03:34,650 DEBUG [HttpClient:82] XMLDSig 1.0: XMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory) 21:03:34,652 DEBUG [HttpClient:82] SunPCSC 1.7: Sun PC/SC provider 21:03:34,653 DEBUG [HttpClient:82] SunMSCAPI 1.7: Sun's Microsoft Crypto API provider Loading file:/D:/6.1.x-ee/bundles/tomcat-7.0.27/temp/0-saml-portlet/WEB-INF/classes/service.properties 21:03:35,366 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments) 21:03:35,368 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments) 21:03:35,371 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments) 21:03:35,374 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments) 21:03:35,379 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments) 21:03:35,380 DEBUG [Init:?] Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments) 21:03:35,385 DEBUG [Init:?] Transform.register(http://www.w3.org/2000/09/xmldsig#base64, org.apache.xml.security.transforms.implementations.TransformBase64Decode) 21:03:35,388 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.transforms.implementations.TransformC14N) 21:03:35,389 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NWithComments) 21:03:35,391 DEBUG [Init:?] Transform.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.transforms.implementations.TransformC14N11) 21:03:35,393 DEBUG [Init:?] Transform.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments) 21:03:35,395 DEBUG [Init:?] Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.transforms.implementations.TransformC14NExclusive) 21:03:35,397 DEBUG [Init:?] Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments) 21:03:35,400 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/1999/REC-xpath-19991116, org.apache.xml.security.transforms.implementations.TransformXPath) 21:03:35,404 DEBUG [Init:?] Transform.register(http://www.w3.org/2000/09/xmldsig#enveloped-signature, org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature) 21:03:35,408 DEBUG [Init:?] Transform.register(http://www.w3.org/TR/1999/REC-xslt-19991116, org.apache.xml.security.transforms.implementations.TransformXSLT) 21:03:35,409 DEBUG [Init:?] Transform.register(http://www.w3.org/2002/04/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter) 21:03:35,410 DEBUG [Init:?] Transform.register(http://www.w3.org/2002/06/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter) 21:03:35,415 DEBUG [SignatureAlgorithm:?] Init() called 21:03:35,427 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#dsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureDSA) 21:03:35,428 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2000/09/xmldsig#dsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureDSA 21:03:35,431 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#rsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1) 21:03:35,431 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2000/09/xmldsig#rsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1 21:03:35,442 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#hmac-sha1, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1) 21:03:35,442 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2000/09/xmldsig#hmac-sha1 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1 21:03:35,443 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-md5, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5) 21:03:35,444 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-md5 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5 21:03:35,452 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160) 21:03:35,453 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160 21:03:35,454 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256) 21:03:35,454 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256 21:03:35,455 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384) 21:03:35,455 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384 21:03:35,456 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512) 21:03:35,456 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512 21:03:35,458 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1) 21:03:35,458 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1 21:03:35,459 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-md5, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5) 21:03:35,459 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-md5 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5 21:03:35,459 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160) 21:03:35,460 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160 21:03:35,460 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha256, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256) 21:03:35,461 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256 21:03:35,462 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha384, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384) 21:03:35,462 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384 21:03:35,463 DEBUG [Init:?] SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha512, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512) 21:03:35,464 DEBUG [SignatureAlgorithm:?] Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512 21:03:35,471 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP: A simple resolver for requests to HTTP space 21:03:35,474 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem: A simple resolver for requests to the local file system 21:03:35,475 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverFragment: A simple resolver for requests of same-document URIs 21:03:35,476 DEBUG [Init:?] Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverXPointer: A simple resolver for requests of XPointer fragents 21:03:35,478 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver: Can extract RSA public keys 21:03:35,480 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver: Can extract DSA public keys 21:03:35,481 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver: Can extract public keys from X509 certificates 21:03:35,482 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver: Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages 21:03:35,483 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver: Resolves keys and certificates using ResourceResolvers 21:03:35,484 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver: Uses an X509 SubjectName to retrieve a certificate from the storages 21:03:35,485 DEBUG [Init:?] Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver: Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages 21:03:35,486 DEBUG [Init:?] Now I try to bind prefixes: 21:03:35,487 DEBUG [Init:?] Now I try to bind ds to http://www.w3.org/2000/09/xmldsig# 21:03:35,487 DEBUG [Init:?] Now I try to bind xenc to http://www.w3.org/2001/04/xmlenc# 21:03:35,488 DEBUG [Init:?] Now I try to bind experimental to http://www.xmlsecurity.org/experimental# 21:03:35,488 DEBUG [Init:?] Now I try to bind dsig-xpath-old to http://www.w3.org/2002/04/xmldsig-filter2 21:03:35,488 DEBUG [Init:?] Now I try to bind dsig-xpath to http://www.w3.org/2002/06/xmldsig-filter2 21:03:35,489 DEBUG [Init:?] Now I try to bind ec to http://www.w3.org/2001/10/xml-exc-c14n# 21:03:35,489 DEBUG [Init:?] Now I try to bind xx to http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter 21:03:35,489 DEBUG [Init:?] XX_init 267 ms 21:03:35,489 DEBUG [Init:?] XX_prng 0 ms 21:03:35,490 DEBUG [Init:?] XX_parsing 119 ms 21:03:35,490 DEBUG [Init:?] XX_configure_i18n 2 ms 21:03:35,490 DEBUG [Init:?] XX_configure_reg_c14n 27 ms 21:03:35,490 DEBUG [Init:?] XX_configure_reg_jcemapper 4 ms 21:03:35,491 DEBUG [Init:?] XX_configure_reg_keyInfo 5 ms 21:03:35,491 DEBUG [Init:?] XX_configure_reg_keyResolver 9 ms 21:03:35,491 DEBUG [Init:?] XX_configure_reg_prefixes 3 ms 21:03:35,492 DEBUG [Init:?] XX_configure_reg_resourceresolver 7 ms 21:03:35,492 DEBUG [Init:?] XX_configure_reg_sigalgos 52 ms 21:03:35,492 DEBUG [Init:?] XX_configure_reg_transforms 31 ms 21:03:36,235 INFO [pool-2-thread-1][HookHotDeployListener:551] Registering hook for saml-portlet Loading file:/D:/6.1.x-ee/bundles/tomcat-7.0.27/temp/0-saml-portlet/WEB-INF/classes/portal.properties 21:03:36,300 INFO [pool-2-thread-1][HookHotDeployListener:689] Hook for saml-portlet is available for use Loading file:/D:/6.1.x-ee/bundles/tomcat-7.0.27/temp/0-saml-portlet/WEB-INF/classes/portlet.properties Dec 11, 2012 9:03:36 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["http-bio-9080"] Dec 11, 2012 9:03:36 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["ajp-bio-9009"] Dec 11, 2012 9:03:36 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 36146 ms 21:09:02,465 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 21:09:02,477 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature) 21:09:02,478 DEBUG [Transform:?] Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature" 21:09:02,478 DEBUG [Transform:?] The NodeList is null 21:09:02,479 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature) 21:09:02,479 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#) 21:09:02,480 DEBUG [Transform:?] Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive" 21:09:02,480 DEBUG [Transform:?] The NodeList is null 21:09:02,480 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#) 21:09:02,481 DEBUG [ElementProxy:?] setElement("ds:Transform", "null") 21:09:02,486 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#sha1 21:09:02,489 DEBUG [SignatureAlgorithm:?] Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" 21:09:02,489 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 21:09:02,490 DEBUG [SignatureBaseRSA:?] Created SignatureRSA using SHA1withRSA 21:09:02,492 DEBUG [ResourceResolver:?] I was asked to create a ResourceResolver and got 0 21:09:02,493 DEBUG [ResourceResolver:?] extra resolvers to my existing 4 system-wide resolvers 21:09:02,493 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP 21:09:02,494 DEBUG [ResolverDirectHTTP:?] quick fail for empty URIs and local ones 21:09:02,494 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem 21:09:02,494 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverFragment 21:09:02,495 DEBUG [ResolverFragment:?] State I can resolve reference: "" 21:09:02,496 DEBUG [ResolverFragment:?] ResolverFragment with empty URI (means complete document) 21:09:02,499 DEBUG [ElementProxy:?] setElement("ds:Transform", "null") 21:09:02,500 DEBUG [Transforms:?] Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform 21:09:02,501 DEBUG [ElementProxy:?] setElement("ds:Transform", "null") 21:09:02,507 DEBUG [DigesterOutputStream:?] Pre-digested input: 21:09:02,508 DEBUG [DigesterOutputStream:?] <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="samlidp"><md:IDPSSODescriptor ID="samlidp" WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDdzCCAl+gAwIBAgIET0oeJTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdsaWZlcmF5MRAw DgYDVQQIEwdsaWZlcmF5MRAwDgYDVQQHEwdsaWZlcmF5MRAwDgYDVQQKEwdsaWZlcmF5MRAwDgYD VQQLEwdsZmllcmF5MRAwDgYDVQQDEwdsaWZlcmF5MB4XDTEyMTIwNjE3NDI1OFoXDTEzMDMwNjE3 NDI1OFowbDEQMA4GA1UEBhMHbGlmZXJheTEQMA4GA1UECBMHbGlmZXJheTEQMA4GA1UEBxMHbGlm ZXJheTEQMA4GA1UEChMHbGlmZXJheTEQMA4GA1UECxMHbGZpZXJheTEQMA4GA1UEAxMHbGlmZXJh eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANDwtKSh2CEcELHXwbIFE5LFysdWQ0bk UAKnrjafNExgCT7oWNesIDl4Rh10+MvEx4ewBuLGQYErRZ5f3hhAIn+KZh23SPqFCmvixCvek0ea VcOlhmCI9igrKF5pABqt8x+zdOUtC5Tq2YySVbV3Ln+0+Fcyp6OWWxtd0IXkGHFsjijc0NULHGyq Ah3pmWpZ8onCCPOzW15FHnISGFyMZIvpP+Ek8us5eTQ5ofi5CwlJh7jPdx//GVTdrphzbKM5wvj6 YtswXTh1x2YioVGwA7iNG2A0vev02ZJ3oXQEXvTh7X+2psV04+M3H8cMqUQFFOc1+6IM0WRY0PnY 77yxDBECAwEAAaMhMB8wHQYDVR0OBBYEFA/9QELkUvrO/qSUNt8vrjMamAmKMA0GCSqGSIb3DQEB CwUAA4IBAQB3e980Lfgv4DUyr6xhhEQk7+OC2DcVbPgIjKBxkriGBs9UKJcIOCIpJ4wQQHLgOpmE O7womEWICvjeOkOlg3XdOcTJ4K5Lh+ucBx/shq5GzE6FyOjnFI20EWi42i/LDox9HH3UWuME3w9/ oU079PUoRyEV6D+y9bF2qfYbSmw6Faua8cNPXLL05LhM08A2NUFrMGkPUOg5hmG81LqabXfwP1Wp peBNrEKouciWmhzgHEaKr065U7a2XLMqcly6rOChBhBjbH4slHNpK6N8KyEyKO8KPBWhs+9TKdTn EyE+O8ORKClIVu0OYtGkgLMWo2yfAnwsuCxpgx5RJKmpr3EH</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://172.16.14.22:9080/c/portal/saml/slo_redirect"></md:SingleLogoutService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://172.16.14.22:9080/c/portal/saml/sso"></md:SingleSignOnService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://172.16.14.22:9080/c/portal/saml/sso"></md:SingleSignOnService></md:IDPSSODescriptor></md:EntityDescriptor> 21:09:02,513 DEBUG [SignerOutputStream:?] Canonicalized SignedInfo: 21:09:02,514 DEBUG [SignerOutputStream:?] <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>83Aw7gLn82KPECP9E9Cw0td11sU=</ds:DigestValue></ds:Reference></ds:SignedInfo> 21:09:03,094 DEBUG [HttpConnection:692] Open connection to 172.16.14.119:9080 21:09:03,140 DEBUG [header:70] >> "GET /c/portal/saml/metadata HTTP/1.1[\r][\n]" 21:09:03,141 DEBUG [HttpMethodBase:1352] Adding Host request header 21:09:03,150 DEBUG [header:70] >> "Accept-Encoding: gzip,deflate[\r][\n]" 21:09:03,151 DEBUG [header:70] >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]" 21:09:03,151 DEBUG [header:70] >> "Host: 172.16.14.119:9080[\r][\n]" 21:09:03,152 DEBUG [header:70] >> "[\r][\n]" 21:09:03,166 DEBUG [header:70] << "HTTP/1.1 200 OK[\r][\n]" 21:09:03,167 DEBUG [header:70] << "HTTP/1.1 200 OK[\r][\n]" 21:09:03,168 DEBUG [header:70] << "Server: Apache-Coyote/1.1[\r][\n]" 21:09:03,169 DEBUG [header:70] << "Set-Cookie: JSESSIONID=9888F890733EBD2C28F1A440BB2B3ECE; Path=/; HttpOnly[\r][\n]" 21:09:03,169 DEBUG [header:70] << "Content-Encoding: gzip[\r][\n]" 21:09:03,170 DEBUG [header:70] << "Set-Cookie: GUEST_LANGUAGE_ID=en_US; Expires=Wed, 11-Dec-2013 21:09:03 GMT; Path=/[\r][\n]" 21:09:03,170 DEBUG [header:70] << "Set-Cookie: COOKIE_SUPPORT=true; Expires=Wed, 11-Dec-2013 21:09:03 GMT; Path=/[\r][\n]" 21:09:03,171 DEBUG [header:70] << "Liferay-Portal: Liferay Portal Community Edition 6.1.20 EE (Paton / Build 6120 / July 23, 2012)[\r][\n]" 21:09:03,171 DEBUG [header:70] << "Content-Type: text/xml;charset=UTF-8[\r][\n]" 21:09:03,171 DEBUG [header:70] << "Transfer-Encoding: chunked[\r][\n]" 21:09:03,172 DEBUG [header:70] << "Date: Tue, 11 Dec 2012 21:09:03 GMT[\r][\n]" 21:09:03,172 DEBUG [header:70] << "[\r][\n]" 21:09:03,176 DEBUG [CookieSpec:337] Unrecognized cookie attribute: name=HttpOnly, value=null 21:09:03,177 DEBUG [HttpMethodBase:1651] Cookie accepted: "$Version=0; JSESSIONID=9888F890733EBD2C28F1A440BB2B3ECE; $Path=/" 21:09:03,179 DEBUG [HttpMethodBase:1651] Cookie accepted: "$Version=0; GUEST_LANGUAGE_ID=en_US; $Path=/" 21:09:03,179 DEBUG [HttpMethodBase:1651] Cookie accepted: "$Version=0; COOKIE_SUPPORT=true; $Path=/" 21:09:03,181 DEBUG [content:84] << "a" 21:09:03,182 DEBUG [content:84] << "[\r]" 21:09:03,182 DEBUG [content:70] << "[\n]" 21:09:03,183 DEBUG [content:84] << "[0x1f]" 21:09:03,183 DEBUG [content:84] << "[0x8b]" 21:09:03,184 DEBUG [content:84] << "[0x8]" 21:09:03,184 DEBUG [content:84] << "[0x0][0x0][0x0][0x0][0x0][0x0]" 21:09:03,184 DEBUG [content:84] << "[\r]" 21:09:03,185 DEBUG [content:70] << "[\n]" 21:09:03,185 DEBUG [content:84] << "4" 21:09:03,185 DEBUG [content:84] << "b" 21:09:03,186 DEBUG [content:84] << "1" 21:09:03,186 DEBUG [content:84] << "[\r]" 21:09:03,186 DEBUG [content:70] << "[\n]" 21:09:03,187 DEBUG [content:70] << "[0xad]VY[0x93][0x9a]X[0x18][0xfd]+[0x94][0xf3]h[0xa5]Aq[0x1]+[0xdd][0xa9][0xcb][0x8e][0x88][0x88]l[0xea][0xcb][0x14][0xc2]e_[0x84][0xb][0xa2][0xfe][0xfa][0xc1][0xd8][0xe9]t2[0x9d]<d[0xe6][0x8d]{[0xbe][0xe5][0x9e][0xef][0xa3]8[0x87][0xcf]_.y[0x86][0x9d]a[0x8d][0xe2][0xb2]x[0x1e][0x8c][0x9e][0x88][0x1][0x6][0xb][0xaf][0xf4][0xe3]"|[0x1e]X[0xa6][0xf0][0x89][0x1a]|y[0xc1]>[0xe7][0xfe][0x82]/[0x9a][0xb8][0xb9]r[0x10]yu|j[0xca][0xba][0xcf][0xbb][0x3]2[0xf7]<@n[0x9e][0xa1][0xd3][0x0][0xeb]{[0x15]h[0x91][0xfb][0xcf][0x83][0xb6].[0x16][0xa5][0x8b]b[0xb4]([0xdc][0x1c][0xa2]E[0xe3]-[0xc][0xa0][0xae][0x16][0xe3]'b[0x91][0xc3][0xc6][0xf5][0xdd][0xc6][0x1d][0xbc][0xdc][0xdb][0x1a][0x1b][0xc3][0xd0][0xde]u[0x5]m[0x13][0x15][X[0xb5][0x10]5[0xc8][0x88][0xc3][0x2][0xf6][0xed][0x2]7Cp[0x80][0xbd][0xbf][0xcb]q[0x8b][0x6] [0x4][0xeb][0xa6]g[0xfe]s[0xe2][0xa9].[0x9b][0xd2]+3[0xa3]=[0x9d][0xca][0xba][0xe1][0x8b]6[0x87][0xb5][0xdb]|[0x9d][0xf1]w[0xd4][0xbe][0xd5]=[0xa8])[0 xf0][0xfd][0xb8]-[0x82][0xfd][0xed][0xfd]=[0xfd]j[0xfa][0xb8][0x8f][0xee]q[0xb9][0x8][0xca][0xd7][0xb1]}[0xf4]<[0x88][0x9a][0xe6][0xb4][0xc0][0xf1][0xae][0xeb][0x9e]:[0xf2][0xa9][0xac]C|L[0x10][0x4]N[0xd0]x[0x9f][0xe3][0xf7][0xc5]⌂=*wS[0x82][0xe6][0xfa][0x15][0xbc][0x1d][0xd8][0xfb][0x1c]A[0xec][0xb9][\r]|Qe[0x99]3[0x12][0x96][0x5][0x89][0x12][0x82]Nf@([0xf3][0x96]L-i[0x13][0xac][0x99]0[0xad][0xa2]4[0x16][0xe9][0x8e]`[0x80]n[0x9][0x80]c[\n]" 21:09:03,188 DEBUG [content:70] << "UG[0x1d][0xab][0xef]9[[0xd7]E[0xbe][r[0xba][0xc9][0xeb]*[0x98][0x88]`d[0xf1][0x18][0xcb][0xa8][0xd2]Q[0xcc][0xf2][0xc3]n[0x19][0xc1]w[0x1][0xe6][0xf2]1[0xce]F[0xbf][0xc0][0xfb]|[0xec][0xa3][0x0][0xf8][0xa1][0x11][0x80]BG\[0xd4][0x84][0xef][0xd4]$[0xbd][0xaa][0x89]E[0xae]M[0xdf][0xfd][0x8a][0xdd][0xfa][0xcc][0xc4]{[0xc3]0U[0xf4].[0xec][\r],[0x99]pm3`o[0x82]t[0xcd][0xa8][[0xd0]q[0xe1][0xd7]Qd[0xbe][0xf3][0x91][0xeb][0x1c]2/[0x17][0xa6][0xef]p[0xe9]#[0x1c][0xeb][0x3][0xca]/[\n]" 21:09:03,188 DEBUG [content:70] << "V[0xbf][0xc0][0xb9][0x1f]pYf[0xe4][0xe4][0xb1]_[0xec][0xfb][0x82]y[0x1][0x0][0x8d][0x5]:[0x5][0xee][0x9]l[0xa8][0xf4][0xcf]<H[0xd9][0xbc]H[0x84]!aV[0xf6]6e[0xb]G[0xcd]o[0xb3]Y^x[0xc2]Pk[0xb5][0xa5][0xe1]K[0x96][0xab][0xed][0x86]u[0xa9][0xfb][0x1][0x89]M[0xcb][\n]" 21:09:03,188 DEBUG [content:84] << "D[0x1d][0xcc]&[0xfe][0xb5]" 21:09:03,189 DEBUG [content:70] << "-[0x15][0xb5][0xae][0xd6][0xd5]J[0xe8]jg[0x5][0x87]Ui9[0xc1]tC[0xf1][0x95][0xb9][0xd9][0xc9][0xa5]`[0xc4][0xcb][0xe9][0x94][0x0][0x7]M[0xa5][0xe8][0xa0]][0xe5][0xa9]|[0xcb][0xaf].[0xb5]tY[0xf2][0x9a][0xa7]g[0xfb][0x8c][0x9][0x13][0xe7]"[0xed][\r][0xf1][0xcc][0xcd][0xa7][0x89][0xe4][0xb]'[0xbd]⌂[0xfd]##[0x16][0xe6][0xe9]~^DZ[0xec]t[0x15]%[0xb7]xN@\C[0xb1][0xe8][0xae][0xbb][\r][0x1a][0xda]~[0xcc]x[0x84]bj[0xb6][0xc2]r[0xc1][0xfa]<[0x17][0x88][0xb3]y[0xc4][0x82],To[0x14][0xa5]][0xad][0xc0][0xae][0xed][0x9c][0xa7].[0x87][0xf2],[0x8c][0xb6][0xe3][0x1b][0xc9]C[0xb2][0x98][0xb5][0x89][0x92][0x4]W[0x9f]A)oH2"[0x95]}[0xac]T5~[0xc8][0xf2][0xcc]S3[0xe1][0x0]$[0xb2][0xaa]w[0xf9]A[0xf][0xed][0x12][0xa3]9J[0xd9]F[0xcc]D[0xa0][0x96][0x9d][0xa2]I[0x95]o[0xac][0x85]Pc[0x85][0xbd]u[0xed][0xcc][0x9a]S[0x97][0x9b][0xf6]d[0x11][0x92][0xb2][0x84]L[0xa4]g[0xdb][0xd1]Y[0xe5][0xe4]<[0xa0][0x85][0x9d][0x83]P[0x86][0xb]IE[0x87][0xb9][0xdd][0xc9][0x1c][0xd0][0x1][0x83][0xa9][0 x80][0x10]Y[0xa3][0x12][\r][0xf9]Hr:[0xcf]0[0xba][0x5][0xc0][0xa4][0xff][0x12]t[0xa0][0x8a][0xe3][0x82][0xe]V[0x13][0xc3]W'[0x9a]g[0xcf]`DV[0x9b][0x89]!X[0x9b]Y([0x9f]=m[0xbf][0x89]TA9T[0x85][0xa2][0xab][0x8a]q[0xb2]5[0xc][0x85][0xad]3[0x83][0xdc][0x10]5e[0xb6]_[0xc9][0x9a]%[0x81][0xc8][0x9b][0xb9]3z[0xe2][0xe2][\n]" 21:09:03,190 DEBUG [content:70] << ";[0xd9][0xd5][0xba][0xa0][0xb][0xb5][0xb4]S=D&[0xe1]D[0x90][0xed]U][0x13][0x87]5[0xdd][0xe5][0xe4]![0x92][0xb6][0xe7][0x9b][0xe9]$[0x1b][0xfc]b\[0x12][0x7][0xf3][0xdc]P[\n]" 21:09:03,193 DEBUG [content:70] << "(*[0x8c][0xf7][0xb2]WG.[0xd3]I[0xb5][0xc8][0xeb][0x17][0xa7][[0x86][0xac]`[0xec]#[0xe8][0xb4][0xe2][0xf8][0xb4]s[0xaf]+bi[0x9e][0xe3][0xe9][0xf0][0x0][0xdb][0x12][0x1f][0xcf][0xe8][0xb3]4[0xd4]O[0xc7][0xa3][0xdc][0xca]g[0xad][0x93][0xf5][0x8e][0x9c]@l;S[0xf0]1[0xd2][0x8a][0xdd]U[0x14][0x3][0xce]R[0xe2][0xd4][0xb6][0xbd][0xd9]hI^K[0xd0]e[0xdb]5H[0xae][0xd3]V[0x18]M[0x8f])5[0xd4][0xe7]V[0xe0][0x87]a#[0xcd];[\n]" 21:09:03,194 DEBUG [content:84] << "?[0x8c]bg[0x17]O[0x89]SJ^[0xbb][2[0x9a]QC,&:\[0xda][0x86][0x9e][0x9e][0x8f]E-U[0x85][0x9]uRI[0xe2][0xa2][0xb1]%3TV8Z[0xd3][0xe][0xe5]8i6[0x8c][0x9d]@[0xb8][0x15]W[0x0][0xe6][0xd5]fn" 21:09:03,194 DEBUG [content:70] << "[0xac][0x82][0x9b]j[0x5][0x89]⌂[0xfb][0x8c]⌂ Eo[0xe0]C[0xac][0xf0][0xef][0xa2][0xd7][0x1f]~V[0xc8][0x87][0x9c][0xf7][0xea][0x98][0xc1]U[0x19][0x96]mc[0xc0][0xfa][0x1c]{[0x10]c[0xe2][0xe2][0xe1]'[0xbf][0x93][0xde][0xe3]#[0x9]-$[0xd3][0xdc]|[0xda]B?[0xae][0xa1][0xd7][0xc][0xb0]U[0xe9][0xbd][\n]" 21:09:03,195 DEBUG [content:84] << "[0xf7][0xab][0xb8][0x8e][0xe6][0xe3][0xa7][0xd1][0xec]i4y[0x1a][0x8d][0xe8][0x5]MP[0x4][0xee][0xe1]w[0x95]w3[0xfc]n[0xe]8[0xca][0xca][0xbf][0xeb]o[0xf5][0xf8][0xff][0xc4][0xca][0xd0][0xc0][0xe6]O[0xc9][0xa0][0xd2]=[0xbd][0x12]ys,[0xb6]7[0xad][0xbb])[0xfd][0x87][0x1d]m4[0xc3][0xfc][0x13]J[0xae][0x87][0x6]X[0xdf][0x9]^z[0xc3][0xef][0x9f][0x10][0x7][0x3][0xb7][0xcd][0x9a][0xe7]AS[0xb7][0xf0]N[0x14][0xff][0xb7]/?[0xc0][0x9f][0xff][0x1]^[0xfe][0x1]D-[0x16][0xf8]@[0x8][0x0][0x0]" 21:09:03,196 DEBUG [content:84] << "[\r]" 21:09:03,196 DEBUG [content:70] << "[\n]" 21:09:03,196 DEBUG [content:84] << "0" 21:09:03,197 DEBUG [content:84] << "[\r]" 21:09:03,197 DEBUG [content:70] << "[\n]" 21:09:03,198 DEBUG [content:84] << "[\r]" 21:09:03,198 DEBUG [content:70] << "[\n]" 21:09:03,201 DEBUG [header:70] << "[\r][\n]" 21:09:03,202 DEBUG [HttpMethodBase:1024] Resorting to protocol version default close connection policy 21:09:03,202 DEBUG [HttpMethodBase:1028] Should NOT close connection, using HTTP/1.1 21:09:03,203 DEBUG [HttpConnection:1178] Releasing connection back to connection manager. 21:09:03,222 INFO [http-bio-9080-exec-10][AbstractReloadingMetadataProvider:122] New metadata succesfully loaded for 'http://172.16.14.119:9080/c/portal/saml/metadata' 21:09:03,223 INFO [http-bio-9080-exec-10][AbstractReloadingMetadataProvider:142] Next refresh cycle for metadata provider 'http://172.16.14.119:9080/c/portal/saml/metadata' will occur on '2012-12-12T00:09:03.104Z' ('2012-12-12T00:09:03.104Z' local time) 21:13:02,570 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 21:13:02,577 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature) 21:13:02,578 DEBUG [Transform:?] Create URI "http://www.w3.org/2000/09/xmldsig#enveloped-signature" class "class org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature" 21:13:02,579 DEBUG [Transform:?] The NodeList is null 21:13:02,580 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2000/09/xmldsig#enveloped-signature) 21:13:02,580 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#) 21:13:02,581 DEBUG [Transform:?] Create URI "http://www.w3.org/2001/10/xml-exc-c14n#" class "class org.apache.xml.security.transforms.implementations.TransformC14NExclusive" 21:13:02,581 DEBUG [Transform:?] The NodeList is null 21:13:02,582 DEBUG [Transforms:?] Transforms.addTransform(http://www.w3.org/2001/10/xml-exc-c14n#) 21:13:02,583 DEBUG [ElementProxy:?] setElement("ds:Transform", "null") 21:13:02,584 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#sha1 21:13:02,587 DEBUG [SignatureAlgorithm:?] Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" 21:13:02,588 DEBUG [JCEMapper:?] Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 21:13:02,588 DEBUG [SignatureBaseRSA:?] Created SignatureRSA using SHA1withRSA 21:13:02,589 DEBUG [ResourceResolver:?] I was asked to create a ResourceResolver and got 0 21:13:02,590 DEBUG [ResourceResolver:?] extra resolvers to my existing 4 system-wide resolvers 21:13:02,590 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP 21:13:02,608 DEBUG [ResolverDirectHTTP:?] quick fail for empty URIs and local ones 21:13:02,609 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem 21:13:02,610 DEBUG [ResourceResolver:?] check resolvability by class org.apache.xml.security.utils.resolver.implementations.ResolverFragment 21:13:02,613 DEBUG [ResolverFragment:?] State I can resolve reference: "#_33ce5e53f949c135aad2070293f6b494f0b3581d" 21:13:02,618 DEBUG [IdResolver:?] getElementByIdType() Search for ID _33ce5e53f949c135aad2070293f6b494f0b3581d 21:13:02,619 DEBUG [IdResolver:?] getElementByIdUsingDOM() Search for ID _33ce5e53f949c135aad2070293f6b494f0b3581d 21:13:02,654 DEBUG [IdResolver:?] I could find an Element using the simple getElementByIdUsingDOM method: saml2p:Response 21:13:02,655 DEBUG [ResolverFragment:?] Try to catch an Element with ID _33ce5e53f949c135aad2070293f6b494f0b3581d and Element was [saml2p:Response: null] 21:13:02,656 DEBUG [ElementProxy:?] setElement("ds:Transform", "null") 21:13:02,664 DEBUG [Transforms:?] Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform 21:13:02,665 DEBUG [ElementProxy:?] setElement("ds:Transform", "null") 21:13:02,666 DEBUG [DigesterOutputStream:?] Pre-digested input: 21:13:02,667 DEBUG [DigesterOutputStream:?] <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://172.16.14.119:9080/c/portal/saml/acs" ID="_33ce5e53f949c135aad2070293f6b494f0b3581d" IssueInstant="2012-12-11T21:13:02.503Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">samlidp</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0cc757dd6215da67962ef72cc8c1da5f56cb0aae" IssueInstant="2012-12-11T21:13:02.503Z" Version="2.0"><saml2:Issuer>samlidp</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">test@liferay.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData NotOnOrAfter="2012-12-11T21:43:02.503Z" Recipient="http://172.16.14.119:9080/c/port al/saml/acs"></saml2:SubjectConfirmationData></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2012-12-11T21:13:02.503Z" NotOnOrAfter="2012-12-11T21:43:02.503Z"><saml2:AudienceRestriction><saml2:Audience>samlsp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2012-12-11T21:13:02.503Z"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response> Fixed on: Tomcat 7.0 + MySQL 5. Portal 6.1.x EE GIT ID: fbd00ec296882230cd8908393fc08636d4b6dfa6. Plugins 6.1.x EE GIT ID: 7a206d80a39256aa5c912caf1bdd1f2a048989be. User is able to view the confirmation messages during the SP initiated SSO/SLO
          Hide
          Justin Choi added a comment -

          PASSED Manual Testing following the steps in the comments.

          Fixed on:
          Tomcat 7.0.42 + MySQL 5. Portal 6.2.x EE GIT ID: d32cb67298dd82d9abe56d4ca56ca41f085600a8. Plugins 6.2.x EE GIT ID: f44da34bc6f677768556d780369b98313b147d2b.

          • SAML Response SubjectConfirmationData displays the InResponseTo attribute. See below:
           <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://www.able.com:9080/c/portal/saml/acs" ID="_bf692a762d29610d5292f412adaf3b0dad9191b2" InResponseTo="_3e72454cd5211639fb548a7001620bc6ea256947" IssueInstant="2014-03-14T21:06:41.322Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">samlidp</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_29088e03a7ed0802a889a1b05a0438091987a570" IssueInstant="2014-03-14T21:06:41.322Z" Version="2.0"><saml2:Issuer>samlidp</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">test@liferay.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="_3e72454cd5211639fb548a7001620bc6ea256947" NotOnOrAfter="2014-03-14T21:36:41.322Z" Recipient="http://www.able.com:9080/c/portal/saml/acs"></saml2:SubjectConfirmationData></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2014-03-14T21:06:41.322Z" NotOnOrAfter="2014-03-14T21:36:41.322Z"><saml2:AudienceRestriction><saml2:Audience>samlsp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2014-03-14T21:06:41.322Z" SessionIndex="_2a026a9d5edb44aab9b9c0afde411198cab160676c2bd9147ada3261954f"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>
          
          
          Show
          Justin Choi added a comment - PASSED Manual Testing following the steps in the comments. Fixed on: Tomcat 7.0.42 + MySQL 5. Portal 6.2.x EE GIT ID: d32cb67298dd82d9abe56d4ca56ca41f085600a8. Plugins 6.2.x EE GIT ID: f44da34bc6f677768556d780369b98313b147d2b. SAML Response SubjectConfirmationData displays the InResponseTo attribute. See below: <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://www.able.com:9080/c/portal/saml/acs" ID="_bf692a762d29610d5292f412adaf3b0dad9191b2" InResponseTo="_3e72454cd5211639fb548a7001620bc6ea256947" IssueInstant="2014-03-14T21:06:41.322Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">samlidp</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_29088e03a7ed0802a889a1b05a0438091987a570" IssueInstant="2014-03-14T21:06:41.322Z" Version="2.0"><saml2:Issuer>samlidp</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">test@liferay.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="_3e72454cd5211639fb548a7001620bc6ea256947" NotOnOrAfter="2014-03-14T21:36:41.322Z" Recipient="http://www.able.com:9080/c/portal/saml/acs"></saml2:SubjectConfirmationData></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2014-03-14T21:06:41.322Z" NotOnOrAfter="2014-03-14T21:36:41.322Z"><saml2:AudienceRestriction><saml2:Audience>samlsp</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2014-03-14T21:06:41.322Z" SessionIndex="_2a026a9d5edb44aab9b9c0afde411198cab160676c2bd9147ada3261954f"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>

            People

            • Assignee:
              Justin Choi
              Reporter:
              Mika Koivisto
              Recent user:
              Joshua Gok
              Participants of an Issue:
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 2 weeks, 1 day ago

                Development

                  Structure Helper Panel