Hi Darshana,
Yes the response is encrypted. Sending the SAML sso trace attached with the
mail.
@Ishara I used wso2carbon as the certificate alias since I'm using the
default key stores and also I'm testing this in super tenant mode. Do I
need to import the public certificate of the private key of travelocity app
to IS keystores in super tenant mode?
On Fri, Oct 2, 2015 at 3:19 PM, Ishara Karunarathna <isha...@wso2.com>
wrote:
> Hi Nadeesha,
>
> On Fri, Oct 2, 2015 at 3:04 PM, Darshana Gunawardana <darsh...@wso2.com>
> wrote:
>
>> Hi Nadeesha,
>>
>> Have you checked whether the assertion is encrypted in the response IS
>> send back to travelocity app?
>>
>> And please provide the SSO Trace (save as a text file and attach in the
>> mail) for the whole flow.
>>
>> Thanks,
>> Darshana
>>
>> On Fri, Oct 2, 2015 at 2:53 PM, Nadeesha Meegoda <nadees...@wso2.com>
>> wrote:
>>
>>> Hi.
>>>
>>> I have configured the setup to Login to the Identity Server Using
>>> Another Identity Server as per the details in [1] in Super tenant mode.
>>> With the happy scenario according to the documentation this works fine. But
>>> I have enabled some additional properties in IDP and SP used for IDP as
>>> following :
>>>
>>> *Properties enabled for Federated Authenticators* - SAML2 Web SSO
>>> Configuration
>>>
>>> 1. Enabled Assertion Encryption
>>> 2. Enable Assertion Signing
>>> 3. Enable Authentication Response Signing
>>>
>>> *Properties enabled fo SP used for IDP *
>>>
>>> 1. Enabled Assertion Encryption
>>> 2. Enabled Response Signing
>>>
>>> *Properties enabled fo SP used for travelocity app*
>>>
>>> 1. Enabled Assertion Encryption
>>>
>> What is the Certificate Alias you used here ?
> is that the public key in travelocity app ?
>
>> 2. Enabled Response Signing
>>>
>>> In the travelocity.properties file also I have enabled Assertion
>>> Encryption,Response signing and Assertion signing. I have already imported
>>> the Identity Provider Public Certificate to IDP
>>>
>>> When I'm signing in to travelocity.com I get Unable to decrypt the SAML
>>> Assertion error and error in [2] in tomcat.
>>>
>>> Note that only enabling "assertion signing" in IDP I was successfully
>>> able to login and no error was displayed. When I enabled the Assertion
>>> Encryption this error occurred. Why is this error occurred when I enable
>>> this property as mentioned above?
>>>
>>> Any help regarding this is highly appreciated!
>>>
>>>
>>>
>>> [1] -
>>> https://docs.wso2.com/pages/viewpage.action?title=Login%2Bto%2Bthe%2BIdentity%2BServer%2BUsing%2BAnother%2BIdentity%2BServer&spaceKey=IS510
>>>
>>> [2] - Oct 02, 2015 2:10:47 PM
>>> org.wso2.carbon.identity.sso.agent.SSOAgentFilter doFilter
>>> SEVERE: An error has occurred
>>> org.wso2.carbon.identity.sso.agent.exception.SSOAgentException: Unable
>>> to decrypt the SAML Assertion
>>> at
>>> org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager.processSSOResponse(SAML2SSOManager.java:254)
>>> at
>>> org.wso2.carbon.identity.sso.agent.saml.SAML2SSOManager.processResponse(SAML2SSOManager.java:198)
>>> at
>>> org.wso2.carbon.identity.sso.agent.SSOAgentFilter.doFilter(SSOAgentFilter.java:89)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>>> at
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
>>> at
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>>> at
>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
>>> at
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
>>> at
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>>> at
>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
>>> at
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
>>> at
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
>>> at
>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
>>> at
>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
>>> at
>>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
>>> at
>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>> at
>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>> at
>>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>>> at java.lang.Thread.run(Thread.java:745)
>>>
>>>
>>>
>>>
>>> Thanks!
>>> --
>>> *Nadeesha Meegoda*
>>> Software Engineer - QA
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>> email : nadees...@wso2.com
>>> mobile: +94783639540
>>> <%2B94%2077%202273555>
>>>
>>
>>
>>
>> --
>> Regards,
>>
>>
>> *Darshana Gunawardana*Senior Software Engineer
>> WSO2 Inc.; http://wso2.com
>>
>> *E-mail: darsh...@wso2.com <darsh...@wso2.com>*
>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>>
>
>
>
> --
> Ishara Karunarathna
> Senior Software Engineer
> WSO2 Inc. - lean . enterprise . middleware | wso2.com
>
> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile:
> +94717996791
>
--
*Nadeesha Meegoda*
Software Engineer - QA
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
email : nadees...@wso2.com
mobile: +94783639540
<%2B94%2077%202273555>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="http://localhost:8080/travelocity.com/home.jsp";
Destination="https://localhost:9443/samlsso";
ForceAuthn="true"
ID="0"
IsPassive="false"
IssueInstant="2015-10-02T09:47:59.447Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"
>
<samlp:Issuer
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">travelocity.com</samlp:Issuer>
<saml2p:NameIDPolicy xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
AllowCreate="true"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
SPNameQualifier="Issuer"
/>
<saml2p:RequestedAuthnContext
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
Comparison="exact"
>
<saml:AuthnContextClassRef
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</saml2p:RequestedAuthnContext>
</samlp:AuthnRequest>
================================================================================================================================================================================================
<samlp:AuthnRequest
AssertionConsumerServiceURL="https://localhost:9443/commonauth";
Destination="https://localhost:9444/samlsso/";
ForceAuthn="true"
ID="ihbboclbdlnmpoienmmpocbjjdgefldfldbngemp"
IsPassive="false"
IssueInstant="2015-10-02T09:48:01.258Z"
Version="2.0"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
>
<samlp:Issuer
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">Primary</samlp:Issuer>
<saml2p:RequestedAuthnContext Comparison="exact"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
>
<saml2:AuthnContextClassRef
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
</saml2p:RequestedAuthnContext>
</samlp:AuthnRequest>
========================================================================================================================================================================================================
<saml2p:Response Destination="https://localhost:9443/commonauth";
ID="flgcpkjeehdmcfebhoapbgllaihgeljdenbobeam"
InResponseTo="ihbboclbdlnmpoienmmpocbjjdgefldfldbngemp"
IssueInstant="2015-10-02T09:48:05.301Z"
Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
>
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>localhost</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#flgcpkjeehdmcfebhoapbgllaihgeljdenbobeam">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>oF0mXlNG3DWRBJu6pU2sh+iy91k=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>XIVqyVjvOKz4eGJr2v9xCsIDGQCozli4G5birojesNTEWnbssmAv3fIOn6dInpDM0YBc9sVSY0O+AalqOWrcwCYVagQmru0d/xQIAJ8HtrTe+smVPKVdYXOjBYG3i/Gvgx2d6AD6O3wmBq3IxkhxoU/5ee+gWaj6INQXLqNwYnQ=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</saml2p:Status>
<saml2:EncryptedAssertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData Id="_421e77ad6a5fa51d66856fe828cb2e80"
Type="http://www.w3.org/2001/04/xmlenc#Element";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey Id="_f85ffdccfe20f0e63fae5238348bd80c"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
/>
<xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:CipherValue>O1MzS3TPc9Y9DaT/wX7IBvx1s7UrGp5vU9SzrhlkU9jd2/aFjgEPFusX9PNz7H7XLUqT1qUbbDszR5eoCPhB6B9FL0mAHeto1xECKR4T1m/7FL1Y0N9IUmP/PAnZPo4ORxpzXNpzy2TqQWGCJ0P4XroeejTULZ4OvQ8ZHpjt17w=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:CipherValue>1NajYEPOxbGIBAL6gsqa9bhbBsChY0CjCEjszMB9E/Pw4ceYblnKpr4b9NS2yXDWT9CrDIfmWAUCoC/scdh2HsWX8W+j2NjzFGMHhXGlsdeox8Iu+sB4YoiM694AWpTLF9l3dpZFPcvJOTlnc6khev37ePz1aNw8hCw0prnFnMg629rkZWUUD1Ebu3lKX9D1gtlJ19nKAzRT/XT4Kq4ozOv83vMwpCYvi99mhVkLeYRnq1uNbshfWOuUD9lkKI+Yie8qS4+NnVfJToa9NYfns7E0pE7HD7tT8FGuVT0+gSYcEsOn36pDCs4jzfZU3J4ZLC6d0R6wckb/60O7uvTYdO7jQRV/3y3HoZwf3cF20epNJIHeW1dPPmXaw/5v8Ke4tEfA1a18X4u9UXZqO3zS6QwlHnGOKimDm5MOusfljechS2pRQZ9KotJXTkSLOoFaMhjhU+LWTxZcYHdSGOxVFLVgMInd5tSS08ZOzYwUS82mwD/tCBP0A6H9dw8pAuom0qgzYbaaxXRSydTOLlfhK5kkblqbO6kGSBWKJYzRbBLrwbf0FbsogFisETmp/Z/DVGNgFgiTlp+8Jd4F0zlh5f+b/8UfPoChfKZbv9bpX7CHQZ01YYBoDinxBaH6Y485a7cvQiAYT/L4bKpTeMoqwY5VVMD4K5tL5M33p3cuvlbAC8XSmd0IPCPSOXNuuXCqiMIrnAUOq2I0tVFM0PQxmG3d23LyLYQYus7ztndpXNxtvyFNf5mijum67zkMVp+7Hb0JU5UeliS2z1C0kotGcibPI8EooDIbJw/9OP9pB6SKDg6R/5fs6A21yuEfpSquf8DP8d3u8LpQOgkuj9c51KCO+Xh+0I6iQR6mf6ZLZ7Qug5FRR/OX7HUBDtbwjWjyo2zrqciwbaQYc0C/FB51zUB87B1mJ1G42ozx0Oacx6rphdV+jXUtVh6WD5yppMnIHdi07PB8OmibY9Lemjdcv89nLmKkDm0Ca9TyabEdn6gH8a2ns6ZNgvNkBw75iCp/SgVWa3d9MzQWnfovbTRXvZUqyNy8v5IRf5FI+ZmDjhLitYAhpUMYQc1A+9/J4eIPNCbkE1IxWy6AGbEF5cFKd6tYOrYykeUIz8uqJf2TNm53JsCJgOb0x//ER9SfUBWc1r5CzZsSmP7KCu3TD+3riXVNVEND42bMzBtORqCfRTvkPpbNUBfZ062EMGJ6QVzsETZIJVJOl+zIYni4zHdz/DIYUZLDFVsbK31KOs2PWuWFMfXU45pjA7PHoaa3LKWzaWwNbi6TaMP0jB4KE+q7uigzQYQM/efSPRUYK2Hx/RyqfbPO1djcpPkYcMKNoqxS+g18sEIMRz3DudTCqdOzZsY7/LP4RfgGEYO12nLRitpbMonswai1TbMwyGKZZFFjIQ/cVhS/Cev6l7Kglp+Esq4i7APD2ehXLIStgHO2rvMg/CTK7S3syvNOTI49dlSc8oaupZf4rO0mz/0nNuehJQuX0iouoxxLatSdvM+k4rUxcJ01s/dQucfWDied69MWwCcKahyG7Z2aV9ejdl1ZTMLgcH8AWdFobNxDY9NHY9t3BHwSbFfz+Yo3K1mREaa02zU2jRap0xnbVZ7MWLdIcIAdF+PI/BtlvWHD5NRKqi7oTcMj8OoHBB/I2Ys3ZRnjtHb1mxsm84qt3ur/olyzuDDHkOWc2tRcipSHSoEldtL9rnI9RKRQymAOc/d/8M91U0qyBS+4pPV8WbSxOBd/jH0QtAjBbMVw7v5PBdLSKTg5jE8M0OzTTGWH5mgGoXtXLSA+Azr0LTvfLL4HiRXWrw+AjYhTMldMARr/KSl0zhsREG3cNMyUSkNQohS/LF0geEhZre74UfCt1rpcBivpTjsc5+zfMJsOvLTiASbiwKO2oXjBWF0D967+Ee4i/RP5mHY948X1lyJBuchlHlfzqoj53SnB2mQle06xa8xPviJu2adG3PtPRmALvT3BOPZHEPxaaag0cYsVB4AvL3WqQ9nm/LfhrU2DJk9Gfu+unUqmhWQAioIjlp253h/JnvbTUQOcM0p3sObAEvWkkPkZso0aCj/ftR8ONTIJYLQX+W/UTc6l0CNZIYsBINB0/NauyYvyooju3+eohKtz8DmFN8+W7KOUoTcpE9Bf/7rXxlRoq+qFT/TG4QkqcuxtbQUgNZX71JFxd/ALqqLw/er8v9jrrYDrxkvog30uiWftIW2kWE0dCj7OyByK5fMZQZ1LsOcbMVAclrAdFiE8R9inbnPP4vGv/WA77U8ShNjg4F0UFJU1GQ0tJSUSqkyUYRXDs3ERuigoJ0IFA3U2Pt2vFt57a6pLB68kU2jji890lT64/uwfQ9BS9DCMadaLaYjo9NFOBfYlFnfvt8bo2PhMEVxb168OGgmLDk/NhOLgTWUuoBLQPKq/xYe+G9yy3SW6lXl3yfoqEybKBktDmY0FKT+BSZwQjPyoU4Q6g5394veowZnztO1xEezcQLbRpwW/IRJeanHmLH05Got6wjX5lMOoRauM1Ewwt1Kli9GCBpZStB7Rb/W08QmFkf9QCDh20uyxW4la2/vBrVQApDAlOlP9X5nfJZTC46vnj8bjskvUhFiDWENKg0GgbExnj27fUBtttCzffmQ8ZokdDfYTWeCihlYkMtW7JtNhRSIZDFlwQqb3PFB0B1QJDNzEbSGyKKG/9RwHUsu9UQAdyMzvWoVkxqB7K+7lQaOolO1slD6Qjq+DpzwZWtkVvk9kK1GdylSBwjuNwBTButGVMu125QFpHStLiB44ksMMyfHxLcC5HmS/lxQagKyhuDimTPXqnw9lciVaIIEKwNaCownKXu6Um+xZJTiC2R9Dzlktij8EPF73GSAtG2EfzGS8m1N3I1uFs6WW22N4VpYl0WnFk0wRgFGgQ7gfF1DE3+yMQbeqGomc4MHm+hlxXUf4+spO9AK+gxHOXJeyvc0xPJM2//JH1y+IfIZYHsE2mquTdAZKm4hWSWPkrPLdAbCN2rMWeXVWvaEhw+382a1d7wfWXXGIQH8t/QqSXUdOw9DLFZsav8Nv/o8wDVB4vG82b8II2KJkEmzz6xC7hSOzhiEUakvni8S/HxaH4Z/IS+QIJrdlKTjtbZPxm5sB7Q0Bd8seO5HKSLLyuZjb8BXlwO/r7KeDMwP5uRdTfFl3AxRnLZGKmEAQcbtSEZWdDHJVON1O1T5lrS9dQbWjURwvlrfrQZhtmJZKFZm9gBsbTHNuDgj593xw088KRCDzs2OAbj33Db6A5AI6XNNwlSUyjt4H5LjouVraAODbsa7Ui2kTTHuMht4nsFm4MmScK7x8J8ge+Q2F27BJvqpP9gmuJSzNLG5fFCU++6nECl7cPBINnOF2GSJv1kmw6Curs0p3iIsHPvsJ8GTZFsmyrWEwrwOvNNA/HbAfJYzhNxLxSwI5fkmcHN3YEP7sp/XQbE0pw2iZz8pH3lanf1fO9qMlSccbYUAbRqCij+wr1secEZy0qSEsYDswx9rjB3bkdMxkHMAn8FK0umw04m6cO8detcYEgZyJVNo3Cm2jygBeV4OwaB5SWbqlNoscNl9Yh2EHdj1b0C/lIKGB/gbSj8mZsxIplNW5lUchqK15RJrFkl6Zryb2DTs5L1f7BK4NNO3CBrQ4xQKqS3miTni4bApdwZy03+oEKJO7Qn51lEJKdoipyQxCX2HlermrIv5C/uMtWwFv0dZv4M7+bb774pc8nw9Tv4HU/wkU8fXoqsSXxahup2prJTWv9cR7k0teTD+65ZzGxYVb4HPHtjn7X4CD66kZGjzwIyLlObkFPZbTjwXz5kE9dNjLeSHIAS9TtrbmlcIfr/Y3UBZUiMQzpDllbHdamvqB3gV5nYyA6t6xmhh/oK7o1sOPFPypOkxuy/Or4tS1K8On378DIQbWSET5Z1PUlDWabEpippLYveETj0qIYH74ytc9kSV9h4t+G4z+Hywj8OLcU5InpgSCOavbaCf7EoQo7eoFJ4j1w3/TI83lJH7ZiQXePy5vJ0tSqkrWas2dt0141diek69W8rs3HegZb7zkI7x8uPT66YT6m0qqFB8=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml2:EncryptedAssertion>
</saml2p:Response>
=========================================================================================================================================================================================================
<saml2p:Response Destination="http://localhost:8080/travelocity.com/home.jsp";
ID="gcnajhohabakfijeepnlnjdnnbdbofgojnneibnf"
InResponseTo="0"
IssueInstant="2015-10-02T09:48:05.410Z"
Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
>
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>localhost</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<ds:Reference URI="#gcnajhohabakfijeepnlnjdnnbdbofgojnneibnf">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>p2euYJLkLyFA7MOFVZmrqDKZ62k=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Kj9lheqOzwCHIWYwKadvbrlTVPJfsdGvf0bEYYBLTBYqoiIwxcmpHTrsbiwzdQst2b+mIM+dRo8ie92P0qTjFHpo4vZPS/X2j6VA0pB+fyegTTRpHXquUU3d98At9xglzlsWdUibluKECygVH16N2pFjpbfmDGae2vqGWDNxBvU=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</saml2p:Status>
<saml2:EncryptedAssertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData Id="_324748cbbde5953eca231ef8823a4ae8"
Type="http://www.w3.org/2001/04/xmlenc#Element";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<xenc:EncryptedKey Id="_da24ad52a6e1e5506f7fccbb6331e4dc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
/>
<xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:CipherValue>IAYV41JwmohyyHYG/bkVqvl7UnWBjtGVS4UlMhuhn5oYgfdNaTiVG9gyXCFGdYha0GpNTzRi6vESgRcgMx7Mgg1puAFzD7/gPdTQHxBVgLwlcmPOrf49qwBAD5bJjPLSqHMqU3LsgznQ9fa8eUywDYfn+nvOOuA7UAr4LtmCP4E=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:CipherValue>pPoi7vaktQtrIDRSenvQWRuocFEallTlEMs9KoMoVbEg/9Eu0QCxT4VnvNiv4K1fFZlEhBsYvaIbVRFFNiob2YtjU6LWDEjtwAve1oZr6GRyYykYmmloMtRO9qo9yJgvCoI6oH+sxCT6pfsAsdhmzUS7DQ2zRxl62U8HXmQZ4DVv0lS+UsSfEjOAvQKbSJlPJZpSzHQmS00nclKckDw+lHawEB//deRWmwph9suTEUmqjMC+JQvpIxkGMwEYh9qABGagKm4XILtHe+/E2Inwxrf5d/QxzSgR5MxecNxHqMPAMmVimSi8ooC/U/2yPgRanRzRR7qWEHVaAyRXbkcQjv9tBZrHrGh35pF8N6Yp5fN5OhvvLhbNUK2N1lTQTlTs5tEpywdjQ5dFHtc5UEX+Emhi/1Nug8vurzhbqt2f17fL7Dv/MPepuerlB7lpGhKpmbKxrHiovsWRrAkRfEqwriFSzaEk71C14GZbb2Und5wMnGbhHQaYtIOHQ2NaKkhigep0qcHEtw2Y6hR7Gwxc/uty9VzNGJccP0IvxT+XYHGtjB6Ywpn9QMqVcjS+wlEIJI2Pw5yzIPh43blGV0U+NZ+S7PQJdYEMYckghmrumretqvtfvODdPLQ/LCaMOHMzdzjJ/bMfhrS/1HoumXG2VrgAbF19P1ujYZQoP+tsGfLrG0I0NdQv35YqR3v5/uKNZyVCczGuaEDz2749GNeFIPwBcmpPxtzWCxBM60oHnAmTkiZfT/K+nPuxvRdXl83VjQfINg6Tus8doYPy+zmmj01aSCdG5YUAjHJ/E3enEtDFyo4bJ37j867pevGPDU/qunz3F5fiJjyltRx2a+bK+34oCtuFzMstw1FnCXx9DCgV1EtwHreMmNIgTAbWfPyq97d7WfXHaFGyoige47V1qSCbbn8VKj+yQUU42VvfPSZ2t35ObOpyaymidfZOzPE2SlbusraOtq117jP6oq/qhrH9XxJnjbmnCO6yVfU3x9gLpROAHP+vcH8zAhLLKxPsL2SM1804TbF29YTW80FdPgm1/mMQvmFm437w3E0OHQ4yHnSvAiveJDka6/Ewp1f8x0D7Ksy+nWOthEvSws2PBEtDZjoqI5/mh1ybsOhen5qWxx8rtCzlA8Vh8pzF4+ikauEvtOLtjxp3CpafH4ghWGycjOut4yXNe6sm4ae464XDYRPmo8WTZzJDjQ82TdeTOmxYTiFVx55nkzhE8g3z6ZkT8/ReIsGWDo4R+i2xvUhnPTBhDQPjOpSAGhsDd/t91LkLY4gFBYQ0hL16kcHhKdv2xW45Htk1JURwn86hqev51VROfW4ke/12xd4B6fkIah8XRWW86kHr8Kfr6dGP0JbEbSTHR1q2J3YglssYpDGnTlc6sig4NzE01nDydAau/+5h9O9bbBq6rG03B4J7XJz746lMxIhmSTZGbCcL+nRqPYBPLUd8TEtRCYjAQ1mEzF4hXg8ONm+7uwz6Fl84pMqnnyzszhrWkis7N/H/S33jOBLUmelNAsLaCaCNUiEu/VmOsTxSWMPHAjCoLMZqPGs1MRxxIioUZBTcovHJ7lY5iakSqYeS3u7oLPtYMLuOZF2obpaYxCJJPbZR8IY+eDHB57cRiW07G2cE0JzdCkfziDCtZTd1QFYRA0VxtT4QTIEoJyXOSqsgb4Omqrga69NtvzE503ksAMPONhGO00xynsuwF/rgROT+vT0gIqd7P55PT1ihbbV82tChNa/5kiySKyNyXNqxNJ4lJNMz4VLznwAPKUoAO2ffCYTdRFAqQKPPzjXVFKA/gBlnNLeGgngGqrOyg7v1kysHGyNHF5nw7Wa/hlsE2RcOJOOdGLh2lZIPLEIQJvKfWRk/VYXqkg2vz86nUbA3GY9t6Ui/upTxrHsm6gVWAZssQNUQ3iizacxwdlNENAC4StoqFsSUdzseci3popXq2z4wnXZvwqjIhnxGCPF45UtYjI51ueICU6+BimNvu68uVLmckOmY7tCdqgGJcZlXDXlK0feWQrpzUlt6+WG3FMcOXGyDxthijKHPpnQXKuC/0uSy63gpoEfBP6WeshLWn5k6o51QTWccgKc+n/qL0y3czKVcghFLS198x7gplE7q6Wm+y1wK7bl7sPhahnMF4tTbAgvosvWmy0cPLhwJxhWha+pdHFZkDO+Ght6x0pZKnXo46vCIbSgOkfERfqS4wJVTdX6ltvpKrK717T4yVmZ+IktanoH+blbYHKQ1V7pGKyDxeazz9aopYAFc82kyUmcrKh2R6zRG5JtsiwX5+Ed/5ZeRXwYpxiMvyD1zkC91TVfm98G+OuINQBQxdNs5r3/5r9V53qzwl5csJbcCaIOfK7COWvn/bvUG6H/sg7tYXCwYgF8I1BeQLB8e9duPsiQ1CC3JMTfMrmORLIaZyz2HkEa2T4geVo3mq/NSSNv1Qdn2xWPp46fY2ylYHRSCdMEJybZn4n1JGWycJkLbRNnHAqduFEAGfeZ4VrLane/tJNnB7PmCidUxjv5agSqbTg0xe1Zj0aWIBt3jZEcHOS75guzJ5dIUHUYrc7pIZfLgdLqy1Mzyz4JQRuhUx+EtiN0/cUZjZR/nmOqO9mXZIwxisjLBHRWM7k/zYs3Qyi/VEVAcN/8m8K7TTWX3jqK+zZhSwbS9y985co7K1M+xDkNmIrKprWgWRjHp+di3fWq2rPtgCbaDODbV5yMPZ9w2hHjyiF1E5jAT6sCI1Cx7rhKW35gCWMnkXHxO4XiVTMmlG6Fz5TvoP3htaqv7OWH/tLf5sCtqtczP8424/hi06gquQDv1NtdHZxtZQPzwk08Jfnk+XlH9bTBV7txrJkCQb/EK6x5f4FUkrXaOQIWSXrtpvH31KOPQI5yrpoYkviW4JsNslsEsCa3wiYl5cdsb5v0dTNxVswrLPTntLyjjXHXr7eYmpjVMutD3cJvcSeLsxATJc+/zeHTdlErXsVzqR1yUOpfdAZy3QySqQeRGEZHKHwOEGxNzKEvzOZLiVWcSiMflAJBDrwJjYOeANPmUzhBwepXgOFp6RgMuTS1SLkrTjg45pq0UmwZZkksUWb+UDker7iPDiLvz5q4xj/UpVnzYz2Fc+pb4HQQp+rYHo3szHGcho1M9qv416XqIMs78EYN1NOs6i2rRP/BvFHaSeVUuPfzGZKlHVCaFapan0aYSn2w033AnTY8msxqZkmHjDAknS2i09GkDppbcYNxLwmf58vqc3ZTtarDU83OLHispI8LdgpyBI07SXJ7DK7XltZmpOfomSEKEUC8roZkjAJXGiV/mjuDCb9YA85BqqNTRvvTJDrkJF/v2LT4KRUGxnGguD85yxWhKCgnlIwnp63tZ5t+MEuyxCsQMTQQXOX5Yyv6tItBNbwEQyjl48vX2f8o+Eq7dyO8g+2P+tk48EFpWDe9HXYv9RO9Z99mxz6k5ZEvYYaSCIn+5Mzj/1R5EGdqSG2R6cOMnE1KdWUhZj9CRNSe8u8FUWg6OoVG/+Y33gyTFl5awcjHISM29/aiaBUc9suVWWMV36x4liS4QUpC7xydmlZxTc1gQqcrtgYuVLZ14DElz6UYaIOJEGoH6qqTX1Av9nblcBiXq7PtT5tKNl4kcScwjzM0ic/J044huCVbT0zURoL4p58C+tN3rGmvxxV1CQ8st0ECKuw/4CMFH+5j7shnjQN8cb0cAhfZymy7XuNIjmKG/Df9DqNIfAXduVyx0Dj4M3W+OpGGuyzkqIU+htsxwiUGNTh1p3Urxa2k4XZEC3yn4yaknOTcgxoTmwCzbyIyxaKewrqNZKApDVtG5x1oy8rGwfdhaMVzd8n94bwJRo/1GM0pgZ4Iclov/kXNQjiXsV5xPjLKfkZmMyFLLfsnUAoNDKS+ZsCpFqrwkXf36v2G2Vo6xxDpZLrEBoV9Hqa950bMwJQCTG4XUDkb46ccz0pep18Bb8UGCPYPBfsVSwuueqvVITgzmSIgeFaMqn0kdxy90ac0rPKyu6y6hmQLSYt4IDC1I7RfBxTruTBNDTf2V/wMnYAuSBRYfGkAzeA==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml2:EncryptedAssertion>
</saml2p:Response>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
