I am trying to Integrating Access Manager with Shibboleth IDP Server.
In my scenario Access Manager is Service Provider and Shibboleth IDP is Identity Provider.
I have installed Shibboleth IDP 2.4.5 on Ubuntu 14.04 and Access Manager Appliance 4.4.
I follow the below URL
https://www.netiq.com/communities/co...hs-idp-server/
After all configuration using above URL when I hit the below URL
https://nam.demo.local/nidp/saml2/sp...app.demo.local
It redirect to Shibboleth IDP login page, after successfully authenticate from IDP it redirect me to the below URL
https://nam.demo.local/nidp/app?first=false
With below Error Message on browser
An Identity Provider response was received that failed to authenticate this session. (300101017-6CF8D8AFC3EC4E16)
My Access Manager logs (/opt/novell/nam/idp/logs/catalina.out) are given below
Code:
<amLogEntry> 2018-03-09T14:47:12Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-5

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: ajp-bio-127.0.0.1-9019-exec-4
****** HttpServletRequest Information:
Method: POST
Scheme: https
Context Path: /nidp
Servlet Path: /saml2
Query String: null
Path Info: /spassertion_consumer
Server Name: nam.demo.local
Server Port: 443
Content Length: 7643
Content Type: application/x-www-form-urlencoded
Auth Type: null
Request URL: https://nam.demo.local/nidp/saml2/spassertion_consumer
Host IP Address: 192.168.1.197
Remote Client IP Address: 192.168.1.84
Cookie: (0 of 1): JSESSIONID, eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=
Header: Name: host, Value: nam.demo.local
Header: Name: user-agent, Value: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Header: Name: accept, Value: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Header: Name: accept-language, Value: en-US,en;q=0.5
Header: Name: accept-encoding, Value: gzip, br
Header: Name: referer, Value: https://shibbolethidp.demo.local/idp/profile/SAML2/POST/SSO
Header: Name: content-type, Value: application/x-www-form-urlencoded
Header: Name: content-length, Value: 7643
Header: Name: DNT, Value: 1
Header: Name: connection, Value: keep-alive
Header: Name: Upgrade-Insecure-Requests, Value: 1
Header: Name: Via, Value: 1.1 nam.demo.local (Access Gateway-ag-AF05FE6544A72488-55324)
Session Id: eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=
Session Last Accessed Time: 1520606832668
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: AM#600105011: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#CLeXrIpKcg7Ety+R0yPKw78IX2Q8cuDSOZdR+60QiLE=:  SP saml2 handler to process request received for /nidp/saml2 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2: 
Method: SAML2SSOProfile.processResponse
Thread: ajp-bio-127.0.0.1-9019-exec-4
Received assertion consumer response </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPContext.getRelayStateDecode
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from local file --------> Property:decodeRelayStateParam Value: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Input param url: MQ== :: web.xml param value to decode: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPContext.getRelayStateDecode
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from local file --------> Property:decodeRelayStateParam Value: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPLocalConfigUtil.isPostInFlate
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from local file --------> Property:IS_SAML2_POST_INFLATE Value: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2: 
Method: SAML2Profile.handleInBoundMessage
Thread: ajp-bio-127.0.0.1-9019-exec-4
InBound POST message was NOT inflated. </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2: 
Method: SAML2Profile.traceMessage
Thread: ajp-bio-127.0.0.1-9019-exec-4


************************* SAML2 POST message ********************************

Type: received
 RelayState: MQ==
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://nam.demo.local/nidp/saml2/spassertion_consumer" ID="_28ca3617ca0ed234eacb9a000dd14bc7" InResponseTo="idm-4Awt-53IoKDU7IKZkM12lLGqs" IssueInstant="2018-03-09T14:47:38.687Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://shibbolethidp.demo.local/idp/shibboleth</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion ID="_47cf17413b4f57955a4b30c6a641773c" IssueInstant="2018-03-09T14:47:38.687Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://shibbolethidp.demo.local/idp/shibboleth</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_47cf17413b4f57955a4b30c6a641773c"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>yj6pHPakEvFGQqs5UNZnn/dGdh4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>IOXdzou8ppycmF5z1yHuM4QYLEJHtcbuhB0krBpH0JUZCC8YcwHz/Xymxwo4Bu/YZvo+QSfJWuXaRtMN0WZ973vyzUFC0/O2icZr26CSX0JmpH+nhCo3MW7axHjqmB70pgkPiOgmAE7DN94jZDyOZx3LfaMthsjeR/DEIII7spO0ROOJLhWCa23lB+CWlpaPc+4fkgmNmQtgcuImZdhC/Gn4nzsQLz1pPixOHIV9Z7YR3FWvITiD/VSlrmRr1hSBN1BMzqZIXVBVb9PBqic+iUMoTVgdF7awTTzwqha/3RWqIOeq4XOjaCIlnh1vwEdbF36H2dVOgv4D7M/A60TX9Q==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDTDCCAjSgAwIBAgIVANTp/dbPi/kd5ocXK/PXcVwSn5gNMA0GCSqGSIb3DQEBBQUAMCMxITAf
BgNVBAMMGHNoaWJib2xldGhpZHAuYWl0Yy5sb2NhbDAeFw0xODAyMjcwNzM4MTNaFw0zODAyMjcw
NzM4MTNaMCMxITAfBgNVBAMMGHNoaWJib2xldGhpZHAuYWl0Yy5sb2NhbDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMqwO3dHFGsFULUDr6XwKYIOJ5qWbxiy6xZlAPytzC24w4AO6hMa
PnFSD86RJVOjUZdzyra77q0wZjowBoIKm7RXTLh8tiXTy6fYl27CHE7VnCegt6jFEje4znPbytqi
JCuU94k5slVBK9fjw72N0patppzGVBigzjDJEq5zQK1F3Sh2PSBLOxch0V01exjVQnskIi7OY/E1
ZLKFWBHTXWq1SEcqwQhq/HZ6atIuCV8WX0O26uKjRX/N9LMiA/jyrpzfivw4nB9A4Kmo5Yopb9CJ
JmdrflF7LqIcLKh3EiKwjUkGRULz5J/KvFtFEuyC8l4QDzIxnBRHHin5qbcextcCAwEAAaN3MHUw
HQYDVR0OBBYEFKL3dDqL+6e+r6uLt/oiPGUTcYywMFQGA1UdEQRNMEuCGHNoaWJib2xldGhpZHAu
YWl0Yy5sb2NhbIYvaHR0cHM6Ly9zaGliYm9sZXRoaWRwLmFpdGMubG9jYWwvaWRwL3NoaWJib2xl
dGgwDQYJKoZIhvcNAQEFBQADggEBALFdRzQmDZTMF0m6tG6wY7I95gNrDbV+QSmcdox6I8hS5UXx
/peLKGlqV5vnH2VIy2qyNKdiGXtCglVMOnc4cOpY4nCAvA7/nOPd3dyaRpat/p8T6Jcuue3V9+ta
9wVemLxe5odP9tEVBZUDPexwsY36lBZByDgUFTL+QH6eMjP3Gid0RIUiOmUWYWBmIDMqLHzBL52S
cd02p+m99Zvrh0NAwUi/CPW0Uu/UzPjvcO+E+bJfm+G7sZRQyJ0IhbODVr/rtjmzyXMAPMRa9Usy
FePSIVzEM8TitTTZCJEkYehGt1zOig/IQ5ZavY6//ny3OL2eXx9tbAuSszDOpgh4PZQ=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://shibbolethidp.demo.local/idp/shibboleth" SPNameQualifier="https://nam.demo.local/nidp/saml2/metadata">_7b12013841226a132105c13394f4841d</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData Address="192.168.1.84" InResponseTo="idm-4Awt-53IoKDU7IKZkM12lLGqs" NotOnOrAfter="2018-03-09T14:52:38.687Z" Recipient="https://nam.demo.local/nidp/saml2/spassertion_consumer"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2018-03-09T14:47:38.687Z" NotOnOrAfter="2018-03-09T14:52:38.687Z"><saml2:AudienceRestriction><saml2:Audience>https://nam.demo.local/nidp/saml2/metadata</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2018-03-09T14:47:38.631Z" SessionIndex="_73a50b0ab726048e21cad78d8c937149"><saml2:SubjectLocality Address="192.168.1.84"/><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute Name="urn:oscar:names:idm:attribute:mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="urn:oscar:names:idm:attribute:givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="urn:oscar:names:idm:attribute:cn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="urn:oscar:names:idm:attribute:sn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">**</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></saml2p:Response>
************************* End SAML2 message ****************************

 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPLocalConfigUtil.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from local file --------> Property:XML_PARSE_ALLOW_DTD Value: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2: 
Method: SAML2AuthnContext.parse
Thread: ajp-bio-127.0.0.1-9019-exec-4
expiration: 0 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2: 
Method: SAML2AuthnContext.parse
Thread: ajp-bio-127.0.0.1-9019-exec-4
AssuranceLevel: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: XMLSignable.logEncryptInfo
Thread: ajp-bio-127.0.0.1-9019-exec-4
Encrypted element [[urn:oasis:names:tc:SAML:2.0:assertion-saml-AttributeStatement]] was decrypted using encryption cert [CN=*.demo.local] having serial no [117708264469420193563469560508705801671968629393] </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: XMLSignable.logEncryptInfo
Thread: ajp-bio-127.0.0.1-9019-exec-4
Encrypted element [[urn:oasis:names:tc:SAML:2.0:assertion-saml-Subject]] was decrypted using encryption cert [CN=*.demo.local] having serial no [117708264469420193563469560508705801671968629393] </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: SAML2Utils.isSaml2AvoidSignAndValidateAssertion
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from edirectory configuration store --------> Property:SAML2_AVOID_SIGN_AND_VALIDATE_ASSERTION_TRUSTEDPROVIDERS Value: true Trusted Provider: https://shibbolethidp.demo.local/idp/shibboleth </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: XMLSignable.logEncryptInfo
Thread: ajp-bio-127.0.0.1-9019-exec-4
Encrypted element [[urn:oasis:names:tc:SAML:2.0:assertion-saml-EncryptedAssertion]s (0)] was decrypted using encryption cert [CN=*.demo.local] having serial no [117708264469420193563469560508705801671968629393] </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2: 
Method: SAML2Profile.A
Thread: ajp-bio-127.0.0.1-9019-exec-4
Processing artifact for pre-brokering, provider= https://shibbolethidp.demo.local/idp/shibboleth and relayState = MQ== </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2: 
Method: SAML2Profile.A
Thread: ajp-bio-127.0.0.1-9019-exec-4
Relaystate does not have Intersite Transfer request.. no brokering policy enforcement is needed </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: SAML2Utils.isSaml2PostSignResponse
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from file as global for all trusted providers  --------> Property:IS_SAML2_POST_SIGN_RESPONSE Value: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: SAML2Utils.isSaml2PostSignResponseProvider
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from file for Trusted Provider https://shibbolethidp.demo.local/idp/shibboleth --------> Property:SAML2_POST_SIGN_RESPONSE_TRUSTEDPROVIDERS Value: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: SAML2Utils.isSaml2AvoidSignAndValidateAssertion
Thread: ajp-bio-127.0.0.1-9019-exec-4
Property read from edirectory configuration store --------> Property:SAML2_AVOID_SIGN_AND_VALIDATE_ASSERTION_TRUSTEDPROVIDERS Value: true Trusted Provider: https://shibbolethidp.demo.local/idp/shibboleth </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2: 
Method: SAML2AuthenticationHandler.verifyResponse
Thread: ajp-bio-127.0.0.1-9019-exec-4
Avoid assertion signature validation: true SAML2Response is not signed: false throwing bad_signature exception. </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: IDPAuthenticationHandler.handleAuthentication
Thread: ajp-bio-127.0.0.1-9019-exec-4
Was authnResponse verified: No </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: IDP response failed to authenticate: NIDPLOGGING.300101017 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS SAML2: 
Method: SAML2Utils.isOptionConfigured
Thread: ajp-bio-127.0.0.1-9019-exec-4
SAML2_REQUEST_IGNORE_AUTHNCONTEXT is not configured as service provider's ui option </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPLocalConfigUtil.getSaml2TPValueBoolean
Thread: ajp-bio-127.0.0.1-9019-exec-4
 [nidpconfig.properties] Options - https://shibbolethidp.demo.local/idp/shibboleth->SAML2_REQUEST_IGNORE_AUTHNCONTEXT value returned:  false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPServletContext.goJSP
Thread: ajp-bio-127.0.0.1-9019-exec-4
Forwarding to JSP: /jsp/top.jsp </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z INFO NIDS Application: AM#500105039: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#CLeXrIpKcg7Ety+R0yPKw78IX2Q8cuDSOZdR+60QiLE=:  Error on session id eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=, error 300101017-6CF8D8AFC3EC4E16, An Identity Provider response was received that failed to authenticate this session.:Missing or invalid signature on assertion: </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPProxyableServlet.myDoGetWithProxy
Thread: ajp-bio-127.0.0.1-9019-exec-4
****** HttpServletRequest Information:
Method: GET
Scheme: https
Context Path: /nidp
Servlet Path: /app
Query String: first=false
Path Info: null
Server Name: nam.demo.local
Server Port: 443
Content Length: -1
Content Type: null
Auth Type: null
Request URL: https://nam.demo.local/nidp/app
Host IP Address: 192.168.1.197
Remote Client IP Address: 192.168.1.84
Cookie: (0 of 1): JSESSIONID, eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=
Header: Name: host, Value: nam.demo.local
Header: Name: user-agent, Value: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Header: Name: accept, Value: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Header: Name: accept-language, Value: en-US,en;q=0.5
Header: Name: accept-encoding, Value: gzip, br
Header: Name: referer, Value: https://nam.demo.local/nidp/saml2/spassertion_consumer
Header: Name: DNT, Value: 1
Header: Name: connection, Value: keep-alive
Header: Name: Upgrade-Insecure-Requests, Value: 1
Header: Name: Via, Value: 1.1 nam.demo.local (Access Gateway-ag-AF05FE6544A72488-55325)
Session Id: eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=
Session Last Accessed Time: 1520606859662
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPServletURLSchemaManager.getUrlCategory
Thread: ajp-bio-127.0.0.1-9019-exec-4
Unable to Categorize URL: /nidp </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPServletURLSchemaManager.getUrlCategory
Thread: ajp-bio-127.0.0.1-9019-exec-4
Unable to Categorize URL: /nidp </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CommonHandler.handleRequest
Thread: ajp-bio-127.0.0.1-9019-exec-4
Handling request: app </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: ProxyProfile.isProxyRequest
Thread: ajp-bio-127.0.0.1-9019-exec-4
/nidp/app is a ProxyRequest: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z INFO NIDS Application: AM#500105015: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#CLeXrIpKcg7Ety+R0yPKw78IX2Q8cuDSOZdR+60QiLE=:  Processing login request with TARGET = , saved TARGET = . </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z INFO NIDS Application: AM#500105009: AMDEVICEID#6CF8D8AFC3EC4E16: AMAUTHID#CLeXrIpKcg7Ety+R0yPKw78IX2Q8cuDSOZdR+60QiLE=:  Executing contract IDP Select. </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: LocalAuthenticationClass.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-4
Parameter m_ExpiredCheck(ExpiredCheck) = false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: LocalAuthenticationClass.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-4
Parameter m_AuthenticateExpiredPassword(AuthenticateExpiredPassword) = false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Executing authentication method Introduction </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: ProviderDiscoveryProfile.getIntroductions
Thread: ajp-bio-127.0.0.1-9019-exec-4
GetIntroductions _saml_idp null  </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Authentication method Introduction failed while executing the class com.novell.nidp.authentication.local.IntroductionClass@736b46e4 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Session has consumed authentications: false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: LocalAuthenticationClass.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-4
Parameter m_ExpiredCheck(ExpiredCheck) = false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: LocalAuthenticationClass.<init>
Thread: ajp-bio-127.0.0.1-9019-exec-4
Parameter m_AuthenticateExpiredPassword(AuthenticateExpiredPassword) = false </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Executing authentication method IDP Select </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z VERBOSE NIDS Application: Authentication method IDP Select requires additional interaction. </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: ContractExecutionState.exec
Thread: ajp-bio-127.0.0.1-9019-exec-4
Just returned from call to doContract():
Status: SHOW_PAGE
Contract: IDP Select
Auth Class: com.novell.nidp.authentication.local.IDPSelectionClass
Auth Class Page to Show: None
Request Param: option: null
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPServletContext.goJSP
Thread: ajp-bio-127.0.0.1-9019-exec-4
Forwarding to JSP: /jsp/main.jsp </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPResourceManager.A
Thread: ajp-bio-127.0.0.1-9019-exec-4
Locale: en_US mapped to directory en </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: NIDPResourceManager.A
Thread: ajp-bio-127.0.0.1-9019-exec-4
Locale: en_US mapped to directory en </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: CacheMap.A
Thread: ajp-bio-127.0.0.1-9019-exec-4

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@838f395 from cache session succeeded using key eKGU136IzDirItsbNUaONE64HQh5zwMZKmoMD+02ikU=.  Cache size is 17
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: LDAPAuthority.getObjectByDn
Thread: ajp-bio-127.0.0.1-9019-exec-7
dn = cn=mobileAccess,cn=SCCpqaf3f,ou=idpClusters,o=amSystem </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: LDAPAuthority.getObjectByDn
Thread: ajp-bio-127.0.0.1-9019-exec-7
dn1 = cn=mobileAccess,cn=SCCpqaf3f,ou=idpClusters,o=amSystem </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-7
Target object dn: cn=mobileAccess,cn=SCCpqaf3f,ou=idpClusters,o=amSystem
Acting as: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell
Attrs: null or zero! </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-7
getNextConnection() attempting to get preferred replica from the IPreferredReplica interface </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-7
Closing LDAP connection due to connection timeout! Interval: 163743, Timeout: 10000, Connection: Id: 6b396ced-9b84-44d3-82ff-c2e7fb7d2c02, host: ldaps://192.168.1.197 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-7
Connection: 39aac35d-75ff-44dd-bbc6-9d85cd0226fa, Environment Parameters for InitialDirContext() method call:
Key: java.naming.factory.initial, Value: com.sun.jndi.ldap.LdapCtxFactory
Key: java.naming.provider.url, Value: ldaps://192.168.1.197:636
Key: com.sun.jndi.ldap.connect.timeout, Value: 0
Key: java.naming.security.principal, Value: ou=nidsUser,ou=UsersContainer,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root,ou=accessManagerContainer,o=novell
Key: java.naming.security.authentication, Value: simple
Key: java.naming.security.credentials, Value: *****
Key: java.naming.security.protocol, Value: ssl
Key: java.naming.ldap.factory.socket, Value: com.novell.nidp.common.util.net.client.NIDP_SSLSocketFactory
 </amLogEntry>

<amLogEntry> 2018-03-09T14:47:39Z DEBUG NIDS Application: 
Method: JNDILogEventListener.accept
Thread: ajp-bio-127.0.0.1-9019-exec-7
Added property to DirContext Environment: Property Name: java.naming.ldap.attributes.binary, Value: GUID nDSPKITrustedRootCertificate </amLogEntry>
My Shibboleth IDP logs (/opt/shibboleth-idp/logs/idp-process.log) are given below
Code:
20:17:38.628 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:144] - Returning control to authentication engine
20:17:38.629 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:209] - Processing incoming request
20:17:38.629 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:514] - Completing user authentication process
20:17:38.629 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:585] - Validating authentication was performed successfully
20:17:38.630 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:696] - Updating session information for principal vikram
20:17:38.630 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:700] - Creating shibboleth session for principal vikram
20:17:38.630 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:815] - Adding IdP session cookie to HTTP response
20:17:38.631 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:715] - Recording authentication and service information in Shibboleth session for principal: vikram
20:17:38.631 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:560] - User vikram authenticated with method urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
20:17:38.632 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:161] - Returning control to profile handler
20:17:38.632 - DEBUG [edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine:177] - Redirecting user to profile handler at https://shibbolethidp.demo.local:443/idp/profile/SAML2/POST/SSO
20:17:38.653 - INFO [Shibboleth-Access:73] - 20180309T144738Z|192.168.1.84|shibbolethidp.demo.local:443|/profile/SAML2/POST/SSO|
20:17:38.653 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:86] - shibboleth.HandlerManager: Looking up profile handler for request path: /SAML2/POST/SSO
20:17:38.653 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.IdPProfileHandlerManager:97] - shibboleth.HandlerManager: Located profile handler of the following type for the request path: edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler
20:17:38.654 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:588] - Unbinding LoginContext
20:17:38.654 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:614] - Expiring LoginContext cookie
20:17:38.654 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:625] - Removed LoginContext, with key f8428ffbc09dc1533131a09b3ef8b4fc9e9f455c2064f4a87b7d45d391aaf2b7, from StorageService partition loginContexts
20:17:38.655 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:172] - Incoming request contains a login context and indicates principal was authenticated, processing second leg of request
20:17:38.655 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:128] - Looking up relying party configuration for https://nam.demo.local/nidp/saml2/metadata
20:17:38.655 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:134] - No custom relying party configuration found for https://nam.demo.local/nidp/saml2/metadata, looking up configuration based on metadata groups.
20:17:38.655 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:157] - No custom or group-based relying party configuration found for https://nam.demo.local/nidp/saml2/metadata. Using default relying party configuration.
20:17:38.659 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:478] - Resolving attributes for principal 'vikram' for SAML request from relying party 'https://nam.demo.local/nidp/saml2/metadata'
20:17:38.659 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:326] - metadata contains the following attributes: []
20:17:38.659 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:119] - shibboleth.AttributeResolver resolving attributes for principal vikram
20:17:38.660 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:275] - Specific attributes for principal vikram were not requested, resolving all attributes.
20:17:38.660 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute mail for principal vikram
20:17:38.660 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:354] - Resolving data connector mySIS for principal vikram
20:17:38.667 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:262] - RDBMS data connector mySIS - Search Query: SELECT security.provider_no, security.user_name, security.security_no, provider.last_name, provider.first_name,provider.email FROM security inner join provider on security.provider_no=provider.provider_no WHERE user_name = 'vikram'
20:17:38.668 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:323] - RDBMS data connector mySIS - Querying database for attributes with query SELECT security.provider_no, security.user_name, security.security_no, provider.last_name, provider.first_name,provider.email FROM security inner join provider on security.provider_no=provider.provider_no WHERE user_name = 'vikram'
20:17:38.673 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.RDBMSDataConnector:332] - RDBMS data connector mySIS - Retrieved attributes: [security_no, mail, givenName, cn, sn, provider_no]
20:17:38.674 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute mail containing 1 values
20:17:38.675 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute transientId for principal vikram
20:17:38.675 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdAttributeDefinition:97] - Building transient ID for request idm-4Awt-53IoKDU7IKZkM12lLGqs; outbound message issuer: https://shibbolethidp.demo.local/idp/shibboleth, inbound message issuer: https://nam.demo.local/nidp/saml2/metadata, principal identifer: vikram
20:17:38.675 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.TransientIdAttributeDefinition:115] - Created transient ID _7b12013841226a132105c13394f4841d for request idm-4Awt-53IoKDU7IKZkM12lLGqs
20:17:38.676 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute transientId containing 1 values
20:17:38.676 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute givenName for principal vikram
20:17:38.676 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute givenName containing 1 values
20:17:38.676 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute cn for principal vikram
20:17:38.677 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute cn containing 1 values
20:17:38.677 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:314] - Resolving attribute sn for principal vikram
20:17:38.677 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:336] - Resolved attribute sn containing 1 values
20:17:38.678 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute mail has 1 values after post-processing
20:17:38.678 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute transientId has 1 values after post-processing
20:17:38.678 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute givenName has 1 values after post-processing
20:17:38.678 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute cn has 1 values after post-processing
20:17:38.678 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:473] - Attribute sn has 1 values after post-processing
20:17:38.679 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:137] - shibboleth.AttributeResolver resolved, for principal vikram, the attributes: [mail, transientId, givenName, cn, sn]
20:17:38.679 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:71] - shibboleth.AttributeFilterEngine filtering 5 attributes for principal vikram
20:17:38.679 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releaseTransientIdToAnyone is active for principal vikram
20:17:38.679 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releaseTransientIdToAnyone is active for principal vikram
20:17:38.680 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute transientId for principal vikram
20:17:38.680 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasecnToAnyone is active for principal vikram
20:17:38.680 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasecnToAnyone is active for principal vikram
20:17:38.680 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute cn for principal vikram
20:17:38.680 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasegivenNameToAnyone is active for principal vikram
20:17:38.681 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasegivenNameToAnyone is active for principal vikram
20:17:38.681 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute givenName for principal vikram
20:17:38.681 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasesnToAnyone is active for principal vikram
20:17:38.681 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasesnToAnyone is active for principal vikram
20:17:38.682 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute sn for principal vikram
20:17:38.682 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] - Evaluating if filter policy releasemailToAnyone is active for principal vikram
20:17:38.682 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:139] - Filter policy releasemailToAnyone is active for principal vikram
20:17:38.682 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:163] - Processing permit value rule for attribute mail for principal vikram
20:17:38.683 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute mail has 1 values after filtering
20:17:38.683 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute transientId has 1 values after filtering
20:17:38.683 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute givenName has 1 values after filtering
20:17:38.684 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute cn has 1 values after filtering
20:17:38.684 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109] - Attribute sn has 1 values after filtering
20:17:38.684 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:114] - Filtered attributes for principal vikram.  The following attributes remain: [mail, transientId, givenName, cn, sn]
20:17:38.685 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:505] - Creating attribute statement in response to SAML request 'idm-4Awt-53IoKDU7IKZkM12lLGqs' from relying party 'https://nam.demo.local/nidp/saml2/metadata'
20:17:38.685 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute mail with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
20:17:38.685 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:263] - Attribute transientId was not encoded (filtered by query, or no SAML2AttributeEncoder attached).
20:17:38.686 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute givenName with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
20:17:38.686 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute cn with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
20:17:38.687 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:247] - Encoded attribute sn with encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.provider.SAML2StringAttributeEncoder
20:17:38.687 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:528] - Filtering out potential name identifier attributes which can not be encoded by edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.688 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute mail, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.688 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:542] - Retaining attribute transientId which may be encoded to via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.688 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute givenName, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.688 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute cn, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.688 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:547] - Removing attribute sn, it can not be encoded via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.689 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:484] - Attempting to select name identifier attribute for relying party 'https://nam.demo.local/nidp/saml2/metadata' that requires format 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
20:17:38.689 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:567] - Filtering out potential name identifier attributes which do not support one of the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
20:17:38.689 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:586] - Retaining attribute transientId which may be encoded as a name identifier of format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
20:17:38.689 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:691] - Selecting attribute to be encoded as a name identifier by encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
20:17:38.690 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:718] - Selecting the first attribute that can be encoded in to a name identifier
20:17:38.690 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:502] - Name identifier for relying party 'https://nam.demo.local/nidp/saml2/metadata' will be built from attribute 'transientId'
20:17:38.690 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:868] - Using attribute 'transientId' supporting NameID format 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' to create the NameID for relying party 'https://nam.demo.local/nidp/saml2/metadata'
20:17:38.690 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:572] - Determining if SAML assertion to relying party 'https://nam.demo.local/nidp/saml2/metadata' should be signed
20:17:38.691 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:653] - IdP relying party configuration 'default' indicates to sign assertions: true
20:17:38.691 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:583] - Determining signing credntial for assertion to relying party 'https://nam.demo.local/nidp/saml2/metadata'
20:17:38.691 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:599] - Signing assertion to relying party https://nam.demo.local/nidp/saml2/metadata
20:17:38.702 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:331] - secondarily indexing user session by name identifier
20:17:38.702 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:797] - Encoding response to SAML request idm-4Awt-53IoKDU7IKZkM12lLGqs from relying party https://nam.demo.local/nidp/saml2/metadata
20:17:38.713 - INFO [Shibboleth-Audit:1028] - 20180309T144738Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|idm-4Awt-53IoKDU7IKZkM12lLGqs|https://nam.demo.local/nidp/saml2/metadata|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://shibbolethidp.demo.local/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_28ca3617ca0ed234eacb9a000dd14bc7|vikram|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|mail,transientId,givenName,cn,sn,|_7b12013841226a132105c13394f4841d|_47cf17413b4f57955a4b30c6a641773c,|