moos3/idp-process.log

## idp-process.log
09:17:00.855 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service shibboleth.AttributeResolver
09:17:00.895 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for PrincipalConnector plugin with ID: shibTransient
09:17:00.896 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for PrincipalConnector plugin with ID: saml1Unspec
09:17:00.896 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for PrincipalConnector plugin with ID: saml2Transient
09:17:00.897 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for PrincipalConnector plugin with ID: saml2Persistent
09:17:00.903 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for DataConnector plugin with ID: myLDAP
09:17:00.907 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for DataConnector plugin with ID: myStoredId
09:17:00.983 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for AttributeDefinition plugin with ID: transientId
09:17:01.746 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:180] - shibboleth.AttributeResolver service loaded new configuration
09:17:01.752 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service shibboleth.AttributeFilterEngine
09:17:01.768 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.filtering.AttributeFilterPolicyBeanDefinitionParser:72] - Parsing configuration for attribute filter policy releaseTransientIdToAnyone
09:17:01.786 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:180] - shibboleth.AttributeFilterEngine service loaded new configuration
09:17:01.793 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service shibboleth.SAML1AttributeAuthority
09:17:01.798 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service shibboleth.SAML2AttributeAuthority
09:17:01.805 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service shibboleth.RelyingPartyConfigurationManager
09:17:01.881 - INFO [edu.internet2.middleware.shibboleth.common.config.relyingparty.RelyingPartyConfigurationBeanDefinitionParser:73] - Parsing configuration for relying party with id: anonymous
09:17:01.882 - INFO [edu.internet2.middleware.shibboleth.common.config.relyingparty.RelyingPartyConfigurationBeanDefinitionParser:73] - Parsing configuration for relying party with id: default
09:17:01.908 - INFO [edu.internet2.middleware.shibboleth.common.config.security.AbstractX509CredentialBeanDefinitionParser:63] - Parsing configuration for X509Filesystem credential with id: IdPCredential
09:17:01.975 - INFO [edu.internet2.middleware.shibboleth.common.config.security.StaticExplicitKeySignatureTrustEngineBeanDefinitionParser:52] - Parsing configuration for StaticExplicitKeySignature trust engine with id: shibboleth.MetadataTrustEngine
09:17:01.976 - INFO [edu.internet2.middleware.shibboleth.common.config.security.AbstractX509CredentialBeanDefinitionParser:63] - Parsing configuration for X509Filesystem credential with id: InCommonFederationCredentials
09:17:01.978 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ChainingSignatureTrustEngineBeanDefinitionParser:59] - Parsing configuration for SignatureChaining trust engine with id: shibboleth.SignatureTrustEngine
09:17:01.979 - INFO [edu.internet2.middleware.shibboleth.common.config.security.MetadataExplicitKeySignatureTrustEngineBeanDefinitionParser:50] - Parsing configuration for MetadataExplicitKeySignature trust engine with id: shibboleth.SignatureMetadataExplicitKeyTrustEngine
09:17:01.979 - INFO [edu.internet2.middleware.shibboleth.common.config.security.MetadataPKIXSignatureTrustEngineBeanDefinitionParser:52] - Parsing configuration for MetadataPKIXSignature trust engine with id: shibboleth.SignatureMetadataPKIXTrustEngine
09:17:01.980 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ChainingTrustEngineBeanDefinitionParser:59] - Parsing configuration for Chaining trust engine with id: shibboleth.CredentialTrustEngine
09:17:01.981 - INFO [edu.internet2.middleware.shibboleth.common.config.security.MetadataExplicitKeyTrustEngineBeanDefinitionParser:48] - Parsing configuration for MetadataExplicitKey trust engine with id: shibboleth.CredentialMetadataExplictKeyTrustEngine
09:17:01.982 - INFO [edu.internet2.middleware.shibboleth.common.config.security.MetadataPKIXX509CredentialTrustEngineBeanDefinitionParser:52] - Parsing configuration for MetadataPKIXX509Credential trust engine with id: shibboleth.CredentialMetadataPKIXTrustEngine
09:17:01.982 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.ShibbolethSSOSecurityPolicy
09:17:01.988 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML1AttributeQuerySecurityPolicy
09:17:01.993 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML1ArtifactResolutionSecurityPolicy
09:17:01.994 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML2SSOSecurityPolicy
09:17:01.997 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML2AttributeQuerySecurityPolicy
09:17:01.999 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML2ArtifactResolutionSecurityPolicy
09:17:02.001 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML2SLOSecurityPolicy
09:17:50.067 - ERROR [edu.internet2.middleware.shibboleth.common.config.BaseService:188] - Configuration was not loaded for shibboleth.RelyingPartyConfigurationManager service, error creating components.  The root cause of this error was: java.lang.NullPointerException: null

## relaying-party.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
    This file is an EXAMPLE configuration file.

    This file specifies relying party dependent configurations for the IdP, for example, whether SAML assertions to a
    particular relying party should be signed.  It also includes metadata provider and credential definitions used
    when answering requests to a relying party.
-->
<rp:RelyingPartyGroup xmlns:rp="urn:mace:shibboleth:2.0:relying-party" xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml"
                      xmlns:metadata="urn:mace:shibboleth:2.0:metadata" xmlns:resource="urn:mace:shibboleth:2.0:resource"
                      xmlns:security="urn:mace:shibboleth:2.0:security" xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml"
                      xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
                                          urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
                                          urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd
                                          urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd
                                          urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd
                                          urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd
                                          urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">

    <!-- ========================================== -->
    <!--      Relying Party Configurations          -->
    <!-- ========================================== -->
    <rp:AnonymousRelyingParty provider="https://idp.symplicity.com/idp/shibboleth" defaultSigningCredentialRef="IdPCredential"/>

    <rp:DefaultRelyingParty provider="https://idp.symplicity.com/idp/shibboleth" defaultSigningCredentialRef="IdPCredential">
        <!--
            Each attribute in these profiles configuration is set to its default value,
            that is, the values that would be in effect if those attributes were not present.
            We list them here so that people are aware of them (since they seem reluctant to
            read the documentation).
        -->
        <rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" includeAttributeStatement="false"
                                 assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"
                                 includeConditionsNotBefore="true"/>

        <rp:ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" assertionLifetime="PT5M"
                                 signResponses="conditional" signAssertions="never"
                                 includeConditionsNotBefore="true"/>

        <rp:ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" signResponses="conditional"
                                 signAssertions="never"/>

        <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" includeAttributeStatement="true"
                                 assertionLifetime="PT5M" assertionProxyCount="0"
                                 signResponses="never" signAssertions="always"
                                 encryptAssertions="conditional" encryptNameIds="never"
                                 includeConditionsNotBefore="true"/>

        <rp:ProfileConfiguration xsi:type="saml:SAML2ECPProfile" includeAttributeStatement="true"
                                 assertionLifetime="PT5M" assertionProxyCount="0"
                                 signResponses="never" signAssertions="always"
                                 encryptAssertions="conditional" encryptNameIds="never"
                                 includeConditionsNotBefore="true"/>

        <rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile"
                                 assertionLifetime="PT5M" assertionProxyCount="0"
                                 signResponses="conditional" signAssertions="never"
                                 encryptAssertions="conditional" encryptNameIds="never"
                                 includeConditionsNotBefore="true"/>

        <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile"
                                 signResponses="never" signAssertions="always"
                                 encryptAssertions="conditional" encryptNameIds="never"/>

        <rp:ProfileConfiguration xsi:type="saml:SAML2LogoutRequestProfile"
                                 signResponses="conditional"/>

    </rp:DefaultRelyingParty>


    <!-- ========================================== -->
    <!--      Metadata Configuration                -->
    <!-- ========================================== -->
    <!-- MetadataProvider the combining other MetadataProviders -->
    <metadata:MetadataProvider id="ShibbolethMetadata" xsi:type="metadata:ChainingMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">

    	<!-- Load the IdP's own metadata.  This is necessary for artifact support. -->
        <metadata:MetadataProvider id="IdPMD" xsi:type="metadata:FilesystemMetadataProvider"
                                   metadataFile="/opt/shibboleth-idp/metadata/idp-metadata.xml"
                                   maxRefreshDelay="P1D" />

        <!-- Example metadata provider. -->
        <!-- Reads metadata from a URL and store a backup copy on the file system. -->
        <!-- Validates the signature of the metadata and filters out all by SP entities in order to save memory -->
        <!-- To use: fill in 'metadataURL' and 'backingFile' properties on MetadataResource element -->
	 <metadata:MetadataProvider id="URLMD_InCommon" xsi:type="metadata:FileBackedHTTPMetadataProvider"
                      metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
                      backingFile="/opt/shibboleth-idp/metadata/InCommon-metadata.xml" maxRefreshDelay="PT1H" xmlns="urn:mace:shibboleth:2.0:metadata">
	        <metadata:MetadataFilter xsi:type="metadata:ChainingFilter">
	            <metadata:MetadataFilter xsi:type="metadata:RequiredValidUntil"
	                            maxValidityInterval="P14D" />
	            <metadata:MetadataFilter xsi:type="metadata:SignatureValidation"
	                            trustEngineRef="shibboleth.MetadataTrustEngine"
	                            requireSignedMetadata="true" />
	                <metadata:MetadataFilter xsi:type="metadata:EntityRoleWhiteList">
	                <metadata:RetainedRole>samlmd:SPSSODescriptor</metadata:RetainedRole>
	            </metadata:MetadataFilter>
	        </metadata:MetadataFilter>
	</metadata:MetadataProvider>

    	<metadata:MetadataProvider xsi:type="metadata:FilesystemMetadataProvider"
              id="TrustedPartners"
              metadataFile="/opt/shibboleth-idp/metadata/TrustedPartners-metadata.xml" />

    </metadata:MetadataProvider>
    <!-- ========================================== -->
    <!--     Security Configurations                -->
    <!-- ========================================== -->
    <security:Credential id="IdPCredential" xsi:type="security:X509Filesystem">
        <security:PrivateKey>/opt/shibboleth-idp/credentials/idp.key</security:PrivateKey>
        <security:Certificate>/opt/shibboleth-idp/credentials/idp.crt</security:Certificate>
    </security:Credential>

    <!-- Trust engine used to evaluate the signature on loaded metadata. -->
    <!--
    <security:TrustEngine id="shibboleth.MetadataTrustEngine" xsi:type="security:StaticExplicitKeySignature">
        <security:Credential id="MyFederation1Credentials" xsi:type="security:X509Filesystem">
            <security:Certificate>/opt/shibboleth-idp/credentials/federation1.crt</security:Certificate>
        </security:Credential>
    <security:Credential id="MyFederation1Credentials" xsi:type="security:X509Filesystem">
    <security:Certificate>/opt/shibboleth-idp/credentials/inc-md-cert.pem</security:Certificate>
  </security:Credential>
    </security:TrustEngine>
     -->
<!--
  This TrustEngine (beneath the Security Configuration section) is an
  implementation of the Explicit Key Trust Model (https://spaces.internet2.edu/x/t43NAQ).

  To bootstrap the trust fabric of the federation, each relying party
  obtains and configures an authentic copy of the federation operator’s
  Metadata Signing Certificate (https://spaces.internet2.edu/x/moHFAg).
-->
    <security:TrustEngine id="shibboleth.MetadataTrustEngine" xsi:type="security:StaticExplicitKeySignature">
        <security:Credential id="InCommonFederationCredentials" xsi:type="security:X509Filesystem">
            <security:Certificate>/opt/shibboleth-idp/credentials/inc-md-cert.pem</security:Certificate>
        </security:Credential>
    </security:TrustEngine>
    <!-- DO NOT EDIT BELOW THIS POINT -->
    <!--
        The following trust engines and rules control every aspect of security related to incoming messages.
        Trust engines evaluate various tokens (like digital signatures) for trust worthiness while the
        security policies establish a set of checks that an incoming message must pass in order to be considered
        secure.  Naturally some of these checks require the validation of the tokens evaluated by the trust
        engines and so you'll see some rules that reference the declared trust engines.
    -->
    <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:SignatureChaining">
        <security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature" metadataProviderRef="ShibbolethMetadata"/>
        <security:TrustEngine id="shibboleth.SignatureMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXSignature" metadataProviderRef="ShibbolethMetadata"/>
    </security:TrustEngine>

    <security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:Chaining">
        <security:TrustEngine id="shibboleth.CredentialMetadataExplictKeyTrustEngine" xsi:type="security:MetadataExplicitKey" metadataProviderRef="ShibbolethMetadata"/>
        <security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential" metadataProviderRef="ShibbolethMetadata"/>
    </security:TrustEngine>

    <security:SecurityPolicy id="shibboleth.ShibbolethSSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
        <security:Rule xsi:type="samlsec:Replay" required="false"/>
        <security:Rule xsi:type="samlsec:IssueInstant" required="false"/>
        <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
    </security:SecurityPolicy>

    <security:SecurityPolicy id="shibboleth.SAML1AttributeQuerySecurityPolicy" xsi:type="security:SecurityPolicyType">
        <security:Rule xsi:type="samlsec:Replay"/>
        <security:Rule xsi:type="samlsec:IssueInstant"/>
        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
        <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
        <security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
    </security:SecurityPolicy>

    <security:SecurityPolicy id="shibboleth.SAML1ArtifactResolutionSecurityPolicy" xsi:type="security:SecurityPolicyType">
        <security:Rule xsi:type="samlsec:Replay"/>
        <security:Rule xsi:type="samlsec:IssueInstant"/>
        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
        <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
        <security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
    </security:SecurityPolicy>

    <security:SecurityPolicy id="shibboleth.SAML2SSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
        <security:Rule xsi:type="samlsec:Replay"/>
        <security:Rule xsi:type="samlsec:IssueInstant"/>
        <security:Rule xsi:type="samlsec:SAML2AuthnRequestsSigned"/>
        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
    </security:SecurityPolicy>

    <security:SecurityPolicy id="shibboleth.SAML2AttributeQuerySecurityPolicy" xsi:type="security:SecurityPolicyType">
        <security:Rule xsi:type="samlsec:Replay"/>
        <security:Rule xsi:type="samlsec:IssueInstant"/>
        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
        <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
        <security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
    </security:SecurityPolicy>

    <security:SecurityPolicy id="shibboleth.SAML2ArtifactResolutionSecurityPolicy" xsi:type="security:SecurityPolicyType">
        <security:Rule xsi:type="samlsec:Replay"/>
        <security:Rule xsi:type="samlsec:IssueInstant"/>
        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
        <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
        <security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
    </security:SecurityPolicy>

    <security:SecurityPolicy id="shibboleth.SAML2SLOSecurityPolicy" xsi:type="security:SecurityPolicyType">
        <security:Rule xsi:type="samlsec:Replay"/>
        <security:Rule xsi:type="samlsec:IssueInstant"/>
        <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
        <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
        <security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
    </security:SecurityPolicy>

</rp:RelyingPartyGroup>
	09:17:00.855 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service shibboleth.AttributeResolver
	09:17:00.895 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for PrincipalConnector plugin with ID: shibTransient
	09:17:00.896 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for PrincipalConnector plugin with ID: saml1Unspec
	09:17:00.896 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for PrincipalConnector plugin with ID: saml2Transient
	09:17:00.897 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for PrincipalConnector plugin with ID: saml2Persistent
	09:17:00.903 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for DataConnector plugin with ID: myLDAP
	09:17:00.907 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for DataConnector plugin with ID: myStoredId
	09:17:00.983 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.resolver.AbstractResolutionPlugInBeanDefinitionParser:55] - Parsing configuration for AttributeDefinition plugin with ID: transientId
	09:17:01.746 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:180] - shibboleth.AttributeResolver service loaded new configuration
	09:17:01.752 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service shibboleth.AttributeFilterEngine
	09:17:01.768 - INFO [edu.internet2.middleware.shibboleth.common.config.attribute.filtering.AttributeFilterPolicyBeanDefinitionParser:72] - Parsing configuration for attribute filter policy releaseTransientIdToAnyone
	09:17:01.786 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:180] - shibboleth.AttributeFilterEngine service loaded new configuration
	09:17:01.793 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service shibboleth.SAML1AttributeAuthority
	09:17:01.798 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service shibboleth.SAML2AttributeAuthority
	09:17:01.805 - INFO [edu.internet2.middleware.shibboleth.common.config.BaseService:158] - Loading new configuration for service shibboleth.RelyingPartyConfigurationManager
	09:17:01.881 - INFO [edu.internet2.middleware.shibboleth.common.config.relyingparty.RelyingPartyConfigurationBeanDefinitionParser:73] - Parsing configuration for relying party with id: anonymous
	09:17:01.882 - INFO [edu.internet2.middleware.shibboleth.common.config.relyingparty.RelyingPartyConfigurationBeanDefinitionParser:73] - Parsing configuration for relying party with id: default
	09:17:01.908 - INFO [edu.internet2.middleware.shibboleth.common.config.security.AbstractX509CredentialBeanDefinitionParser:63] - Parsing configuration for X509Filesystem credential with id: IdPCredential
	09:17:01.975 - INFO [edu.internet2.middleware.shibboleth.common.config.security.StaticExplicitKeySignatureTrustEngineBeanDefinitionParser:52] - Parsing configuration for StaticExplicitKeySignature trust engine with id: shibboleth.MetadataTrustEngine
	09:17:01.976 - INFO [edu.internet2.middleware.shibboleth.common.config.security.AbstractX509CredentialBeanDefinitionParser:63] - Parsing configuration for X509Filesystem credential with id: InCommonFederationCredentials
	09:17:01.978 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ChainingSignatureTrustEngineBeanDefinitionParser:59] - Parsing configuration for SignatureChaining trust engine with id: shibboleth.SignatureTrustEngine
	09:17:01.979 - INFO [edu.internet2.middleware.shibboleth.common.config.security.MetadataExplicitKeySignatureTrustEngineBeanDefinitionParser:50] - Parsing configuration for MetadataExplicitKeySignature trust engine with id: shibboleth.SignatureMetadataExplicitKeyTrustEngine
	09:17:01.979 - INFO [edu.internet2.middleware.shibboleth.common.config.security.MetadataPKIXSignatureTrustEngineBeanDefinitionParser:52] - Parsing configuration for MetadataPKIXSignature trust engine with id: shibboleth.SignatureMetadataPKIXTrustEngine
	09:17:01.980 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ChainingTrustEngineBeanDefinitionParser:59] - Parsing configuration for Chaining trust engine with id: shibboleth.CredentialTrustEngine
	09:17:01.981 - INFO [edu.internet2.middleware.shibboleth.common.config.security.MetadataExplicitKeyTrustEngineBeanDefinitionParser:48] - Parsing configuration for MetadataExplicitKey trust engine with id: shibboleth.CredentialMetadataExplictKeyTrustEngine
	09:17:01.982 - INFO [edu.internet2.middleware.shibboleth.common.config.security.MetadataPKIXX509CredentialTrustEngineBeanDefinitionParser:52] - Parsing configuration for MetadataPKIXX509Credential trust engine with id: shibboleth.CredentialMetadataPKIXTrustEngine
	09:17:01.982 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.ShibbolethSSOSecurityPolicy
	09:17:01.988 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML1AttributeQuerySecurityPolicy
	09:17:01.993 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML1ArtifactResolutionSecurityPolicy
	09:17:01.994 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML2SSOSecurityPolicy
	09:17:01.997 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML2AttributeQuerySecurityPolicy
	09:17:01.999 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML2ArtifactResolutionSecurityPolicy
	09:17:02.001 - INFO [edu.internet2.middleware.shibboleth.common.config.security.ShibbolethSecurityPolicyBeanDefinitionParser:59] - Parsing configuration for SecurityPolicyType security policy with id: shibboleth.SAML2SLOSecurityPolicy
	09:17:50.067 - ERROR [edu.internet2.middleware.shibboleth.common.config.BaseService:188] - Configuration was not loaded for shibboleth.RelyingPartyConfigurationManager service, error creating components. The root cause of this error was: java.lang.NullPointerException: null
	<?xml version="1.0" encoding="UTF-8"?>
	<!--
	This file is an EXAMPLE configuration file.

	This file specifies relying party dependent configurations for the IdP, for example, whether SAML assertions to a
	particular relying party should be signed. It also includes metadata provider and credential definitions used
	when answering requests to a relying party.
	-->
	<rp:RelyingPartyGroup xmlns:rp="urn:mace:shibboleth:2.0:relying-party" xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml"
	xmlns:metadata="urn:mace:shibboleth:2.0:metadata" xmlns:resource="urn:mace:shibboleth:2.0:resource"
	xmlns:security="urn:mace:shibboleth:2.0:security" xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml"
	xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
	urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
	urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd
	urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd
	urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd
	urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd
	urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">

	<!-- ========================================== -->
	<!-- Relying Party Configurations -->
	<!-- ========================================== -->
	<rp:AnonymousRelyingParty provider="https://idp.symplicity.com/idp/shibboleth" defaultSigningCredentialRef="IdPCredential"/>

	<rp:DefaultRelyingParty provider="https://idp.symplicity.com/idp/shibboleth" defaultSigningCredentialRef="IdPCredential">
	<!--
	Each attribute in these profiles configuration is set to its default value,
	that is, the values that would be in effect if those attributes were not present.
	We list them here so that people are aware of them (since they seem reluctant to
	read the documentation).
	-->
	<rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" includeAttributeStatement="false"
	assertionLifetime="PT5M" signResponses="conditional" signAssertions="never"
	includeConditionsNotBefore="true"/>

	<rp:ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" assertionLifetime="PT5M"
	signResponses="conditional" signAssertions="never"
	includeConditionsNotBefore="true"/>

	<rp:ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" signResponses="conditional"
	signAssertions="never"/>

	<rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" includeAttributeStatement="true"
	assertionLifetime="PT5M" assertionProxyCount="0"
	signResponses="never" signAssertions="always"
	encryptAssertions="conditional" encryptNameIds="never"
	includeConditionsNotBefore="true"/>

	<rp:ProfileConfiguration xsi:type="saml:SAML2ECPProfile" includeAttributeStatement="true"
	assertionLifetime="PT5M" assertionProxyCount="0"
	signResponses="never" signAssertions="always"
	encryptAssertions="conditional" encryptNameIds="never"
	includeConditionsNotBefore="true"/>

	<rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile"
	assertionLifetime="PT5M" assertionProxyCount="0"
	signResponses="conditional" signAssertions="never"
	encryptAssertions="conditional" encryptNameIds="never"
	includeConditionsNotBefore="true"/>

	<rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile"
	signResponses="never" signAssertions="always"
	encryptAssertions="conditional" encryptNameIds="never"/>

	<rp:ProfileConfiguration xsi:type="saml:SAML2LogoutRequestProfile"
	signResponses="conditional"/>

	</rp:DefaultRelyingParty>


	<!-- ========================================== -->
	<!-- Metadata Configuration -->
	<!-- ========================================== -->
	<!-- MetadataProvider the combining other MetadataProviders -->
	<metadata:MetadataProvider id="ShibbolethMetadata" xsi:type="metadata:ChainingMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">

	<!-- Load the IdP's own metadata. This is necessary for artifact support. -->
	<metadata:MetadataProvider id="IdPMD" xsi:type="metadata:FilesystemMetadataProvider"
	metadataFile="/opt/shibboleth-idp/metadata/idp-metadata.xml"
	maxRefreshDelay="P1D" />

	<!-- Example metadata provider. -->
	<!-- Reads metadata from a URL and store a backup copy on the file system. -->
	<!-- Validates the signature of the metadata and filters out all by SP entities in order to save memory -->
	<!-- To use: fill in 'metadataURL' and 'backingFile' properties on MetadataResource element -->
	<metadata:MetadataProvider id="URLMD_InCommon" xsi:type="metadata:FileBackedHTTPMetadataProvider"
	metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
	backingFile="/opt/shibboleth-idp/metadata/InCommon-metadata.xml" maxRefreshDelay="PT1H" xmlns="urn:mace:shibboleth:2.0:metadata">
	<metadata:MetadataFilter xsi:type="metadata:ChainingFilter">
	<metadata:MetadataFilter xsi:type="metadata:RequiredValidUntil"
	maxValidityInterval="P14D" />
	<metadata:MetadataFilter xsi:type="metadata:SignatureValidation"
	trustEngineRef="shibboleth.MetadataTrustEngine"
	requireSignedMetadata="true" />
	<metadata:MetadataFilter xsi:type="metadata:EntityRoleWhiteList">
	<metadata:RetainedRole>samlmd:SPSSODescriptor</metadata:RetainedRole>
	</metadata:MetadataFilter>
	</metadata:MetadataFilter>
	</metadata:MetadataProvider>

	<metadata:MetadataProvider xsi:type="metadata:FilesystemMetadataProvider"
	id="TrustedPartners"
	metadataFile="/opt/shibboleth-idp/metadata/TrustedPartners-metadata.xml" />

	</metadata:MetadataProvider>
	<!-- ========================================== -->
	<!-- Security Configurations -->
	<!-- ========================================== -->
	<security:Credential id="IdPCredential" xsi:type="security:X509Filesystem">
	<security:PrivateKey>/opt/shibboleth-idp/credentials/idp.key</security:PrivateKey>
	<security:Certificate>/opt/shibboleth-idp/credentials/idp.crt</security:Certificate>
	</security:Credential>

	<!-- Trust engine used to evaluate the signature on loaded metadata. -->
	<!--
	<security:TrustEngine id="shibboleth.MetadataTrustEngine" xsi:type="security:StaticExplicitKeySignature">
	<security:Credential id="MyFederation1Credentials" xsi:type="security:X509Filesystem">
	<security:Certificate>/opt/shibboleth-idp/credentials/federation1.crt</security:Certificate>
	</security:Credential>
	<security:Credential id="MyFederation1Credentials" xsi:type="security:X509Filesystem">
	<security:Certificate>/opt/shibboleth-idp/credentials/inc-md-cert.pem</security:Certificate>
	</security:Credential>
	</security:TrustEngine>
	-->
	<!--
	This TrustEngine (beneath the Security Configuration section) is an
	implementation of the Explicit Key Trust Model (https://spaces.internet2.edu/x/t43NAQ).

	To bootstrap the trust fabric of the federation, each relying party
	obtains and configures an authentic copy of the federation operator’s
	Metadata Signing Certificate (https://spaces.internet2.edu/x/moHFAg).
	-->
	<security:TrustEngine id="shibboleth.MetadataTrustEngine" xsi:type="security:StaticExplicitKeySignature">
	<security:Credential id="InCommonFederationCredentials" xsi:type="security:X509Filesystem">
	<security:Certificate>/opt/shibboleth-idp/credentials/inc-md-cert.pem</security:Certificate>
	</security:Credential>
	</security:TrustEngine>
	<!-- DO NOT EDIT BELOW THIS POINT -->
	<!--
	The following trust engines and rules control every aspect of security related to incoming messages.
	Trust engines evaluate various tokens (like digital signatures) for trust worthiness while the
	security policies establish a set of checks that an incoming message must pass in order to be considered
	secure. Naturally some of these checks require the validation of the tokens evaluated by the trust
	engines and so you'll see some rules that reference the declared trust engines.
	-->
	<security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:SignatureChaining">
	<security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature" metadataProviderRef="ShibbolethMetadata"/>
	<security:TrustEngine id="shibboleth.SignatureMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXSignature" metadataProviderRef="ShibbolethMetadata"/>
	</security:TrustEngine>

	<security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:Chaining">
	<security:TrustEngine id="shibboleth.CredentialMetadataExplictKeyTrustEngine" xsi:type="security:MetadataExplicitKey" metadataProviderRef="ShibbolethMetadata"/>
	<security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential" metadataProviderRef="ShibbolethMetadata"/>
	</security:TrustEngine>

	<security:SecurityPolicy id="shibboleth.ShibbolethSSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
	<security:Rule xsi:type="samlsec:Replay" required="false"/>
	<security:Rule xsi:type="samlsec:IssueInstant" required="false"/>
	<security:Rule xsi:type="samlsec:MandatoryIssuer"/>
	</security:SecurityPolicy>

	<security:SecurityPolicy id="shibboleth.SAML1AttributeQuerySecurityPolicy" xsi:type="security:SecurityPolicyType">
	<security:Rule xsi:type="samlsec:Replay"/>
	<security:Rule xsi:type="samlsec:IssueInstant"/>
	<security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
	<security:Rule xsi:type="samlsec:MandatoryIssuer"/>
	<security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
	</security:SecurityPolicy>

	<security:SecurityPolicy id="shibboleth.SAML1ArtifactResolutionSecurityPolicy" xsi:type="security:SecurityPolicyType">
	<security:Rule xsi:type="samlsec:Replay"/>
	<security:Rule xsi:type="samlsec:IssueInstant"/>
	<security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
	<security:Rule xsi:type="samlsec:MandatoryIssuer"/>
	<security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
	</security:SecurityPolicy>

	<security:SecurityPolicy id="shibboleth.SAML2SSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
	<security:Rule xsi:type="samlsec:Replay"/>
	<security:Rule xsi:type="samlsec:IssueInstant"/>
	<security:Rule xsi:type="samlsec:SAML2AuthnRequestsSigned"/>
	<security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="samlsec:MandatoryIssuer"/>
	</security:SecurityPolicy>

	<security:SecurityPolicy id="shibboleth.SAML2AttributeQuerySecurityPolicy" xsi:type="security:SecurityPolicyType">
	<security:Rule xsi:type="samlsec:Replay"/>
	<security:Rule xsi:type="samlsec:IssueInstant"/>
	<security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
	<security:Rule xsi:type="samlsec:MandatoryIssuer"/>
	<security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
	</security:SecurityPolicy>

	<security:SecurityPolicy id="shibboleth.SAML2ArtifactResolutionSecurityPolicy" xsi:type="security:SecurityPolicyType">
	<security:Rule xsi:type="samlsec:Replay"/>
	<security:Rule xsi:type="samlsec:IssueInstant"/>
	<security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
	<security:Rule xsi:type="samlsec:MandatoryIssuer"/>
	<security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
	</security:SecurityPolicy>

	<security:SecurityPolicy id="shibboleth.SAML2SLOSecurityPolicy" xsi:type="security:SecurityPolicyType">
	<security:Rule xsi:type="samlsec:Replay"/>
	<security:Rule xsi:type="samlsec:IssueInstant"/>
	<security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine"/>
	<security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine"/>
	<security:Rule xsi:type="samlsec:MandatoryIssuer"/>
	<security:Rule xsi:type="security:MandatoryMessageAuthentication"/>
	</security:SecurityPolicy>

	</rp:RelyingPartyGroup>