ISE 3.0-sponsorportal configureren met Azure AD SAML SSO

Downloadopties

  • PDF     (3.3 MB)
    Met Adobe Reader op diverse apparaten bekijken
  • ePub     (3.2 MB)
    Bekijken in diverse apps op iPhone, iPad, Android, Sony Reader of Windows Phone
  • Mobi (Kindle)     (3.0 MB)
    Op Kindle-apparaat of via Kindle-app op meerdere apparaten bekijken
Bijgewerkt:9 juli 2025
Document-id:216129

Inclusief taalgebruik

De documentatie van dit product is waar mogelijk geschreven met inclusief taalgebruik. Inclusief taalgebruik wordt in deze documentatie gedefinieerd als taal die geen discriminatie op basis van leeftijd, handicap, gender, etniciteit, seksuele oriëntatie, sociaaleconomische status of combinaties hiervan weerspiegelt. In deze documentatie kunnen uitzonderingen voorkomen vanwege bewoordingen die in de gebruikersinterfaces van de productsoftware zijn gecodeerd, die op het taalgebruik in de RFP-documentatie zijn gebaseerd of die worden gebruikt in een product van een externe partij waarnaar wordt verwezen. Lees meer over hoe Cisco gebruikmaakt van inclusief taalgebruik.

Over deze vertaling

Cisco heeft dit document vertaald via een combinatie van machine- en menselijke technologie om onze gebruikers wereldwijd ondersteuningscontent te bieden in hun eigen taal. Houd er rekening mee dat zelfs de beste machinevertaling niet net zo nauwkeurig is als die van een professionele vertaler. Cisco Systems, Inc. is niet aansprakelijk voor de nauwkeurigheid van deze vertalingen en raadt aan altijd het oorspronkelijke Engelstalige document (link) te raadplegen.

    Inleiding

    In dit document wordt beschreven hoe een Azure Active Directory (AD) SAML-server met ISE 3.0 kan worden geconfigureerd om SSO-mogelijkheden te bieden aan Sponsor-gebruikers.

    Voorwaarden

    Vereisten

    Cisco raadt kennis van de volgende onderwerpen aan:

    • Cisco Identity Services Engine (ISE) 3.0
    • Basiskennis over Security Assertion Markup Language (SAML) Single Sign-On (SSO)-implementaties
    • Azure AD

    Gebruikte componenten

    De informatie in dit document is gebaseerd op de volgende hardware- en softwareversies:

    • Cisco ISE 3.0
    • Azure AD

    De informatie in dit document is gebaseerd op de apparaten in een specifieke laboratoriumomgeving. Alle apparaten die in dit document worden beschreven, hadden een opgeschoonde (standaard)configuratie. Als uw netwerk live is, moet u zorgen dat u de potentiële impact van elke opdracht begrijpt.

    stroomschema op hoog niveau

    High-Level Flow Diagram

    Configureren

    Stap 1. SAML Identity Provider en Sponsor Portal configureren op ISE

    1. Azure AD configureren als externe SAML-identiteitsbron

    Navigeer in ISE naar Beheer > Identiteitsbeheer > Externe identiteitsbronnen > SAML-id-providers en klik op de knop Toevoegen.

    Voer de naam van de ID-provider in en klik op Indienen om deze op te slaan. De naam van de ID-provider is alleen van belang voor ISE, zoals wordt weergegeven in de afbeelding.

    Configure Azure AD as External SAML

    2. Configureer het sponsorportaal voor het gebruik van Azure AD

    Navigeer naar Werkcentra > Gasttoegang > Portalen en onderdelen > Sponsor Portalen en selecteer uw Sponsor Portal. In dit voorbeeld wordt Sponsor Portal (standaard) gebruikt.

    Vouw het paneel Portaalinstellingen uit en selecteer uw nieuwe SAML Identity Provider (IdP) in de bronreeks Identiteit. Configureer de volledig gekwalificeerde domeinnaam (FQDN) voor het sponsorportaal. In dit voorbeeld is het sponsor30.example.com. Klik op Opslaan zoals weergegeven in de afbeelding:

    Expand Portal Settings

    3. Informatie over de exportdienstverlener

    Navigeer naar Beheer > Identiteitsbeheer > Externe identiteitsbronnen > SAML-id-providers > [Uw SAML-provider].

    Switch naar tabblad Serviceproviderinformatie. en klik op de knop Exporteren zoals weergegeven in de afbeelding:

    SAML Identity Provider

    Download het zip-bestand en sla het op. Hierin kunt u 2 bestanden vinden. U hebt het XML-bestand nodig dat uw sponsorportal wordt genoemd.

    Noteer de waarden ResponseLocation van SingleLogoutService Bindings, entityID en Location van AssertionConsumerService Binding.

    <?xml version="1.0" encoding="UTF-8"?>
    <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429">
    <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
    <md:KeyDescriptor use="signing">
    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:X509Data>
    <ds:X509Certificate>
    MIIFZjCCA06gAwIBAgIQX1oAvwAAAAChgVd9cEEWOzANBgkqhkiG9w0BAQwFADAlMSMwIQYDVQQD
    ExpTQU1MX0lTRTMwLTFlay5leGFtcGxlLmNvbTAeFw0yMDA5MTAxMDMyMzFaFw0yNTA5MDkxMDMy
    MzFaMCUxIzAhBgNVBAMTGlNBTUxfSVNFMzAtMWVrLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0B
    AQEFAAOCAg8AMIICCgKCAgEAt+MixKfuZvg/oAWGEs6zrUYL3H2JwvZw9yJs6sJ8/BpP6Sw027wh
    FXnESXpqmmoSVrVEcQIrDdk3l8UYNn/+98PPkIi/4ftyFjZK9YdeverD6nrA2MeoLCzGlkWq/y4i
    vvVcYuW344pySm65awVvro3q84x9esHqyLahExs9guiLJryD497XmNP4Z8eTHCctu777PuI1wLO4
    QOYUs2sozXvR98D9Jok/+PjH3bjmVKapqAcNEFvk8Ez9x1sMBUgFwP4YdZzQB9IRVkQdIJGvqMyf
    a6gn+KaddJnmIbXKFbrTaFii2IvRs3qHJ0mMVfYRnYeMql9/PhzvSFtjRe32x/aQh23j9dCsVXmQ
    ZmXpZyxxJ8p4RqyM0YgkfxnQXXtV9K0sRZPFn6O+iszUw2hARRG/tE0hTuVXpbonG2dT109JeeEe
    S1E5uxenJvYkU7mMamvBjYQN6qVyyogf8FOlHTSfd6TDsK3QhmzOjg50PrBvvg5qE6OrxxNvqSVZ
    1dhx/iHZAZ1yYSVdwizsZMCw0PjSwrRPx/h8l03djeW0aL5R1AF1qTFHVHSNvigzh6FyjdkUJH66
    JAygPe0PKJFRgYzh5vWoJ41qvdQjlGk3c/zYi57MR1Bs0mkSvkOGbmjSsb+EehnYyLLB8FG3De2V
    ZaXaHZ37gmoCNNmZHrn+GB0CAwEAAaOBkTCBjjAgBgNVHREEGTAXghVJU0UzMC0xZWsuZXhhbXBs
    ZS5jb20wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAuwwHQYDVR0OBBYEFPT/6jpfyugxRolbjzWJ
    858WfTP1MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjARBglghkgBhvhCAQEEBAMCBkAw
    DQYJKoZIhvcNAQEMBQADggIBABGyWZbLajM2LyLASg//4N6mL+xu/9IMdVvNWBQodF+j0WusW15a
    VPSQU2t3Ckd/I1anvpK+cp77NMjo9V9oWI3/ZnjZHGoFAIcHnlGCoEjmC1TvLau7ZzhCCII37DFA
    yMKDrXLi3pR+ONlXlTIvjpHTTzrKm1NHhkxkx/Js5Iuz+MyRKP8FNmWT0q4XGejyKzJWrqEu+bc1
    idCl/gBNuCHgqmFeM82IGQ7jVOm1kBjLb4pTDbYk4fMIbJVh4V2Pgi++6MIfXAYEwL+LHjSGHCQT
    PSM3+kpv1wHHpGWzQSmcJ4tXVXV95W0NC+LxQZLBPNMUZorhuYCILXZxvXH1HGJJ0YKx9lk9Ubd2
    s5JaD+GN8jqm5XXAau7S4BawfvCo3boOiXnSvgcIuH9YFiR2lp2n/2X0VVbdPHYZtqGieqBWebHr
    4I1z18FXblYyMzpIkhtOOvkP5mAlR92VXBkvx2WPjtzQrvOtSXgvTCOKErYCBM/jnuwsztV7FVTV
    JNdFwOsnXC70YngZeujZyjPoUbfRKZI34VKZp4iO5bZsGlbWE9Skdquv0PaQ8ecXTv8OCVBYUegl
    vt0pdel8h/9jImdLG8dF0rbADGHiieTcntSDdw3E7JFmS/oHw7FsA5GI8IxXfcOWUx/L0Dx3jTNd
    ZlAXp4juySODIx9yDyM4yV0f
    </ds:X509Certificate>
    </ds:X509Data>
    </ds:KeyInfo>
    </md:KeyDescriptor>
    <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sponsor30.example.com:8445/sponsorportal/SSOLogoutRequest.action?portal=bd48c1a1-9477-4746-8e40-e43d20c9f429" ResponseLocation="https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action"/>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</md:NameIDFormat>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action" index="0"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://10.48.23.86:8445/sponsorportal/SSOLoginResponse.action" index="1"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://10.48.26.63:8445/sponsorportal/SSOLoginResponse.action" index="2"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://10.48.26.60:8445/sponsorportal/SSOLoginResponse.action" index="3"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ise30-1ek.example.com:8445/sponsorportal/SSOLoginResponse.action" index="4"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ise30-2ek.example.com:8445/sponsorportal/SSOLoginResponse.action" index="5"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ise30-3ek.example.com:8445/sponsorportal/SSOLoginResponse.action" index="6"/>

    </md:SPSSODescriptor>
    </md:EntityDescriptor>

    Volgens het XML-bestand:

    SingleLogoutService ResponseLocation="https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action"

    entityID="http://CiscoISE/100d02da-9457-41e8-87d7-0965b0714db2"

    AssertionConsumerService Location="https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action"

    AssertionConsumerService Location="https://10.48.23.86:8445/sponsorportal/SSOLoginResponse.action"

    AssertionConsumerService Location="https://10.48.23.63:8445/sponsorportal/SSOLoginResponse.action"

    AssertionConsumerService Location="https://10.48.26.60:8445/sponsorportal/SSOLoginResponse.action"

    AssertionConsumerService Location="https://ise30-1ek.example.com:8445/sponsorportal/SSOLoginResponse.action"

    AssertionConsumerService Location="https://ise30-2ek.example.com:8445/sponsorportal/SSOLoginResponse.action"

    AssertionConsumerService Location="https://ise30-3ek.example.com:8445/sponsorportal/SSOLoginResponse.action"

    Stap 2. Instellingen voor Azure AD IdP configureren

    1. Een Azure AD-gebruiker maken

    Meld u aan bij het Azure Active Directory Admin Center-dashboard en selecteer uw advertentie zoals wordt weergegeven in de afbeelding:

    Azure ADAC Login

    Selecteer Gebruikers, klik op Nieuwe gebruiker, configureer gebruikersnaam, naam en eerste wachtwoord. Klik op Maken zoals weergegeven in de afbeelding voor deze testgebruiker:

    Select Users

    2. Een Azure AD-groep maken

    Selecteer groepen. Klik op Nieuwe groep zoals weergegeven in de afbeelding:

    Click New Group

    Houd groepstype als beveiliging. Configureer de groepsnaam zoals in de afbeelding wordt weergegeven:

    Keep Group Type Security

    3. Azure AD-gebruiker toewijzen aan de groep

    Klik op Geen leden geselecteerd. Kies de gebruiker en klik op Selecteren. Klik op Maken om de groep te maken waaraan een gebruiker is toegewezen.

    Click No Members Selected

    Noteer Group Object id, in dit scherm is het f626733b-eb37-4cf2-b2a6-c2895fd5f4d3 voor de Sponsor Group. 

    Make a Note of Group Object ID

    4. Een Azure AD Enterprise-toepassing maken

    Selecteer onder AD Enterprise Applications en klik op New application zoals weergegeven in de afbeelding:

    Select Enterprise Application

    Selecteer de toepassing Niet-galerij zoals in de afbeelding wordt weergegeven:

    Select Non-Gallery Application

    Voer de naam van uw toepassing in en klik op Toevoegen.

    Enter Application Name then Click Add

    5. Groep toevoegen aan de toepassing

    Selecteer Gebruikers en groepen toewijzen.

    Select Assign Users and Groups

    Klik op Gebruiker toevoegen.

    Click Add User

    Klik op Gebruikers en groepen.

    Click Users and Groups

    Kies de groep die eerder is geconfigureerd en klik op Selecteren.

    Opmerking: het is aan u om de juiste set gebruikers of groepen te selecteren die toegang krijgt.

    Click Select

    Zodra de groep is geselecteerd, klikt u op Toewijzen zoals weergegeven in de afbeelding:

    Click Assign

    Als gevolg hiervan moet het menu Gebruikers en groepen voor uw toepassing worden gevuld met de geselecteerde groep.

    Users and Groups Menu

    6. Een Azure AD Enterprise-toepassing configureren

    Navigeer terug naar uw toepassing en klik op Eenmalige aanmelding instellen zoals weergegeven in de afbeelding>

    Navigate Back to Application

    Selecteer SAML op het volgende scherm:

    Select SAML

    Klik op Bewerken naast Basisconfiguratie SAML.

    Click Edit Next to Basic SAML Configuration

    Identificatiecode (Entiteit-ID) invullen met de waarde van entityID uit het XML-bestand uit stap Informatie over exportserviceprovider. Vul de URL voor antwoorden (Assertion Consumer Service URL) in met de waarde van Locaties van AssertionConsumerService. Vul de waarde van de URL voor afmelden in met ResponseLocation van SingleLogoutService. Klik op Save (Opslaan).

    Opmerking: Reply URL fungeert als een paslijst, waardoor bepaalde URL's als bron kunnen fungeren wanneer ze worden doorgestuurd naar de IdP-pagina.

    Basic SAML Configuration

    7. Active Directory-groepskenmerk configureren

    Als u de waarde van het groepskenmerk wilt retourneren die eerder is geconfigureerd, klikt u op Bewerken naast de Gebruikerskenmerken en claims.

    Configure Active Directory Group Attribute

    Klik op Groepsclaim toevoegen.

    Click Add a Group Claim

    Selecteer Beveiligingsgroepen en klik op Opslaan. Het bronattribuut dat in de bewering wordt geretourneerd, is een groep-ID, een groepsobject-id dat eerder is vastgelegd.

    Select Security Groups under Group Claims

    Geef daarnaast de groepsnaam op onder de Geavanceerde opties

    Claim Name

    Noteer de naam van de claim voor de groep. In dit geval is het http://schemas.microsoft.com/ws/2008/06/identity/claims/groups.

    Claim Added

    8. Azure Federation Metadata XML File downloaden

    Klik op Downloaden tegen Federation Metadata XML in SAML Signing Certificate.

    Download against Federation Metadata XML

    Stap 3. Metagegevens uploaden van Azure Active Directory naar ISE

    Navigeer naar Beheer > Identiteitsbeheer > Externe identiteitsbronnen > SAML-id-providers > [Uw SAML-provider].

    Klik op Switch om het tabblad Identity Provider Config te openen en klik vervolgens op de knop Bladeren. Selecteer Federation Metadata XML-bestand uit stap Download Azure Federation Metadata XML en klik op Opslaan.

    Opmerking: UI-storing met Identity Provider Configuration moet worden aangepakt onder Cisco-bug-ID CSCvv74517.

    Upload Metadata from Azure Active Directory

    Stap 4. SAML-groepen configureren op ISE

    Switch naar tabblad Groepen en plak de waarde van de claimnaam van het Active Directory Group-kenmerk configureren in het groepslidmaatschapattribuut.

    Configure SAML Groups on ISE under Groups Tab

    Klik op Add (Toevoegen). Vul Naam in in Bewering met de waarde van Groepsobject-id van sponsorgroep vastgelegd in Azure Active Directory-gebruiker toewijzen aan de groep. Configureer Naam in ISE met de betekenisvolle waarde in dit geval is het Azure Sponsor Group. Klik op OK. Klik op Save (Opslaan).

    Hierdoor wordt een koppeling gemaakt tussen de naam van de groep in Azure en de naam van de groep die op ISE kan worden gebruikt.

    Click OK on Add Group

    .

    Stap 5. Sponsor Group Mapping configureren op ISE

    Navigeer naar Workcenters > Gasttoegang > Portals & Components > Sponsor Groups en selecteer Sponsor Group die u wilt toewijzen aan de Azure AD Group. In dit voorbeeld is ALL_ACCOUNTS (standaard) gebruikt:

    Configure Sponsor Group Mapping

    Klik op Leden... en voeg Azure_SAML:Azure Sponsor Group toe aan Geselecteerde gebruikersgroepen. Hiermee wordt de Sponsor Group in Azure toegewezen aan ALL_ACCOUNTS Sponsor Group. Klik op OK. Klik op Save (Opslaan).

    Select Sponsor Group

    Verifiëren

    Gebruik deze sectie om te controleren of uw configuratie goed werkt.

    Opmerking: de nieuwe gebruiker wordt gedwongen het gebruikerswachtwoord te wijzigen bij de eerste aanmelding. De stappen voor verificatie van de AUP worden niet gedekt. Verificatie heeft betrekking op het scenario, waarbij gebruikers niet voor de eerste keer inloggen en AUP al een keer werd geaccepteerd door de sponsor (Alice).

    Als u nu het sponsorportaal opent (bijvoorbeeld via de test-URL), wordt u doorgestuurd naar Azure om u aan te melden en vervolgens terug te keren naar het sponsorportaal.

    1. Start het sponsorportaal met zijn FQDN op de link Portal Test URL. ISE moet u doorverwijzen naar de aanmeldingspagina van Azure. Voer de gebruikersnaam in die eerder is gemaakt en klik op Volgende.

    Launch Sponsor Portal Login

    2. Voer het wachtwoord in en klik op Inloggen. IdP-aanmeldingsscherm leidt de gebruiker naar het eerste ISE-sponsorportaal.

    Enter Sponsor Portal Password

    3. Accepteer de AUP.

    Accept Acceptable Use Policy

    4. Op dit punt moet de Sponsor-gebruiker volledige toegang hebben tot het portaal met ALL_ACCOUNTS Sponsor Group-machtigingen.

    Sponsor User Has Full Access

    5. Klik op Uitloggen onder het keuzemenu Welkom.

    Click Sign Out under Welcome Drop-Down

    6. De gebruiker moet met succes zijn uitgelogd en opnieuw naar het aanmeldscherm worden geleid.

    User Must be Successfully Logged Out

    Problemen oplossen

    Deze sectie bevat informatie waarmee u problemen met de configuratie kunt oplossen.

    Veelvoorkomende problemen

    Het is van vitaal belang om te begrijpen dat SAML-verificatie wordt afgehandeld tussen de browser en de Azure Active Directory. Daarom kunt u verificatiefouten rechtstreeks krijgen van de Identity Provider (Azure) waar de ISE-service nog niet is gestart.

    Aflevering 1. De gebruiker voert het verkeerde wachtwoord in, er zijn geen gebruikersgegevens verwerkt op ISE, het probleem komt rechtstreeks van IdP (Azure). Om te repareren: Reset het wachtwoord of geef de juiste wachtwoordgegevens op.

    Troubleshoot Wrong Password

    Uitgave 2. De gebruiker maakt geen deel uit van de groep die toegang zou moeten krijgen tot SAML SSO, opnieuw in dit geval werd er geen verwerking van gebruikersgegevens uitgevoerd op ISE, probleem komt rechtstreeks van IdP (Azure). Om te repareren: Controleer of de groep toevoegen aan de configuratiestap van de toepassing correct is uitgevoerd.

    Verify Why Cannot Sign In

    3. Uitloggen werkt niet zoals verwacht en deze fout wordt weergegeven - "Uitloggen bij eenmalige aanmelding is mislukt. Er is een probleem opgetreden bij het afmelden voor uw SSO-sessie. Neem contact op met de helpdesk voor hulp." Het kan worden gezien wanneer de afmeldings-URL niet correct is geconfigureerd op SAML IdP. In dat geval werd deze URL gebruikt "https://sponsor30.example.com:8445/sponsorportal/SSOLogoutRequest.action?portal=100d02da-9457-41e8-87d7-0965b0714db2" terwijl het "https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action" moet zijn Om het te repareren, voert u de juiste URL in Logout URL in Azure IdP.

    Troubleshoot Why Sign Out Does Not Work

    Problemen met clients oplossen

    Om te controleren of de SAML-payload is ontvangen, kunt u Web Developer Tools gebruiken. Navigeer naar Tools > Web Developer > Network als u Firefox gebruikt en log in met Azure-referenties op het Portal. U kunt de versleutelde SAML-reactie zien in het tabblad Params:

    Client Troubleshooting

    Problemen met ISE oplossen

    Logniveau van de componenten hier moet worden gewijzigd op ISE. Navigeer naar Bewerkingen > Problemen oplossen > Wizard Foutopsporing > Logconfiguratie foutopsporing.

    Naam component logniveau bestandsnaam van logboek
    toegang voor de gasten DEBUGGEN guest.log
    portaalweb-actie DEBUGGEN guest.log
    openhartig DEBUGGEN ISE-PSC.log
    saml DEBUGGEN ISE-PSC.log

    Werkende set van Debugs op het moment van correcte flow uitvoering (ise-psc.log):

    1. De gebruiker wordt doorgestuurd naar de URL van IdP via het sponsorportaal.

    2020-09-16 10:43:59,207 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isLoadBalancerConfigured() - LB NOT configured for: Azure_SAML
    2020-09-16 10:43:59,211 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isOracle() - checking whether IDP URL indicates that its OAM. IDP URL: 
    https://login.microsoftonline.com/64ace648-115d-4ad9-a3bf-76601b0f8d5c/saml2
    2020-09-16 10:43:59,211 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SPProviderId for Azure_SAML is: http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
    2020-09-16 10:43:59,211 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isLoadBalancerConfigured() - LB NOT configured for: Azure_SAML
    2020-09-16 10:43:59,211 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML request - providerId (as should be found in IdP configuration):
    http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
    2020-09-16 10:43:59,211 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML request - returnToId (relay state):
    _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId_EQUALSbd48c1a1-9477-4746-8e40-e43d20c9f429_SEMIportalSessionId_EQUALS8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_SEMItoken_EQUALSOA6CZJQD7X67TLYHE4Y3EM3EY097E2J_SEMI_DELIMITERsponsor30.example.com
    2020-09-16 10:43:59,211 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML request - spUrlToReturnTo:
    https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action

    2. SAML-antwoord wordt ontvangen van de browser.

    2020-09-16 10:44:11,122 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
    _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
    token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
    2020-09-16 10:44:11,126 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:
    portalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;
    2020-09-16 10:44:11,126 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State
    :_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
    token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
    2020-09-16 10:44:11,126 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:
    portalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;
    2020-09-16 10:44:11,129 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
    _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
    token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
    2020-09-16 10:44:11,129 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:
    portalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;
    2020-09-16 10:44:11,133 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
    _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
    token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
    2020-09-16 10:44:11,134 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:
    portalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;
    2020-09-16 10:44:11,134 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
    _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
    token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
    2020-09-16 10:44:11,134 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML flow initiator PSN's Host name is:sponsor30.example.com
    2020-09-16 10:44:11,134 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- Is redirect requiered: InitiatorPSN:sponsor30.example.com 
    This node's host name:ISE30-1ek LB:null request Server Name:sponsor30.example.com
    2020-09-16 10:44:11,182 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- This node is the initiator (sponsor30.example.com) this node host name is:sponsor30.example.com
    2020-09-16 10:44:11,184 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.parse.BasicParserPool -::::- Setting DocumentBuilderFactory attribute 'http://javax.xml.XMLConstants/feature/secure-processing'
    2020-09-16 10:44:11,187 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.parse.BasicParserPool -::::- Setting DocumentBuilderFactory attribute 'http://apache.org/xml/features/disallow-doctype-decl'
    2020-09-16 10:44:11,190 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Beginning to decode message from inbound transport of type: org.opensaml.ws.transport.http.HttpServletRequestAdapter
    2020-09-16 10:44:11,190 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.saml2.binding.decoding.HTTPPostDecoder -::::- Decoded SAML relay state of: 
    _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId_EQUALSbd48c1a1-9477-4746-8e40-e43d20c9f429_SEMIportalSessionId_EQUALS8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_SEMItoken_EQUALSOA6CZJQD7X67TLYHE4Y3EM3EY097E2J_SEMI_DELIMITERsponsor30.example.com
    2020-09-16 10:44:11,190 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.saml2.binding.decoding.HTTPPostDecoder -::::- Getting Base64 encoded message from request
    2020-09-16 10:44:11,191 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Parsing message stream into DOM document
    2020-09-16 10:44:11,193 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Unmarshalling message DOM
    2020-09-16 10:44:11,195 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.xml.signature.impl.SignatureUnmarshaller -::::- Starting to unmarshall Apache XML-Security-based SignatureImpl element
    2020-09-16 10:44:11,195 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.xml.signature.impl.SignatureUnmarshaller -::::- Constructing Apache XMLSignature object
    2020-09-16 10:44:11,195 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.xml.signature.impl.SignatureUnmarshaller -::::- Adding canonicalization and signing algorithms, and HMAC output length to Signature
    2020-09-16 10:44:11,195 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.xml.signature.impl.SignatureUnmarshaller -::::- Adding KeyInfo to Signature
    2020-09-16 10:44:11,197 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Message succesfully unmarshalled
    2020-09-16 10:44:11,197 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.saml2.binding.decoding.HTTPPostDecoder -::::- Decoded SAML message
    2020-09-16 10:44:11,197 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder -::::- Extracting ID, issuer and issue instant from status response
    2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- No security policy resolver attached to this message context, no security policy evaluation attempted
    2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Successfully decoded message.
    2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- Checking SAML message intended destination endpoint against receiver endpoint
    2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- Intended message destination endpoint: 
    https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action
    2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- Actual message receiver endpoint: 
    https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action
    2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- 
    SAML decoder's URIComparator - [https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action] vs. [https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action]
    2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- 
    SAML message intended destination endpoint matched recipient endpoint
    2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: statusCode:urn:oasis:names:tc:SAML:2.0:status:Success

    3. Het parseren van attributen (assertie) wordt gestart.

    2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
    http://schemas.microsoft.com/identity/claims/tenantid
    2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
    Attribute=<http://schemas.microsoft.com/identity/claims/tenantid> add value=<64ace648-115d-4ad9-a3bf-76601b0f8d5c>
    2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - 
    attribute<http://schemas.microsoft.com/identity/claims/tenantid> value=<64ace648-115d-4ad9-a3bf-76601b0f8d5c>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
    http://schemas.microsoft.com/identity/claims/objectidentifier
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
    Attribute=<http://schemas.microsoft.com/identity/claims/objectidentifier> add value=<50ba7e39-e7fb-4cb1-8256-0537e8a09146>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - 
    attribute<http://schemas.microsoft.com/identity/claims/objectidentifier> value=<50ba7e39-e7fb-4cb1-8256-0537e8a09146>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
    http://schemas.microsoft.com/identity/claims/displayname
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
    Attribute=<http://schemas.microsoft.com/identity/claims/displayname> add value=<Alice>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - 
    attribute<http://schemas.microsoft.com/identity/claims/displayname> value=<Alice>

    4. Het groepskenmerk wordt ontvangen met de waarde van f626733b-eb37-4cf2-b2a6-c2895fd5f4d3, waarmee validatie wordt ondertekend.

    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
    http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
    Attribute=<http://schemas.microsoft.com/ws/2008/06/identity/claims/groups> add value=<f626733b-eb37-4cf2-b2a6-c2895fd5f4d3>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - attribute
    <http://schemas.microsoft.com/ws/2008/06/identity/claims/groups> value=<f626733b-eb37-4cf2-b2a6-c2895fd5f4d3>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
    http://schemas.microsoft.com/identity/claims/identityprovider
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
    Attribute=<http://schemas.microsoft.com/identity/claims/identityprovider> add value=<https://sts.windows.net/64ace648-115d-4ad9-a3bf-76601b0f8d5c/>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - attribute
    <http://schemas.microsoft.com/identity/claims/identityprovider> value=<https://sts.windows.net/64ace648-115d-4ad9-a3bf-76601b0f8d5c/>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
    http://schemas.microsoft.com/claims/authnmethodsreferences
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
    Attribute=<http://schemas.microsoft.com/claims/authnmethodsreferences> add value=<http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - attribute
    <http://schemas.microsoft.com/claims/authnmethodsreferences> value=<http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
    Attribute=<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name> add value=<alice@ekorneyccisco.onmicrosoft.com>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - attribute
    <http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name> value=<alice@ekorneyccisco.onmicrosoft.com>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::getUserNameFromAssertion: IdentityAttribute is set to Subject Name
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::getUserNameFromAssertion: username value from Subject is=[alice@ekorneyccisco.onmicrosoft.com]
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::getUserNameFromAssertion: username set to=[alice@ekorneyccisco.onmicrosoft.com]
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: Found value for 'username' attribute assertion: alice@ekorneyccisco.onmicrosoft.com
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.cfg.IdentityProviderMgr -::::- getDict: Azure_SAML
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]: read Dict attribute=<ExternalGroups>
    2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] 
    Attribute <http://schemas.microsoft.com/identity/claims/displayname> NOT configured in IdP dictionary, NOT caching
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [cacheGroupAttr] Adding to cache ExternalGroup values=<f626733b-eb37-4cf2-b2a6-c2895fd5f4d3>
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] 
    Attribute <http://schemas.microsoft.com/identity/claims/tenantid> NOT configured in IdP dictionary, NOT caching
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] 
    Attribute <http://schemas.microsoft.com/identity/claims/identityprovider> NOT configured in IdP dictionary, NOT caching
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] 
    Attribute <http://schemas.microsoft.com/identity/claims/objectidentifier> NOT configured in IdP dictionary, NOT caching
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] 
    Attribute <http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name> NOT configured in IdP dictionary, NOT caching
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] 
    Attribute <http://schemas.microsoft.com/claims/authnmethodsreferences> NOT configured in IdP dictionary, NOT caching
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cisco.cpm.saml.framework.SAMLSessionDataCache -::::- [storeAttributesSessionData] idStore=<Azure_SAML> userName=alice@ekorneyccisco.onmicrosoft.com>
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:getEmail] The email attribute not configured on IdP
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: email attribute value: 
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
    _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
    token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal ID:bd48c1a1-9477-4746-8e40-e43d20c9f429
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
    _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
    token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:
    portalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
    _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
    token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML flow initiator PSN's Host name is:sponsor30.example.com
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isLoadBalancerConfigured() - LB NOT configured for: Azure_SAML
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isOracle() - checking whether IDP URL indicates that its OAM. 
    IDP URL: https://login.microsoftonline.com/64ace648-115d-4ad9-a3bf-76601b0f8d5c/saml2
    2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SPProviderId for Azure_SAML is: 
    http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
    2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- ResponseValidationContext:
    IdP URI: https://sts.windows.net/64ace648-115d-4ad9-a3bf-76601b0f8d5c/
    SP URI: http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
    Assertion Consumer URL: https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action
    Request Id: _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId_EQUALSbd48c1a1-9477-4746-8e40-e43d20c9f429_SEMIportalSessionId_EQUALS8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_SEMItoken_EQUALSOA6CZJQD7X67TLYHE4Y3EM3EY097E2J_SEMI_DELIMITERsponsor30.example.com
    Client Address: 10.61.170.160
    Load Balancer: null
    2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.SAMLSignatureValidator -::::- no signature in response
    2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.SAMLSignatureValidator -::::- Validating signature of assertion
    2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.BaseSignatureValidator -::::- Determine the signing certificate
    2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.BaseSignatureValidator -::::- Validate signature to SAML standard with cert:CN=Microsoft Azure Federated SSO Certificate serial:112959638548824708724869525057157788132
    2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.security.SAMLSignatureProfileValidator -::::- Saw Enveloped signature transform
    2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.security.SAMLSignatureProfileValidator -::::- Saw Exclusive C14N signature transform
    2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.BaseSignatureValidator -::::- Validate signature againsta signing certificate
    2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.signature.SignatureValidator -::::- Attempting to validate signature using key from supplied credential
    2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.signature.SignatureValidator -::::- Creating XMLSignature object
    2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.signature.SignatureValidator -::::- Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
    2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.signature.SignatureValidator -::::- Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
    2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.signature.SignatureValidator -::::- Signature validated with key from supplied credential
    2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.SAMLSignatureValidator -::::- Assertion signature validated succesfully
    2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.WebSSOResponseValidator -::::- Validating response
    2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.WebSSOResponseValidator -::::- Validating assertion
    2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.AssertionValidator -::::- Assertion issuer succesfully validated
    2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.AssertionValidator -::::- Authentication statements succesfully validated
    2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.AssertionValidator -::::- Subject succesfully validated
    2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.AssertionValidator -::::- Conditions succesfully validated
    2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: validation succeeded for alice@ekorneyccisco.onmicrosoft.com
    2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: found signature on the assertion
    2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- Retrieve [CN=Microsoft Azure Federated SSO Certificate] as signing certificates
    2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: loginInfo:SAMLLoginInfo: name=alice@ekorneyccisco.onmicrosoft.com, 
    format=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, sessionIndex=_4b798ec4-9aeb-40dc-8bed-6dd2fdd46800, time diff=26329
    2020-09-16 10:44:11,292 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- AuthenticatePortalUser - Session:null IDPResponse:
    IdP ID: Azure_SAML
    Subject: alice@ekorneyccisco.onmicrosoft.com
    SAML Status Code:urn:oasis:names:tc:SAML:2.0:status:Success
    SAML Success:true
    SAML Status Message:null
    SAML email:
    SAML Exception:nullUserRole : SPONSOR
    2020-09-16 10:44:11,292 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- AuthenticatePortalUser - about to call authenticateSAMLUser messageCode:null subject:alice@ekorneyccisco.onmicrosoft.com
    2020-09-16 10:44:11,306 INFO [RMI TCP Connection(346358)-127.0.0.1][] api.services.server.role.RoleImpl -::::- Fetched Role Information based on RoleID: 6dd3b090-8bff-11e6-996c-525400b48521
    2020-09-16 10:44:11,320 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cisco.cpm.saml.framework.SAMLSessionDataCache -::::- [SAMLSessionDataCache:getGroupsOnSession] idStore=<Azure_SAML> userName=<alice@ekorneyccisco.onmicrosoft.com>
    2020-09-16 10:44:11,320 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cisco.cpm.saml.framework.SAMLSessionDataCache -::::- [getAttributeOnSession] idStore=<Azure_SAML> userName=<alice@ekorneyccisco.onmicrosoft.com> attributeName=<Azure_SAML.ExternalGroups>

    5. De gebruikersgroep wordt toegevoegd aan de verificatieresultaten zodat deze kan worden gebruikt door Portal, SAML-verificatie wordt doorgegeven.

    2020-09-16 10:44:11,320 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- AuthenticatePortalUser - added user groups from SAML response to AuthenticationResult, all retrieved groups:[f626733b-eb37-4cf2-b2a6-c2895fd5f4d3]
    2020-09-16 10:44:11,320 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- Authenticate SAML User - result:PASSED

    6. Uitloggen wordt geactiveerd. LogOut URL wordt ontvangen in SAML Response; https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action.

    2020-09-16 10:44:51,462 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -:::alice@ekorneyccisco.onmicrosoft.com:- SAMLUtils::isOracle() - checking whether IDP URL indicates that its OAM. IDP URL: https://login.microsoftonline.com/64ace648-115d-4ad9-a3bf-76601b0f8d5c/saml2
    2020-09-16 10:44:51,462 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -:::alice@ekorneyccisco.onmicrosoft.com:- getLogoutMethod - method:REDIRECT_METHOD_LOGOUT
    2020-09-16 10:44:51,462 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -:::alice@ekorneyccisco.onmicrosoft.com:- getSignLogoutRequest - null
    2020-09-16 10:44:51,463 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.MessageComposer -:::alice@ekorneyccisco.onmicrosoft.com:- buildLgoutRequest - loginInfo:SAMLLoginInfo: name=alice@ekorneyccisco.onmicrosoft.com, format=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, sessionIndex=_4b798ec4-9aeb-40dc-8bed-6dd2fdd46800, time diff=26329
    2020-09-16 10:44:51,463 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -:::alice@ekorneyccisco.onmicrosoft.com:- SAMLUtils::isLoadBalancerConfigured() - LB NOT configured for: Azure_SAML
    2020-09-16 10:44:51,463 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -:::alice@ekorneyccisco.onmicrosoft.com:- SAMLUtils::isOracle() - checking whether IDP URL indicates that its OAM. IDP URL: https://login.microsoftonline.com/64ace648-115d-4ad9-a3bf-76601b0f8d5c/saml2
    2020-09-16 10:44:51,463 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -:::alice@ekorneyccisco.onmicrosoft.com:- SPProviderId for Azure_SAML is: http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
    2020-09-16 10:44:51,463 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.MessageComposer -:::alice@ekorneyccisco.onmicrosoft.com:- buildLgoutRequest - spProviderId:http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
    2020-09-16 10:44:51,463 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.MessageComposer -:::alice@ekorneyccisco.onmicrosoft.com:- buildLgoutRequest - logoutURL:https://login.microsoftonline.com/64ace648-115d-4ad9-a3bf-76601b0f8d5c/saml2
    2020-09-16 10:44:53,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
    2020-09-16 10:44:53,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal ID:bd48c1a1-9477-4746-8e40-e43d20c9f429
    2020-09-16 10:44:53,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
    2020-09-16 10:44:53,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML flow initiator PSN's Host name is:sponsor30.example.com
    2020-09-16 10:44:53,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- Is redirect requiered: InitiatorPSN:sponsor30.example.com This node's host name:ISE30-1ek LB:null request Server Name:sponsor30.example.com
    2020-09-16 10:44:53,248 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- This node is the initiator (sponsor30.example.com) this node host name is:sponsor30.example.com
    2020-09-16 10:44:53,249 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
    2020-09-16 10:44:53,249 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:8fa19bf2-9fa6-4892-b082-5cdabfb5daa1
    2020-09-16 10:44:53,250 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] org.opensaml.xml.parse.BasicParserPool -::::- Setting DocumentBuilderFactory attribute 'http://javax.xml.XMLConstants/feature/secure-processing'
    2020-09-16 10:44:53,251 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] org.opensaml.xml.parse.BasicParserPool -::::- Setting DocumentBuilderFactory attribute 'http://apache.org/xml/features/disallow-doctype-decl'
    2020-09-16 10:44:53,253 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Beginning to decode message from inbound transport of type: org.opensaml.ws.transport.http.HttpServletRequestAdapter
    2020-09-16 10:44:53,253 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder -::::- Decoded RelayState: _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
    2020-09-16 10:44:53,253 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder -::::- Base64 decoding and inflating SAML message
    2020-09-16 10:44:53,253 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Parsing message stream into DOM document
    2020-09-16 10:44:53,256 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Unmarshalling message DOM
    2020-09-16 10:44:53,256 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Message succesfully unmarshalled
    2020-09-16 10:44:53,256 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder -::::- Decoded SAML message
    2020-09-16 10:44:53,256 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder -::::- Extracting ID, issuer and issue instant from status response
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- No security policy resolver attached to this message context, no security policy evaluation attempted
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Successfully decoded message.
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- Checking SAML message intended destination endpoint against receiver endpoint
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- Intended message destination endpoint: https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- Actual message receiver endpoint: https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML decoder's URIComparator - [https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action] vs. [https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action]
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- SAML message intended destination endpoint matched recipient endpoint
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: statusCode:urn:oasis:names:tc:SAML:2.0:status:Success
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal ID:bd48c1a1-9477-4746-8e40-e43d20c9f429
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:8fa19bf2-9fa6-4892-b082-5cdabfb5daa1
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
    2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML flow initiator PSN's Host name is:sponsor30.example.com
    2020-09-16 10:44:53,258 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isLoadBalancerConfigured() - LB NOT configured for: Azure_SAML
    2020-09-16 10:44:53,258 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isOracle() - checking whether IDP URL indicates that its OAM. IDP URL: https://login.microsoftonline.com/64ace648-115d-4ad9-a3bf-76601b0f8d5c/saml2
    2020-09-16 10:44:53,258 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SPProviderId for Azure_SAML is: http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
    2020-09-16 10:44:53,258 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- ResponseValidationContext:
    IdP URI: https://sts.windows.net/64ace648-115d-4ad9-a3bf-76601b0f8d5c/
    SP URI: http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
    Assertion Consumer URL: https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action
    Request Id: _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
    Client Address: 10.61.170.160
    Load Balancer: null
    2020-09-16 10:44:53,259 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.validators.SAMLSignatureValidator -::::- LogoutResponse signature validated succesfully
    2020-09-16 10:44:53,259 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.validators.SAMLSignatureValidator -::::- This is LogoutResponse (only REDIRECT is supported) no signature is on assertion, continue
    2020-09-16 10:44:53,259 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.validators.WebSSOResponseValidator -::::- Validating response
    2020-09-16 10:44:53,259 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.validators.WebSSOResponseValidator -::::- Validating assertion
    2020-09-16 10:44:53,259 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: validation succeeded for null

    Revisiegeschiedenis

    Revisie Publicatiedatum Opmerkingen
    1.0
    19-Oct-2020
    Eerste vrijgave
    TAC Authored

    Bijgedragen door Cisco-engineers

    • Eugene Korneychuk
      Cisco TAC Engineer

    Was dit document nuttig?

    FeedbackFeedback

    Contact Cisco

    Dit document is van toepassing op deze producten