Support Questions
Find answers, ask questions, and share your expertise

knoxsso using OKTA on AWS

knoxsso using OKTA on AWS

Hello,

I am trying to configure SSO with knoxsso using OKTA on AWS.

I have created an okta SSO application for this using following parameters:

single sign on url:https://ec2-52-204-175-112.compute-1.amazonaws.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client

SP entity id:https://ec2-52-204-175-112.compute-1.amazonaws.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client

When trying to access webhdfs like "https://ec2-52-204-175-112.compute-1.amazonaws.com:8443/gateway/default/webhdfs/v1/tmp?op=LISTSTATUS".

It successfully redirects to the okta logon page, but after successfull authentication, it redirects to "https://ec2-52-204-175-112.compute-1.amazonaws.com:8443" and gives the following error:

HTTP ERROR: 404

Here is the debug log after logon redirect:

2017-01-23 16:37:55,644 DEBUG server.session (HashSessionManager.java:scavenge(347)) - Scavenging sessions at 1485189475644
2017-01-23 16:38:01,278 DEBUG io.SelectorManager (SelectorManager.java:select(602)) - Selector loop woken up from select, 1/1 selected
2017-01-23 16:38:01,278 DEBUG io.SelectChannelEndPoint (SelectChannelEndPoint.java:setKeyInterests(160)) - Key interests updated 1 -> 0 on SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,R,-,17732/30000,SslConnection}{io=1,kio=0,kro=1}
2017-01-23 16:38:01,278 DEBUG io.SelectChannelEndPoint (SelectChannelEndPoint.java:updateLocalInterests(136)) - Local interests updating 1 -> 0 for SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,R,-,17732/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,279 DEBUG io.SelectorManager (SelectorManager.java:submit(480)) - Queued change org.eclipse.jetty.io.SelectChannelEndPoint$1@1076021c
2017-01-23 16:38:01,279 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILL_INTERESTED-->FILLING SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILL_INTERESTED,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,R,-,17734/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,17733/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=2,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,279 DEBUG ssl.SslConnection (SslConnection.java:onFillable(177)) - onFillable enter DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,R,-,17734/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,17733/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,279 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILL_INTERESTED-->FILLING HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17734/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,17733/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=2,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,280 DEBUG ssl.SslConnection (SslConnection.java:onFillable(198)) - onFillable exit DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17735/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,17734/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,280 DEBUG server.HttpConnection (HttpConnection.java:onFillable(207)) - HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17735/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,17734/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=2,c=false,a=IDLE,uri=}] onFillable HttpChannelState@176a9562{s=IDLE i=true a=null}
2017-01-23 16:38:01,280 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILLING-->IDLE SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17735/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,17734/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=2,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,280 DEBUG io.SelectorManager (SelectorManager.java:runChange(525)) - Running change org.eclipse.jetty.io.SelectChannelEndPoint$1@1076021c
2017-01-23 16:38:01,280 DEBUG io.SelectorManager (SelectorManager.java:select(599)) - Selector loop waiting on select
2017-01-23 16:38:01,280 DEBUG ssl.SslConnection (SslConnection.java:fill(481)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17735/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,17734/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=2,c=false,a=IDLE,uri=}] fill enter
2017-01-23 16:38:01,281 DEBUG io.ChannelEndPoint (ChannelEndPoint.java:fill(142)) - filled 6757 SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,17735/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,281 DEBUG ssl.SslConnection (SslConnection.java:fill(509)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=6757/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17736/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,0/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=2,c=false,a=IDLE,uri=}] filled 6757 encrypted bytes
2017-01-23 16:38:01,281 DEBUG ssl.SslConnection (SslConnection.java:fill(526)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=5840/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17736/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,0/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=2,c=false,a=IDLE,uri=}] unwrap Status = OK HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 917 bytesProduced = 874
2017-01-23 16:38:01,282 DEBUG ssl.SslConnection (SslConnection.java:fill(689)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=5840/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17737/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,1/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=2,c=false,a=IDLE,uri=}] fill exit
2017-01-23 16:38:01,282 DEBUG http.HttpParser (HttpParser.java:parseNext(1232)) - parseNext s=START HeapByteBuffer@45dbf0cd[p=0,l=874,c=17408,r=874]={<<<POST /gateway/kno...a6c8592cba2\r\n\r\n>>>\xF8Py\x96\xE8\x8d\x8bmw\x90\xFe_\x9f\x04<K\xA0...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
2017-01-23 16:38:01,282 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - START --> SPACE1
2017-01-23 16:38:01,282 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - SPACE1 --> URI
2017-01-23 16:38:01,282 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - URI --> SPACE2
2017-01-23 16:38:01,282 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - SPACE2 --> REQUEST_VERSION
2017-01-23 16:38:01,282 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - REQUEST_VERSION --> HEADER
2017-01-23 16:38:01,282 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,282 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,283 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,283 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,283 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_VALUE
2017-01-23 16:38:01,283 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_VALUE --> HEADER_IN_VALUE
2017-01-23 16:38:01,283 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,283 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_VALUE
2017-01-23 16:38:01,283 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_VALUE --> HEADER_IN_VALUE
2017-01-23 16:38:01,283 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,283 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_NAME
2017-01-23 16:38:01,283 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_NAME --> HEADER_VALUE
2017-01-23 16:38:01,283 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_VALUE --> HEADER_IN_VALUE
2017-01-23 16:38:01,284 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,284 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_NAME
2017-01-23 16:38:01,284 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_NAME --> HEADER_VALUE
2017-01-23 16:38:01,284 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_VALUE --> HEADER_IN_VALUE
2017-01-23 16:38:01,284 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,284 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,284 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,284 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,284 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,284 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,284 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,285 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_VALUE
2017-01-23 16:38:01,285 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_VALUE --> HEADER_IN_VALUE
2017-01-23 16:38:01,285 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,285 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,285 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,285 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,285 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,285 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_VALUE
2017-01-23 16:38:01,285 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_VALUE --> HEADER_IN_VALUE
2017-01-23 16:38:01,286 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,286 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> CONTENT
2017-01-23 16:38:01,286 DEBUG server.HttpChannel (HttpChannel.java:handle(272)) - HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client} handle enter
2017-01-23 16:38:01,286 DEBUG server.HttpChannelState (HttpChannelState.java:handling(174)) - HttpChannelState@176a9562{s=IDLE i=true a=null} handling IDLE
2017-01-23 16:38:01,286 DEBUG server.HttpChannel (HttpChannel.java:handle(296)) - HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client} action REQUEST_DISPATCH
2017-01-23 16:38:01,286 DEBUG server.Server (Server.java:handle(488)) - REQUEST POST /gateway/knoxsso/api/v1/websso on HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}
2017-01-23 16:38:01,287 DEBUG handler.ContextHandler (ContextHandler.java:doScope(981)) - scope null||/gateway/knoxsso/api/v1/websso @ o.e.j.w.WebAppContext@622551a2{/gateway/knoxsso,file:/var/lib/knox/data-2.5.3.0-37/deployments/knoxsso.topo.159cc2b2df8/%252F/,AVAILABLE}{/usr/hdp/2.5.3.0-37/knox/bin/../data/deployments/knoxsso.topo.159cc2b2df8/%2F}
2017-01-23 16:38:01,287 DEBUG handler.ContextHandler (ContextHandler.java:doScope(1055)) - context=/gateway/knoxsso||/api/v1/websso @ o.e.j.w.WebAppContext@622551a2{/gateway/knoxsso,file:/var/lib/knox/data-2.5.3.0-37/deployments/knoxsso.topo.159cc2b2df8/%252F/,AVAILABLE}{/usr/hdp/2.5.3.0-37/knox/bin/../data/deployments/knoxsso.topo.159cc2b2df8/%2F}
2017-01-23 16:38:01,287 DEBUG server.session (SessionHandler.java:checkRequestedSessionId(268)) - Got Session ID 11snttzkl9e1h1ns5qfqb74t0l from cookie
2017-01-23 16:38:01,287 DEBUG server.session (SessionHandler.java:doScope(179)) - sessionManager=org.eclipse.jetty.server.session.HashSessionManager@285cc379
2017-01-23 16:38:01,287 DEBUG server.session (SessionHandler.java:doScope(180)) - session=null
2017-01-23 16:38:01,287 DEBUG servlet.ServletHandler (ServletHandler.java:doScope(501)) - servlet /gateway/knoxsso||/api/v1/websso -> knoxsso-knox-gateway-servlet@6d66b205==org.apache.hadoop.gateway.GatewayServlet,-1,true
2017-01-23 16:38:01,287 DEBUG servlet.ServletHandler (ServletHandler.java:doHandle(564)) - chain=null
2017-01-23 16:38:01,288 DEBUG hadoop.gateway (GatewayFilter.java:doFilter(116)) - Received request: POST /api/v1/websso
2017-01-23 16:38:01,300 DEBUG http.HttpParser (HttpParser.java:parseNext(1232)) - parseNext s=CONTENT HeapByteBuffer@45dbf0cd[p=874,l=874,c=17408,r=0]={POST /gateway/kno...a6c8592cba2\r\n\r\n<<<>>>\xF8Py\x96\xE8\x8d\x8bmw\x90\xFe_\x9f\x04<K\xA0...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
2017-01-23 16:38:01,301 DEBUG ssl.SslConnection (SslConnection.java:fill(481)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=5840/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17756/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,20/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] fill enter
2017-01-23 16:38:01,301 DEBUG io.ChannelEndPoint (ChannelEndPoint.java:fill(142)) - filled 0 SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,20/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,302 DEBUG ssl.SslConnection (SslConnection.java:fill(509)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=5840/-1,di=0} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17756/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,20/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] filled 0 encrypted bytes
2017-01-23 16:38:01,302 DEBUG ssl.SslConnection (SslConnection.java:fill(526)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=5840/-1,di=0} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17757/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,21/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] unwrap Status = BUFFER_UNDERFLOW HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 0 bytesProduced = 0
2017-01-23 16:38:01,302 DEBUG ssl.SslConnection (SslConnection.java:fill(689)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=5840/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17757/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,21/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] fill exit
2017-01-23 16:38:01,303 DEBUG server.HttpConnection (HttpConnection.java:parseContent(322)) - HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17757/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,21/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] filled 0
2017-01-23 16:38:01,303 DEBUG io.AbstractConnection (AbstractConnection.java:fillInterested(141)) - fillInterested HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17758/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,22/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}]
2017-01-23 16:38:01,303 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILLING-->FILLING_INTERESTED_CALLBACK(REFILLING) HttpConnection@567560f0[FILLING_INTERESTED_CALLBACK(REFILLING),DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,17758/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,22/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}]
2017-01-23 16:38:01,304 DEBUG io.AbstractConnection (AbstractConnection.java:fillInterested(128)) - fillInterested SslConnection@342f58e8{NOT_HANDSHAKING,eio=5840/-1,di=-1} -> HttpConnection@567560f0[FILLING_INTERESTED_CALLBACK(REFILLING),DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,R,-,1/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,23/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}]
2017-01-23 16:38:01,304 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - IDLE-->FILL_INTERESTED SslConnection@342f58e8{NOT_HANDSHAKING,eio=5840/-1,di=-1} -> HttpConnection@567560f0[FILLING_INTERESTED_CALLBACK(REFILLING),DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,R,-,1/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,23/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}]
2017-01-23 16:38:01,304 DEBUG io.SelectChannelEndPoint (SelectChannelEndPoint.java:updateLocalInterests(136)) - Local interests updating 0 -> 1 for SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,R,-,0/30000,SslConnection}{io=1,kio=0,kro=1}
2017-01-23 16:38:01,305 DEBUG io.SelectorManager (SelectorManager.java:submit(480)) - Queued change org.eclipse.jetty.io.SelectChannelEndPoint$1@1076021c
2017-01-23 16:38:01,305 DEBUG io.SelectorManager (SelectorManager.java:select(602)) - Selector loop woken up from select, 0/1 selected
2017-01-23 16:38:01,305 DEBUG io.SelectorManager (SelectorManager.java:runChange(525)) - Running change org.eclipse.jetty.io.SelectChannelEndPoint$1@1076021c
2017-01-23 16:38:01,305 DEBUG server.HttpInputOverHTTP (HttpInputOverHTTP.java:blockForContent(65)) - HttpInputOverHTTP@65ca1676 block readable on Blocker@43fb1683{null}
2017-01-23 16:38:01,306 DEBUG io.SelectChannelEndPoint (SelectChannelEndPoint.java:setKeyInterests(160)) - Key interests updated 0 -> 1 on SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,R,-,2/30000,SslConnection}{io=1,kio=1,kro=1}
2017-01-23 16:38:01,306 DEBUG io.SelectorManager (SelectorManager.java:select(599)) - Selector loop waiting on select
2017-01-23 16:38:01,373 DEBUG io.SelectorManager (SelectorManager.java:select(602)) - Selector loop woken up from select, 1/1 selected
2017-01-23 16:38:01,374 DEBUG io.SelectChannelEndPoint (SelectChannelEndPoint.java:setKeyInterests(160)) - Key interests updated 1 -> 0 on SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,R,-,70/30000,SslConnection}{io=1,kio=0,kro=1}
2017-01-23 16:38:01,374 DEBUG io.SelectChannelEndPoint (SelectChannelEndPoint.java:updateLocalInterests(136)) - Local interests updating 1 -> 0 for SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,R,-,70/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,374 DEBUG io.SelectorManager (SelectorManager.java:submit(480)) - Queued change org.eclipse.jetty.io.SelectChannelEndPoint$1@1076021c
2017-01-23 16:38:01,374 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILL_INTERESTED-->FILLING SslConnection@342f58e8{NOT_HANDSHAKING,eio=5840/-1,di=-1} -> HttpConnection@567560f0[FILLING_INTERESTED_CALLBACK(REFILLING),DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,R,-,71/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,70/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}]
2017-01-23 16:38:01,375 DEBUG ssl.SslConnection (SslConnection.java:onFillable(177)) - onFillable enter DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,R,-,71/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,70/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,375 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILLING_INTERESTED_CALLBACK(REFILLING)-->REFILLING HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,72/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,71/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}]
2017-01-23 16:38:01,375 DEBUG ssl.SslConnection (SslConnection.java:onFillable(198)) - onFillable exit DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,72/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,71/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,375 DEBUG http.HttpParser (HttpParser.java:parseNext(1232)) - parseNext s=CONTENT HeapByteBuffer@45dbf0cd[p=874,l=874,c=17408,r=0]={POST /gateway/kno...a6c8592cba2\r\n\r\n<<<>>>\xF8Py\x96\xE8\x8d\x8bmw\x90\xFe_\x9f\x04<K\xA0...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
2017-01-23 16:38:01,375 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILLING-->IDLE SslConnection@342f58e8{NOT_HANDSHAKING,eio=5840/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,72/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,71/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}]
2017-01-23 16:38:01,376 DEBUG io.SelectorManager (SelectorManager.java:runChange(525)) - Running change org.eclipse.jetty.io.SelectChannelEndPoint$1@1076021c
2017-01-23 16:38:01,376 DEBUG io.SelectorManager (SelectorManager.java:select(599)) - Selector loop waiting on select
2017-01-23 16:38:01,376 DEBUG ssl.SslConnection (SslConnection.java:fill(481)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=5840/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,73/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,72/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] fill enter
2017-01-23 16:38:01,376 DEBUG io.ChannelEndPoint (ChannelEndPoint.java:fill(142)) - filled 4997 SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,72/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,377 DEBUG ssl.SslConnection (SslConnection.java:fill(509)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=10837/-1,di=0} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,74/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,0/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] filled 4997 encrypted bytes
2017-01-23 16:38:01,378 DEBUG ssl.SslConnection (SslConnection.java:fill(526)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=0/-1,di=10783} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,75/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,1/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] unwrap Status = OK HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 10837 bytesProduced = 10783
2017-01-23 16:38:01,378 DEBUG ssl.SslConnection (SslConnection.java:fill(689)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,75/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,1/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] fill exit
2017-01-23 16:38:01,379 DEBUG server.HttpConnection (HttpConnection.java:parseContent(322)) - HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,76/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,2/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=CONTENT,0 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] filled 10783
2017-01-23 16:38:01,379 DEBUG http.HttpParser (HttpParser.java:parseNext(1232)) - parseNext s=CONTENT HeapByteBuffer@45dbf0cd[p=0,l=10783,c=17408,r=10783]={<<<SAMLResponse=PD94...e%3DSAML2Client>>>ent\x9c*vt\xC7\x9f\x8fpi4\xFey\x03[...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
2017-01-23 16:38:01,379 DEBUG server.HttpChannel (HttpChannel.java:content(693)) - HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client} content java.nio.HeapByteBufferR[pos=0 lim=10783 cap=17408]
2017-01-23 16:38:01,386 DEBUG http.HttpParser (HttpParser.java:parseNext(1232)) - parseNext s=CONTENT HeapByteBuffer@45dbf0cd[p=10783,l=10783,c=17408,r=0]={SAMLResponse=PD94...e%3DSAML2Client<<<>>>ent\x9c*vt\xC7\x9f\x8fpi4\xFey\x03[...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
2017-01-23 16:38:01,386 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - CONTENT --> END
2017-01-23 16:38:01,386 DEBUG server.HttpChannel (HttpChannel.java:messageComplete(705)) - HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client} messageComplete
2017-01-23 16:38:01,387 DEBUG server.HttpInput (HttpInput.java:messageComplete(272)) - HttpInputOverHTTP@65ca1676 EOF
2017-01-23 16:38:01,387 DEBUG ssl.SslConnection (SslConnection.java:fill(481)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,84/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,10/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=END,10783 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] fill enter
2017-01-23 16:38:01,387 DEBUG io.ChannelEndPoint (ChannelEndPoint.java:fill(142)) - filled 0 SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,10/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,388 DEBUG ssl.SslConnection (SslConnection.java:fill(509)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=0/-1,di=0} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,85/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,11/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=END,10783 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] filled 0 encrypted bytes
2017-01-23 16:38:01,388 DEBUG ssl.SslConnection (SslConnection.java:fill(526)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=0/-1,di=0} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,85/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,11/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=END,10783 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] unwrap Status = BUFFER_UNDERFLOW HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 0 bytesProduced = 0
2017-01-23 16:38:01,388 DEBUG ssl.SslConnection (SslConnection.java:fill(689)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,85/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,11/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=END,10783 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] fill exit
2017-01-23 16:38:01,389 DEBUG server.HttpConnection (HttpConnection.java:parseContent(322)) - HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,86/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,12/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=END,10783 of 10783},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] filled 0
2017-01-23 16:38:01,389 DEBUG server.HttpInput (HttpInput.java:getNextContent(151)) - HttpInputOverHTTP@65ca1676 eof EOF
2017-01-23 16:38:01,389 DEBUG server.HttpInput (HttpInput.java:getNextContent(151)) - HttpInputOverHTTP@65ca1676 eof EOF
2017-01-23 16:38:01,390 DEBUG filter.CallbackFilter (CallbackFilter.java:internalFilter(72)) - client: <SAML2Client> | name: SAML2Client |
2017-01-23 16:38:01,390 DEBUG context.SAML2ContextProvider (SAML2ContextProvider.java:addTransportContext(111)) - Creating message storage by org.pac4j.saml.storage.EmptyStorageFactory
2017-01-23 16:38:01,391 DEBUG impl.AbstractMetadataResolver (AbstractMetadataResolver.java:lookupEntityID(334)) - Metadata backing store does not contain any EntityDescriptors with the ID: https://ec2-52-204-175-112.compute-1.amazonaws.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=...
2017-01-23 16:38:01,391 DEBUG transport.Pac4jHTTPPostDecoder (Pac4jHTTPPostDecoder.java:doInitialize(116)) - Initialized Pac4jHTTPPostDecoder
2017-01-23 16:38:01,391 DEBUG transport.Pac4jHTTPPostDecoder (Pac4jHTTPPostDecoder.java:doDecode(73)) - Decoded SAML relay state of: https://ec2-52-204-175-112.compute-1.amazonaws.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=...
2017-01-23 16:38:01,392 DEBUG transport.Pac4jHTTPPostDecoder (Pac4jHTTPPostDecoder.java:getBase64DecodedMessage(86)) - Getting Base64 encoded message from context, ignoring the given request
2017-01-23 16:38:01,392 DEBUG util.XMLObjectSupport (XMLObjectSupport.java:unmarshallFromInputStream(161)) - Parsing InputStream into DOM document
2017-01-23 16:38:01,394 DEBUG util.XMLObjectSupport (XMLObjectSupport.java:unmarshallFromInputStream(171)) - Unmarshalling DOM parsed from InputStream
2017-01-23 16:38:01,395 DEBUG impl.SignatureUnmarshaller (SignatureUnmarshaller.java:unmarshall(57)) - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2017-01-23 16:38:01,395 DEBUG impl.SignatureUnmarshaller (SignatureUnmarshaller.java:unmarshall(64)) - Constructing Apache XMLSignature object
2017-01-23 16:38:01,396 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Signature", "")
2017-01-23 16:38:01,396 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:SignedInfo", "")
2017-01-23 16:38:01,396 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:SignatureMethod", "")
2017-01-23 16:38:01,397 DEBUG algorithms.SignatureAlgorithm (SignatureAlgorithm.java:getSignatureAlgorithmSpi(148)) - Create URI "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256"
2017-01-23 16:38:01,397 DEBUG algorithms.JCEMapper (JCEMapper.java:translateURItoJCEID(219)) - Request for URI http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2017-01-23 16:38:01,397 DEBUG implementations.SignatureBaseRSA (SignatureBaseRSA.java:<init>(58)) - Created SignatureRSA using SHA256withRSA
2017-01-23 16:38:01,397 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:KeyInfo", "")
2017-01-23 16:38:01,397 DEBUG impl.SignatureUnmarshaller (SignatureUnmarshaller.java:unmarshall(70)) - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2017-01-23 16:38:01,398 DEBUG impl.SignatureUnmarshaller (SignatureUnmarshaller.java:unmarshall(77)) - Adding KeyInfo to Signature
2017-01-23 16:38:01,399 DEBUG impl.SignatureUnmarshaller (SignatureUnmarshaller.java:unmarshall(57)) - Starting to unmarshall Apache XML-Security-based SignatureImpl element
2017-01-23 16:38:01,399 DEBUG impl.SignatureUnmarshaller (SignatureUnmarshaller.java:unmarshall(64)) - Constructing Apache XMLSignature object
2017-01-23 16:38:01,400 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Signature", "")
2017-01-23 16:38:01,400 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:SignedInfo", "")
2017-01-23 16:38:01,400 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:SignatureMethod", "")
2017-01-23 16:38:01,400 DEBUG algorithms.SignatureAlgorithm (SignatureAlgorithm.java:getSignatureAlgorithmSpi(148)) - Create URI "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256"
2017-01-23 16:38:01,401 DEBUG algorithms.JCEMapper (JCEMapper.java:translateURItoJCEID(219)) - Request for URI http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2017-01-23 16:38:01,401 DEBUG implementations.SignatureBaseRSA (SignatureBaseRSA.java:<init>(58)) - Created SignatureRSA using SHA256withRSA
2017-01-23 16:38:01,401 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:KeyInfo", "")
2017-01-23 16:38:01,401 DEBUG impl.SignatureUnmarshaller (SignatureUnmarshaller.java:unmarshall(70)) - Adding canonicalization and signing algorithms, and HMAC output length to Signature
2017-01-23 16:38:01,401 DEBUG impl.SignatureUnmarshaller (SignatureUnmarshaller.java:unmarshall(77)) - Adding KeyInfo to Signature
2017-01-23 16:38:01,405 DEBUG util.XMLObjectSupport (XMLObjectSupport.java:unmarshallFromInputStream(183)) - InputStream succesfully unmarshalled
2017-01-23 16:38:01,405 DEBUG transport.Pac4jHTTPPostDecoder (Pac4jHTTPPostDecoder.java:doDecode(78)) - Decoded SAML message
2017-01-23 16:38:01,405 DEBUG support.SAML2MetadataSupport (SAML2MetadataSupport.java:getDefaultIndexedEndpoint(55)) - Selecting default IndexedEndpoint
2017-01-23 16:38:01,405 DEBUG support.SAML2MetadataSupport (SAML2MetadataSupport.java:getDefaultIndexedEndpoint(76)) - Selected first IndexedEndpoint with no explicit isDefault
2017-01-23 16:38:01,405 DEBUG support.SAML2MetadataSupport (SAML2MetadataSupport.java:getDefaultIndexedEndpoint(55)) - Selecting default IndexedEndpoint
2017-01-23 16:38:01,406 DEBUG support.SAML2MetadataSupport (SAML2MetadataSupport.java:getDefaultIndexedEndpoint(76)) - Selected first IndexedEndpoint with no explicit isDefault
2017-01-23 16:38:01,406 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Reference", "")
2017-01-23 16:38:01,406 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Transforms", "")
2017-01-23 16:38:01,407 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Transform", "")
2017-01-23 16:38:01,407 DEBUG impl.SAMLSignatureProfileValidator (SAMLSignatureProfileValidator.java:validateTransforms(234)) - Saw Enveloped signature transform
2017-01-23 16:38:01,407 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Transform", "")
2017-01-23 16:38:01,408 DEBUG impl.SAMLSignatureProfileValidator (SAMLSignatureProfileValidator.java:validateTransforms(238)) - Saw Exclusive C14N signature transform
2017-01-23 16:38:01,408 DEBUG impl.MetadataCredentialResolver (MetadataCredentialResolver.java:resolveFromMetadata(286)) - Resolving credentials from metadata using entityID: http://www.okta.com/exk9bgmizoQVcmqsP0h7, role: {urn:oasis:names:tc:SAML:2.0:metadata}IDPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2017-01-23 16:38:01,408 DEBUG impl.MetadataCredentialResolver (MetadataCredentialResolver.java:getRoleDescriptors(435)) - Retrieving role descriptor metadata for entity 'http://www.okta.com/exk9bgmizoQVcmqsP0h7' in role '{urn:oasis:names:tc:SAML:2.0:metadata}IDPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2017-01-23 16:38:01,409 DEBUG impl.MetadataCredentialResolver (MetadataCredentialResolver.java:extractCredentials(350)) - Resolved cached credentials from KeyDescriptor object metadata
2017-01-23 16:38:01,409 DEBUG impl.EvaluableCredentialCriteriaRegistry (EvaluableCredentialCriteriaRegistry.java:getEvaluator(81)) - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableEntityIDCredentialCriterion for criteria class org.opensaml.core.criterion.EntityIdCriterion
2017-01-23 16:38:01,409 DEBUG impl.EvaluableCredentialCriteriaRegistry (EvaluableCredentialCriteriaRegistry.java:getEvaluator(96)) - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.criterion.ProtocolCriterion
2017-01-23 16:38:01,409 DEBUG impl.EvaluableCredentialCriteriaRegistry (EvaluableCredentialCriteriaRegistry.java:getEvaluator(81)) - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion for criteria class org.opensaml.security.criteria.UsageCriterion
2017-01-23 16:38:01,409 DEBUG impl.EvaluableCredentialCriteriaRegistry (EvaluableCredentialCriteriaRegistry.java:getEvaluator(96)) - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.criterion.EntityRoleCriterion
2017-01-23 16:38:01,410 DEBUG impl.EvaluableCredentialCriteriaRegistry (EvaluableCredentialCriteriaRegistry.java:getEvaluator(81)) - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion for criteria class org.opensaml.security.criteria.KeyAlgorithmCriterion
2017-01-23 16:38:01,410 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:validate(189)) - Attempting to verify signature and establish trust using KeyInfo-derived credentials
2017-01-23 16:38:01,410 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:initResolutionContext(353)) - Found 0 key names: []
2017-01-23 16:38:01,411 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:processKeyInfoChildren(272)) - Processing KeyInfo child with QName: {http://www.w3.org/2000/09/xmldsig#}X509Data
2017-01-23 16:38:01,411 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:processKeyInfoChild(311)) - Provider org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2017-01-23 16:38:01,411 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:processKeyInfoChild(311)) - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2017-01-23 16:38:01,411 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:processKeyInfoChild(311)) - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2017-01-23 16:38:01,412 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:processKeyInfoChild(316)) - Processing KeyInfo child {http://www.w3.org/2000/09/xmldsig#}X509Data with provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2017-01-23 16:38:01,412 DEBUG provider.InlineX509DataProvider (InlineX509DataProvider.java:process(123)) - Attempting to extract credential from an X509Data
2017-01-23 16:38:01,412 DEBUG provider.InlineX509DataProvider (InlineX509DataProvider.java:extractCertificates(194)) - Found 1 X509Certificates
2017-01-23 16:38:01,413 DEBUG provider.InlineX509DataProvider (InlineX509DataProvider.java:extractCRLs(174)) - Found 0 X509CRLs
2017-01-23 16:38:01,413 DEBUG provider.InlineX509DataProvider (InlineX509DataProvider.java:findEntityCert(214)) - Single certificate was present, treating as end-entity certificate
2017-01-23 16:38:01,413 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:processKeyInfoChild(326)) - Credentials successfully extracted from child {http://www.w3.org/2000/09/xmldsig#}X509Data by provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2017-01-23 16:38:01,413 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:resolveFromSource(176)) - A total of 1 credentials were resolved
2017-01-23 16:38:01,414 DEBUG impl.EvaluableCredentialCriteriaRegistry (EvaluableCredentialCriteriaRegistry.java:getEvaluator(96)) - Registry could not locate evaluable criteria for criteria class org.opensaml.xmlsec.keyinfo.KeyInfoCriterion
2017-01-23 16:38:01,414 DEBUG support.SignatureValidationProvider (SignatureValidator.java:validate(53)) - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.provider.ApacheSantuarioSignatureValidationProviderImpl
2017-01-23 16:38:01,414 DEBUG provider.ApacheSantuarioSignatureValidationProviderImpl (ApacheSantuarioSignatureValidationProviderImpl.java:validate(50)) - Attempting to validate signature using key from supplied credential
2017-01-23 16:38:01,414 DEBUG provider.ApacheSantuarioSignatureValidationProviderImpl (ApacheSantuarioSignatureValidationProviderImpl.java:getXMLSignature(92)) - Accessing XMLSignature object
2017-01-23 16:38:01,414 DEBUG provider.ApacheSantuarioSignatureValidationProviderImpl (ApacheSantuarioSignatureValidationProviderImpl.java:validate(65)) - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2017-01-23 16:38:01,415 DEBUG provider.ApacheSantuarioSignatureValidationProviderImpl (ApacheSantuarioSignatureValidationProviderImpl.java:validate(66)) - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2017-01-23 16:38:01,415 DEBUG signature.XMLSignature (XMLSignature.java:checkSignatureValue(691)) - SignatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2017-01-23 16:38:01,415 DEBUG signature.XMLSignature (XMLSignature.java:checkSignatureValue(692)) - jceSigAlgorithm    = SHA256withRSA
2017-01-23 16:38:01,415 DEBUG signature.XMLSignature (XMLSignature.java:checkSignatureValue(693)) - jceSigProvider     = SunRsaSign
2017-01-23 16:38:01,417 DEBUG signature.XMLSignature (XMLSignature.java:checkSignatureValue(694)) - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25667683533316827105526217697288124983667066376320296509378701681749880701894128741292540223692922374878015365656016838006832633484201790592903210662942793655468637972824451941279914065266235915491415773988306199599806953881054171002590846922722092696158150166485441083765609936864512840520215689180458019577728637158737902071054246966891490734521935342464907723486398438657203601272352026097522151555878294818805574645972997969344635668056138353808556161431336281196330723993240045469255514457903564180234723580372781502870822830908793753805672894480319578262095361700840677602722654538735553476424030163216214586423
  public exponent: 65537
2017-01-23 16:38:01,418 DEBUG utils.SignerOutputStream (SignerOutputStream.java:write(64)) - Canonicalized SignedInfo:
2017-01-23 16:38:01,418 DEBUG utils.SignerOutputStream (SignerOutputStream.java:write(69)) - <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod><ds:Reference URI="#id13821380270332571984031931"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>r1iw23t3HH4z+2jb/k+B802tdKviP8OO9BMrz1HkLZQ=</ds:DigestValue></ds:Reference></ds:SignedInfo>
2017-01-23 16:38:01,419 DEBUG signature.Manifest (Manifest.java:verifyReferences(313)) - verify 1 References
2017-01-23 16:38:01,420 DEBUG signature.Manifest (Manifest.java:verifyReferences(314)) - I am not requested to follow nested Manifests
2017-01-23 16:38:01,420 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Reference", "")
2017-01-23 16:38:01,420 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Transforms", "")
2017-01-23 16:38:01,421 DEBUG algorithms.JCEMapper (JCEMapper.java:translateURItoJCEID(219)) - Request for URI http://www.w3.org/2001/04/xmlenc#sha256
2017-01-23 16:38:01,421 DEBUG resolver.ResourceResolver (ResourceResolver.java:getInstance(158)) - I was asked to create a ResourceResolver and got 0
2017-01-23 16:38:01,421 DEBUG resolver.ResourceResolver (ResourceResolver.java:getInstance(101)) - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
2017-01-23 16:38:01,421 DEBUG implementations.ResolverFragment (ResolverFragment.java:engineCanResolve(137)) - State I can resolve reference: "#id13821380270332571984031931"
2017-01-23 16:38:01,421 DEBUG implementations.ResolverFragment (ResolverFragment.java:engineResolve(100)) - Try to catch an Element with ID id13821380270332571984031931 and Element was [saml2p:Response: null]
2017-01-23 16:38:01,422 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Transform", "")
2017-01-23 16:38:01,422 DEBUG transforms.Transforms (Transforms.java:performTransforms(269)) - Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform
2017-01-23 16:38:01,422 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Transform", "")
2017-01-23 16:38:01,422 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ec:InclusiveNamespaces", "")
2017-01-23 16:38:01,433 DEBUG utils.DigesterOutputStream (DigesterOutputStream.java:write(55)) - Pre-digested input:
2017-01-23 16:38:01,434 DEBUG utils.DigesterOutputStream (DigesterOutputStream.java:write(60)) - <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema" Destination="https://ec2-52-204-175-112.compute-1.amazonaws.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client" ID="id13821380270332571984031931" InResponseTo="_mxddhetjioqafrunqhlyblcrhufptvsbc5agtcl" IssueInstant="2017-01-23T16:38:00.954Z" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.okta.com/exk9bgmizoQVcmqsP0h7</saml2:Issuer><saml2p:Status><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"></saml2p:StatusCode></saml2p:Status><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="id13821380270373134429425053" IssueInstant="2017-01-23T16:38:00.954Z" Version="2.0"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.okta.com/exk9bgmizoQVcmqsP0h7</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod><ds:Reference URI="#id13821380270373134429425053"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>87mBzsI72AnPkIZw0XK/p1E33FmtC1UsFWXRv+Mj++U=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>AC2idYtK4Mlo9xHyUp/fkg9QosSZV7yzCvwy/764xXkkSTWAFSszSpHZdAogjQ4D9D9KqB/xihf8O5yi3Qo1/0fxWsDPXAmYAejvv5beRxKt4aSagThloXtlAI9L4YSfWGNIDpVgl5OCEJsXt5Ihe2BuGfu0jhLo7hLcl1mAh1Z5j1hsOkA0RgQQpNxwBcAXTWgfaWE1TL4G0X0njJ9+oPVnLswJOXCUfUL9IzXb6gGdPoQaa1Q+QqxVLQ0eB3PUiCVoS1SBJOcwj8jWSmkFTpeIO0lC/nRX8W0Bqyt4gJ7JzpbD9FcKsZovgxUuwA4wTu33wAFMdTn5TwTlBr+Fpw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAVmXxzRuMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi04NDA4MzkxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMTcwMTEzMTIyMTExWhcNMjcwMTEzMTIyMjExWjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtODQwODM5MRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
y1PEpuzX6aNVnxmBs9JvGqGyDFH5Of8awC+AKfchx8wWn/2zccHc/jUWuRkIMF5fQ7E6JIJwC3jW
DSU94rH4btScpugt6Tpx8rLHye3RMDDc8crc3a1MdTWmZS3QYz3MhuI5wrRvYaUw5AvvSl+bPWx6
vgQo8iOd3MK0qAR5LIKmRFA7kBBVt4T8WQzxRWqeqT8NnOXIyjEIAw3790baZ0UmlGQocN7fHVou
b8ZfQiaEgtnU0+foPCavhsgvJ4NiZRcYut+XK2NJ351epkzk+TrPU/U2DPUhOh2IJ27kPEaRpRk9
cXDiX22Hd4addnldps5UNkUoPutMsUTlm+D0NwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQCDmMwF
Xdl6pYQ9pC621C0cRbbtgMHpl/+z22saSwPmOGr0DqUvaxFhxFAK4JjKoM/cGJ29oO6f9vhcko8F
ogKeASRTOIEYgIv3FVPHTp7RUSWi6L0dUK6lRyWXTn0n7pcB/QgDMkoo+eL9tCrC3owkTo7tcDcC
kgrpQebV5V1ZtY7vVOq2JAOOS/zFhbOirf1OiJiTUC2nyx5eb7EBYQ5HQW6rwbD30K2tzvSCif/O
VNbyBEcFIXnK+j99K7L1jE67UnRCM5+ynC0wORlZ8hn2R9Q2t6R6kD1xziNtyAJsbzfpt4FACUdQ
nSbreZEfqNuceWlCayekBLt7E8iKcaGC</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">sametkaradag@gmail.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="_mxddhetjioqafrunqhlyblcrhufptvsbc5agtcl" NotOnOrAfter="2017-01-23T16:43:00.954Z" Recipient="https://ec2-52-204-175-112.compute-1.amazonaws.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client"></saml2:SubjectConfirmationData></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2017-01-23T16:33:00.954Z" NotOnOrAfter="2017-01-23T16:43:00.954Z"><saml2:AudienceRestriction><saml2:Audience>https://ec2-52-204-175-112.compute-1.amazonaws.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2017-01-23T16:38:00.954Z" SessionIndex="_mxddhetjioqafrunqhlyblcrhufptvsbc5agtcl"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">admin</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></saml2p:Response>
2017-01-23 16:38:01,434 DEBUG signature.Reference (Reference.java:verify(770)) - Verification successful for URI "#id13821380270332571984031931"
2017-01-23 16:38:01,434 DEBUG signature.Manifest (Manifest.java:verifyReferences(344)) - The Reference has Type
2017-01-23 16:38:01,435 DEBUG provider.ApacheSantuarioSignatureValidationProviderImpl (ApacheSantuarioSignatureValidationProviderImpl.java:validate(71)) - Signature validated with key from supplied credential
2017-01-23 16:38:01,435 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:verifySignature(248)) - Signature validation using candidate credential was successful
2017-01-23 16:38:01,435 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:validate(199)) - Successfully verified signature using KeyInfo-derived credential
2017-01-23 16:38:01,435 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:validate(200)) - Attempting to establish trust of KeyInfo-derived credential
2017-01-23 16:38:01,435 DEBUG impl.ExplicitKeyTrustEvaluator (ExplicitKeyTrustEvaluator.java:validate(93)) - Successfully validated untrusted credential against trusted key
2017-01-23 16:38:01,436 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:validate(202)) - Successfully established trust of KeyInfo-derived credential
2017-01-23 16:38:01,436 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Reference", "")
2017-01-23 16:38:01,437 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Transforms", "")
2017-01-23 16:38:01,437 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Transform", "")
2017-01-23 16:38:01,437 DEBUG impl.SAMLSignatureProfileValidator (SAMLSignatureProfileValidator.java:validateTransforms(234)) - Saw Enveloped signature transform
2017-01-23 16:38:01,437 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Transform", "")
2017-01-23 16:38:01,438 DEBUG impl.SAMLSignatureProfileValidator (SAMLSignatureProfileValidator.java:validateTransforms(238)) - Saw Exclusive C14N signature transform
2017-01-23 16:38:01,438 DEBUG impl.MetadataCredentialResolver (MetadataCredentialResolver.java:resolveFromMetadata(286)) - Resolving credentials from metadata using entityID: http://www.okta.com/exk9bgmizoQVcmqsP0h7, role: {urn:oasis:names:tc:SAML:2.0:metadata}IDPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2017-01-23 16:38:01,438 DEBUG impl.MetadataCredentialResolver (MetadataCredentialResolver.java:getRoleDescriptors(435)) - Retrieving role descriptor metadata for entity 'http://www.okta.com/exk9bgmizoQVcmqsP0h7' in role '{urn:oasis:names:tc:SAML:2.0:metadata}IDPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2017-01-23 16:38:01,438 DEBUG impl.MetadataCredentialResolver (MetadataCredentialResolver.java:extractCredentials(350)) - Resolved cached credentials from KeyDescriptor object metadata
2017-01-23 16:38:01,439 DEBUG impl.EvaluableCredentialCriteriaRegistry (EvaluableCredentialCriteriaRegistry.java:getEvaluator(81)) - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableEntityIDCredentialCriterion for criteria class org.opensaml.core.criterion.EntityIdCriterion
2017-01-23 16:38:01,445 DEBUG impl.EvaluableCredentialCriteriaRegistry (EvaluableCredentialCriteriaRegistry.java:getEvaluator(96)) - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.criterion.ProtocolCriterion
2017-01-23 16:38:01,445 DEBUG impl.EvaluableCredentialCriteriaRegistry (EvaluableCredentialCriteriaRegistry.java:getEvaluator(81)) - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableUsageCredentialCriterion for criteria class org.opensaml.security.criteria.UsageCriterion
2017-01-23 16:38:01,445 DEBUG impl.EvaluableCredentialCriteriaRegistry (EvaluableCredentialCriteriaRegistry.java:getEvaluator(96)) - Registry could not locate evaluable criteria for criteria class org.opensaml.saml.criterion.EntityRoleCriterion
2017-01-23 16:38:01,445 DEBUG impl.EvaluableCredentialCriteriaRegistry (EvaluableCredentialCriteriaRegistry.java:getEvaluator(81)) - Registry located evaluable criteria class org.opensaml.security.credential.criteria.impl.EvaluableKeyAlgorithmCredentialCriterion for criteria class org.opensaml.security.criteria.KeyAlgorithmCriterion
2017-01-23 16:38:01,446 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:validate(189)) - Attempting to verify signature and establish trust using KeyInfo-derived credentials
2017-01-23 16:38:01,446 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:initResolutionContext(353)) - Found 0 key names: []
2017-01-23 16:38:01,446 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:processKeyInfoChildren(272)) - Processing KeyInfo child with QName: {http://www.w3.org/2000/09/xmldsig#}X509Data
2017-01-23 16:38:01,446 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:processKeyInfoChild(311)) - Provider org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2017-01-23 16:38:01,447 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:processKeyInfoChild(311)) - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2017-01-23 16:38:01,447 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:processKeyInfoChild(311)) - Provider org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
2017-01-23 16:38:01,447 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:processKeyInfoChild(316)) - Processing KeyInfo child {http://www.w3.org/2000/09/xmldsig#}X509Data with provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2017-01-23 16:38:01,447 DEBUG provider.InlineX509DataProvider (InlineX509DataProvider.java:process(123)) - Attempting to extract credential from an X509Data
2017-01-23 16:38:01,448 DEBUG provider.InlineX509DataProvider (InlineX509DataProvider.java:extractCertificates(194)) - Found 1 X509Certificates
2017-01-23 16:38:01,448 DEBUG provider.InlineX509DataProvider (InlineX509DataProvider.java:extractCRLs(174)) - Found 0 X509CRLs
2017-01-23 16:38:01,448 DEBUG provider.InlineX509DataProvider (InlineX509DataProvider.java:findEntityCert(214)) - Single certificate was present, treating as end-entity certificate
2017-01-23 16:38:01,448 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:processKeyInfoChild(326)) - Credentials successfully extracted from child {http://www.w3.org/2000/09/xmldsig#}X509Data by provider org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider
2017-01-23 16:38:01,449 DEBUG impl.BasicProviderKeyInfoCredentialResolver (BasicProviderKeyInfoCredentialResolver.java:resolveFromSource(176)) - A total of 1 credentials were resolved
2017-01-23 16:38:01,449 DEBUG impl.EvaluableCredentialCriteriaRegistry (EvaluableCredentialCriteriaRegistry.java:getEvaluator(96)) - Registry could not locate evaluable criteria for criteria class org.opensaml.xmlsec.keyinfo.KeyInfoCriterion
2017-01-23 16:38:01,449 DEBUG support.SignatureValidationProvider (SignatureValidator.java:validate(53)) - Using a validation provider of implementation: org.opensaml.xmlsec.signature.support.provider.ApacheSantuarioSignatureValidationProviderImpl
2017-01-23 16:38:01,449 DEBUG provider.ApacheSantuarioSignatureValidationProviderImpl (ApacheSantuarioSignatureValidationProviderImpl.java:validate(50)) - Attempting to validate signature using key from supplied credential
2017-01-23 16:38:01,450 DEBUG provider.ApacheSantuarioSignatureValidationProviderImpl (ApacheSantuarioSignatureValidationProviderImpl.java:getXMLSignature(92)) - Accessing XMLSignature object
2017-01-23 16:38:01,450 DEBUG provider.ApacheSantuarioSignatureValidationProviderImpl (ApacheSantuarioSignatureValidationProviderImpl.java:validate(65)) - Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2017-01-23 16:38:01,450 DEBUG provider.ApacheSantuarioSignatureValidationProviderImpl (ApacheSantuarioSignatureValidationProviderImpl.java:validate(66)) - Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2017-01-23 16:38:01,450 DEBUG signature.XMLSignature (XMLSignature.java:checkSignatureValue(691)) - SignatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2017-01-23 16:38:01,450 DEBUG signature.XMLSignature (XMLSignature.java:checkSignatureValue(692)) - jceSigAlgorithm    = SHA256withRSA
2017-01-23 16:38:01,451 DEBUG signature.XMLSignature (XMLSignature.java:checkSignatureValue(693)) - jceSigProvider     = SunRsaSign
2017-01-23 16:38:01,453 DEBUG signature.XMLSignature (XMLSignature.java:checkSignatureValue(694)) - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25667683533316827105526217697288124983667066376320296509378701681749880701894128741292540223692922374878015365656016838006832633484201790592903210662942793655468637972824451941279914065266235915491415773988306199599806953881054171002590846922722092696158150166485441083765609936864512840520215689180458019577728637158737902071054246966891490734521935342464907723486398438657203601272352026097522151555878294818805574645972997969344635668056138353808556161431336281196330723993240045469255514457903564180234723580372781502870822830908793753805672894480319578262095361700840677602722654538735553476424030163216214586423
  public exponent: 65537
2017-01-23 16:38:01,453 DEBUG utils.SignerOutputStream (SignerOutputStream.java:write(64)) - Canonicalized SignedInfo:
2017-01-23 16:38:01,454 DEBUG utils.SignerOutputStream (SignerOutputStream.java:write(69)) - <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod><ds:Reference URI="#id13821380270373134429425053"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod><ds:DigestValue>87mBzsI72AnPkIZw0XK/p1E33FmtC1UsFWXRv+Mj++U=</ds:DigestValue></ds:Reference></ds:SignedInfo>
2017-01-23 16:38:01,455 DEBUG signature.Manifest (Manifest.java:verifyReferences(313)) - verify 1 References
2017-01-23 16:38:01,455 DEBUG signature.Manifest (Manifest.java:verifyReferences(314)) - I am not requested to follow nested Manifests
2017-01-23 16:38:01,455 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Reference", "")
2017-01-23 16:38:01,455 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Transforms", "")
2017-01-23 16:38:01,456 DEBUG resolver.ResourceResolver (ResourceResolver.java:getInstance(158)) - I was asked to create a ResourceResolver and got 0
2017-01-23 16:38:01,456 DEBUG resolver.ResourceResolver (ResourceResolver.java:getInstance(101)) - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
2017-01-23 16:38:01,456 DEBUG implementations.ResolverFragment (ResolverFragment.java:engineCanResolve(137)) - State I can resolve reference: "#id13821380270373134429425053"
2017-01-23 16:38:01,456 DEBUG implementations.ResolverFragment (ResolverFragment.java:engineResolve(100)) - Try to catch an Element with ID id13821380270373134429425053 and Element was [saml2:Assertion: null]
2017-01-23 16:38:01,457 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Transform", "")
2017-01-23 16:38:01,457 DEBUG transforms.Transforms (Transforms.java:performTransforms(269)) - Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform
2017-01-23 16:38:01,457 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ds:Transform", "")
2017-01-23 16:38:01,457 DEBUG utils.ElementProxy (ElementProxy.java:<init>(90)) - setElement("ec:InclusiveNamespaces", "")
2017-01-23 16:38:01,460 DEBUG utils.DigesterOutputStream (DigesterOutputStream.java:write(55)) - Pre-digested input:
2017-01-23 16:38:01,460 DEBUG utils.DigesterOutputStream (DigesterOutputStream.java:write(60)) - <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="id13821380270373134429425053" IssueInstant="2017-01-23T16:38:00.954Z" Version="2.0"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.okta.com/exk9bgmizoQVcmqsP0h7</saml2:Issuer><saml2:Subject><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">sametkaradag@gmail.com</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="_mxddhetjioqafrunqhlyblcrhufptvsbc5agtcl" NotOnOrAfter="2017-01-23T16:43:00.954Z" Recipient="https://ec2-52-204-175-112.compute-1.amazonaws.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client"></saml2:SubjectConfirmationData></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2017-01-23T16:33:00.954Z" NotOnOrAfter="2017-01-23T16:43:00.954Z"><saml2:AudienceRestriction><saml2:Audience>https://ec2-52-204-175-112.compute-1.amazonaws.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2017-01-23T16:38:00.954Z" SessionIndex="_mxddhetjioqafrunqhlyblcrhufptvsbc5agtcl"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement><saml2:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">admin</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion>
2017-01-23 16:38:01,461 DEBUG signature.Reference (Reference.java:verify(770)) - Verification successful for URI "#id13821380270373134429425053"
2017-01-23 16:38:01,461 DEBUG signature.Manifest (Manifest.java:verifyReferences(344)) - The Reference has Type
2017-01-23 16:38:01,461 DEBUG provider.ApacheSantuarioSignatureValidationProviderImpl (ApacheSantuarioSignatureValidationProviderImpl.java:validate(71)) - Signature validated with key from supplied credential
2017-01-23 16:38:01,461 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:verifySignature(248)) - Signature validation using candidate credential was successful
2017-01-23 16:38:01,462 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:validate(199)) - Successfully verified signature using KeyInfo-derived credential
2017-01-23 16:38:01,462 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:validate(200)) - Attempting to establish trust of KeyInfo-derived credential
2017-01-23 16:38:01,462 DEBUG impl.ExplicitKeyTrustEvaluator (ExplicitKeyTrustEvaluator.java:validate(93)) - Successfully validated untrusted credential against trusted key
2017-01-23 16:38:01,462 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:validate(202)) - Successfully established trust of KeyInfo-derived credential
2017-01-23 16:38:01,463 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:set(105)) - Save in session: SAML2Client$attemptedAuthentication =
2017-01-23 16:38:01,463 DEBUG filter.CallbackFilter (CallbackFilter.java:internalFilter(83)) - credentials: SAMLCredential [nameId=org.opensaml.saml.saml2.core.impl.NameIDImpl@7596d643, attributes=[org.opensaml.saml.saml2.core.impl.AttributeImpl@1cd0505]]
2017-01-23 16:38:01,463 DEBUG client.SAML2Client (BaseClient.java:getUserProfile(94)) - credentials : SAMLCredential [nameId=org.opensaml.saml.saml2.core.impl.NameIDImpl@7596d643, attributes=[org.opensaml.saml.saml2.core.impl.AttributeImpl@1cd0505]]
2017-01-23 16:38:01,464 DEBUG profile.UserProfile (UserProfile.java:setId(128)) - identifier : sametkaradag@gmail.com
2017-01-23 16:38:01,464 DEBUG client.SAML2Client (SAML2Client.java:retrieveUserProfile(253)) - Processing profile attribute org.opensaml.saml.saml2.core.impl.AttributeImpl@1cd0505
2017-01-23 16:38:01,464 DEBUG client.SAML2Client (SAML2Client.java:retrieveUserProfile(260)) - Adding attribute value admin for attribute null
2017-01-23 16:38:01,464 DEBUG profile.UserProfile (UserProfile.java:addAttribute(91)) - no conversion => key : uid / value : [admin] / class java.util.ArrayList
2017-01-23 16:38:01,464 DEBUG filter.CallbackFilter (CallbackFilter.java:internalFilter(86)) - profile: <SAML2Profile> | id: sametkaradag@gmail.com | attributes: {uid=[admin]} | roles: [] | permissions: [] | isRemembered: false |
2017-01-23 16:38:01,465 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:set(105)) - Save in session: pac4jUserProfile = <SAML2Profile> | id: sametkaradag@gmail.com | attributes: {uid=[admin]} | roles: [] | permissions: [] | isRemembered: false |
2017-01-23 16:38:01,470 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:get(90)) - Get from session: pac4jRequestedUrl = null
2017-01-23 16:38:01,471 DEBUG filter.CallbackFilter (CallbackFilter.java:redirectToOriginallyRequestedUrl(100)) - requestedUrl: null
2017-01-23 16:38:01,471 DEBUG server.HttpConnection (HttpConnection.java:process(657)) - org.eclipse.jetty.server.HttpConnection$SendCallback@2aa7f33f[PROCESSING][i=ResponseInfo{HTTP/1.1 302 null,-1,false},cb=org.eclipse.jetty.server.HttpChannel$CommitCallback@646fa2f] generate: NEED_HEADER (null,[p=0,l=0,c=0,r=0],true)@START
2017-01-23 16:38:01,472 DEBUG server.HttpConnection (HttpConnection.java:process(657)) - org.eclipse.jetty.server.HttpConnection$SendCallback@2aa7f33f[PROCESSING][i=ResponseInfo{HTTP/1.1 302 null,-1,false},cb=org.eclipse.jetty.server.HttpChannel$CommitCallback@646fa2f] generate: FLUSH ([p=0,l=974,c=8192,r=974],[p=0,l=0,c=0,r=0],true)@COMPLETING
2017-01-23 16:38:01,472 DEBUG io.WriteFlusher (WriteFlusher.java:write(295)) - write: WriteFlusher@17ea726{IDLE} [HeapByteBuffer@67c3bb3c[p=0,l=974,c=8192,r=974]={<<<HTTP/1.1 302 Foun....v20160210)\r\n\r\n>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}]
2017-01-23 16:38:01,472 DEBUG io.WriteFlusher (WriteFlusher.java:updateState(118)) - update WriteFlusher@17ea726{WRITING}:IDLE-->WRITING
2017-01-23 16:38:01,473 DEBUG ssl.SslConnection (SslConnection.java:flush(716)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,W,170/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,96/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=END,10783 of 10783},g=HttpGenerator{s=COMPLETING},c=HttpChannelOverHttp@2d471baf{r=3,c=true,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] flush enter [java.nio.HeapByteBuffer[pos=0 lim=974 cap=8192]]
2017-01-23 16:38:01,473 DEBUG ssl.SslConnection (SslConnection.java:flush(747)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/1029,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,W,170/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,96/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=END,10783 of 10783},g=HttpGenerator{s=COMPLETING},c=HttpChannelOverHttp@2d471baf{r=3,c=true,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] wrap Status = OK HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 974 bytesProduced = 1029
2017-01-23 16:38:01,474 DEBUG ssl.SslConnection (SslConnection.java:flush(786)) - DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,W,171/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,97/30000,SslConnection}{io=0,kio=0,kro=1} OK HeapByteBuffer@b694492[p=0,l=1029,c=17408,r=1029]={<<<\x17\x03\x03\x04\x00\xF7X}_\x88\xFd\x91$\xE6G\xAf\xF7...+,\x92\xF2ct\x04>\xB85\xBb\x98\xCd\x12\r>>>\x0b\xF8\x89\xFa\x90z9\x0fO\xA2A\xCc\xFcm\xF93g...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
2017-01-23 16:38:01,474 DEBUG io.ChannelEndPoint (ChannelEndPoint.java:flush(188)) - flushed 1029 SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,97/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,474 DEBUG ssl.SslConnection (SslConnection.java:flush(856)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/0,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,W,171/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,0/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=END,10783 of 10783},g=HttpGenerator{s=COMPLETING},c=HttpChannelOverHttp@2d471baf{r=3,c=true,a=DISPATCHED,uri=/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client}] flush exit, consumed 974
2017-01-23 16:38:01,475 DEBUG io.WriteFlusher (WriteFlusher.java:updateState(118)) - update WriteFlusher@17ea726{IDLE}:WRITING-->IDLE
2017-01-23 16:38:01,475 DEBUG server.HttpConnection (HttpConnection.java:process(657)) - org.eclipse.jetty.server.HttpConnection$SendCallback@2aa7f33f[PROCESSING][i=ResponseInfo{HTTP/1.1 302 null,-1,false},cb=org.eclipse.jetty.server.HttpChannel$CommitCallback@646fa2f] generate: DONE ([p=974,l=974,c=8192,r=0],[p=0,l=0,c=0,r=0],true)@END
2017-01-23 16:38:01,475 DEBUG server.Server (Server.java:handle(502)) - RESPONSE /gateway/knoxsso/api/v1/websso  302 handled=true
2017-01-23 16:38:01,476 DEBUG server.HttpChannelState (HttpChannelState.java:unhandle(289)) - HttpChannelState@176a9562{s=DISPATCHED i=true a=null} unhandle DISPATCHED
2017-01-23 16:38:01,476 DEBUG http.HttpParser (HttpParser.java:reset(1563)) - reset HttpParser{s=END,10783 of 10783}
2017-01-23 16:38:01,476 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - END --> START
2017-01-23 16:38:01,476 DEBUG server.HttpChannel (HttpChannel.java:handle(448)) - HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=} handle exit, result COMPLETE
2017-01-23 16:38:01,476 DEBUG ssl.SslConnection (SslConnection.java:fill(481)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,173/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,2/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] fill enter
2017-01-23 16:38:01,477 DEBUG io.ChannelEndPoint (ChannelEndPoint.java:fill(142)) - filled 0 SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,3/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,477 DEBUG ssl.SslConnection (SslConnection.java:fill(509)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=0/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,174/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,3/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] filled 0 encrypted bytes
2017-01-23 16:38:01,477 DEBUG ssl.SslConnection (SslConnection.java:fill(526)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=0/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,174/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,3/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] unwrap Status = BUFFER_UNDERFLOW HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 0 bytesProduced = 0
2017-01-23 16:38:01,478 DEBUG ssl.SslConnection (SslConnection.java:fill(689)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,174/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,4/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] fill exit
2017-01-23 16:38:01,478 DEBUG ssl.SslConnection (SslConnection.java:fill(481)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,175/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,4/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] fill enter
2017-01-23 16:38:01,478 DEBUG io.ChannelEndPoint (ChannelEndPoint.java:fill(142)) - filled 0 SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,4/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,478 DEBUG ssl.SslConnection (SslConnection.java:fill(509)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=0/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,175/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,4/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] filled 0 encrypted bytes
2017-01-23 16:38:01,479 DEBUG ssl.SslConnection (SslConnection.java:fill(526)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=0/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,176/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,5/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] unwrap Status = BUFFER_UNDERFLOW HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 0 bytesProduced = 0
2017-01-23 16:38:01,479 DEBUG ssl.SslConnection (SslConnection.java:fill(689)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,176/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,5/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] fill exit
2017-01-23 16:38:01,479 DEBUG http.HttpParser (HttpParser.java:parseNext(1232)) - parseNext s=START HeapByteBuffer@91e5ea4[p=0,l=0,c=17408,r=0]={<<<>>>\x16\x03\x03\x00F\x10\x00\x00BA\x04D\xA2\xC3\xB6C\xD1...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
2017-01-23 16:38:01,480 DEBUG io.AbstractConnection (AbstractConnection.java:fillInterested(128)) - fillInterested HttpConnection@567560f0[REFILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,176/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,5/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,480 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - REFILLING-->FILLING_FILL_INTERESTED HttpConnection@567560f0[FILLING_FILL_INTERESTED,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,177/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,6/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,480 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILLING_FILL_INTERESTED-->FILL_INTERESTED HttpConnection@567560f0[FILL_INTERESTED,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,177/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,6/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,480 DEBUG io.AbstractConnection (AbstractConnection.java:fillInterested(128)) - fillInterested SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILL_INTERESTED,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,R,-,0/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,6/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,481 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - IDLE-->FILL_INTERESTED SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILL_INTERESTED,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,R,-,1/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,7/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,481 DEBUG io.SelectChannelEndPoint (SelectChannelEndPoint.java:updateLocalInterests(136)) - Local interests updating 0 -> 1 for SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,R,-,0/30000,SslConnection}{io=1,kio=0,kro=1}
2017-01-23 16:38:01,481 DEBUG io.SelectorManager (SelectorManager.java:submit(480)) - Queued change org.eclipse.jetty.io.SelectChannelEndPoint$1@1076021c
2017-01-23 16:38:01,481 DEBUG io.SelectorManager (SelectorManager.java:select(602)) - Selector loop woken up from select, 0/1 selected
2017-01-23 16:38:01,482 DEBUG io.SelectorManager (SelectorManager.java:runChange(525)) - Running change org.eclipse.jetty.io.SelectChannelEndPoint$1@1076021c
2017-01-23 16:38:01,482 DEBUG io.SelectChannelEndPoint (SelectChannelEndPoint.java:setKeyInterests(160)) - Key interests updated 0 -> 1 on SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,R,-,1/30000,SslConnection}{io=1,kio=1,kro=1}
2017-01-23 16:38:01,482 DEBUG io.SelectorManager (SelectorManager.java:select(599)) - Selector loop waiting on select
2017-01-23 16:38:01,572 DEBUG io.SelectorManager (SelectorManager.java:select(602)) - Selector loop woken up from select, 1/1 selected
2017-01-23 16:38:01,573 DEBUG io.SelectChannelEndPoint (SelectChannelEndPoint.java:setKeyInterests(160)) - Key interests updated 1 -> 0 on SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,R,-,92/30000,SslConnection}{io=1,kio=0,kro=1}
2017-01-23 16:38:01,573 DEBUG io.SelectChannelEndPoint (SelectChannelEndPoint.java:updateLocalInterests(136)) - Local interests updating 1 -> 0 for SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,R,-,92/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,573 DEBUG io.SelectorManager (SelectorManager.java:submit(480)) - Queued change org.eclipse.jetty.io.SelectChannelEndPoint$1@1076021c
2017-01-23 16:38:01,574 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILL_INTERESTED-->FILLING SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILL_INTERESTED,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,R,-,93/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,92/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,574 DEBUG ssl.SslConnection (SslConnection.java:onFillable(177)) - onFillable enter DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,R,-,94/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,93/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,574 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILL_INTERESTED-->FILLING HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,94/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,93/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,574 DEBUG ssl.SslConnection (SslConnection.java:onFillable(198)) - onFillable exit DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,94/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,93/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,575 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILLING-->IDLE SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,94/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,93/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,575 DEBUG io.SelectorManager (SelectorManager.java:runChange(525)) - Running change org.eclipse.jetty.io.SelectChannelEndPoint$1@1076021c
2017-01-23 16:38:01,575 DEBUG io.SelectorManager (SelectorManager.java:select(599)) - Selector loop waiting on select
2017-01-23 16:38:01,575 DEBUG server.HttpConnection (HttpConnection.java:onFillable(207)) - HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,95/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,94/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] onFillable HttpChannelState@176a9562{s=IDLE i=true a=null}
2017-01-23 16:38:01,575 DEBUG ssl.SslConnection (SslConnection.java:fill(481)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,95/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,94/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] fill enter
2017-01-23 16:38:01,576 DEBUG io.ChannelEndPoint (ChannelEndPoint.java:fill(142)) - filled 709 SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,95/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,576 DEBUG ssl.SslConnection (SslConnection.java:fill(509)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=709/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,96/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,0/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] filled 709 encrypted bytes
2017-01-23 16:38:01,577 DEBUG ssl.SslConnection (SslConnection.java:fill(526)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=0/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,97/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,1/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] unwrap Status = OK HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 709 bytesProduced = 652
2017-01-23 16:38:01,577 DEBUG ssl.SslConnection (SslConnection.java:fill(689)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,97/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,1/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=3,c=false,a=IDLE,uri=}] fill exit
2017-01-23 16:38:01,578 DEBUG http.HttpParser (HttpParser.java:parseNext(1232)) - parseNext s=START HeapByteBuffer@7efc8c8b[p=0,l=652,c=17408,r=652]={<<<GET / HTTP/1.1\r\nH...a6c8592cba2\r\n\r\n>>>m5hbWVzOnRjOlNBTU...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
2017-01-23 16:38:01,578 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - START --> SPACE1
2017-01-23 16:38:01,578 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - SPACE1 --> URI
2017-01-23 16:38:01,578 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - URI --> SPACE2
2017-01-23 16:38:01,578 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - SPACE2 --> REQUEST_VERSION
2017-01-23 16:38:01,578 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - REQUEST_VERSION --> HEADER
2017-01-23 16:38:01,578 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,579 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,579 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,579 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,579 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_VALUE
2017-01-23 16:38:01,579 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_VALUE --> HEADER_IN_VALUE
2017-01-23 16:38:01,579 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,579 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_NAME
2017-01-23 16:38:01,579 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_NAME --> HEADER_VALUE
2017-01-23 16:38:01,580 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_VALUE --> HEADER_IN_VALUE
2017-01-23 16:38:01,580 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,580 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,580 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,580 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,580 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,580 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_VALUE
2017-01-23 16:38:01,581 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_VALUE --> HEADER_IN_VALUE
2017-01-23 16:38:01,581 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,581 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,581 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,581 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,581 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,581 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> HEADER_IN_VALUE
2017-01-23 16:38:01,582 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER_IN_VALUE --> HEADER
2017-01-23 16:38:01,582 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - HEADER --> END
2017-01-23 16:38:01,582 DEBUG server.HttpChannel (HttpChannel.java:messageComplete(705)) - HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=/} messageComplete
2017-01-23 16:38:01,582 DEBUG server.HttpInput (HttpInput.java:messageComplete(272)) - HttpInputOverHTTP@65ca1676 EOF
2017-01-23 16:38:01,582 DEBUG server.HttpChannel (HttpChannel.java:handle(272)) - HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=/} handle enter
2017-01-23 16:38:01,582 DEBUG server.HttpChannelState (HttpChannelState.java:handling(174)) - HttpChannelState@176a9562{s=IDLE i=true a=null} handling IDLE
2017-01-23 16:38:01,583 DEBUG server.HttpChannel (HttpChannel.java:handle(296)) - HttpChannelOverHttp@2d471baf{r=4,c=false,a=DISPATCHED,uri=/} action REQUEST_DISPATCH
2017-01-23 16:38:01,583 DEBUG server.Server (Server.java:handle(488)) - REQUEST GET / on HttpChannelOverHttp@2d471baf{r=4,c=false,a=DISPATCHED,uri=/}
2017-01-23 16:38:01,583 DEBUG server.Server (Server.java:handle(502)) - RESPONSE /  200 handled=false
2017-01-23 16:38:01,583 DEBUG server.HttpChannelState (HttpChannelState.java:unhandle(289)) - HttpChannelState@176a9562{s=DISPATCHED i=true a=null} unhandle DISPATCHED
2017-01-23 16:38:01,583 DEBUG server.HttpConnection (HttpConnection.java:process(657)) - org.eclipse.jetty.server.HttpConnection$SendCallback@2aa7f33f[PROCESSING][i=ResponseInfo{HTTP/1.1 404 null,278,false},cb=org.eclipse.jetty.server.HttpChannel$CommitCallback@1dd326e1] generate: NEED_HEADER (null,[p=0,l=278,c=2048,r=278],true)@START
2017-01-23 16:38:01,584 DEBUG server.HttpConnection (HttpConnection.java:process(657)) - org.eclipse.jetty.server.HttpConnection$SendCallback@2aa7f33f[PROCESSING][i=ResponseInfo{HTTP/1.1 404 null,278,false},cb=org.eclipse.jetty.server.HttpChannel$CommitCallback@1dd326e1] generate: FLUSH ([p=0,l=212,c=8192,r=212],[p=0,l=278,c=2048,r=278],true)@COMPLETING
2017-01-23 16:38:01,584 DEBUG io.WriteFlusher (WriteFlusher.java:write(295)) - write: WriteFlusher@17ea726{IDLE} [HeapByteBuffer@67c3bb3c[p=0,l=212,c=8192,r=212]={<<<HTTP/1.1 404 Not ....v20160210)\r\n\r\n>>>0 GMT\r\nSet-Cookie...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00},HeapByteBuffer@119d8d13[p=0,l=278,c=2048,r=278]={<<<<html>\n<head>\n<me.../body>\n</html>\n>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}]
2017-01-23 16:38:01,584 DEBUG io.WriteFlusher (WriteFlusher.java:updateState(118)) - update WriteFlusher@17ea726{WRITING}:IDLE-->WRITING
2017-01-23 16:38:01,585 DEBUG ssl.SslConnection (SslConnection.java:flush(716)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,W,104/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,8/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=END,0 of -1},g=HttpGenerator{s=COMPLETING},c=HttpChannelOverHttp@2d471baf{r=4,c=true,a=COMPLETED,uri=/}] flush enter [java.nio.HeapByteBuffer[pos=0 lim=212 cap=8192], java.nio.HeapByteBuffer[pos=0 lim=278 cap=2048]]
2017-01-23 16:38:01,585 DEBUG ssl.SslConnection (SslConnection.java:flush(747)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/533,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,W,105/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,9/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=END,0 of -1},g=HttpGenerator{s=COMPLETING},c=HttpChannelOverHttp@2d471baf{r=4,c=true,a=COMPLETED,uri=/}] wrap Status = OK HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 490 bytesProduced = 533
2017-01-23 16:38:01,586 DEBUG ssl.SslConnection (SslConnection.java:flush(786)) - DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,W,105/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,9/30000,SslConnection}{io=0,kio=0,kro=1} OK HeapByteBuffer@b694492[p=0,l=533,c=17408,r=533]={<<<\x17\x03\x03\x02\x10\xAfn\xE1\xCc\xE1\x0e\x82\xF9kt\x1br...\x18\x9c+\x08xP.\xF4\xEe\x91\xEc\x0f\xAd\x93W>>>U\xCa\xA5g/\x02V\xB81\xE1h\xEe\\\xAa\x8e<\xAc...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
2017-01-23 16:38:01,586 DEBUG io.ChannelEndPoint (ChannelEndPoint.java:flush(188)) - flushed 533 SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,10/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,586 DEBUG ssl.SslConnection (SslConnection.java:flush(856)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/0,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,W,106/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,0/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=END,0 of -1},g=HttpGenerator{s=COMPLETING},c=HttpChannelOverHttp@2d471baf{r=4,c=true,a=COMPLETED,uri=/}] flush exit, consumed 490
2017-01-23 16:38:01,587 DEBUG io.WriteFlusher (WriteFlusher.java:updateState(118)) - update WriteFlusher@17ea726{IDLE}:WRITING-->IDLE
2017-01-23 16:38:01,587 DEBUG server.HttpConnection (HttpConnection.java:process(657)) - org.eclipse.jetty.server.HttpConnection$SendCallback@2aa7f33f[PROCESSING][i=ResponseInfo{HTTP/1.1 404 null,278,false},cb=org.eclipse.jetty.server.HttpChannel$CommitCallback@1dd326e1] generate: DONE ([p=212,l=212,c=8192,r=0],[p=278,l=278,c=2048,r=0],true)@END
2017-01-23 16:38:01,587 DEBUG http.HttpParser (HttpParser.java:reset(1563)) - reset HttpParser{s=END,0 of -1}
2017-01-23 16:38:01,587 DEBUG http.HttpParser (HttpParser.java:setState(1587)) - END --> START
2017-01-23 16:38:01,587 DEBUG server.HttpChannel (HttpChannel.java:handle(448)) - HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=} handle exit, result COMPLETE
2017-01-23 16:38:01,587 DEBUG ssl.SslConnection (SslConnection.java:fill(481)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,107/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,1/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}] fill enter
2017-01-23 16:38:01,588 DEBUG io.ChannelEndPoint (ChannelEndPoint.java:fill(142)) - filled 0 SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,2/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,588 DEBUG ssl.SslConnection (SslConnection.java:fill(509)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=0/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,108/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,2/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}] filled 0 encrypted bytes
2017-01-23 16:38:01,588 DEBUG ssl.SslConnection (SslConnection.java:fill(526)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=0/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,108/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,2/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}] unwrap Status = BUFFER_UNDERFLOW HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 0 bytesProduced = 0
2017-01-23 16:38:01,589 DEBUG ssl.SslConnection (SslConnection.java:fill(689)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,109/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,3/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}] fill exit
2017-01-23 16:38:01,589 DEBUG ssl.SslConnection (SslConnection.java:fill(481)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,109/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,3/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}] fill enter
2017-01-23 16:38:01,589 DEBUG io.ChannelEndPoint (ChannelEndPoint.java:fill(142)) - filled 0 SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,3/30000,SslConnection}{io=0,kio=0,kro=1}
2017-01-23 16:38:01,590 DEBUG ssl.SslConnection (SslConnection.java:fill(509)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=0/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,109/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,4/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}] filled 0 encrypted bytes
2017-01-23 16:38:01,590 DEBUG ssl.SslConnection (SslConnection.java:fill(526)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=0/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,110/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,4/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}] unwrap Status = BUFFER_UNDERFLOW HandshakeStatus = NOT_HANDSHAKING
bytesConsumed = 0 bytesProduced = 0
2017-01-23 16:38:01,590 DEBUG ssl.SslConnection (SslConnection.java:fill(689)) - SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,110/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,4/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}] fill exit
2017-01-23 16:38:01,590 DEBUG http.HttpParser (HttpParser.java:parseNext(1232)) - parseNext s=START HeapByteBuffer@45dbf0cd[p=0,l=0,c=17408,r=0]={<<<>>>SAMLResponse=PD94...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}
2017-01-23 16:38:01,591 DEBUG io.AbstractConnection (AbstractConnection.java:fillInterested(128)) - fillInterested HttpConnection@567560f0[FILLING,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,111/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,5/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,591 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILLING-->FILLING_FILL_INTERESTED HttpConnection@567560f0[FILLING_FILL_INTERESTED,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,111/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,5/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,592 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - FILLING_FILL_INTERESTED-->FILL_INTERESTED HttpConnection@567560f0[FILL_INTERESTED,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,-,-,111/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,5/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,592 DEBUG io.AbstractConnection (AbstractConnection.java:fillInterested(128)) - fillInterested SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILL_INTERESTED,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,R,-,0/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,6/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,592 DEBUG io.AbstractConnection (AbstractConnection.java:next(275)) - IDLE-->FILL_INTERESTED SslConnection@342f58e8{NOT_HANDSHAKING,eio=-1/-1,di=-1} -> HttpConnection@567560f0[FILL_INTERESTED,DecryptedEndPoint@3beab1ec{/217.110.83.123:9821<->8443,Open,in,out,R,-,0/30000,HttpConnection}->SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,-,-,6/30000,SslConnection}{io=0,kio=0,kro=1}][p=HttpParser{s=START,0 of -1},g=HttpGenerator{s=START},c=HttpChannelOverHttp@2d471baf{r=4,c=false,a=IDLE,uri=}]
2017-01-23 16:38:01,592 DEBUG io.SelectChannelEndPoint (SelectChannelEndPoint.java:updateLocalInterests(136)) - Local interests updating 0 -> 1 for SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,R,-,0/30000,SslConnection}{io=1,kio=0,kro=1}
2017-01-23 16:38:01,592 DEBUG io.SelectorManager (SelectorManager.java:submit(480)) - Queued change org.eclipse.jetty.io.SelectChannelEndPoint$1@1076021c
2017-01-23 16:38:01,593 DEBUG io.SelectorManager (SelectorManager.java:select(602)) - Selector loop woken up from select, 0/1 selected
2017-01-23 16:38:01,593 DEBUG io.SelectorManager (SelectorManager.java:runChange(525)) - Running change org.eclipse.jetty.io.SelectChannelEndPoint$1@1076021c
2017-01-23 16:38:01,593 DEBUG io.SelectChannelEndPoint (SelectChannelEndPoint.java:setKeyInterests(160)) - Key interests updated 0 -> 1 on SelectChannelEndPoint@1477a8cb{/217.110.83.123:9821<->8443,Open,in,out,R,-,1/30000,SslConnection}{io=1,kio=1,kro=1}
2017-01-23 16:38:01,593 DEBUG io.SelectorManager (SelectorManager.java:select(599)) - Selector loop waiting on select
2017-01-23 16:38:02,119 DEBUG server.session (HashSessionManager.java:scavenge(347)) - Scavenging sessions at 148518948211

					
				
			
			
				
			
			
			
			
			
			
			
		
6 REPLIES 6

Re: knoxsso using OKTA on AWS

@Samet Karadag

Did you follow something like this to set everything up: https://cwiki.apache.org/confluence/display/KNOX/KnoxSSO+and+Okta

I don't see any obvious error messages. Can you share your topology? Have you confirmed the webhdfs url is correct and accessible?

Re: knoxsso using OKTA on AWS

Yes I have followed those articles, and webhdfsurl is working. Knox is working also without knoxsso configuration.

But when I configure knoxsso with the topology files below, after authentication, it does not redirect to the original webhdfs url.

topology: (note that I need to put '\' between & and amp; since html prints this coding like '&')

        <topology>
 <gateway>
   <provider>
     <role>webappsec</role>
     <name>WebAppSec</name>
     <enabled>true</enabled>
     <param>
       <name>cors.enabled</name>
       <value>true</value>
     </param>
   </provider>
   <provider>
     <role>federation</role>
     <name>SSOCookieProvider</name>
     <enabled>true</enabled>
     <param>
       <name>sso.authentication.provider.url</name>
       <value>https://ec2-54-91-118-167.compute-1.amazonaws.com:8443/gateway/knoxsso/api/v1/websso</value>
     </param>
   </provider>
   <provider>
     <role>identity-assertion</role>
     <name>Default</name>
     <enabled>true</enabled>
   </provider>
 </gateway>
            <service>
                <role>NAMENODE</role>
                <url>hdfs://{{namenode_host}}:{{namenode_rpc_port}}</url>
            </service>
            <service>
                <role>JOBTRACKER</role>
                <url>rpc://{{rm_host}}:{{jt_rpc_port}}</url>
            </service>
            <service>
                <role>WEBHDFS</role>
                {{webhdfs_service_urls}}
            </service>
            <service>
                <role>WEBHCAT</role>
                <url>http://{{webhcat_server_host}}:{{templeton_port}}/templeton</url>
            </service>
            <service>
                <role>OOZIE</role>
                <url>http://{{oozie_server_host}}:{{oozie_server_port}}/oozie</url>
            </service>
            <service>
                <role>WEBHBASE</role>
                <url>http://{{hbase_master_host}}:{{hbase_master_port}}</url>
            </service>
            <service>
                <role>HIVE</role>
                <url>http://{{hive_server_host}}:{{hive_http_port}}/{{hive_http_path}}</url>
            </service>
            <service>
                <role>RESOURCEMANAGER</role>
                <url>http://{{rm_host}}:{{rm_port}}/ws</url>
            </service>
        </topology> 

knoxsso topology:

<topology>
   <gateway>
     <provider>
         <role>federation</role>
         <name>pac4j</name>
         <enabled>true</enabled>
         <param>
           <name>pac4j.callbackUrl</name>
      <value>https://ec2-54-91-118-167.compute-1.amazonaws.com:8443/gateway/knoxsso/api/v1/websso</value>
         </param>
         <param>
           <name>clientName</name>
           <value>SAML2Client</value>
         </param>
         <param>
           <name>saml.identityProviderMetadataPath</name>
           <value>https://dev-840839.oktapreview.com/app/exk9bgmizoQVcmqsP0h7/sso/saml/metadata</value>
         </param> 
         <param>
           <name>saml.serviceProviderMetadataPath</name>
           <value>/tmp/sp-metadata.xml</value>
         </param>
         <param>
           <name>saml.serviceProviderEntityId</name>
           <value>https://ec2-54-91-118-167.compute-1.amazonaws.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=true&\amp;client_name=SAML2Client</value>
         </param>
     </provider>
     <provider>
         <role>identity-assertion</role>
         <name>Default</name>
         <enabled>true</enabled>
         <param>
           <name>principal.mapping</name>
           <value>guest@example.com=guest;</value>
         </param>
     </provider>
   </gateway>
   <service>
       <role>KNOXSSO</role>
       <param>
         <name>knoxsso.cookie.secure.only</name>
         <value>true</value>
      </param>
      <param>
        <name>knoxsso.token.ttl</name>
        <value>100000</value>
      </param>
      <param>
         <name>knoxsso.redirect.whitelist.regex</name>
         <value>^https?:\/\/(ec2-54-91-118-167\.compute-1\.amazonaws\.com|localhost|127\.0\.0\.1|0:0:0:0:0:0:0:1|::1):[0-9].*{replace49}lt;/value>
      </param>
   </service>
</topology>

Re: knoxsso using OKTA on AWS

Rising Star
@Samet Karadag

Can you refer http://knox.apache.org/books/knox-0-11-0/user-guide.html#Hadoop+Configuration+Example and try adding below config and see if it helps.

<property>
<name>hadoop.http.authentication.type</name>
<value>org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler</value>
</property>

Re: knoxsso using OKTA on AWS

I have tried adding hadoop.http.authentication.type and as well as the below properties in custom core-site. But it didn't help. (By the way, I configured knoxsso in sandbox environment with demo ldap and without these properties, it worked.) Can something wrong with okta configuration (like wrong/unspecified attributes) or AWS. Problem is similar with this issue https://issues.apache.org/jira/browse/KNOX-730

Below is the image of okta configuration

okta.png

and below is the browser log which does not go to webhdfs url after authentication:

knoxssookta.png

in debug gateway.log I see that (CallbackFilter.java:redirectToOriginallyRequestedUrl(100)) - requestedUrl: null

2017-02-02 06:40:04,523 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:verifySignature(248)) - Signature validation using candidate credential was successful
2017-02-02 06:40:04,523 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:validate(199)) - Successfully verified signature using KeyInfo-derived credential
2017-02-02 06:40:04,523 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:validate(200)) - Attempting to establish trust of KeyInfo-derived credential
2017-02-02 06:40:04,523 DEBUG impl.ExplicitKeyTrustEvaluator (ExplicitKeyTrustEvaluator.java:validate(93)) - Successfully validated untrusted credential against trusted key
2017-02-02 06:40:04,523 DEBUG impl.BaseSignatureTrustEngine (BaseSignatureTrustEngine.java:validate(202)) - Successfully established trust of KeyInfo-derived credential
2017-02-02 06:40:04,524 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:set(105)) - Save in session: SAML2Client$attemptedAuthentication =
2017-02-02 06:40:04,524 DEBUG filter.CallbackFilter (CallbackFilter.java:internalFilter(83)) - credentials: SAMLCredential [nameId=org.opensaml.saml.saml2.core.impl.NameIDImpl@381998bd, attributes=[org.opensaml.saml.saml2.core.impl.AttributeImpl@4a271d9f]]
2017-02-02 06:40:04,524 DEBUG client.SAML2Client (BaseClient.java:getUserProfile(94)) - credentials : SAMLCredential [nameId=org.opensaml.saml.saml2.core.impl.NameIDImpl@381998bd, attributes=[org.opensaml.saml.saml2.core.impl.AttributeImpl@4a271d9f]]
2017-02-02 06:40:04,524 DEBUG profile.UserProfile (UserProfile.java:setId(128)) - identifier : sametkaradag@gmail.com
2017-02-02 06:40:04,524 DEBUG client.SAML2Client (SAML2Client.java:retrieveUserProfile(253)) - Processing profile attribute org.opensaml.saml.saml2.core.impl.AttributeImpl@4a271d9f
2017-02-02 06:40:04,524 DEBUG client.SAML2Client (SAML2Client.java:retrieveUserProfile(260)) - Adding attribute value admin for attribute null
2017-02-02 06:40:04,524 DEBUG profile.UserProfile (UserProfile.java:addAttribute(91)) - no conversion => key : uid / value : [admin] / class java.util.ArrayList
2017-02-02 06:40:04,524 DEBUG filter.CallbackFilter (CallbackFilter.java:internalFilter(86)) - profile: <SAML2Profile> | id: sametkaradag@gmail.com | attributes: {uid=[admin]} | roles: [] | permissions: [] | isRemembered: false |
2017-02-02 06:40:04,524 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:set(105)) - Save in session: pac4jUserProfile = <SAML2Profile> | id: sametkaradag@gmail.com | attributes: {uid=[admin]} | roles: [] | permissions: [] | isRemembered: false |
2017-02-02 06:40:04,526 DEBUG session.KnoxSessionStore (KnoxSessionStore.java:get(90)) - Get from session: pac4jRequestedUrl = null
2017-02-02 06:40:04,526 DEBUG filter.CallbackFilter (CallbackFilter.java:redirectToOriginallyRequestedUrl(100)) - requestedUrl: null

below are the properties that you want to add in custom core-site (I extracted cert with keytool)

<property>
      <name>hadoop.http.authentication.authentication.provider.url</name>
      <value>https://ip-172-31-20-55.ec2.internal:8443/gateway/knoxsso/api/v1/websso</value>
    </property>
    <property>
      <name>hadoop.http.authentication.public.key.pem</name>
      <value>MIICYDCCAcmgAwIBAgIJAPlLlK1soHFNMA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRUZXN0MQ0wCwYDVQQHEwRUZXN0MQ8wDQYDVQQKEwZIYWRvb3AxDTALBgNVBAsTBFRlc3QxJTAjBgNVBAMTHGlwLTE3Mi0zMS0yMC01NS5lYzIuaW50ZXJuYWwwHhcNMTcwMTEzMTQxNDM1WhcNMTgwMTEzMTQxNDM1WjByMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVGVzdDENMAsGA1UEBxMEVGVzdDEPMA0GA1UEChMGSGFkb29wMQ0wCwYDVQQLEwRUZXN0MSUwIwYDVQQDExxpcC0xNzItMzEtMjAtNTUuZWMyLmludGVybmFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDmAQEYgiia7ZjoRcxU9eJ7RTaWTDVCIhWPX0T9Kcss7iwAl5M9my+rYLSqgbYyNfwEJrcL/9aln1m8vKpD7pZuhldgwZ6b4KzsV47Ett5igMQAUQOekavi6bCpWJlP7TK29qdTow0Su3ZOdC1BqeDlEt/Nx+D9LJvQlv9+QyYWwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAF0ZEvsdmDuIOmig2xW5kq29Vwz+yi62kzlhsrqnLhhjBOgPXUJFUGcjyIHYqqHYb920NDslUpqXy3h98YEeJrhkuwky3bTKCxBp0OhBXGo7zW4+56X+g9NljRxhD80hvkIq+GYDuBWcJOumtr3Wv3dyPAcHs+RZ9DZK3niUuwJA</value>
    </property>
    <property>
      <name>hadoop.http.authentication.type</name>
      <value>org.apache.hadoop.security.authentication.server.JWTRedirectAuthenticationHandler</value>
    </property>

Re: knoxsso using OKTA on AWS

Rising Star

@Samet Karadag

Can you try the below config? Mind the "& amp;" and autocorrection to &

12034-screen-shot-2017-02-03-at-120158-am.png

Re: knoxsso using OKTA on AWS

Hi Krishna,

I already put the encoded & like "& amp;" but in the post; html converted this encoding to '&'. When I put '&' it doesn't even redirect to okta login page. with encoding it redirects successfully to login page, but after authentication it could not redirect back to originalurl and redirects to the / url since pac4jRequestedUrl = null. (I have updated the post: note that I need to put '\' between & and amp; since html prints this coding like '&')