ArtifactResolution configuration in PartnerIdentityProvider

Hi,

first time user of this component, first time doing a SAML 2.0 implementiation.
Platform is DigiD which is supported by the Dutch Government.

I have received an artifact-resolve url which I need to configure, but can’t figure out which parameter to use.

here’s my config:

<PartnerIdentityProvider Name=“<a href=“https://was-preprod1.digid.nl””>https://was-preprod1.digid.nl"
Description=“DigiD PreProd”
AuthnContextComparison=“minimum”
AuthnContext=“urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport”
SignAuthnRequest=“true”
SingleSignOnServiceUrl=“<a href=“https://preprod1.digid.nl/saml/idp/request_authentication””>https://preprod1.digid.nl/saml/idp/request_authentication"
SingleLogoutServiceUrl=“<a href=“https://preprod1.digid.nl/saml/idp/request_logout””>https://preprod1.digid.nl/saml/idp/request_logout"
PartnerCertificateFile=“Certificates\digid_preprod.cer”

/>


tried adding

ArtifactResolutionServiceUrl=“https://was-preprod1.digid.nl/saml/idp/resolve_artifact

but it’s telling me that “ArtifactResolutionServiceUrl” attribute is not declared.

which attribute/property do I need to use to configure my PartnerIdentityProvider correctly?

Thanks!!!

We support the HTTP-Artifact binding in the SAML low-level API but I’m afraid it’s not supported in the high-level API and through configuration.
The reason for this is that in 99% of use cases HTTP-Post is used to send SAML responses.
Is it possible to use HTTP-Post instead of HTTP-Artifact for receiving SAML responses?
If not, you would need to use the SAML low-level API. The SAML2ServiceProvider project under the Examples\SSO\LowLevelAPI\SP-Initiated folder demonstrates support for all the bindings including HTTP-Artifact. The SAML/AssertionConsumerService.aspx page shows how to receive the artifact and then make a call via the back channel to receive the SAML response.

Hi,

Thanks for your reply,
In the AuthnRequest I’m able to configure Redirect or Post.

As I understand, i will have a look at the low level api.
have talked to a friend working at a different company, already done this, using component space, also low level…

was wondering if it was able in the high-level api.

Thanks,

will check back if I have questions.


Thank you.

Ok, so I’m a bit puzzled here…

In the high-level api I was able to configure my identity provider as displayed in the 1st post.

Now in the low-level api I understand it’s a bit different.
I’ll do this step by step, so first I changed “idpssoURL” in web.config to the correct url of my IdP.
Just to test to see if it was doing a request a the correct url I tried, worked partially as I didn’t provide complete attributes as 'AuthnContextComparison" or “AuthnContext” …

But where do I configure these in the low-level api?
I might be missing something, but is there documentation on the low-level specifically?

also right now, without configuring the IdP correctly I noticed that the request was partially different at the beginning…

from high-level: (starts directly with SAMLRequest parameter)
https://preprod1.digid.nl/saml/idp/request_authentication?SAMLRequest=nVNNj9owEP0rke%2F5ImF3

from low-level (has ‘binding’ parameter in front, do I need to change this?)
https://preprod1.digid.nl/saml/idp/request_authentication?binding=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Abindings%3AHTTP-Redirect&SAMLRequest=lZLNTsMwEIRfJbLEMXGaVLRYTVGhQlTiJ6KFAxf


Thanks!



The low-level API doesn’t support SAML configuration. You pass into the API such things as the partner provider URLs etc. The example stores some of this information in web.config but this is information accessed by the application rather than the API.

The SAML2ServiceProvider example includes a binding query string parameter but this is something specific to this example and not something you would normally do in a production application. You’ll see LoginChoice.aspx includes a CreateSSOServiceURL method that includes the binding parameter.

The RequestLoginAtIdentityProvider method in LoginChoice.aspx demonstrates how to send a SAML authn request using the various SAML bindings including HTTP-Artifact.

The ReceiveSAMLResponse method in SAML/AssertionConsumerService.aspx demonstrates how to receive a SAML response using the various SAML binding methods including HTTP-Artifact. In the example we use the binding query string parameter to identify which binding to use to receive the SAML response but this is only for demonstration purposes. In a production environment you wouldn’t use a binding parameter as you would know which binding you support.

SAML/ArtifactResponder.aspx is a separate endpoint that receives and processes artifact resolution messages in support of the HTTP-Artifact binding. For example, if the SAML authn request is sent via HTTP-Artifact, the IdP will send an artifact resolve message to the SP’s SAML/ArtifactResponder.aspx. It will send an artifact response with the authn request as its payload.

[quote]
ComponentSpace - 8/6/2019

[/quote]

Thank you!

doing the artifact resolve in the low level API right now.

receiving a SSL/TLS error, have searched the forum and in the browser I am able to access the url although it requests me to install a certificate. https://was-preprod1.digid.nl/saml/idp/resolve_artifact
my server (Azure web app) is on TLS 1.2 and have tried 1.1 and 1.0 to no avail.

here's the log:
what do I need to do.


4544/8: 10-8-2019 20:01:55: Initiation of SSO to the partner identity provider https://was-preprod1.digid.nl has completed successfully.
aspx.page: End Raise PostBackEvent
aspx.page: Begin LoadComplete
aspx.page: End LoadComplete
aspx.page: Begin PreRender
aspx.page: End PreRender
aspx.page: Begin PreRenderComplete
aspx.page: End PreRenderComplete
aspx.page: Begin SaveState
aspx.page: End SaveState
aspx.page: Begin SaveStateComplete
aspx.page: End SaveStateComplete
aspx.page: Begin Render
aspx.page: End Render
aspx.page: Begin PreInit
aspx.page: End PreInit
aspx.page: Begin Init
aspx.page: End Init
aspx.page: Begin InitComplete
aspx.page: End InitComplete
aspx.page: Begin PreLoad
aspx.page: End PreLoad
aspx.page: Begin Load
4544/12: 10-8-2019 20:02:15: Receiving artifact in query string over HTTP Artifact
4544/12: 10-8-2019 20:02:15: HTTP request:
GET /deelnemers/digid/SAML/AssertionConsumerService.aspx?SAMLart=AAQAAM2K4swP9wWZMpSMawzmyp%2B75KEUGYV8hoWXtDsBrhMYRumyttUFjeY%3D&RelayState=%2Fdeelnemers%2Fdigid%2F HTTP/1.1
Cache-Control: max-age=0
Connection: Keep-Alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: ASP.NET_SessionId=mnzsurqdaohxindxsicstetk; ARRAffinity=6591cf898a2df97f256faef2b3ccdfd7ce2616b02ae94737cf84d54a31a581db; jsCookieCheck=null; SAML_SessionId=d9a7c9ef-c276-4211-bcac-edfb0be07c6f
Host: www.spx-preprod.nl
Max-Forwards: 10
Referer: https://preprod1.digid.nl/inloggen_basis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
Upgrade-Insecure-Requests: 1
X-WAWS-Unencoded-URL: /deelnemers/digid/SAML/AssertionConsumerService.aspx?SAMLart=AAQAAM2K4swP9wWZMpSMawzmyp%2B75KEUGYV8hoWXtDsBrhMYRumyttUFjeY%3D&RelayState=%2Fdeelnemers%2Fdigid%2F
CLIENT-IP: 31.20.113.75:56896
X-ARR-LOG-ID: 89428828-de34-4f2b-9456-1d2cd4e0550a
DISGUISED-HOST: www.spx-preprod.nl
X-SITE-DEPLOYMENT-ID: xeroxpensioenfondsen__8fc6
WAS-DEFAULT-HOSTNAME: xeroxpensioenfondsen-spx-preprod.azurewebsites.net
X-Original-URL: /deelnemers/digid/SAML/AssertionConsumerService.aspx?SAMLart=AAQAAM2K4swP9wWZMpSMawzmyp%2B75KEUGYV8hoWXtDsBrhMYRumyttUFjeY%3D&RelayState=%2Fdeelnemers%2Fdigid%2F
X-Forwarded-For: 31.20.113.75:56896
X-ARR-SSL: 2048|256|C=NL, O=KPN B.V., OID.2.5.4.97=NTRNL-27124701, CN=KPN BV PKIoverheid Organisatie Server CA - G3|C=NL, S=Limburg, L=Venray, O=Stichting Pensioenfonds Xerox, SERIALNUMBER=00000003120399100000, CN=www.spx-preprod.nl
X-Forwarded-Proto: https
X-AppService-Proto: https

4544/12: 10-8-2019 20:02:15: Query string value: SAMLart=AAQAAM2K4swP9wWZMpSMawzmyp+75KEUGYV8hoWXtDsBrhMYRumyttUFjeY=
4544/12: 10-8-2019 20:02:15: Query string value: RelayState=/deelnemers/digid/
4544/12: 10-8-2019 20:02:15: Received artifact in query string over HTTP Artifact, artifact=AAQAAM2K4swP9wWZMpSMawzmyp+75KEUGYV8hoWXtDsBrhMYRumyttUFjeY=, relayState=/deelnemers/digid/
4544/12: 10-8-2019 20:02:15: Sending request over SOAP, destinationURL=https://was-preprod1.digid.nl/saml/idp/resolve_artifact, samlMessage=www.spx-preprod.nlAAQAAM2K4swP9wWZMpSMawzmyp+75KEUGYV8hoWXtDsBrhMYRumyttUFjeY=
4544/12: 10-8-2019 20:02:15: Sending request over SOAP, samlMessage=www.spx-preprod.nlAAQAAM2K4swP9wWZMpSMawzmyp+75KEUGYV8hoWXtDsBrhMYRumyttUFjeY=
4544/12: 10-8-2019 20:02:16: Sending SOAP request: http://schemas.xmlsoap.org/soap/envelope/"><samlp:ArtifactResolve ID="_f9ccaef4-ff62-4759-b632-f90624f9ca04" Version="2.0" IssueInstant="2019-08-10T20:02:15.886Z" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">www.spx-preprod.nlAAQAAM2K4swP9wWZMpSMawzmyp+75KEUGYV8hoWXtDsBrhMYRumyttUFjeY=
4544/12: 10-8-2019 20:02:16: Exception: ComponentSpace.SAML2.Exceptions.SAMLBindingException: Failed to send/receive SAML request/response over SOAP. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at ComponentSpace.SAML2.Bindings.SOAPBinding.SendRequestReceiveResponse(WebRequest webRequest, XmlElement samlMessage)
--- End of inner exception stack trace ---
4544/12: 10-8-2019 20:02:16: at ComponentSpace.SAML2.Bindings.SOAPBinding.SendRequestReceiveResponse(WebRequest webRequest, XmlElement samlMessage)
at ComponentSpace.SAML2.Bindings.SOAPBinding.SendRequestReceiveResponse(String destinationURL, XmlElement samlMessage)
at ComponentSpace.SAML2.Profiles.ArtifactResolution.ArtifactResolver.SendRequestReceiveResponse(String destinationURL, XmlElement artifactResolve)
at ExampleServiceProvider.SAML.AssertionConsumerService.ReceiveSAMLResponse(SAMLResponse& samlResponse, String& relayState) in C:\Users\raas\Documents\************\spx-preprod.nl\SPX-DigiD\SAML\AssertionConsumerService.aspx.cs:line 66
at ExampleServiceProvider.SAML.AssertionConsumerService.ProcessSAMLResponse() in C:\Users\raas\Documents\***********\spx-preprod.nl\SPX-DigiD\SAML\AssertionConsumerService.aspx.cs:line 147
at ExampleServiceProvider.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in C:\Users\raas\Documents\********\spx-preprod.nl\SPX-DigiD\SAML\AssertionConsumerService.aspx.cs:line 170
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.saml_assertionconsumerservice_aspx.ProcessRequest(HttpContext context) in d:\local\Temporary ASP.NET Files\deelnemers_digid\f40fc632\13dbac8d\App_Web_u4jzbbk1.3.cs:line 0
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

aspx.page: End Load
aspx.page: Begin LoadComplete
aspx.page: End LoadComplete
aspx.page: Begin PreRender
aspx.page: End PreRender
aspx.page: Begin PreRenderComplete
aspx.page: End PreRenderComplete
aspx.page: Begin SaveState
aspx.page: End SaveState
aspx.page: Begin SaveStateComplete
aspx.page: End SaveStateComplete
aspx.page: Begin Render
aspx.page: End Render



I can’t see the full stack trace but I presume the issue is with the SOAP connection and a self-signed certificate. Try adding the following code to your application start-up. It allows self-signed certificates to be trusted. Once working, you can refine the code as required.


using System.Net;

private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}

ServicePointManager.ServerCertificateValidationCallback = ValidateServerCertificate;


[quote]
ComponentSpace - 8/10/2019

[/quote]

Hi! Many thanks for your reply.

Actually, no, these certificates are not self signed. They are obtained at the dutch government and consists of a total of 4 certificates in a chain.
I already found the 'trust certificate' solution in the forum and tried it, but that didn't work immediately.

I have to debug this to see what's going on.
I've created some kind of a 'hybrid' solution consisting of the high-level and low-level api.
Authentication is done with high-level, because that just works perfectly with only configuring.
and I'm doing the artifact resolve with the low-level solution, now running into a tls/ssl configuration issue.

Thanks!

Let us know what you find. Thanks.

[quote]
ComponentSpace - 8/12/2019
Let us know what you find. Thanks.
[/quote]

added

//using System.Net;
//using System.Security.Authentication;
const SslProtocols _Tls12 = (SslProtocols)0x00000C00;
const SecurityProtocolType Tls12 = (SecurityProtocolType)_Tls12;
ServicePointManager.SecurityProtocol = Tls12;

just before:
XmlElement artifactResponseXml = ArtifactResolver.SendRequestReceiveResponse(spArtifactResponderURL, artifactResolveXml);

and now the connection opens. Have received an error, but as I haven't configured anything for this yet, this is not so surprisable:

ComponentSpace.SAML2.Exceptions.SAMLBindingException: Failed to send/receive SAML request/response over SOAP. ---> System.Xml.XmlException: The 'link' start tag on line 21 position 2 does not match the end tag of 'head'. Line 39, position 3. at System.Xml.XmlTextReaderImpl.Throw(Exception e) at System.Xml.XmlTextReaderImpl.Throw(String res, String[] args) at System.Xml.XmlTextReaderImpl.ThrowTagMismatch(NodeData startTag) at System.Xml.XmlTextReaderImpl.ParseEndElement() at System.Xml.XmlTextReaderImpl.ParseElementContent() at System.Xml.XmlTextReaderImpl.Read() at System.Xml.XmlLoader.LoadNode(Boolean skipOverWhitespace) at System.Xml.XmlLoader.LoadDocSequence(XmlDocument parentDoc) at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace) at System.Xml.Xmldocument.Load(XmlReader reader) at ComponentSpace.SAML2.Utility.Xml.LoadDocument(String xmlText) at ComponentSpace.SAML2.Bindings.SOAPBinding.SendRequestReceiveResponse(WebRequest webRequest, XmlElement samlMessage) --- End of inner exception stack trace --- at ComponentSpace.SAML2.Bindings.SOAPBinding.SendRequestReceiveResponse(WebRequest webRequest, XmlElement samlMessage) at ComponentSpace.SAML2.Bindings.SOAPBinding.SendRequestReceiveResponse(String destinationURL, XmlElement samlMessage) at ComponentSpace.SAML2.Profiles.ArtifactResolution.ArtifactResolver.SendRequestReceiveResponse(String destinationURL, XmlElement artifactResolve) at ExampleServiceProvider.SAML.AssertionConsumerService.ReceiveSAMLResponse(SAMLResponse& samlResponse, String& relayState)

Thanks for the update.

[quote]
ComponentSpace - 8/12/2019
Thanks for the update.
[/quote]


Ok,
channel open, artifact received, trying to resolve the data with the artifact.
I need to sign the artifact resolve/assertion according to the specification.
but receive error: The XML does not contain a signature

I sign the assertion with:


X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];
SAMLAssertionSignature.Generate(artifactResolveXml, x509Certificate.PrivateKey, x509Certificate);


I then create a webrequest and add the certificate to the request.


var webrequest = (HttpWebRequest)WebRequest.Create(spArtifactResponderURL);
webrequest.Method = "POST";
webrequest.ClientCertificates.Add(x509Certificate);


and I send the webrequest

XmlElement artifactResponseXml = ArtifactResolver.SendRequestReceiveResponse(webrequest, artifactResolveXml);

but somehow, it's not signed, the response I receive from the IdP is redirect to its metadata-url.


here's the log attached:



aspx.page: Begin Raise PostBackEvent
12376/20: 17-8-2019 18:09:27: ComponentSpace.SAML2, Version=3.3.0.0, Culture=neutral, PublicKeyToken=16647a1283418145, .NET v4.0 build, Evaluation.
12376/20: 17-8-2019 18:09:27: CLR: 4.0.30319.42000, OS: Microsoft Windows NT 10.0.14393.0, Account: IIS APPPOOL\xeroxpensioenfondsen__8fc6, Culture: Dutch (Netherlands)
12376/20: 17-8-2019 18:09:27: Initializing the SAML environment.
12376/20: 17-8-2019 18:09:27: Loading the SAML configuration file D:\home\site\wwwroot\deelnemers\digid\saml.config.
12376/20: 17-8-2019 18:09:28: SAML configuration:
<?xml version="1.0"?>

<ServiceProvider Name="www.spx-preprod.nl"
Description="Stichting Pensioenfonds Xerox - PreProductie"
AssertionConsumerServiceUrl="~/SAML/AssertionConsumerService.aspx"
LocalCertificateFile="Certificates\spx-preprod.nl_sha256.pfx"
LocalCertificatePassword="********"/>



https://was-preprod1.digid.nl"
Description="DigiD PreProd"
AuthnContextComparison="minimum"
AuthnContext="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
SignAuthnRequest="true"
SingleSignOnServiceUrl="https://preprod1.digid.nl/saml/idp/request_authentication"
SingleLogoutServiceUrl="https://preprod1.digid.nl/saml/idp/request_logout"
PartnerCertificateFile="Certificates\digid_preprod.cer"

/>


">https://was-preprod1.digid.nl/saml/idp/resolve_artifact"-->




12376/20: 17-8-2019 18:09:28: The SAML configuration file has been successfully loaded.
12376/20: 17-8-2019 18:09:28: SAML configuration changes in the directory D:\home\site\wwwroot\deelnemers\digid are being monitored.
12376/20: 17-8-2019 18:09:28: The SAML environment has been successfuly initialized.
12376/20: 17-8-2019 18:09:28: Initiating SSO to the partner identity provider https://was-preprod1.digid.nl.
12376/20: 17-8-2019 18:09:28: Service provider session (d9a7c9ef-c276-4211-bcac-edfb0be07c6f) state:
12376/20: 17-8-2019 18:09:28: Retrieving the local service provider signature certificates for the partner identity provider https://was-preprod1.digid.nl.
12376/20: 17-8-2019 18:09:28: Loading the X.509 certificate from the file D:\home\site\wwwroot\deelnemers\digid\Certificates\spx-preprod.nl_sha256.pfx.
12376/20: 17-8-2019 18:09:28: The X.509 certificate with subject name CN=www.spx-preprod.nl, SERIALNUMBER=00000003120399100000, O=Stichting Pensioenfonds Xerox, L=Venray, S=Limburg, C=NL and serial number 33DF3E2E76FDDDEB7B49724C has been loaded.
12376/20: 17-8-2019 18:09:28: The X.509 certificate with subject name CN=www.spx-preprod.nl, SERIALNUMBER=00000003120399100000, O=Stichting Pensioenfonds Xerox, L=Venray, S=Limburg, C=NL and serial number 33DF3E2E76FDDDEB7B49724C has been cached.
12376/20: 17-8-2019 18:09:28: Sending request over HTTP Redirect, baseURL=https://preprod1.digid.nl/saml/idp/request_authentication, samlMessage=https://preprod1.digid.nl/saml/idp/request_authentication" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">www.spx-preprod.nlurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, relayState=/deelnemers/digid/
12376/20: 17-8-2019 18:09:28: Creating HTTP redirect query string.
12376/20: 17-8-2019 18:09:28: Encoding SAML message: https://preprod1.digid.nl/saml/idp/request_authentication" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">www.spx-preprod.nlurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
12376/20: 17-8-2019 18:09:28: Encoded SAML message: nZNNj9owEIb/SuR7PqGCWIBEQVWRti2CtIe9rIw92bXk2KnH2dB/XzvALlILhz1m/M7M885MZsga1dJl5170Dn53gC7arOfkKSvzSTE+8LjOSx6PRVHH5Ygf4nICn/hkNK35KCPRL7AojZ6TIvFfG8QONhod086HsryMs2mcT6p8SrOSFtOkKMaPJFr7LlIzN2S+ONciTdPWQmuNyBMhn6VItEoDWipFm9oT2BPzlKCd5EMqib4Yy2FAn5OaKYSAsGWI8hXeIltrnOFGfZZaSP08J53V1DCUSDVrAKnjdL/89kC9BXo4iZB+raptvP2xr0i0RAQbGq6Mxq4Buwf7Kjn83D280/d9n2B7jM8uAr4AUBq8HtPBUhq6pLeqJcynk+jYKI10WMp90vZsiyxmQU2H2dur/Pvp7IJBFv+iz9Krkqf6Lf3ua2zWW6Mk/xMm3zB3u0We5ENEirgepLTT2AKXtQThR6qU6VcWmPN7crbza0ovfc5XCGJYrJ+Sg6OLVqZpmZUYLqaRWjZdc3F+rVspb2wH9UfmcFfGKQ+lfTjcV2+sCHcF3HNWlnlvxrrz2P7Hszi93XD39nr9Gy7+Ag==
12376/20: 17-8-2019 18:09:28: Query string: SAMLRequest=nZNNj9owEIb%2FSuR7PqGCWIBEQVWRti2CtIe9rIw92bXk2KnH2dB%2FXzvALlILhz1m%2FM7M885MZsga1dJl5170Dn53gC7arOfkKSvzSTE%2B8LjOSx6PRVHH5Ygf4nICn%2FhkNK35KCPRL7AojZ6TIvFfG8QONhod086HsryMs2mcT6p8SrOSFtOkKMaPJFr7LlIzN2S%2BONciTdPWQmuNyBMhn6VItEoDWipFm9oT2BPzlKCd5EMqib4Yy2FAn5OaKYSAsGWI8hXeIltrnOFGfZZaSP08J53V1DCUSDVrAKnjdL%2F89kC9BXo4iZB%2BraptvP2xr0i0RAQbGq6Mxq4Buwf7Kjn83D280%2Fd9n2B7jM8uAr4AUBq8HtPBUhq6pLeqJcynk%2BjYKI10WMp90vZsiyxmQU2H2dur%2FPvp7IJBFv%2Biz9Krkqf6Lf3ua2zWW6Mk%2FxMm3zB3u0We5ENEirgepLTT2AKXtQThR6qU6VcWmPN7crbza0ovfc5XCGJYrJ%2BSg6OLVqZpmZUYLqaRWjZdc3F%2BrVspb2wH9UfmcFfGKQ%2BlfTjcV2%2BsCHcF3HNWlnlvxrrz2P7Hszi93XD39nr9Gy7%2BAg%3D%3D&RelayState=%2Fdeelnemers%2Fdigid%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256
12376/20: 17-8-2019 18:09:28: Generating signature.
12376/20: 17-8-2019 18:09:28: Data to sign: 53 41 4d 4c 52 65 71 75 65 73 74 3d 6e 5a 4e 4e 6a 39 6f 77 45 49 62 25 32 46 53 75 52 37 50 71 47 43 57 49 42 45 51 56 57 52 74 69 32 43 74 49 65 39 72 49 77 39 32 62 58 6b 32 4b 6e 48 32 64 42 25 32 46 58 7a 76 41 4c 6c 49 4c 68 7a 31 6d 25 32 46 4d 37 4d 38 38 35 4d 5a 73 67 61 31 64 4a 6c 35 31 37 30 44 6e 35 33 67 43 37 61 72 4f 66 6b 4b 53 76 7a 53 54 45 25 32 42 38 4c 6a 4f 53 78 36 50 52 56 48 48 35 59 67 66 34 6e 49 43 6e 25 32 46 68 6b 4e 4b 33 35 4b 43 50 52 4c 37 41 6f 6a 5a 36 54 49 76 46 66 47 38 51 4f 4e 68 6f 64 30 38 36 48 73 72 79 4d 73 32 6d 63 54 36 70 38 53 72 4f 53 46 74 4f 6b 4b 4d 61 50 4a 46 72 37 4c 6c 49 7a 4e 32 53 25 32 42 4f 4e 63 69 54 64 50 57 51 6d 75 4e 79 42 4d 68 6e 36 56 49 74 45 6f 44 57 69 70 46 6d 39 6f 54 32 42 50 7a 6c 4b 43 64 35 45 4d 71 69 62 34 59 79 32 46 41 6e 35 4f 61 4b 59 53 41 73 47 57 49 38 68 58 65 49 6c 74 72 6e 4f 46 47 66 5a 5a 61 53 50 30 38 4a 35 33 56 31 44 43 55 53 44 56 72 41 4b 6e 6a 64 4c 25 32 46 38 39 6b 43 39 42 58 6f 34 69 5a 42 25 32 42 72 61 70 74 76 50 32 78 72 30 69 30 52 41 51 62 47 71 36 4d 78 71 34 42 75 77 66 37 4b 6a 6e 38 33 44 32 38 30 25 32 46 64 39 6e 32 42 37 6a 4d 38 75 41 72 34 41 55 42 71 38 48 74 50 42 55 68 71 36 70 4c 65 71 4a 63 79 6e 6b 25 32 42 6a 59 4b 49 31 30 57 4d 70 39 30 76 5a 73 69 79 78 6d 51 55 32 48 32 64 75 72 25 32 46 50 76 70 37 49 4a 42 46 76 25 32 42 69 7a 39 4b 72 6b 71 66 36 4c 66 33 75 61 32 7a 57 57 36 4d 6b 25 32 46 78 4d 6d 33 7a 42 33 75 30 57 65 35 45 4e 45 69 72 67 65 70 4c 54 54 32 41 4b 58 74 51 54 68 52 36 71 55 36 56 63 57 6d 50 4e 37 63 72 62 7a 61 30 6f 76 66 63 35 58 43 47 4a 59 72 4a 25 32 42 53 67 36 4f 4c 56 71 5a 70 6d 5a 55 59 4c 71 61 52 57 6a 5a 64 63 33 46 25 32 42 72 56 73 70 62 32 77 48 39 55 66 6d 63 46 66 47 4b 51 25 32 42 6c 66 54 6a 63 56 32 25 32 42 73 43 48 63 46 33 48 4e 57 6c 6e 6c 76 78 72 72 7a 32 50 37 48 73 7a 69 39 33 58 44 33 39 6e 72 39 47 79 37 25 32 42 41 67 25 33 44 25 33 44 26 52 65 6c 61 79 53 74 61 74 65 3d 25 32 46 64 65 65 6c 6e 65 6d 65 72 73 25 32 46 64 69 67 69 64 25 32 46 26 53 69 67 41 6c 67 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 77 33 2e 6f 72 67 25 32 46 32 30 30 31 25 32 46 30 34 25 32 46 78 6d 6c 64 73 69 67 2d 6d 6f 72 65 25 32 33 72 73 61 2d 73 68 61 32 35 36
12376/20: 17-8-2019 18:09:28: Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
12376/20: 17-8-2019 18:09:28: Signature: 63 13 71 ff 89 47 1e 72 38 2c 28 0c e2 cb 03 47 34 3a 47 3b e0 b3 1c fa 9d da ad 92 e7 89 30 fb 66 2b df 02 de 22 df 85 64 d5 64 ab 47 a1 e4 a9 ab dd 5c c7 b8 7a b1 19 f3 0f 54 07 d8 ff 57 17 52 9c 0a 9f 4e 6a c8 4d 13 87 2a a7 4e d0 69 81 cc d8 2e bc aa cd a4 31 20 e9 fd 17 68 a1 85 92 92 bf 58 9e 07 ff d1 56 6e 3d 33 68 dd 12 ee 57 ac 7d 45 a1 9f 30 09 5d 0d c0 d4 2e 27 9b 27 51 14 0f d8 ae 5f 05 04 95 17 15 7e e8 f7 74 90 05 bd 5d bb 06 77 40 fc 97 13 8e cb 7a 7e 0a 29 84 97 d8 d4 69 a7 d2 8c 3a da 81 80 63 4e 7d 34 e3 21 66 5e cc 8b f6 f9 50 e6 60 17 13 ed 30 cf d3 1e e0 9f 21 45 20 62 42 28 8c e4 55 89 c8 e9 b4 8c d4 0b 26 a6 e1 f8 ef 80 9a 28 a9 e6 21 3a 7f fe 4c c8 e1 f5 59 7d bc c2 a6 64 14 a3 8b f8 a0 2a 97 1e 1e 6d d3 b0 b1 51 1f 99 ec 8b 9d a6 1e
12376/20: 17-8-2019 18:09:28: Query string: SAMLRequest=nZNNj9owEIb%2FSuR7PqGCWIBEQVWRti2CtIe9rIw92bXk2KnH2dB%2FXzvALlILhz1m%2FM7M885MZsga1dJl5170Dn53gC7arOfkKSvzSTE%2B8LjOSx6PRVHH5Ygf4nICn%2FhkNK35KCPRL7AojZ6TIvFfG8QONhod086HsryMs2mcT6p8SrOSFtOkKMaPJFr7LlIzN2S%2BONciTdPWQmuNyBMhn6VItEoDWipFm9oT2BPzlKCd5EMqib4Yy2FAn5OaKYSAsGWI8hXeIltrnOFGfZZaSP08J53V1DCUSDVrAKnjdL%2F89kC9BXo4iZB%2BraptvP2xr0i0RAQbGq6Mxq4Buwf7Kjn83D280%2Fd9n2B7jM8uAr4AUBq8HtPBUhq6pLeqJcynk%2BjYKI10WMp90vZsiyxmQU2H2dur%2FPvp7IJBFv%2Biz9Krkqf6Lf3ua2zWW6Mk%2FxMm3zB3u0We5ENEirgepLTT2AKXtQThR6qU6VcWmPN7crbza0ovfc5XCGJYrJ%2BSg6OLVqZpmZUYLqaRWjZdc3F%2BrVspb2wH9UfmcFfGKQ%2BlfTjcV2%2BsCHcF3HNWlnlvxrrz2P7Hszi93XD39nr9Gy7%2BAg%3D%3D&RelayState=%2Fdeelnemers%2Fdigid%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=YxNx%2F4lHHnI4LCgM4ssDRzQ6Rzvgsxz6ndqtkueJMPtmK98C3iLfhWTVZKtHoeSpq91cx7h6sRnzD1QH2P9XF1KcCp9OashNE4cqp07QaYHM2C68qs2kMSDp%2FRdooYWSkr9Yngf%2F0VZuPTNo3RLuV6x9RaGfMAldDcDULiebJ1EUD9iuXwUElRcVfuj3dJAFvV27BndA%2FJcTjst6fgophJfY1Gmn0ow62oGAY059NOMhZl7Mi%2Fb5UOZgFxPtMM%2FTHuCfIUUgYkIojORVicjptIzUCyam4fjvgJooqeYhOn%2F%2BTMjh9Vl9vMKmZBSji%2FigKpceHm3TsLFRH5nsi52mHg%3D%3D
12376/20: 17-8-2019 18:09:28: Redirect URL: https://preprod1.digid.nl/saml/idp/request_authentication?SAMLRequest=nZNNj9owEIb%2FSuR7PqGCWIBEQVWRti2CtIe9rIw92bXk2KnH2dB%2FXzvALlILhz1m%2FM7M885MZsga1dJl5170Dn53gC7arOfkKSvzSTE%2B8LjOSx6PRVHH5Ygf4nICn%2FhkNK35KCPRL7AojZ6TIvFfG8QONhod086HsryMs2mcT6p8SrOSFtOkKMaPJFr7LlIzN2S%2BONciTdPWQmuNyBMhn6VItEoDWipFm9oT2BPzlKCd5EMqib4Yy2FAn5OaKYSAsGWI8hXeIltrnOFGfZZaSP08J53V1DCUSDVrAKnjdL%2F89kC9BXo4iZB%2BraptvP2xr0i0RAQbGq6Mxq4Buwf7Kjn83D280%2Fd9n2B7jM8uAr4AUBq8HtPBUhq6pLeqJcynk%2BjYKI10WMp90vZsiyxmQU2H2dur%2FPvp7IJBFv%2Biz9Krkqf6Lf3ua2zWW6Mk%2FxMm3zB3u0We5ENEirgepLTT2AKXtQThR6qU6VcWmPN7crbza0ovfc5XCGJYrJ%2BSg6OLVqZpmZUYLqaRWjZdc3F%2BrVspb2wH9UfmcFfGKQ%2BlfTjcV2%2BsCHcF3HNWlnlvxrrz2P7Hszi93XD39nr9Gy7%2BAg%3D%3D&RelayState=%2Fdeelnemers%2Fdigid%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=YxNx%2F4lHHnI4LCgM4ssDRzQ6Rzvgsxz6ndqtkueJMPtmK98C3iLfhWTVZKtHoeSpq91cx7h6sRnzD1QH2P9XF1KcCp9OashNE4cqp07QaYHM2C68qs2kMSDp%2FRdooYWSkr9Yngf%2F0VZuPTNo3RLuV6x9RaGfMAldDcDULiebJ1EUD9iuXwUElRcVfuj3dJAFvV27BndA%2FJcTjst6fgophJfY1Gmn0ow62oGAY059NOMhZl7Mi%2Fb5UOZgFxPtMM%2FTHuCfIUUgYkIojORVicjptIzUCyam4fjvgJooqeYhOn%2F%2BTMjh9Vl9vMKmZBSji%2FigKpceHm3TsLFRH5nsi52mHg%3D%3D
12376/20: 17-8-2019 18:09:28: Redirecting to: https://preprod1.digid.nl/saml/idp/request_authentication?SAMLRequest=nZNNj9owEIb%2FSuR7PqGCWIBEQVWRti2CtIe9rIw92bXk2KnH2dB%2FXzvALlILhz1m%2FM7M885MZsga1dJl5170Dn53gC7arOfkKSvzSTE%2B8LjOSx6PRVHH5Ygf4nICn%2FhkNK35KCPRL7AojZ6TIvFfG8QONhod086HsryMs2mcT6p8SrOSFtOkKMaPJFr7LlIzN2S%2BONciTdPWQmuNyBMhn6VItEoDWipFm9oT2BPzlKCd5EMqib4Yy2FAn5OaKYSAsGWI8hXeIltrnOFGfZZaSP08J53V1DCUSDVrAKnjdL%2F89kC9BXo4iZB%2BraptvP2xr0i0RAQbGq6Mxq4Buwf7Kjn83D280%2Fd9n2B7jM8uAr4AUBq8HtPBUhq6pLeqJcynk%2BjYKI10WMp90vZsiyxmQU2H2dur%2FPvp7IJBFv%2Biz9Krkqf6Lf3ua2zWW6Mk%2FxMm3zB3u0We5ENEirgepLTT2AKXtQThR6qU6VcWmPN7crbza0ovfc5XCGJYrJ%2BSg6OLVqZpmZUYLqaRWjZdc3F%2BrVspb2wH9UfmcFfGKQ%2BlfTjcV2%2BsCHcF3HNWlnlvxrrz2P7Hszi93XD39nr9Gy7%2BAg%3D%3D&RelayState=%2Fdeelnemers%2Fdigid%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=YxNx%2F4lHHnI4LCgM4ssDRzQ6Rzvgsxz6ndqtkueJMPtmK98C3iLfhWTVZKtHoeSpq91cx7h6sRnzD1QH2P9XF1KcCp9OashNE4cqp07QaYHM2C68qs2kMSDp%2FRdooYWSkr9Yngf%2F0VZuPTNo3RLuV6x9RaGfMAldDcDULiebJ1EUD9iuXwUElRcVfuj3dJAFvV27BndA%2FJcTjst6fgophJfY1Gmn0ow62oGAY059NOMhZl7Mi%2Fb5UOZgFxPtMM%2FTHuCfIUUgYkIojORVicjptIzUCyam4fjvgJooqeYhOn%2F%2BTMjh9Vl9vMKmZBSji%2FigKpceHm3TsLFRH5nsi52mHg%3D%3D
12376/20: 17-8-2019 18:09:28: Request sent over HTTP Redirect.
12376/20: 17-8-2019 18:09:28: SAML message sent: partner=https://was-preprod1.digid.nl, message=https://preprod1.digid.nl/saml/idp/request_authentication" ForceAuthn="false" IsPassive="false" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">www.spx-preprod.nlurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, relay state=/deelnemers/digid/, destination URL=https://preprod1.digid.nl/saml/idp/request_authentication
12376/20: 17-8-2019 18:09:28: Service provider session (d9a7c9ef-c276-4211-bcac-edfb0be07c6f) state:
Pending response state:
Action: ReceiveSamlResponse
Partner name: https://was-preprod1.digid.nl
Relay state:
In response to: _091724bc-f19c-4d2f-93cb-97e5c738fc30

12376/20: 17-8-2019 18:09:28: Initiation of SSO to the partner identity provider https://was-preprod1.digid.nl has completed successfully.
aspx.page: End Raise PostBackEvent
aspx.page: Begin LoadComplete
aspx.page: End LoadComplete
aspx.page: Begin PreRender
aspx.page: End PreRender
aspx.page: Begin PreRenderComplete
aspx.page: End PreRenderComplete
aspx.page: Begin SaveState
aspx.page: End SaveState
aspx.page: Begin SaveStateComplete
aspx.page: End SaveStateComplete
aspx.page: Begin Render
aspx.page: End Render
aspx.page: Begin PreInit
aspx.page: End PreInit
aspx.page: Begin Init
aspx.page: End Init
aspx.page: Begin InitComplete
aspx.page: End InitComplete
aspx.page: Begin PreLoad
aspx.page: End PreLoad
aspx.page: Begin Load
12376/5: 17-8-2019 18:10:01: Receiving artifact in query string over HTTP Artifact
12376/5: 17-8-2019 18:10:01: HTTP request:
GET /deelnemers/digid/SAML/AssertionConsumerService.aspx?SAMLart=AAQAAM2K4swP9wWZMpSMawzmyp%2B75KEUlZUcs2GGPbrWr5HINB3gLY%2Bgb0M%3D&RelayState=%2Fdeelnemers%2Fdigid%2F HTTP/1.1
Cache-Control: max-age=0
Connection: Keep-Alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: ASP.NET_SessionId=mnzsurqdaohxindxsicstetk; ARRAffinity=6591cf898a2df97f256faef2b3ccdfd7ce2616b02ae94737cf84d54a31a581db; jsCookieCheck=null; SAML_SessionId=d9a7c9ef-c276-4211-bcac-edfb0be07c6f
Host: www.spx-preprod.nl
Max-Forwards: 10
Referer: https://preprod1.digid.nl/inloggen_basis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
Upgrade-Insecure-Requests: 1
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Site: cross-site
X-WAWS-Unencoded-URL: /deelnemers/digid/SAML/AssertionConsumerService.aspx?SAMLart=AAQAAM2K4swP9wWZMpSMawzmyp%2B75KEUlZUcs2GGPbrWr5HINB3gLY%2Bgb0M%3D&RelayState=%2Fdeelnemers%2Fdigid%2F
CLIENT-IP: 31.20.113.75:47658
X-ARR-LOG-ID: 49b022cb-5155-4afd-aecd-663e7721465b
DISGUISED-HOST: www.spx-preprod.nl
X-SITE-DEPLOYMENT-ID: xeroxpensioenfondsen__8fc6
WAS-DEFAULT-HOSTNAME: xeroxpensioenfondsen-spx-preprod.azurewebsites.net
X-Original-URL: /deelnemers/digid/SAML/AssertionConsumerService.aspx?SAMLart=AAQAAM2K4swP9wWZMpSMawzmyp%2B75KEUlZUcs2GGPbrWr5HINB3gLY%2Bgb0M%3D&RelayState=%2Fdeelnemers%2Fdigid%2F
X-Forwarded-For: 31.20.113.75:47658
X-ARR-SSL: 2048|256|C=NL, O=KPN B.V., OID.2.5.4.97=NTRNL-27124701, CN=KPN BV PKIoverheid Organisatie Server CA - G3|C=NL, S=Limburg, L=Venray, O=Stichting Pensioenfonds Xerox, SERIALNUMBER=00000003120399100000, CN=www.spx-preprod.nl
X-Forwarded-Proto: https
X-AppService-Proto: https

12376/5: 17-8-2019 18:10:01: Query string value: SAMLart=AAQAAM2K4swP9wWZMpSMawzmyp+75KEUlZUcs2GGPbrWr5HINB3gLY+gb0M=
12376/5: 17-8-2019 18:10:01: Query string value: RelayState=/deelnemers/digid/
12376/5: 17-8-2019 18:10:01: Received artifact in query string over HTTP Artifact, artifact=AAQAAM2K4swP9wWZMpSMawzmyp+75KEUlZUcs2GGPbrWr5HINB3gLY+gb0M=, relayState=/deelnemers/digid/
12376/5: 17-8-2019 18:10:01: Generating an XML signature.
12376/5: 17-8-2019 18:10:01: XML signature generation was successful.
12376/5: 17-8-2019 18:10:01: Sending request over SOAP, samlMessage=www.spx-preprod.nlhttp://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />http://www.w3.org/2000/09/xmldsig#enveloped-signature" />http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmlenc#sha256" />OJy7u8QoiM6//IEJl9c4rAMxgWARIhBUr3De2pLHYGs=ljffxLqW407kzX2doXqbTXsTYyZEy9obi//wzYLcqjphAat0Y1MHkLlgqixn3BNm/wtxG+oI/uB4AjoxYFkV9vjhEXnCwHyJGrspeNug5T+1M2q8rTMBjKhYNaUpQUi5D3w43yMyAi3ZAa/L8qBJunXXQ97iu2z+VJwBs8yBkQ8cG7SECNCkgtv754REvqlYqcjycONSuUT1PG/bftF/WZgZiasZqoohtUdowK3jrKXwV3gnApZIfvwNgDXPiExb8qAQtZdEXueNk6xwZwhxRWWxnp+QVTKS0dWI/JsRb3E3ov3G3my+YLMGFQOfUlY4zVWJDYDuGDHDFGhIIyAe9Q==MIIIXTCCBkWgAwIBAgIMM98+Lnb93et7SXJMMA0GCSqGSIb3DQEBCwUAMHExCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhLUE4gQi5WLjEXMBUGA1UEYQwOTlRSTkwtMjcxMjQ3MDExNjA0BgNVBAMMLUtQTiBCViBQS0lvdmVyaGVpZCBPcmdhbmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xOTA1MTUxMDUwMDJaFw0yMTA1MTQxMDUwMDJaMIGUMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHTGltYnVyZzEPMA0GA1UEBwwGVmVucmF5MSYwJAYDVQQKDB1TdGljaHRpbmcgUGVuc2lvZW5mb25kcyBYZXJveDEdMBsGA1UEBRMUMDAwMDAwMDMxMjAzOTkxMDAwMDAxGzAZBgNVBAMMEnd3dy5zcHgtcHJlcHJvZC5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAP5QRFjT229T2XLrnIEoy00/wrEOu1C5rivYGobT1OkjjmFedQhgtISG2K7UA3JO3lpUDVQ/AZ8+V3lOHmE5WNyATfYmjNTx1EOrcIeEi8MLFqzYzEAdb4ML9uPVpvNGq1f3YvZt67CnzTtd1qgaKEFQLTGObFIdK4/DmwDBGdxc+b2kNdskxc4WBBQGICoo4wvE6WUso0uWM6Msi/60k1W9Afss5gMTgqe4U84BeHXdL54K58FXShKe8ROOgnqDLOdWk0AJDDhL7gmcns9ggNAbFFgTV4yhSMf7C7qXwOnO4KLCGkw9rxCb6AkCfbncD0fd/ZcwnGuqyZmnNwydVHcCAwEAAaOCA88wggPLMIGUBggrBgEFBQcBAQSBhzCBhDBYBggrBgEFBQcwAoZMaHR0cDovL2NlcnQubWFuYWdlZHBraS5jb20vQ0FjZXJ0cy9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0aWVTZXJ2ZXJDQUczLmNlcjAoBggrBgEFBQcwAYYcaHR0cDovL2czb2NzcC5tYW5hZ2VkcGtpLmNvbTAdBgNVHQ4EFgQUEyXGZHbBhI/gJ8BcuwUTXMWWekQwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTDmqZ7XnQrgrbGcv10ToXSl839GDCBsQYDVR0gBIGpMIGmMIGZBgpghBABh2sBAgUGMIGKMDcGCCsGAQUFBwIBFitodHRwczovL2NlcnRpZmljYWF0Lmtwbi5jb20vcGtpb3ZlcmhlaWQvY3BzME8GCCsGAQUFBwICMEMMQU9wIGRpdCBjZXJ0aWZpY2FhdCBpcyBoZXQgQ1BTIFBLSW92ZXJoZWlkIHZhbiBLUE4gdmFuIHRvZXBhc3NpbmcuMAgGBmeBDAECAjBeBgNVHR8EVzBVMFOgUaBPhk1odHRwOi8vY3JsLm1hbmFnZWRwa2kuY29tL0tQTkJWUEtJb3ZlcmhlaWRPcmdhbmlzYXRpZVNlcnZlckNBRzMvTGF0ZXN0Q1JMLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdEQQWMBSCEnd3dy5zcHgtcHJlcHJvZC5ubDCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHcAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFqux0ePwAABAMASDBGAiEAja94/1KZFGK9SPJNZqleuA4gc6VpMF7Bt416tG7H95ACIQCMx+yUPkBWwxTxN9NhPMTQ2T7Z9upr5dYWz19H6MtEPAB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABarsdHzoAAAQDAEgwRgIhAOBfuJV0hum9qP1/fQxQWcbMDDzVAiGPfjSFiXowMRdMAiEA3ZTDO1/93O5eBqdukvtAolVKjn99hESYFBXydEKS+ZcAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWq7HR4EAAAEAwBHMEUCIQCwoEnZsOE7eFHCapBQefF5yFwPo1AlHWiW/STzLfXHSgIgZolPwNlmylS7TwhrRLXj32WRTOpkklAt1AfYK0cRxF0wDQYJKoZIhvcNAQELBQADggIBAG8YuzsZtu2Cq5nbCJxVaKreBiWpQ65+ssxSIEm7qyRKtzpxoPkSuSJlxBnZqVN1o8FiDO9lf9jXW79gRAHAWGtAxpNngZZylDdz9HG9Ky54o2k4ROQIV0C+WG9Z5srSAa66fLm98KnmL2av2TrJbv7xeIjymo2IBiz3F+7voWYJHQ8VJgyT7Gned2rJb8BmQ29sr8MMQM7uv0w1FjFisaRNbdVlqT7ihIFOu8k9lYNVrBUfl6U7TDD7lWhftQMtFtdqdvsoVRJIdw6u6kShKiMOiPh38KERVS4vLx5IvsSntnYo0h4W5auWdMPK8yOfKuDUcOeSTEBztWEzF0EvXpuyBnQ3iW7LLLOlp6duw+jc++un7waLCq9dy1HxrpKAN5I9Iz4ExX/BG03pkUYArEtn/73drF6XXEeMn5EQnUCF0bf4JvMlX2Ewes6N41If4GL9p4C+3eBXVTng0MRXc7xLMTfxFTDifPcIF8kWnCl54eWE37QEMOVB74GH/3OjCHDNOzJ57Yy2SVNDrHKuIkzG65kYEirMlFgI8aVRbQTuDyo7t5dKUgny4SVzILWNatnSu8YBtJLprVFjwpH6085BxGXQd2lLmHe2oF7ILj4/fhup7D7RyxaFj+0EGijFwuTUH9HQgsPL+8rx/AyS2kD3RBzQzwp96NAEUDoSFJbFAAQAAM2K4swP9wWZMpSMawzmyp+75KEUlZUcs2GGPbrWr5HINB3gLY+gb0M=
12376/5: 17-8-2019 18:10:01: Sending SOAP request: http://schemas.xmlsoap.org/soap/envelope/"><samlp:ArtifactResolve ID="_f3d2141d-86f4-4146-8d9f-967151d01ed9" Version="2.0" IssueInstant="2019-08-17T18:10:01.238Z" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">www.spx-preprod.nlhttp://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />http://www.w3.org/2000/09/xmldsig#enveloped-signature" />http://www.w3.org/2001/10/xml-exc-c14n#"><InclusiveNamespaces PrefixList="#default saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmlenc#sha256" />OJy7u8QoiM6//IEJl9c4rAMxgWARIhBUr3De2pLHYGs=ljffxLqW407kzX2doXqbTXsTYyZEy9obi//wzYLcqjphAat0Y1MHkLlgqixn3BNm/wtxG+oI/uB4AjoxYFkV9vjhEXnCwHyJGrspeNug5T+1M2q8rTMBjKhYNaUpQUi5D3w43yMyAi3ZAa/L8qBJunXXQ97iu2z+VJwBs8yBkQ8cG7SECNCkgtv754REvqlYqcjycONSuUT1PG/bftF/WZgZiasZqoohtUdowK3jrKXwV3gnApZIfvwNgDXPiExb8qAQtZdEXueNk6xwZwhxRWWxnp+QVTKS0dWI/JsRb3E3ov3G3my+YLMGFQOfUlY4zVWJDYDuGDHDFGhIIyAe9Q==MIIIXTCCBkWgAwIBAgIMM98+Lnb93et7SXJMMA0GCSqGSIb3DQEBCwUAMHExCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhLUE4gQi5WLjEXMBUGA1UEYQwOTlRSTkwtMjcxMjQ3MDExNjA0BgNVBAMMLUtQTiBCViBQS0lvdmVyaGVpZCBPcmdhbmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xOTA1MTUxMDUwMDJaFw0yMTA1MTQxMDUwMDJaMIGUMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHTGltYnVyZzEPMA0GA1UEBwwGVmVucmF5MSYwJAYDVQQKDB1TdGljaHRpbmcgUGVuc2lvZW5mb25kcyBYZXJveDEdMBsGA1UEBRMUMDAwMDAwMDMxMjAzOTkxMDAwMDAxGzAZBgNVBAMMEnd3dy5zcHgtcHJlcHJvZC5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAP5QRFjT229T2XLrnIEoy00/wrEOu1C5rivYGobT1OkjjmFedQhgtISG2K7UA3JO3lpUDVQ/AZ8+V3lOHmE5WNyATfYmjNTx1EOrcIeEi8MLFqzYzEAdb4ML9uPVpvNGq1f3YvZt67CnzTtd1qgaKEFQLTGObFIdK4/DmwDBGdxc+b2kNdskxc4WBBQGICoo4wvE6WUso0uWM6Msi/60k1W9Afss5gMTgqe4U84BeHXdL54K58FXShKe8ROOgnqDLOdWk0AJDDhL7gmcns9ggNAbFFgTV4yhSMf7C7qXwOnO4KLCGkw9rxCb6AkCfbncD0fd/ZcwnGuqyZmnNwydVHcCAwEAAaOCA88wggPLMIGUBggrBgEFBQcBAQSBhzCBhDBYBggrBgEFBQcwAoZMaHR0cDovL2NlcnQubWFuYWdlZHBraS5jb20vQ0FjZXJ0cy9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0aWVTZXJ2ZXJDQUczLmNlcjAoBggrBgEFBQcwAYYcaHR0cDovL2czb2NzcC5tYW5hZ2VkcGtpLmNvbTAdBgNVHQ4EFgQUEyXGZHbBhI/gJ8BcuwUTXMWWekQwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTDmqZ7XnQrgrbGcv10ToXSl839GDCBsQYDVR0gBIGpMIGmMIGZBgpghBABh2sBAgUGMIGKMDcGCCsGAQUFBwIBFitodHRwczovL2NlcnRpZmljYWF0Lmtwbi5jb20vcGtpb3ZlcmhlaWQvY3BzME8GCCsGAQUFBwICMEMMQU9wIGRpdCBjZXJ0aWZpY2FhdCBpcyBoZXQgQ1BTIFBLSW92ZXJoZWlkIHZhbiBLUE4gdmFuIHRvZXBhc3NpbmcuMAgGBmeBDAECAjBeBgNVHR8EVzBVMFOgUaBPhk1odHRwOi8vY3JsLm1hbmFnZWRwa2kuY29tL0tQTkJWUEtJb3ZlcmhlaWRPcmdhbmlzYXRpZVNlcnZlckNBRzMvTGF0ZXN0Q1JMLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdEQQWMBSCEnd3dy5zcHgtcHJlcHJvZC5ubDCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHcAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFqux0ePwAABAMASDBGAiEAja94/1KZFGK9SPJNZqleuA4gc6VpMF7Bt416tG7H95ACIQCMx+yUPkBWwxTxN9NhPMTQ2T7Z9upr5dYWz19H6MtEPAB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABarsdHzoAAAQDAEgwRgIhAOBfuJV0hum9qP1/fQxQWcbMDDzVAiGPfjSFiXowMRdMAiEA3ZTDO1/93O5eBqdukvtAolVKjn99hESYFBXydEKS+ZcAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWq7HR4EAAAEAwBHMEUCIQCwoEnZsOE7eFHCapBQefF5yFwPo1AlHWiW/STzLfXHSgIgZolPwNlmylS7TwhrRLXj32WRTOpkklAt1AfYK0cRxF0wDQYJKoZIhvcNAQELBQADggIBAG8YuzsZtu2Cq5nbCJxVaKreBiWpQ65+ssxSIEm7qyRKtzpxoPkSuSJlxBnZqVN1o8FiDO9lf9jXW79gRAHAWGtAxpNngZZylDdz9HG9Ky54o2k4ROQIV0C+WG9Z5srSAa66fLm98KnmL2av2TrJbv7xeIjymo2IBiz3F+7voWYJHQ8VJgyT7Gned2rJb8BmQ29sr8MMQM7uv0w1FjFisaRNbdVlqT7ihIFOu8k9lYNVrBUfl6U7TDD7lWhftQMtFtdqdvsoVRJIdw6u6kShKiMOiPh38KERVS4vLx5IvsSntnYo0h4W5auWdMPK8yOfKuDUcOeSTEBztWEzF0EvXpuyBnQ3iW7LLLOlp6duw+jc++un7waLCq9dy1HxrpKAN5I9Iz4ExX/BG03pkUYArEtn/73drF6XXEeMn5EQnUCF0bf4JvMlX2Ewes6N41If4GL9p4C+3eBXVTng0MRXc7xLMTfxFTDifPcIF8kWnCl54eWE37QEMOVB74GH/3OjCHDNOzJ57Yy2SVNDrHKuIkzG65kYEirMlFgI8aVRbQTuDyo7t5dKUgny4SVzILWNatnSu8YBtJLprVFjwpH6085BxGXQd2lLmHe2oF7ILj4/fhup7D7RyxaFj+0EGijFwuTUH9HQgsPL+8rx/AyS2kD3RBzQzwp96NAEUDoSFJbFAAQAAM2K4swP9wWZMpSMawzmyp+75KEUlZUcs2GGPbrWr5HINB3gLY+gb0M=
12376/5: 17-8-2019 18:10:02: Received SOAP response: <?xml version="1.0" encoding="UTF-8"?>
http://schemas.xmlsoap.org/soap/envelope/"><samlp:ArtifactResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="_5b9bb46a2e4e744221aa11ffcf98d83ffa11f26c" Version="2.0" IssueInstant="2019-08-17T18:10:02Z" InResponseTo="_f3d2141d-86f4-4146-8d9f-967151d01ed9">https://was-preprod1.digid.nl/saml/idp/metadata<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_5b9bb46a2e4e744221aa11ffcf98d83ffa11f26c">http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds saml samlp xs"/>NCiBHYmtPmtQZcGfvTsdv4j2ufOTh3ervAWAfSHAIpU=njbP/olbKr2LxeC1reOw/LiYaMcaQqGejZFj0OY3nhRbDASjUcbok2lmh+Umfygy5FfPTTXSIg82bNwU+gWBw2TdirT06c18T6pO/Prje6bHNWcBPYSHieOupOJSYCzorq3tf72R7Y1fN28/Y6GywxHtxle6qPUXJj3bCSw/6SM8vlwLPJvez7k3xyyU5uFXhNNSp2ClmXAUa2/atpobYpQi1zcEOUVTucIoCF/7dECbR191/tCRO7WmNxFfYyhTC68Z4SuhcMioAtIgR87pWb4WUHVmuZV69yPQJHKcYvEz1EZdD2CUMnQK1GGLAUM41uDvwdEGaIsXqTWm+DRflg==2e9046aba2e95ed07efb655f6f50880ef686e531MIIIZDCCBkygAwIBAgIMJ2R7YaPkQO4x1YD4MA0GCSqGSIb3DQEBCwUAMHEx">http://www.w3.org/2001/04/xmlenc#sha256"/>NCiBHYmtPmtQZcGfvTsdv4j2ufOTh3ervAWAfSHAIpU=njbP/olbKr2LxeC1reOw/LiYaMcaQqGejZFj0OY3nhRbDASjUcbok2lmh+Umfygy5FfPTTXSIg82bNwU+gWBw2TdirT06c18T6pO/Prje6bHNWcBPYSHieOupOJSYCzorq3tf72R7Y1fN28/Y6GywxHtxle6qPUXJj3bCSw/6SM8vlwLPJvez7k3xyyU5uFXhNNSp2ClmXAUa2/atpobYpQi1zcEOUVTucIoCF/7dECbR191/tCRO7WmNxFfYyhTC68Z4SuhcMioAtIgR87pWb4WUHVmuZV69yPQJHKcYvEz1EZdD2CUMnQK1GGLAUM41uDvwdEGaIsXqTWm+DRflg==2e9046aba2e95ed07efb655f6f50880ef686e531MIIIZDCCBkygAwIBAgIMJ2R7YaPkQO4x1YD4MA0GCSqGSIb3DQEBCwUAMHEx
CzAJBgNVBAYTAk5MMREwDwYDVQQKDAhLUE4gQi5WLjEXMBUGA1UEYQwOTlRS
TkwtMjcxMjQ3MDExNjA0BgNVBAMMLUtQTiBCViBQS0lvdmVyaGVpZCBPcmdh
bmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xOTAzMDgwODIwMjdaFw0yMTAz
MDcwODIwMjdaMIGYMQswCQYDVQQGEwJOTDEVMBMGA1UECAwMWnVpZC1Ib2xs
YW5kMREwDwYDVQQHDAhEZW4gSGFhZzEPMA0GA1UECgwGTG9naXVzMQ4wDAYD
VQQLDAVEaWdpRDEdMBsGA1UEBRMUMDAwMDAwMDQxNjY5MDk5MTMwMDAxHzAd
BgNVBAMMFnNhbWwtc2lnbi5wcDEuZGlnaWQubmwwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDXUqAvX+Dk6s4BfjJQwwctTw68IFxJyaBMvHj9
gxfwPFy7SMtZ6rQlIwDW0LRsjAnKAWXSkBc56jrDQse4rram+1a7jV8dPSPd
KkgeSyJVENpC0ssnWcUMEnDMZ6NP8ydavUEAzFRYBBqcnGoDpga8K6HczWgz
pC4iQmpGcj+wE7c80C4GHTUKvJ+C7AnZqq5qHP6izxIGLOEiofJqgG7Lyp7W
r5ypITeIlPKFmTY7DD8OsR7p7H8Y34jmbmcum+r8FobykcXX9DEXzVesR82A
3j83Cvwx8lsu1bKwUbF2VzkIC+PWC1aRsE5FtsmJ9ZEdA58Dhe9wQnkZbZRB
Ao69AgMBAAGjggPSMIIDzjCBlAYIKwYBBQUHAQEEgYcwgYQwWAYIKwYBBQUH
MAKGTGh0dHA6Ly9jZXJ0Lm1hbmFnZWRwa2kuY29tL0NBY2VydHMvS1BOQlZQ
S0lvdmVyaGVpZE9yZ2FuaXNhdGllU2VydmVyQ0FHMy5jZXIwKAYIKwYBBQUH
MAGGHGh0dHA6Ly9nM29jc3AubWFuYWdlZHBraS5jb20wHQYDVR0OBBYEFHJ+
P3k2bMVXrjbSxmZwOGSWAjVfMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU
w5qme150K4K2xnL9dE6F0pfN/RgwgbEGA1UdIASBqTCBpjCBmQYKYIQQAYdr
AQIFBjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9jZXJ0aWZpY2FhdC5rcG4u
Y29tL3BraW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBDDEFPcCBkaXQgY2Vy
dGlmaWNhYXQgaXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4gS1BOIHZhbiB0
b2VwYXNzaW5nLjAIBgZngQwBAgIwXgYDVR0fBFcwVTBToFGgT4ZNaHR0cDov
L2NybC5tYW5hZ2VkcGtpLmNvbS9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0
aWVTZXJ2ZXJDQUczL0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAhBgNVHREEGjAYghZzYW1s
LXNpZ24ucHAxLmRpZ2lkLm5sMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA
dgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWlcY7BfAAAE
AwBHMEUCIHS8iwfnyokm9iKrHAsXAOztVID4iub1P/IVBmXWG0qdAiEAvob7
Kgn6Z/dkVVPshtvU+gzQmFifSQcBIJGctLd34xcAdwBVgdTCFpA2AUrqC5tX
PFPwwOQ4eHAlCBcvo6odBxPTDAAAAWlcY7CMAAAEAwBIMEYCIQDefUQL5r8K
vszl9QjKAnxoCZ+RmzDXOyTzd5IzAqrWmgIhALrSqji+HqnmhWMTSzJrFsxx
vb3007Q75F8YzdP7m0EhAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZk
No4e0YUAAAFpXGOwZAAABAMARzBFAiAci7bLk1gKOxijzNYEHE2AtNq+tiAo
dFpzkfL0A/fNGAIhAJXZUfwrB8+zaCD6Ebvny7V3Qg3fyWP7d2/WBLFEmafv
MA0GCSqGSIb3DQEBCwUAA4ICAQCmt4ZqkWj28RQ2aMw0yAIddJlfEfmHwNdn
eOyrhQM2DW9j0F+x7B5XGhU7mNhUac+yL08QjeCf6pLJSwloMizyGdMKjcv7
t9W3HF4gwv0mFkOw6b1MnbwdbINHoIprKbRXs3Gxt5+WdKdh87byPcAeTW0Z
36gZrVHrAlnCiBaqT1xOlZqFzdF3JGaRx51lDk+Ln2R13JDonjnv4hL70Aln
Gt1eiSxjhyhtcwHNVvMhQ9G+u8ZASwFM1BhZMPEateYI6v0dPaXJSHxzasdB
D1/9V//gmRbHAoRu/KYKKDsK6yhNFx2I1PvsVVC6QTYos7euIbcW+gDcJqQb
m/xyFyKkZd/6SXxQAL123RwOPoOxq5my9tXyfEUeBzWTRcX28KSPXbycTfO4
34UADip/U07mpTGRDwCt0xfvp+zzB99jchEj7CWZqukr0xhbO7F4xDvmW/eU
S9CytBSHTyhlA+3Wepulz1QsqERESi2FvAlVljlDRkZrHLk53m3KJOcPVCwW
5Q2d3JnfPRCrj4L8c7cVA0r4Xdr2pZ5U5plz/LBn9oKqIqU0Pdg2TUvNpxfs
tOiNJIjoMR3VJNprvtvYsLmSb7yD8a9eQ/IjtBd7uzyMS+AbAj8ZpXAlbRtI
ycQjMEBxgk2NQSSQQEIfjk9breWf0nEL+NTkuflHUw7HpDaYrg==
https://was-preprod1.digid.nl/saml/idp/metadata<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>https://was-preprod1.digid.nl/saml/idp/metadata<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_59f1fcd6415d37ada7e0e626cbd3ccbe3ce6b870">http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds saml samlp xs"/>KgLd2xrJlL15i0pZBq8btO2JScH9HqUJjmSr1VnQCxw=wEbhKktQA5DhPFSZiTteSsuHfq1ru6GdswW5+hpdPCIdBPVZKFyIKihRwsTZpad1pLXsEyJ3neUAxG4TBZGNfLRaqcIn1eyHxWsYwuWfnZz6h4NtUtOBn63OBQoTYyXoUpDhd9iLCSzzDVCsFwAAOLMs31jfJ9ACuAlXZU5UrkAJ8K4Adqhus1erAdPZxqfer4D7oZVrCjqFlP2H61WLKRO057j84/9+4fcOEUvtZoYmvkAN4MJfb8Xbq6wQpzDMrgEfbxvopEwLsptv5mXfPR+JgPcO+5auGhlzLNrFZjz6tT4Oy0ErnNgdNJ+QJOkOGmBvfj8GWb1Z2bwwCQZSIw==2e9046aba2e95ed07efb655f6f50880ef686e531MIIIZDCCBkygAwIBAgIMJ2R7YaPkQO4x1YD4MA0GCSqGSIb3DQEBCwUAMHEx">http://www.w3.org/2001/04/xmlenc#sha256"/>KgLd2xrJlL15i0pZBq8btO2JScH9HqUJjmSr1VnQCxw=wEbhKktQA5DhPFSZiTteSsuHfq1ru6GdswW5+hpdPCIdBPVZKFyIKihRwsTZpad1pLXsEyJ3neUAxG4TBZGNfLRaqcIn1eyHxWsYwuWfnZz6h4NtUtOBn63OBQoTYyXoUpDhd9iLCSzzDVCsFwAAOLMs31jfJ9ACuAlXZU5UrkAJ8K4Adqhus1erAdPZxqfer4D7oZVrCjqFlP2H61WLKRO057j84/9+4fcOEUvtZoYmvkAN4MJfb8Xbq6wQpzDMrgEfbxvopEwLsptv5mXfPR+JgPcO+5auGhlzLNrFZjz6tT4Oy0ErnNgdNJ+QJOkOGmBvfj8GWb1Z2bwwCQZSIw==2e9046aba2e95ed07efb655f6f50880ef686e531MIIIZDCCBkygAwIBAgIMJ2R7YaPkQO4x1YD4MA0GCSqGSIb3DQEBCwUAMHEx
CzAJBgNVBAYTAk5MMREwDwYDVQQKDAhLUE4gQi5WLjEXMBUGA1UEYQwOTlRS
TkwtMjcxMjQ3MDExNjA0BgNVBAMMLUtQTiBCViBQS0lvdmVyaGVpZCBPcmdh
bmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xOTAzMDgwODIwMjdaFw0yMTAz
MDcwODIwMjdaMIGYMQswCQYDVQQGEwJOTDEVMBMGA1UECAwMWnVpZC1Ib2xs
YW5kMREwDwYDVQQHDAhEZW4gSGFhZzEPMA0GA1UECgwGTG9naXVzMQ4wDAYD
VQQLDAVEaWdpRDEdMBsGA1UEBRMUMDAwMDAwMDQxNjY5MDk5MTMwMDAxHzAd
BgNVBAMMFnNhbWwtc2lnbi5wcDEuZGlnaWQubmwwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDXUqAvX+Dk6s4BfjJQwwctTw68IFxJyaBMvHj9
gxfwPFy7SMtZ6rQlIwDW0LRsjAnKAWXSkBc56jrDQse4rram+1a7jV8dPSPd
KkgeSyJVENpC0ssnWcUMEnDMZ6NP8ydavUEAzFRYBBqcnGoDpga8K6HczWgz
pC4iQmpGcj+wE7c80C4GHTUKvJ+C7AnZqq5qHP6izxIGLOEiofJqgG7Lyp7W
r5ypITeIlPKFmTY7DD8OsR7p7H8Y34jmbmcum+r8FobykcXX9DEXzVesR82A
3j83Cvwx8lsu1bKwUbF2VzkIC+PWC1aRsE5FtsmJ9ZEdA58Dhe9wQnkZbZRB
Ao69AgMBAAGjggPSMIIDzjCBlAYIKwYBBQUHAQEEgYcwgYQwWAYIKwYBBQUH
MAKGTGh0dHA6Ly9jZXJ0Lm1hbmFnZWRwa2kuY29tL0NBY2VydHMvS1BOQlZQ
S0lvdmVyaGVpZE9yZ2FuaXNhdGllU2VydmVyQ0FHMy5jZXIwKAYIKwYBBQUH
MAGGHGh0dHA6Ly9nM29jc3AubWFuYWdlZHBraS5jb20wHQYDVR0OBBYEFHJ+
P3k2bMVXrjbSxmZwOGSWAjVfMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU
w5qme150K4K2xnL9dE6F0pfN/RgwgbEGA1UdIASBqTCBpjCBmQYKYIQQAYdr
AQIFBjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9jZXJ0aWZpY2FhdC5rcG4u
Y29tL3BraW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBDDEFPcCBkaXQgY2Vy
dGlmaWNhYXQgaXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4gS1BOIHZhbiB0
b2VwYXNzaW5nLjAIBgZngQwBAgIwXgYDVR0fBFcwVTBToFGgT4ZNaHR0cDov
L2NybC5tYW5hZ2VkcGtpLmNvbS9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0
aWVTZXJ2ZXJDQUczL0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAhBgNVHREEGjAYghZzYW1s
LXNpZ24ucHAxLmRpZ2lkLm5sMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA
dgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWlcY7BfAAAE
AwBHMEUCIHS8iwfnyokm9iKrHAsXAOztVID4iub1P/IVBmXWG0qdAiEAvob7
Kgn6Z/dkVVPshtvU+gzQmFifSQcBIJGctLd34xcAdwBVgdTCFpA2AUrqC5tX
PFPwwOQ4eHAlCBcvo6odBxPTDAAAAWlcY7CMAAAEAwBIMEYCIQDefUQL5r8K
vszl9QjKAnxoCZ+RmzDXOyTzd5IzAqrWmgIhALrSqji+HqnmhWMTSzJrFsxx
vb3007Q75F8YzdP7m0EhAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZk
No4e0YUAAAFpXGOwZAAABAMARzBFAiAci7bLk1gKOxijzNYEHE2AtNq+tiAo
dFpzkfL0A/fNGAIhAJXZUfwrB8+zaCD6Ebvny7V3Qg3fyWP7d2/WBLFEmafv
MA0GCSqGSIb3DQEBCwUAA4ICAQCmt4ZqkWj28RQ2aMw0yAIddJlfEfmHwNdn
eOyrhQM2DW9j0F+x7B5XGhU7mNhUac+yL08QjeCf6pLJSwloMizyGdMKjcv7
t9W3HF4gwv0mFkOw6b1MnbwdbINHoIprKbRXs3Gxt5+WdKdh87byPcAeTW0Z
36gZrVHrAlnCiBaqT1xOlZqFzdF3JGaRx51lDk+Ln2R13JDonjnv4hL70Aln
Gt1eiSxjhyhtcwHNVvMhQ9G+u8ZASwFM1BhZMPEateYI6v0dPaXJSHxzasdB
D1/9V//gmRbHAoRu/KYKKDsK6yhNFx2I1PvsVVC6QTYos7euIbcW+gDcJqQb
m/xyFyKkZd/6SXxQAL123RwOPoOxq5my9tXyfEUeBzWTRcX28KSPXbycTfO4
34UADip/U07mpTGRDwCt0xfvp+zzB99jchEj7CWZqukr0xhbO7F4xDvmW/eU
S9CytBSHTyhlA+3Wepulz1QsqERESi2FvAlVljlDRkZrHLk53m3KJOcPVCwW
5Q2d3JnfPRCrj4L8c7cVA0r4Xdr2pZ5U5plz/LBn9oKqIqU0Pdg2TUvNpxfs
tOiNJIjoMR3VJNprvtvYsLmSb7yD8a9eQ/IjtBd7uzyMS+AbAj8ZpXAlbRtI
ycQjMEBxgk2NQSSQQEIfjk9breWf0nEL+NTkuflHUw7HpDaYrg==
s00000000:900181795https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx" InResponseTo="_091724bc-f19c-4d2f-93cb-97e5c738fc30"/>www.spx-preprod.nlurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

12376/5: 17-8-2019 18:10:02: Received response over SOAP, responseMessage=http://www.w3.org/2000/09/xmldsig#" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" ID="_5b9bb46a2e4e744221aa11ffcf98d83ffa11f26c" Version="2.0" IssueInstant="2019-08-17T18:10:02Z" InResponseTo="_f3d2141d-86f4-4146-8d9f-967151d01ed9">https://was-preprod1.digid.nl/saml/idp/metadata<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />http://www.w3.org/2000/09/xmldsig#enveloped-signature" />http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds saml samlp xs" />http://www.w3.org/2001/04/xmlenc#sha256" />NCiBHYmtPmtQZcGfvTsdv4j2ufOTh3ervAWAfSHAIpU=njbP/olbKr2LxeC1reOw/LiYaMcaQqGejZFj0OY3nhRbDASjUcbok2lmh+Umfygy5FfPTTXSIg82bNwU+gWBw2TdirT06c18T6pO/Prje6bHNWcBPYSHieOupOJSYCzorq3tf72R7Y1fN28/Y6GywxHtxle6qPUXJj3bCSw/6SM8vlwLPJvez7k3xyyU5uFXhNNSp2ClmXAUa2/atpobYpQi1zcEOUVTucIoCF/7dECbR191/tCRO7WmNxFfYyhTC68Z4SuhcMioAtIgR87pWb4WUHVmuZV69yPQJHKcYvEz1EZdD2CUMnQK1GGLAUM41uDvwdEGaIsXqTWm+DRflg==2e9046aba2e95ed07efb655f6f50880ef686e531MIIIZDCCBkygAwIBAgIMJ2R7YaPkQO4x1YD4MA0GCSqGSIb3DQEBCwUAMHEx
CzAJBgNVBAYTAk5MMREwDwYDVQQKDAhLUE4gQi5WLjEXMBUGA1UEYQwOTlRS
TkwtMjcxMjQ3MDExNjA0BgNVBAMMLUtQTiBCViBQS0lvdmVyaGVpZCBPcmdh
bmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xOTAzMDgwODIwMjdaFw0yMTAz
MDcwODIwMjdaMIGYMQswCQYDVQQGEwJOTDEVMBMGA1UECAwMWnVpZC1Ib2xs
YW5kMREwDwYDVQQHDAhEZW4gSGFhZzEPMA0GA1UECgwGTG9naXVzMQ4wDAYD
VQQLDAVEaWdpRDEdMBsGA1UEBRMUMDAwMDAwMDQxNjY5MDk5MTMwMDAxHzAd
BgNVBAMMFnNhbWwtc2lnbi5wcDEuZGlnaWQubmwwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDXUqAvX+Dk6s4BfjJQwwctTw68IFxJyaBMvHj9
gxfwPFy7SMtZ6rQlIwDW0LRsjAnKAWXSkBc56jrDQse4rram+1a7jV8dPSPd
KkgeSyJVENpC0ssnWcUMEnDMZ6NP8ydavUEAzFRYBBqcnGoDpga8K6HczWgz
pC4iQmpGcj+wE7c80C4GHTUKvJ+C7AnZqq5qHP6izxIGLOEiofJqgG7Lyp7W
r5ypITeIlPKFmTY7DD8OsR7p7H8Y34jmbmcum+r8FobykcXX9DEXzVesR82A
3j83Cvwx8lsu1bKwUbF2VzkIC+PWC1aRsE5FtsmJ9ZEdA58Dhe9wQnkZbZRB
Ao69AgMBAAGjggPSMIIDzjCBlAYIKwYBBQUHAQEEgYcwgYQwWAYIKwYBBQUH
MAKGTGh0dHA6Ly9jZXJ0Lm1hbmFnZWRwa2kuY29tL0NBY2VydHMvS1BOQlZQ
S0lvdmVyaGVpZE9yZ2FuaXNhdGllU2VydmVyQ0FHMy5jZXIwKAYIKwYBBQUH
MAGGHGh0dHA6Ly9nM29jc3AubWFuYWdlZHBraS5jb20wHQYDVR0OBBYEFHJ+
P3k2bMVXrjbSxmZwOGSWAjVfMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU
w5qme150K4K2xnL9dE6F0pfN/RgwgbEGA1UdIASBqTCBpjCBmQYKYIQQAYdr
AQIFBjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9jZXJ0aWZpY2FhdC5rcG4u
Y29tL3BraW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBDDEFPcCBkaXQgY2Vy
dGlmaWNhYXQgaXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4gS1BOIHZhbiB0
b2VwYXNzaW5nLjAIBgZngQwBAgIwXgYDVR0fBFcwVTBToFGgT4ZNaHR0cDov
L2NybC5tYW5hZ2VkcGtpLmNvbS9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0
aWVTZXJ2ZXJDQUczL0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAhBgNVHREEGjAYghZzYW1s
LXNpZ24ucHAxLmRpZ2lkLm5sMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA
dgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWlcY7BfAAAE
AwBHMEUCIHS8iwfnyokm9iKrHAsXAOztVID4iub1P/IVBmXWG0qdAiEAvob7
Kgn6Z/dkVVPshtvU+gzQmFifSQcBIJGctLd34xcAdwBVgdTCFpA2AUrqC5tX
PFPwwOQ4eHAlCBcvo6odBxPTDAAAAWlcY7CMAAAEAwBIMEYCIQDefUQL5r8K
vszl9QjKAnxoCZ+RmzDXOyTzd5IzAqrWmgIhALrSqji+HqnmhWMTSzJrFsxx
vb3007Q75F8YzdP7m0EhAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZk
No4e0YUAAAFpXGOwZAAABAMARzBFAiAci7bLk1gKOxijzNYEHE2AtNq+tiAo
dFpzkfL0A/fNGAIhAJXZUfwrB8+zaCD6Ebvny7V3Qg3fyWP7d2/WBLFEmafv
MA0GCSqGSIb3DQEBCwUAA4ICAQCmt4ZqkWj28RQ2aMw0yAIddJlfEfmHwNdn
eOyrhQM2DW9j0F+x7B5XGhU7mNhUac+yL08QjeCf6pLJSwloMizyGdMKjcv7
t9W3HF4gwv0mFkOw6b1MnbwdbINHoIprKbRXs3Gxt5+WdKdh87byPcAeTW0Z
36gZrVHrAlnCiBaqT1xOlZqFzdF3JGaRx51lDk+Ln2R13JDonjnv4hL70Aln
Gt1eiSxjhyhtcwHNVvMhQ9G+u8ZASwFM1BhZMPEateYI6v0dPaXJSHxzasdB
D1/9V//gmRbHAoRu/KYKKDsK6yhNFx2I1PvsVVC6QTYos7euIbcW+gDcJqQb
m/xyFyKkZd/6SXxQAL123RwOPoOxq5my9tXyfEUeBzWTRcX28KSPXbycTfO4
34UADip/U07mpTGRDwCt0xfvp+zzB99jchEj7CWZqukr0xhbO7F4xDvmW/eU
S9CytBSHTyhlA+3Wepulz1QsqERESi2FvAlVljlDRkZrHLk53m3KJOcPVCwW
5Q2d3JnfPRCrj4L8c7cVA0r4Xdr2pZ5U5plz/LBn9oKqIqU0Pdg2TUvNpxfs
tOiNJIjoMR3VJNprvtvYsLmSb7yD8a9eQ/IjtBd7uzyMS+AbAj8ZpXAlbRtI
ycQjMEBxgk2NQSSQQEIfjk9breWf0nEL+NTkuflHUw7HpDaYrg==
https://was-preprod1.digid.nl/saml/idp/metadata<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />https://was-preprod1.digid.nl/saml/idp/metadata<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />http://www.w3.org/2000/09/xmldsig#enveloped-signature" />http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds saml samlp xs" />http://www.w3.org/2001/04/xmlenc#sha256" />KgLd2xrJlL15i0pZBq8btO2JScH9HqUJjmSr1VnQCxw=wEbhKktQA5DhPFSZiTteSsuHfq1ru6GdswW5+hpdPCIdBPVZKFyIKihRwsTZpad1pLXsEyJ3neUAxG4TBZGNfLRaqcIn1eyHxWsYwuWfnZz6h4NtUtOBn63OBQoTYyXoUpDhd9iLCSzzDVCsFwAAOLMs31jfJ9ACuAlXZU5UrkAJ8K4Adqhus1erAdPZxqfer4D7oZVrCjqFlP2H61WLKRO057j84/9+4fcOEUvtZoYmvkAN4MJfb8Xbq6wQpzDMrgEfbxvopEwLsptv5mXfPR+JgPcO+5auGhlzLNrFZjz6tT4Oy0ErnNgdNJ+QJOkOGmBvfj8GWb1Z2bwwCQZSIw==2e9046aba2e95ed07efb655f6f50880ef686e531MIIIZDCCBkygAwIBAgIMJ2R7YaPkQO4x1YD4MA0GCSqGSIb3DQEBCwUAMHEx
CzAJBgNVBAYTAk5MMREwDwYDVQQKDAhLUE4gQi5WLjEXMBUGA1UEYQwOTlRS
TkwtMjcxMjQ3MDExNjA0BgNVBAMMLUtQTiBCViBQS0lvdmVyaGVpZCBPcmdh
bmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xOTAzMDgwODIwMjdaFw0yMTAz
MDcwODIwMjdaMIGYMQswCQYDVQQGEwJOTDEVMBMGA1UECAwMWnVpZC1Ib2xs
YW5kMREwDwYDVQQHDAhEZW4gSGFhZzEPMA0GA1UECgwGTG9naXVzMQ4wDAYD
VQQLDAVEaWdpRDEdMBsGA1UEBRMUMDAwMDAwMDQxNjY5MDk5MTMwMDAxHzAd
BgNVBAMMFnNhbWwtc2lnbi5wcDEuZGlnaWQubmwwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDXUqAvX+Dk6s4BfjJQwwctTw68IFxJyaBMvHj9
gxfwPFy7SMtZ6rQlIwDW0LRsjAnKAWXSkBc56jrDQse4rram+1a7jV8dPSPd
KkgeSyJVENpC0ssnWcUMEnDMZ6NP8ydavUEAzFRYBBqcnGoDpga8K6HczWgz
pC4iQmpGcj+wE7c80C4GHTUKvJ+C7AnZqq5qHP6izxIGLOEiofJqgG7Lyp7W
r5ypITeIlPKFmTY7DD8OsR7p7H8Y34jmbmcum+r8FobykcXX9DEXzVesR82A
3j83Cvwx8lsu1bKwUbF2VzkIC+PWC1aRsE5FtsmJ9ZEdA58Dhe9wQnkZbZRB
Ao69AgMBAAGjggPSMIIDzjCBlAYIKwYBBQUHAQEEgYcwgYQwWAYIKwYBBQUH
MAKGTGh0dHA6Ly9jZXJ0Lm1hbmFnZWRwa2kuY29tL0NBY2VydHMvS1BOQlZQ
S0lvdmVyaGVpZE9yZ2FuaXNhdGllU2VydmVyQ0FHMy5jZXIwKAYIKwYBBQUH
MAGGHGh0dHA6Ly9nM29jc3AubWFuYWdlZHBraS5jb20wHQYDVR0OBBYEFHJ+
P3k2bMVXrjbSxmZwOGSWAjVfMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU
w5qme150K4K2xnL9dE6F0pfN/RgwgbEGA1UdIASBqTCBpjCBmQYKYIQQAYdr
AQIFBjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9jZXJ0aWZpY2FhdC5rcG4u
Y29tL3BraW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBDDEFPcCBkaXQgY2Vy
dGlmaWNhYXQgaXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4gS1BOIHZhbiB0
b2VwYXNzaW5nLjAIBgZngQwBAgIwXgYDVR0fBFcwVTBToFGgT4ZNaHR0cDov
L2NybC5tYW5hZ2VkcGtpLmNvbS9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0
aWVTZXJ2ZXJDQUczL0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAhBgNVHREEGjAYghZzYW1s
LXNpZ24ucHAxLmRpZ2lkLm5sMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA
dgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWlcY7BfAAAE
AwBHMEUCIHS8iwfnyokm9iKrHAsXAOztVID4iub1P/IVBmXWG0qdAiEAvob7
Kgn6Z/dkVVPshtvU+gzQmFifSQcBIJGctLd34xcAdwBVgdTCFpA2AUrqC5tX
PFPwwOQ4eHAlCBcvo6odBxPTDAAAAWlcY7CMAAAEAwBIMEYCIQDefUQL5r8K
vszl9QjKAnxoCZ+RmzDXOyTzd5IzAqrWmgIhALrSqji+HqnmhWMTSzJrFsxx
vb3007Q75F8YzdP7m0EhAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZk
No4e0YUAAAFpXGOwZAAABAMARzBFAiAci7bLk1gKOxijzNYEHE2AtNq+tiAo
dFpzkfL0A/fNGAIhAJXZUfwrB8+zaCD6Ebvny7V3Qg3fyWP7d2/WBLFEmafv
MA0GCSqGSIb3DQEBCwUAA4ICAQCmt4ZqkWj28RQ2aMw0yAIddJlfEfmHwNdn
eOyrhQM2DW9j0F+x7B5XGhU7mNhUac+yL08QjeCf6pLJSwloMizyGdMKjcv7
t9W3HF4gwv0mFkOw6b1MnbwdbINHoIprKbRXs3Gxt5+WdKdh87byPcAeTW0Z
36gZrVHrAlnCiBaqT1xOlZqFzdF3JGaRx51lDk+Ln2R13JDonjnv4hL70Aln
Gt1eiSxjhyhtcwHNVvMhQ9G+u8ZASwFM1BhZMPEateYI6v0dPaXJSHxzasdB
D1/9V//gmRbHAoRu/KYKKDsK6yhNFx2I1PvsVVC6QTYos7euIbcW+gDcJqQb
m/xyFyKkZd/6SXxQAL123RwOPoOxq5my9tXyfEUeBzWTRcX28KSPXbycTfO4
34UADip/U07mpTGRDwCt0xfvp+zzB99jchEj7CWZqukr0xhbO7F4xDvmW/eU
S9CytBSHTyhlA+3Wepulz1QsqERESi2FvAlVljlDRkZrHLk53m3KJOcPVCwW
5Q2d3JnfPRCrj4L8c7cVA0r4Xdr2pZ5U5plz/LBn9oKqIqU0Pdg2TUvNpxfs
tOiNJIjoMR3VJNprvtvYsLmSb7yD8a9eQ/IjtBd7uzyMS+AbAj8ZpXAlbRtI
ycQjMEBxgk2NQSSQQEIfjk9breWf0nEL+NTkuflHUw7HpDaYrg==
s00000000:900181795https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx" InResponseTo="_091724bc-f19c-4d2f-93cb-97e5c738fc30" />www.spx-preprod.nlurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
12376/5: 17-8-2019 18:10:02: The X.509 certificate with subject name CN=saml-sign.pp1.digid.nl, SERIALNUMBER=00000004166909913000, OU=DigiD, O=Logius, L=Den Haag, S=Zuid-Holland, C=NL and serial number 27647B61A3E440EE31D580F8 is being used to verify the XML signature.
12376/5: 17-8-2019 18:10:02: Verifying the XML signature.
12376/5: 17-8-2019 18:10:02: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: The XML does not contain a signature.
12376/5: 17-8-2019 18:10:02: at ComponentSpace.SAML2.Utility.XmlSignature.Verify(XmlElement xmlElement, AsymmetricAlgorithm signingKey, ISignedXmlFactory signedXmlFactory, Boolean clone, Boolean declareAllNamespaces)
at ComponentSpace.SAML2.Utility.XmlSignature.Verify(XmlElement xmlElement, AsymmetricAlgorithm signingKey, ISignedXmlFactory signedXmlFactory)
at ComponentSpace.SAML2.Utility.XmlSignature.Verify(XmlElement xmlElement, X509Certificate2 x509Certificate, ISignedXmlFactory signedXmlFactory)
at ComponentSpace.SAML2.Protocols.SAMLMessageSignature.Verify(XmlElement xmlElement, X509Certificate2 x509Certificate)
at ExampleServiceProvider.SAML.AssertionConsumerService.ReceiveSAMLResponse(SAMLResponse& samlResponse, String& relayState) in C:\Users\raas\Documents\OneDrive For Business\OneDrive for Business\Klanten\Stichting Pensioenfonds Xerox\digid_project\_FINAL\spx-preprod.nl\SPX-DigiD\SAML\AssertionConsumerService.aspx.cs:line 132
at ExampleServiceProvider.SAML.AssertionConsumerService.ProcessSAMLResponse() in C:\Users\raas\Documents\OneDrive For Business\OneDrive for Business\Klanten\Stichting Pensioenfonds Xerox\digid_project\_FINAL\spx-preprod.nl\SPX-DigiD\SAML\AssertionConsumerService.aspx.cs:line 202
at ExampleServiceProvider.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in C:\Users\raas\Documents\OneDrive For Business\OneDrive for Business\Klanten\Stichting Pensioenfonds Xerox\digid_project\_FINAL\spx-preprod.nl\SPX-DigiD\SAML\AssertionConsumerService.aspx.cs:line 225
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.saml_assertionconsumerservice_aspx.ProcessRequest(HttpContext context) in d:\local\Temporary ASP.NET Files\deelnemers_digid\f40fc632\13dbac8d\App_Web_0plt4hez.0.cs:line 0
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

aspx.page: End Load
aspx.page: Begin LoadComplete
aspx.page: End LoadComplete
aspx.page: Begin PreRender
aspx.page: End PreRender
aspx.page: Begin PreRenderComplete
aspx.page: End PreRenderComplete
aspx.page: Begin SaveState
aspx.page: End SaveState
aspx.page: Begin SaveStateComplete
aspx.page: End SaveStateComplete
aspx.page: Begin Render
aspx.page: End Render



To sign the artifact resolve message, instead of calling SAMLAssertionSignature.Generate you must call SAMLMessageSignature.Generate.

[quote]
ComponentSpace - 8/17/2019
To sign the artifact resolve message, instead of calling SAMLAssertionSignature.Generate you must call SAMLMessageSignature.Generate.
[/quote]

Hi,

Thanks, think I tried that already but will try again and post result.

Tried SAMLMessageSignature.Generate again, must have overlooked something as now I am seeing the expected data returning in raw data (twice?)

In the raw data (logs) I see the following being returned as I had expected.
saml:NameIDs00000000:900181795</saml:NameID>

But when I try to verify the response’s signature I receive an error:
The XML does not contain a signature

Below is ‘my’ ReceiveSAMLResponse. Errors out in the last part where the signature is verified.

private void ReceiveSAMLResponse(ref SAMLResponse samlResponse, ref string relayState)
{

// Receive the SAML response over the specified binding.
XmlElement samlResponseXml = null;

// Receive the artifact.
HTTPArtifact httpArtifact = null;

ServiceProvider.ReceiveArtifactByHTTPArtifact(Request, false, out httpArtifact, out relayState);

// Create an artifact resolve request.
ArtifactResolve artifactResolve = new ArtifactResolve();
artifactResolve.Issuer = new Issuer(“www.spx-preprod.nl”);
artifactResolve.Artifact = new Artifact(httpArtifact.ToString());

XmlElement artifactResolveXml = artifactResolve.ToXml();


string spArtifactResponderURL = “<a href=“https://was-preprod1.digid.nl/saml/idp/resolve_artifact";">https://was-preprod1.digid.nl/saml/idp/resolve_artifact”;

// add correct tls settings
//using System.Net;
//using System.Security.Authentication;
const SslProtocols _Tls12 = (SslProtocols)0x00000C00;
const SecurityProtocolType Tls12 = (SecurityProtocolType)_Tls12;
ServicePointManager.SecurityProtocol = Tls12;


//add a signature to the XML
// when certificate unsuitable for signing (invalid algorithm specified), reconfigure the pfx using: https://www.componentspace.com/Forums/1578/SHA256-and-Converting-the-Cryptographic-Service-Provider-Type
//artifactResolveXml = this.Add256bitSignature(artifactResolveXml, artifactResolve.ID);
X509Certificate2 x509Certificate = (X509Certificate2)Application[Global.SPX509Certificate];
SAMLMessageSignature.Generate(artifactResolveXml, x509Certificate.PrivateKey, x509Certificate);



//create web request with certificate
var webrequest = (HttpWebRequest)WebRequest.Create(spArtifactResponderURL);
webrequest.Method = “POST”;
webrequest.ClientCertificates.Add(x509Certificate); //add cert


// Send the artifact resolve request and receive the artifact response.
XmlElement artifactResponseXml = ArtifactResolver.SendRequestReceiveResponse(webrequest, artifactResolveXml);
ArtifactResponse artifactResponse = new ArtifactResponse(artifactResponseXml);

// Extract the SAML response from the artifact response.
samlResponseXml = artifactResponse.SAMLMessage;

// Verify the response’s signature.
X509Certificate2 x509CertificateIdP = (X509Certificate2)Application[Global.IdPX509Certificate];

if (!SAMLMessageSignature.Verify(samlResponseXml, x509CertificateIdP))
{
throw new ArgumentException(“The SAML response signature failed to verify.
”);
}

// Deserialize the XML.
samlResponse = new SAMLResponse(samlResponseXml);

}


and the logs of a SINGLE authentication cycle, see it being received twice?


aspx.page: Begin PreInit
aspx.page: End PreInit
aspx.page: Begin Init
aspx.page: End Init
aspx.page: Begin InitComplete
aspx.page: End InitComplete
aspx.page: Begin PreLoad
aspx.page: End PreLoad
aspx.page: Begin Load
aspx.page: End Load
aspx.page: Begin LoadComplete
aspx.page: End LoadComplete
aspx.page: Begin PreRender
aspx.page: End PreRender
aspx.page: Begin PreRenderComplete
aspx.page: End PreRenderComplete
aspx.page: Begin SaveState
aspx.page: End SaveState
aspx.page: Begin SaveStateComplete
aspx.page: End SaveStateComplete
aspx.page: Begin Render
aspx.page: End Render
aspx.page: Begin PreInit
aspx.page: End PreInit
aspx.page: Begin Init
aspx.page: End Init
aspx.page: Begin InitComplete
aspx.page: End InitComplete
aspx.page: Begin PreLoad
aspx.page: End PreLoad
aspx.page: Begin Load
aspx.page: End Load
aspx.page: Begin LoadComplete
aspx.page: End LoadComplete
aspx.page: Begin PreRender
aspx.page: End PreRender
aspx.page: Begin PreRenderComplete
aspx.page: End PreRenderComplete
aspx.page: Begin SaveState
aspx.page: End SaveState
aspx.page: Begin SaveStateComplete
aspx.page: End SaveStateComplete
aspx.page: Begin Render
aspx.page: End Render
aspx.page: Begin PreInit
aspx.page: End PreInit
aspx.page: Begin Init
aspx.page: End Init
aspx.page: Begin InitComplete
aspx.page: End InitComplete
aspx.page: Begin LoadState
aspx.page: End LoadState
aspx.page: Begin ProcessPostData
aspx.page: End ProcessPostData
aspx.page: Begin PreLoad
aspx.page: End PreLoad
aspx.page: Begin Load
aspx.page: End Load
aspx.page: Begin ProcessPostData Second Try
aspx.page: End ProcessPostData Second Try
aspx.page: Begin Raise ChangedEvents
aspx.page: End Raise ChangedEvents
aspx.page: Begin Raise PostBackEvent
12376/27: 18-8-2019 13:30:38: ComponentSpace.SAML2, Version=3.3.0.0, Culture=neutral, PublicKeyToken=16647a1283418145, .NET v4.0 build, Evaluation.
12376/27: 18-8-2019 13:30:38: CLR: 4.0.30319.42000, OS: Microsoft Windows NT 10.0.14393.0, Account: IIS APPPOOL\xeroxpensioenfondsen__8fc6, Culture: Dutch (Netherlands)
12376/27: 18-8-2019 13:30:38: Initializing the SAML environment.
12376/27: 18-8-2019 13:30:38: Loading the SAML configuration file D:\home\site\wwwroot\deelnemers\digid\saml.config.
12376/27: 18-8-2019 13:30:38: SAML configuration:
<?xml version="1.0"?>

<ServiceProvider Name=“www.spx-preprod.nl”
Description=“Stichting Pensioenfonds Xerox - PreProductie”
AssertionConsumerServiceUrl=”~/SAML/AssertionConsumerService.aspx"
LocalCertificateFile=“Certificates\spx-preprod.nl_sha256.pfx”
LocalCertificatePassword=“********”/>



<PartnerIdentityProvider Name=“<a href=“https://was-preprod1.digid.nl””>https://was-preprod1.digid.nl"
Description=“DigiD PreProd”
AuthnContextComparison=“minimum”
AuthnContext=“urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport”
SignAuthnRequest=“true”
SingleSignOnServiceUrl=“<a href=“https://preprod1.digid.nl/saml/idp/request_authentication””>https://preprod1.digid.nl/saml/idp/request_authentication"
SingleLogoutServiceUrl=“<a href=“https://preprod1.digid.nl/saml/idp/request_logout””>https://preprod1.digid.nl/saml/idp/request_logout"
PartnerCertificateFile=“Certificates\digid_preprod.cer”

/>


“>https://was-preprod1.digid.nl/saml/idp/resolve_artifact”–>




12376/27: 18-8-2019 13:30:38: The SAML configuration file has been successfully loaded.
12376/27: 18-8-2019 13:30:38: SAML configuration changes in the directory D:\home\site\wwwroot\deelnemers\digid are being monitored.
12376/27: 18-8-2019 13:30:38: The SAML environment has been successfuly initialized.
12376/27: 18-8-2019 13:30:38: Initiating SSO to the partner identity provider https://was-preprod1.digid.nl.
12376/27: 18-8-2019 13:30:38: Service provider session (d9a7c9ef-c276-4211-bcac-edfb0be07c6f) state:
12376/27: 18-8-2019 13:30:38: Retrieving the local service provider signature certificates for the partner identity provider https://was-preprod1.digid.nl.
12376/27: 18-8-2019 13:30:38: Loading the X.509 certificate from the file D:\home\site\wwwroot\deelnemers\digid\Certificates\spx-preprod.nl_sha256.pfx.
12376/27: 18-8-2019 13:30:38: The X.509 certificate with subject name CN=www.spx-preprod.nl, SERIALNUMBER=00000003120399100000, O=Stichting Pensioenfonds Xerox, L=Venray, S=Limburg, C=NL and serial number 33DF3E2E76FDDDEB7B49724C has been loaded.
12376/27: 18-8-2019 13:30:38: The X.509 certificate with subject name CN=www.spx-preprod.nl, SERIALNUMBER=00000003120399100000, O=Stichting Pensioenfonds Xerox, L=Venray, S=Limburg, C=NL and serial number 33DF3E2E76FDDDEB7B49724C has been cached.
12376/27: 18-8-2019 13:30:38: Sending request over HTTP Redirect, baseURL=https://preprod1.digid.nl/saml/idp/request_authentication, samlMessage=<samlp:AuthnRequest ID=“_0b3cdcb4-0803-4970-982e-72db23ca26a5” Version=“2.0” IssueInstant=“2019-08-18T13:30:38.559Z” Destination=“<a href=“https://preprod1.digid.nl/saml/idp/request_authentication””>https://preprod1.digid.nl/saml/idp/request_authentication" ForceAuthn=“false” IsPassive=“false” ProtocolBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” AssertionConsumerServiceURL=“<a href=“https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx””>https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx" xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”><saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>www.spx-preprod.nl</saml:Issuer><samlp:NameIDPolicy Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified” AllowCreate=“true” /><samlp:RequestedAuthnContext Comparison=“minimum”><saml:AuthnContextClassRef xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext></samlp:AuthnRequest>, relayState=/deelnemers/digid/
12376/27: 18-8-2019 13:30:38: Creating HTTP redirect query string.
12376/27: 18-8-2019 13:30:38: Encoding SAML message: <samlp:AuthnRequest ID=“_0b3cdcb4-0803-4970-982e-72db23ca26a5” Version=“2.0” IssueInstant=“2019-08-18T13:30:38.559Z” Destination=“<a href=“https://preprod1.digid.nl/saml/idp/request_authentication””>https://preprod1.digid.nl/saml/idp/request_authentication" ForceAuthn=“false” IsPassive=“false” ProtocolBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” AssertionConsumerServiceURL=“<a href=“https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx””>https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx" xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”><saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>www.spx-preprod.nl</saml:Issuer><samlp:NameIDPolicy Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified” AllowCreate=“true” /><samlp:RequestedAuthnContext Comparison=“minimum”><saml:AuthnContextClassRef xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext></samlp:AuthnRequest>
12376/27: 18-8-2019 13:30:38: Encoded SAML message: nVNdbxoxEPwrJ7/fd2jAAiQKqoqUtie45iEvkbGXxJLPvnp9Ofrvax+QILXw0Nf1zO7M7HqKrFEtXXTuVW/gVwfoovVqRp6zXckF393F2Tgr47vJfRZPxgXE94XYFSVnxSc2ItEjWJRGz0iRZCRaI3aw1uiYdr6U5RPPjvNxnZe0zGg5TkajyROJVn6K1MwNzFfnWqRp2lporRF5IuSLFIlWaZCWStGm9ijsmXmVoJ3kA5VEX4zlMEifkT1TCEFCxRDlG7xXKmuc4UZ9llpI/TIjndXUMJRINWsAqeN0u/j2QL0FujuCkH6t6yqufmxrEi0QwYaBS6Oxa8Buwb5JDj83Dx/q+75PsD3EJxdBvgBQGjwe08FSGqak17olzNNJdGiURjos5bbS9mSLzKcBTYfs7QX/Np2dZZD539Kn6UXLY/+Wfvc91qvKKMl/h+Qb5q6PyJN8qEgR7wco7TS2wOVegvCRKmX6pQXm/J6c7fya0vOc0xWCGBbrU3JwcNHSNC2zEsPFNFLLpmvOzi9xS+WNbWD/PznchHHKQ2tfDvfVGyvCXQH3OmvLvDdj3Sm2f+mZH9+uuHt/vfyG8z8=
12376/27: 18-8-2019 13:30:38: Query string: SAMLRequest=nVNdbxoxEPwrJ7%2Ffd2jAAiQKqoqUtie45iEvkbGXxJLPvnp9Ofrvax%2BQILXw0Nf1zO7M7HqKrFEtXXTuVW%2FgVwfoovVqRp6zXckF393F2Tgr47vJfRZPxgXE94XYFSVnxSc2ItEjWJRGz0iRZCRaI3aw1uiYdr6U5RPPjvNxnZe0zGg5TkajyROJVn6K1MwNzFfnWqRp2lporRF5IuSLFIlWaZCWStGm9ijsmXmVoJ3kA5VEX4zlMEifkT1TCEFCxRDlG7xXKmuc4UZ9llpI%2FTIjndXUMJRINWsAqeN0u%2Fj2QL0FujuCkH6t6yqufmxrEi0QwYaBS6Oxa8Buwb5JDj83Dx%2Fq%2B75PsD3EJxdBvgBQGjwe08FSGqak17olzNNJdGiURjos5bbS9mSLzKcBTYfs7QX%2FNp2dZZD539Kn6UXLY%2F%2BWfvc91qvKKMl%2Fh%2BQb5q6PyJN8qEgR7wco7TS2wOVegvCRKmX6pQXm%2FJ6c7fya0vOc0xWCGBbrU3JwcNHSNC2zEsPFNFLLpmvOzi9xS%2BWNbWD%2FPznchHHKQ2tfDvfVGyvCXQH3OmvLvDdj3Sm2f%2BmZH9%2BuuHt%2FvfyG8z8%3D&RelayState=%2Fdeelnemers%2Fdigid%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256
12376/27: 18-8-2019 13:30:38: Generating signature.
12376/27: 18-8-2019 13:30:38: Data to sign: 53 41 4d 4c 52 65 71 75 65 73 74 3d 6e 56 4e 64 62 78 6f 78 45 50 77 72 4a 37 25 32 46 66 64 32 6a 41 41 69 51 4b 71 6f 71 55 74 69 65 34 35 69 45 76 6b 62 47 58 78 4a 4c 50 76 6e 70 39 4f 66 72 76 61 78 25 32 42 51 49 4c 58 77 30 4e 66 31 7a 4f 37 4d 37 48 71 4b 72 46 45 74 58 58 54 75 56 57 25 32 46 67 56 77 66 6f 6f 76 56 71 52 70 36 7a 58 63 6b 46 33 39 33 46 32 54 67 72 34 37 76 4a 66 52 5a 50 78 67 58 45 39 34 58 59 46 53 56 6e 78 53 63 32 49 74 45 6a 57 4a 52 47 7a 30 69 52 5a 43 52 61 49 33 61 77 31 75 69 59 64 72 36 55 35 52 50 50 6a 76 4e 78 6e 5a 65 30 7a 47 67 35 54 6b 61 6a 79 52 4f 4a 56 6e 36 4b 31 4d 77 4e 7a 46 66 6e 57 71 52 70 32 6c 70 6f 72 52 46 35 49 75 53 4c 46 49 6c 57 61 5a 43 57 53 74 47 6d 39 69 6a 73 6d 58 6d 56 6f 4a 33 6b 41 35 56 45 58 34 7a 6c 4d 45 69 66 6b 54 31 54 43 45 46 43 78 52 44 6c 47 37 78 58 4b 6d 75 63 34 55 5a 39 6c 6c 70 49 25 32 46 54 49 6a 6e 64 58 55 4d 4a 52 49 4e 57 73 41 71 65 4e 30 75 25 32 46 6a 32 51 4c 30 46 75 6a 75 43 6b 48 36 74 36 79 71 75 66 6d 78 72 45 69 30 51 77 59 61 42 53 36 4f 78 61 38 42 75 77 62 35 4a 44 6a 38 33 44 78 25 32 46 71 25 32 42 37 35 50 73 44 33 45 4a 78 64 42 76 67 42 51 47 6a 77 65 30 38 46 53 47 71 61 6b 31 37 6f 6c 7a 4e 4e 4a 64 47 69 55 52 6a 6f 73 35 62 62 53 39 6d 53 4c 7a 4b 63 42 54 59 66 73 37 51 58 25 32 46 4e 70 32 64 5a 5a 44 35 33 39 4b 6e 36 55 58 4c 59 25 32 46 25 32 42 57 66 76 63 39 31 71 76 4b 4b 4d 6c 25 32 46 68 25 32 42 51 62 35 71 36 50 79 4a 4e 38 71 45 67 52 37 77 63 6f 37 54 53 32 77 4f 56 65 67 76 43 52 4b 6d 58 36 70 51 58 6d 25 32 46 4a 36 63 37 66 79 61 30 76 4f 63 30 78 57 43 47 42 62 72 55 33 4a 77 63 4e 48 53 4e 43 32 7a 45 73 50 46 4e 46 4c 4c 70 6d 76 4f 7a 69 39 78 53 25 32 42 57 4e 62 57 44 25 32 46 50 7a 6e 63 68 48 48 4b 51 32 74 66 44 76 66 56 47 79 76 43 58 51 48 33 4f 6d 76 4c 76 44 64 6a 33 53 6d 32 66 25 32 42 6d 5a 48 39 25 32 42 75 75 48 74 25 32 46 76 66 79 47 38 7a 38 25 33 44 26 52 65 6c 61 79 53 74 61 74 65 3d 25 32 46 64 65 65 6c 6e 65 6d 65 72 73 25 32 46 64 69 67 69 64 25 32 46 26 53 69 67 41 6c 67 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 77 33 2e 6f 72 67 25 32 46 32 30 30 31 25 32 46 30 34 25 32 46 78 6d 6c 64 73 69 67 2d 6d 6f 72 65 25 32 33 72 73 61 2d 73 68 61 32 35 36
12376/27: 18-8-2019 13:30:38: Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
12376/27: 18-8-2019 13:30:38: Signature: 0b 3c 7a e1 47 2b 1c 32 28 ab 2a 3c 61 56 e5 85 f9 ec 5f 1c 1e 61 9e 4c 83 61 5c b2 d5 82 08 21 a2 61 6e 86 e6 e4 7d 46 09 a6 17 9e 0b a2 1f 9b ab 56 9b 46 ac e9 51 3f f3 e8 02 4e 54 b9 96 b3 11 6f e5 2d c1 79 73 2b f7 2d 0d 58 9c a1 be 16 5f e8 6c ae 4d 38 4d 1f 1a e4 be 2b d0 51 51 e1 8a 4a b4 40 07 cd 2a 87 f5 f6 a4 92 77 3d d0 15 58 45 2e 94 1f 47 32 4d ac 54 a1 ae 88 c0 9e c7 16 2b 54 4e e0 d6 8f c2 7d da dc 17 39 bd 81 41 fc 56 1a a4 35 7e 7e fa a8 91 27 2f e5 8b bf 9c 35 a0 34 84 d0 2a 9d d3 d7 d0 ba 8c af 42 7b db 39 46 ad 0a 41 46 0d ab cd d9 63 e5 d3 f2 15 ee 60 90 3a 14 b3 49 21 cf d0 10 0d 4e 6c 4a d6 ce 5d b5 d5 93 5c 45 49 5c d9 01 67 4d c9 1a b0 df 17 dc 7d 2d 52 1f 5b 2b 07 06 63 e7 dd bc 27 d7 9d db 61 b9 01 37 5d 9d bf 89 43 ab 55 dc 2f f3
12376/27: 18-8-2019 13:30:38: Query string: SAMLRequest=nVNdbxoxEPwrJ7%2Ffd2jAAiQKqoqUtie45iEvkbGXxJLPvnp9Ofrvax%2BQILXw0Nf1zO7M7HqKrFEtXXTuVW%2FgVwfoovVqRp6zXckF393F2Tgr47vJfRZPxgXE94XYFSVnxSc2ItEjWJRGz0iRZCRaI3aw1uiYdr6U5RPPjvNxnZe0zGg5TkajyROJVn6K1MwNzFfnWqRp2lporRF5IuSLFIlWaZCWStGm9ijsmXmVoJ3kA5VEX4zlMEifkT1TCEFCxRDlG7xXKmuc4UZ9llpI%2FTIjndXUMJRINWsAqeN0u%2Fj2QL0FujuCkH6t6yqufmxrEi0QwYaBS6Oxa8Buwb5JDj83Dx%2Fq%2B75PsD3EJxdBvgBQGjwe08FSGqak17olzNNJdGiURjos5bbS9mSLzKcBTYfs7QX%2FNp2dZZD539Kn6UXLY%2F%2BWfvc91qvKKMl%2Fh%2BQb5q6PyJN8qEgR7wco7TS2wOVegvCRKmX6pQXm%2FJ6c7fya0vOc0xWCGBbrU3JwcNHSNC2zEsPFNFLLpmvOzi9xS%2BWNbWD%2FPznchHHKQ2tfDvfVGyvCXQH3OmvLvDdj3Sm2f%2BmZH9%2BuuHt%2FvfyG8z8%3D&RelayState=%2Fdeelnemers%2Fdigid%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Czx64UcrHDIoqyo8YVblhfnsXxweYZ5Mg2FcstWCCCGiYW6G5uR9RgmmF54Loh%2Bbq1abRqzpUT%2Fz6AJOVLmWsxFv5S3BeXMr9y0NWJyhvhZf6GyuTThNHxrkvivQUVHhikq0QAfNKof19qSSdz3QFVhFLpQfRzJNrFShrojAnscWK1RO4NaPwn3a3Bc5vYFB%2FFYapDV%2BfvqokScv5Yu%2FnDWgNITQKp3T19C6jK9Ce9s5Rq0KQUYNq83ZY%2BXT8hXuYJA6FLNJIc%2FQEA1ObErWzl211ZNcRUlc2QFnTckasN8X3H0tUh9bKwcGY%2BfdvCfXndthuQE3XZ2%2FiUOrVdwv8w%3D%3D
12376/27: 18-8-2019 13:30:38: Redirect URL: https://preprod1.digid.nl/saml/idp/request_authentication?SAMLRequest=nVNdbxoxEPwrJ7%2Ffd2jAAiQKqoqUtie45iEvkbGXxJLPvnp9Ofrvax%2BQILXw0Nf1zO7M7HqKrFEtXXTuVW%2FgVwfoovVqRp6zXckF393F2Tgr47vJfRZPxgXE94XYFSVnxSc2ItEjWJRGz0iRZCRaI3aw1uiYdr6U5RPPjvNxnZe0zGg5TkajyROJVn6K1MwNzFfnWqRp2lporRF5IuSLFIlWaZCWStGm9ijsmXmVoJ3kA5VEX4zlMEifkT1TCEFCxRDlG7xXKmuc4UZ9llpI%2FTIjndXUMJRINWsAqeN0u%2Fj2QL0FujuCkH6t6yqufmxrEi0QwYaBS6Oxa8Buwb5JDj83Dx%2Fq%2B75PsD3EJxdBvgBQGjwe08FSGqak17olzNNJdGiURjos5bbS9mSLzKcBTYfs7QX%2FNp2dZZD539Kn6UXLY%2F%2BWfvc91qvKKMl%2Fh%2BQb5q6PyJN8qEgR7wco7TS2wOVegvCRKmX6pQXm%2FJ6c7fya0vOc0xWCGBbrU3JwcNHSNC2zEsPFNFLLpmvOzi9xS%2BWNbWD%2FPznchHHKQ2tfDvfVGyvCXQH3OmvLvDdj3Sm2f%2BmZH9%2BuuHt%2FvfyG8z8%3D&RelayState=%2Fdeelnemers%2Fdigid%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Czx64UcrHDIoqyo8YVblhfnsXxweYZ5Mg2FcstWCCCGiYW6G5uR9RgmmF54Loh%2Bbq1abRqzpUT%2Fz6AJOVLmWsxFv5S3BeXMr9y0NWJyhvhZf6GyuTThNHxrkvivQUVHhikq0QAfNKof19qSSdz3QFVhFLpQfRzJNrFShrojAnscWK1RO4NaPwn3a3Bc5vYFB%2FFYapDV%2BfvqokScv5Yu%2FnDWgNITQKp3T19C6jK9Ce9s5Rq0KQUYNq83ZY%2BXT8hXuYJA6FLNJIc%2FQEA1ObErWzl211ZNcRUlc2QFnTckasN8X3H0tUh9bKwcGY%2BfdvCfXndthuQE3XZ2%2FiUOrVdwv8w%3D%3D
12376/27: 18-8-2019 13:30:38: Redirecting to: https://preprod1.digid.nl/saml/idp/request_authentication?SAMLRequest=nVNdbxoxEPwrJ7%2Ffd2jAAiQKqoqUtie45iEvkbGXxJLPvnp9Ofrvax%2BQILXw0Nf1zO7M7HqKrFEtXXTuVW%2FgVwfoovVqRp6zXckF393F2Tgr47vJfRZPxgXE94XYFSVnxSc2ItEjWJRGz0iRZCRaI3aw1uiYdr6U5RPPjvNxnZe0zGg5TkajyROJVn6K1MwNzFfnWqRp2lporRF5IuSLFIlWaZCWStGm9ijsmXmVoJ3kA5VEX4zlMEifkT1TCEFCxRDlG7xXKmuc4UZ9llpI%2FTIjndXUMJRINWsAqeN0u%2Fj2QL0FujuCkH6t6yqufmxrEi0QwYaBS6Oxa8Buwb5JDj83Dx%2Fq%2B75PsD3EJxdBvgBQGjwe08FSGqak17olzNNJdGiURjos5bbS9mSLzKcBTYfs7QX%2FNp2dZZD539Kn6UXLY%2F%2BWfvc91qvKKMl%2Fh%2BQb5q6PyJN8qEgR7wco7TS2wOVegvCRKmX6pQXm%2FJ6c7fya0vOc0xWCGBbrU3JwcNHSNC2zEsPFNFLLpmvOzi9xS%2BWNbWD%2FPznchHHKQ2tfDvfVGyvCXQH3OmvLvDdj3Sm2f%2BmZH9%2BuuHt%2FvfyG8z8%3D&RelayState=%2Fdeelnemers%2Fdigid%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Czx64UcrHDIoqyo8YVblhfnsXxweYZ5Mg2FcstWCCCGiYW6G5uR9RgmmF54Loh%2Bbq1abRqzpUT%2Fz6AJOVLmWsxFv5S3BeXMr9y0NWJyhvhZf6GyuTThNHxrkvivQUVHhikq0QAfNKof19qSSdz3QFVhFLpQfRzJNrFShrojAnscWK1RO4NaPwn3a3Bc5vYFB%2FFYapDV%2BfvqokScv5Yu%2FnDWgNITQKp3T19C6jK9Ce9s5Rq0KQUYNq83ZY%2BXT8hXuYJA6FLNJIc%2FQEA1ObErWzl211ZNcRUlc2QFnTckasN8X3H0tUh9bKwcGY%2BfdvCfXndthuQE3XZ2%2FiUOrVdwv8w%3D%3D
12376/27: 18-8-2019 13:30:39: Request sent over HTTP Redirect.
12376/27: 18-8-2019 13:30:39: SAML message sent: partner=https://was-preprod1.digid.nl, message=<samlp:AuthnRequest ID=“_0b3cdcb4-0803-4970-982e-72db23ca26a5” Version=“2.0” IssueInstant=“2019-08-18T13:30:38.559Z” Destination=“<a href=“https://preprod1.digid.nl/saml/idp/request_authentication””>https://preprod1.digid.nl/saml/idp/request_authentication" ForceAuthn=“false” IsPassive=“false” ProtocolBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” AssertionConsumerServiceURL=“<a href=“https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx””>https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx" xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”><saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>www.spx-preprod.nl</saml:Issuer><samlp:NameIDPolicy Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified” AllowCreate=“true” /><samlp:RequestedAuthnContext Comparison=“minimum”><saml:AuthnContextClassRef xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext></samlp:AuthnRequest>, relay state=/deelnemers/digid/, destination URL=https://preprod1.digid.nl/saml/idp/request_authentication
12376/27: 18-8-2019 13:30:39: Service provider session (d9a7c9ef-c276-4211-bcac-edfb0be07c6f) state:
Pending response state:
Action: ReceiveSamlResponse
Partner name: https://was-preprod1.digid.nl
Relay state:
In response to: _0b3cdcb4-0803-4970-982e-72db23ca26a5

12376/27: 18-8-2019 13:30:39: Initiation of SSO to the partner identity provider https://was-preprod1.digid.nl has completed successfully.
aspx.page: End Raise PostBackEvent
aspx.page: Begin LoadComplete
aspx.page: End LoadComplete
aspx.page: Begin PreRender
aspx.page: End PreRender
aspx.page: Begin PreRenderComplete
aspx.page: End PreRenderComplete
aspx.page: Begin SaveState
aspx.page: End SaveState
aspx.page: Begin SaveStateComplete
aspx.page: End SaveStateComplete
aspx.page: Begin Render
aspx.page: End Render
aspx.page: Begin PreInit
aspx.page: End PreInit
aspx.page: Begin Init
aspx.page: End Init
aspx.page: Begin InitComplete
aspx.page: End InitComplete
aspx.page: Begin PreLoad
aspx.page: End PreLoad
aspx.page: Begin Load
12376/34: 18-8-2019 13:30:41: Receiving artifact in query string over HTTP Artifact
12376/34: 18-8-2019 13:30:41: HTTP request:
GET /deelnemers/digid/SAML/AssertionConsumerService.aspx?SAMLart=AAQAAM2K4swP9wWZMpSMawzmyp%2B75KEU2yFpubfas2GwGgS7xwLbzk7IsVM%3D&RelayState=%2Fdeelnemers%2Fdigid%2F HTTP/1.1
Cache-Control: max-age=0
Connection: Keep-Alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: ASP.NET_SessionId=mnzsurqdaohxindxsicstetk; ARRAffinity=6591cf898a2df97f256faef2b3ccdfd7ce2616b02ae94737cf84d54a31a581db; jsCookieCheck=null; SAML_SessionId=d9a7c9ef-c276-4211-bcac-edfb0be07c6f
Host: www.spx-preprod.nl
Max-Forwards: 10
Referer: https://www.spx-preprod.nl/deelnemers/digid/login.aspx?ReturnUrl=%2Fdeelnemers%2Fdigid%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
Upgrade-Insecure-Requests: 1
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Site: cross-site
X-WAWS-Unencoded-URL: /deelnemers/digid/SAML/AssertionConsumerService.aspx?SAMLart=AAQAAM2K4swP9wWZMpSMawzmyp%2B75KEU2yFpubfas2GwGgS7xwLbzk7IsVM%3D&RelayState=%2Fdeelnemers%2Fdigid%2F
CLIENT-IP: 31.20.113.75:54844
X-ARR-LOG-ID: 8fcda144-ef74-4ff4-8963-13da7f88a390
DISGUISED-HOST: www.spx-preprod.nl
X-SITE-DEPLOYMENT-ID: xeroxpensioenfondsen__8fc6
WAS-DEFAULT-HOSTNAME: xeroxpensioenfondsen-spx-preprod.azurewebsites.net
X-Original-URL: /deelnemers/digid/SAML/AssertionConsumerService.aspx?SAMLart=AAQAAM2K4swP9wWZMpSMawzmyp%2B75KEU2yFpubfas2GwGgS7xwLbzk7IsVM%3D&RelayState=%2Fdeelnemers%2Fdigid%2F
X-Forwarded-For: 31.20.113.75:54844
X-ARR-SSL: 2048|256|C=NL, O=KPN B.V., OID.2.5.4.97=NTRNL-27124701, CN=KPN BV PKIoverheid Organisatie Server CA - G3|C=NL, S=Limburg, L=Venray, O=Stichting Pensioenfonds Xerox, SERIALNUMBER=00000003120399100000, CN=www.spx-preprod.nl
X-Forwarded-Proto: https
X-AppService-Proto: https

12376/34: 18-8-2019 13:30:41: Query string value: SAMLart=AAQAAM2K4swP9wWZMpSMawzmyp+75KEU2yFpubfas2GwGgS7xwLbzk7IsVM=
12376/34: 18-8-2019 13:30:41: Query string value: RelayState=/deelnemers/digid/
12376/34: 18-8-2019 13:30:41: Received artifact in query string over HTTP Artifact, artifact=AAQAAM2K4swP9wWZMpSMawzmyp+75KEU2yFpubfas2GwGgS7xwLbzk7IsVM=, relayState=/deelnemers/digid/
12376/34: 18-8-2019 13:30:41: Generating an XML signature.
12376/34: 18-8-2019 13:30:41: XML signature generation was successful.
12376/34: 18-8-2019 13:30:41: Sending request over SOAP, samlMessage=<samlp:ArtifactResolve ID=“_168fefa2-28dd-4e0c-9a8d-27c6ea7fd51a” Version=“2.0” IssueInstant=“2019-08-18T13:30:41.273Z” xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”><saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>www.spx-preprod.nl</saml:Issuer><Signature xmlns=“<CanonicalizationMethod”>http://www.w3.org/2000/09/xmldsig#“><CanonicalizationMethod Algorithm=”<a href=“http://www.w3.org/2001/10/xml-exc-c14n#”“>http://www.w3.org/2001/10/xml-exc-c14n#” /><SignatureMethod Algorithm=“<a href=“http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"”>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256” /><Transform Algorithm=“<a href=“http://www.w3.org/2000/09/xmldsig#enveloped-signature””>http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm=“<InclusiveNamespaces”>http://www.w3.org/2001/10/xml-exc-c14n#“><InclusiveNamespaces PrefixList=”#default samlp saml ds xs xsi" xmlns=“<a href=“http://www.w3.org/2001/10/xml-exc-c14n#””>http://www.w3.org/2001/10/xml-exc-c14n#“ /><DigestMethod Algorithm=”<a href=“http://www.w3.org/2001/04/xmlenc#sha256"”>http://www.w3.org/2001/04/xmlenc#sha256" />olEmpOXpPCDIMc4lXpSNe2Qp479wfEHQYmY2NetOWkA=KT3VFXIZEiHzH9grlnKxq+xIzK2utWxyCMEzUolfDXnNnhwsOFwI/76RADlCUXAW0GEwYAVqZS3KnidqNruC6JFS0o4PF/wmaYvSeUeA0YP5VHKZpNS1leaBgEIRT63WAvQ9OBhMPIU+Sq9sR7ugsH0KAEW+KSdaWP3YCaH5PYVdF6Zltt3ZZK709jUr/5pcjP3pLNxhQhVvj3ltz0G1AfCsLXsRmXHI7vn8DKH/cT8x0ppBulud/Gw1PUns1JdAL4wkCHM8AOdz8F7tiMbMz3RJPg9wyeng4AEarhCRMOaxh/y24SZbKLS4wVYWtXlo6M2yMzy3DNopKNnPG9HGog==MIIIXTCCBkWgAwIBAgIMM98+Lnb93et7SXJMMA0GCSqGSIb3DQEBCwUAMHExCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhLUE4gQi5WLjEXMBUGA1UEYQwOTlRSTkwtMjcxMjQ3MDExNjA0BgNVBAMMLUtQTiBCViBQS0lvdmVyaGVpZCBPcmdhbmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xOTA1MTUxMDUwMDJaFw0yMTA1MTQxMDUwMDJaMIGUMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHTGltYnVyZzEPMA0GA1UEBwwGVmVucmF5MSYwJAYDVQQKDB1TdGljaHRpbmcgUGVuc2lvZW5mb25kcyBYZXJveDEdMBsGA1UEBRMUMDAwMDAwMDMxMjAzOTkxMDAwMDAxGzAZBgNVBAMMEnd3dy5zcHgtcHJlcHJvZC5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAP5QRFjT229T2XLrnIEoy00/wrEOu1C5rivYGobT1OkjjmFedQhgtISG2K7UA3JO3lpUDVQ/AZ8+V3lOHmE5WNyATfYmjNTx1EOrcIeEi8MLFqzYzEAdb4ML9uPVpvNGq1f3YvZt67CnzTtd1qgaKEFQLTGObFIdK4/DmwDBGdxc+b2kNdskxc4WBBQGICoo4wvE6WUso0uWM6Msi/60k1W9Afss5gMTgqe4U84BeHXdL54K58FXShKe8ROOgnqDLOdWk0AJDDhL7gmcns9ggNAbFFgTV4yhSMf7C7qXwOnO4KLCGkw9rxCb6AkCfbncD0fd/ZcwnGuqyZmnNwydVHcCAwEAAaOCA88wggPLMIGUBggrBgEFBQcBAQSBhzCBhDBYBggrBgEFBQcwAoZMaHR0cDovL2NlcnQubWFuYWdlZHBraS5jb20vQ0FjZXJ0cy9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0aWVTZXJ2ZXJDQUczLmNlcjAoBggrBgEFBQcwAYYcaHR0cDovL2czb2NzcC5tYW5hZ2VkcGtpLmNvbTAdBgNVHQ4EFgQUEyXGZHbBhI/gJ8BcuwUTXMWWekQwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTDmqZ7XnQrgrbGcv10ToXSl839GDCBsQYDVR0gBIGpMIGmMIGZBgpghBABh2sBAgUGMIGKMDcGCCsGAQUFBwIBFitodHRwczovL2NlcnRpZmljYWF0Lmtwbi5jb20vcGtpb3ZlcmhlaWQvY3BzME8GCCsGAQUFBwICMEMMQU9wIGRpdCBjZXJ0aWZpY2FhdCBpcyBoZXQgQ1BTIFBLSW92ZXJoZWlkIHZhbiBLUE4gdmFuIHRvZXBhc3NpbmcuMAgGBmeBDAECAjBeBgNVHR8EVzBVMFOgUaBPhk1odHRwOi8vY3JsLm1hbmFnZWRwa2kuY29tL0tQTkJWUEtJb3ZlcmhlaWRPcmdhbmlzYXRpZVNlcnZlckNBRzMvTGF0ZXN0Q1JMLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdEQQWMBSCEnd3dy5zcHgtcHJlcHJvZC5ubDCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHcAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFqux0ePwAABAMASDBGAiEAja94/1KZFGK9SPJNZqleuA4gc6VpMF7Bt416tG7H95ACIQCMx+yUPkBWwxTxN9NhPMTQ2T7Z9upr5dYWz19H6MtEPAB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABarsdHzoAAAQDAEgwRgIhAOBfuJV0hum9qP1/fQxQWcbMDDzVAiGPfjSFiXowMRdMAiEA3ZTDO1/93O5eBqdukvtAolVKjn99hESYFBXydEKS+ZcAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWq7HR4EAAAEAwBHMEUCIQCwoEnZsOE7eFHCapBQefF5yFwPo1AlHWiW/STzLfXHSgIgZolPwNlmylS7TwhrRLXj32WRTOpkklAt1AfYK0cRxF0wDQYJKoZIhvcNAQELBQADggIBAG8YuzsZtu2Cq5nbCJxVaKreBiWpQ65+ssxSIEm7qyRKtzpxoPkSuSJlxBnZqVN1o8FiDO9lf9jXW79gRAHAWGtAxpNngZZylDdz9HG9Ky54o2k4ROQIV0C+WG9Z5srSAa66fLm98KnmL2av2TrJbv7xeIjymo2IBiz3F+7voWYJHQ8VJgyT7Gned2rJb8BmQ29sr8MMQM7uv0w1FjFisaRNbdVlqT7ihIFOu8k9lYNVrBUfl6U7TDD7lWhftQMtFtdqdvsoVRJIdw6u6kShKiMOiPh38KERVS4vLx5IvsSntnYo0h4W5auWdMPK8yOfKuDUcOeSTEBztWEzF0EvXpuyBnQ3iW7LLLOlp6duw+jc++un7waLCq9dy1HxrpKAN5I9Iz4ExX/BG03pkUYArEtn/73drF6XXEeMn5EQnUCF0bf4JvMlX2Ewes6N41If4GL9p4C+3eBXVTng0MRXc7xLMTfxFTDifPcIF8kWnCl54eWE37QEMOVB74GH/3OjCHDNOzJ57Yy2SVNDrHKuIkzG65kYEirMlFgI8aVRbQTuDyo7t5dKUgny4SVzILWNatnSu8YBtJLprVFjwpH6085BxGXQd2lLmHe2oF7ILj4/fhup7D7RyxaFj+0EGijFwuTUH9HQgsPL+8rx/AyS2kD3RBzQzwp96NAEUDoSFJbFsamlp:ArtifactAAQAAM2K4swP9wWZMpSMawzmyp+75KEU2yFpubfas2GwGgS7xwLbzk7IsVM=</samlp:Artifact></samlp:ArtifactResolve>
12376/34: 18-8-2019 13:30:41: Sending SOAP request: <SOAP-ENV:Envelope xmlns:SOAP-ENV=“SOAP-ENV:Bodysamlp:ArtifactResolve"http://schemas.xmlsoap.org/soap/envelope/”>SOAP-ENV:Body<samlp:ArtifactResolve ID=“_168fefa2-28dd-4e0c-9a8d-27c6ea7fd51a” Version=“2.0” IssueInstant=“2019-08-18T13:30:41.273Z” xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”><saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>www.spx-preprod.nl</saml:Issuer><Signature xmlns=“<CanonicalizationMethod”>http://www.w3.org/2000/09/xmldsig#“><CanonicalizationMethod Algorithm=”<a href=“http://www.w3.org/2001/10/xml-exc-c14n#”“>http://www.w3.org/2001/10/xml-exc-c14n#” /><SignatureMethod Algorithm=“<a href=“http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"”>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256” /><Transform Algorithm=“<a href=“http://www.w3.org/2000/09/xmldsig#enveloped-signature””>http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm=“<InclusiveNamespaces”>http://www.w3.org/2001/10/xml-exc-c14n#“><InclusiveNamespaces PrefixList=”#default samlp saml ds xs xsi" xmlns=“<a href=“http://www.w3.org/2001/10/xml-exc-c14n#””>http://www.w3.org/2001/10/xml-exc-c14n#“ /><DigestMethod Algorithm=”<a href=“http://www.w3.org/2001/04/xmlenc#sha256"”>http://www.w3.org/2001/04/xmlenc#sha256" />olEmpOXpPCDIMc4lXpSNe2Qp479wfEHQYmY2NetOWkA=KT3VFXIZEiHzH9grlnKxq+xIzK2utWxyCMEzUolfDXnNnhwsOFwI/76RADlCUXAW0GEwYAVqZS3KnidqNruC6JFS0o4PF/wmaYvSeUeA0YP5VHKZpNS1leaBgEIRT63WAvQ9OBhMPIU+Sq9sR7ugsH0KAEW+KSdaWP3YCaH5PYVdF6Zltt3ZZK709jUr/5pcjP3pLNxhQhVvj3ltz0G1AfCsLXsRmXHI7vn8DKH/cT8x0ppBulud/Gw1PUns1JdAL4wkCHM8AOdz8F7tiMbMz3RJPg9wyeng4AEarhCRMOaxh/y24SZbKLS4wVYWtXlo6M2yMzy3DNopKNnPG9HGog==MIIIXTCCBkWgAwIBAgIMM98+Lnb93et7SXJMMA0GCSqGSIb3DQEBCwUAMHExCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhLUE4gQi5WLjEXMBUGA1UEYQwOTlRSTkwtMjcxMjQ3MDExNjA0BgNVBAMMLUtQTiBCViBQS0lvdmVyaGVpZCBPcmdhbmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xOTA1MTUxMDUwMDJaFw0yMTA1MTQxMDUwMDJaMIGUMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHTGltYnVyZzEPMA0GA1UEBwwGVmVucmF5MSYwJAYDVQQKDB1TdGljaHRpbmcgUGVuc2lvZW5mb25kcyBYZXJveDEdMBsGA1UEBRMUMDAwMDAwMDMxMjAzOTkxMDAwMDAxGzAZBgNVBAMMEnd3dy5zcHgtcHJlcHJvZC5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAP5QRFjT229T2XLrnIEoy00/wrEOu1C5rivYGobT1OkjjmFedQhgtISG2K7UA3JO3lpUDVQ/AZ8+V3lOHmE5WNyATfYmjNTx1EOrcIeEi8MLFqzYzEAdb4ML9uPVpvNGq1f3YvZt67CnzTtd1qgaKEFQLTGObFIdK4/DmwDBGdxc+b2kNdskxc4WBBQGICoo4wvE6WUso0uWM6Msi/60k1W9Afss5gMTgqe4U84BeHXdL54K58FXShKe8ROOgnqDLOdWk0AJDDhL7gmcns9ggNAbFFgTV4yhSMf7C7qXwOnO4KLCGkw9rxCb6AkCfbncD0fd/ZcwnGuqyZmnNwydVHcCAwEAAaOCA88wggPLMIGUBggrBgEFBQcBAQSBhzCBhDBYBggrBgEFBQcwAoZMaHR0cDovL2NlcnQubWFuYWdlZHBraS5jb20vQ0FjZXJ0cy9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0aWVTZXJ2ZXJDQUczLmNlcjAoBggrBgEFBQcwAYYcaHR0cDovL2czb2NzcC5tYW5hZ2VkcGtpLmNvbTAdBgNVHQ4EFgQUEyXGZHbBhI/gJ8BcuwUTXMWWekQwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTDmqZ7XnQrgrbGcv10ToXSl839GDCBsQYDVR0gBIGpMIGmMIGZBgpghBABh2sBAgUGMIGKMDcGCCsGAQUFBwIBFitodHRwczovL2NlcnRpZmljYWF0Lmtwbi5jb20vcGtpb3ZlcmhlaWQvY3BzME8GCCsGAQUFBwICMEMMQU9wIGRpdCBjZXJ0aWZpY2FhdCBpcyBoZXQgQ1BTIFBLSW92ZXJoZWlkIHZhbiBLUE4gdmFuIHRvZXBhc3NpbmcuMAgGBmeBDAECAjBeBgNVHR8EVzBVMFOgUaBPhk1odHRwOi8vY3JsLm1hbmFnZWRwa2kuY29tL0tQTkJWUEtJb3ZlcmhlaWRPcmdhbmlzYXRpZVNlcnZlckNBRzMvTGF0ZXN0Q1JMLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1UdEQQWMBSCEnd3dy5zcHgtcHJlcHJvZC5ubDCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHcAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFqux0ePwAABAMASDBGAiEAja94/1KZFGK9SPJNZqleuA4gc6VpMF7Bt416tG7H95ACIQCMx+yUPkBWwxTxN9NhPMTQ2T7Z9upr5dYWz19H6MtEPAB3AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABarsdHzoAAAQDAEgwRgIhAOBfuJV0hum9qP1/fQxQWcbMDDzVAiGPfjSFiXowMRdMAiEA3ZTDO1/93O5eBqdukvtAolVKjn99hESYFBXydEKS+ZcAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWq7HR4EAAAEAwBHMEUCIQCwoEnZsOE7eFHCapBQefF5yFwPo1AlHWiW/STzLfXHSgIgZolPwNlmylS7TwhrRLXj32WRTOpkklAt1AfYK0cRxF0wDQYJKoZIhvcNAQELBQADggIBAG8YuzsZtu2Cq5nbCJxVaKreBiWpQ65+ssxSIEm7qyRKtzpxoPkSuSJlxBnZqVN1o8FiDO9lf9jXW79gRAHAWGtAxpNngZZylDdz9HG9Ky54o2k4ROQIV0C+WG9Z5srSAa66fLm98KnmL2av2TrJbv7xeIjymo2IBiz3F+7voWYJHQ8VJgyT7Gned2rJb8BmQ29sr8MMQM7uv0w1FjFisaRNbdVlqT7ihIFOu8k9lYNVrBUfl6U7TDD7lWhftQMtFtdqdvsoVRJIdw6u6kShKiMOiPh38KERVS4vLx5IvsSntnYo0h4W5auWdMPK8yOfKuDUcOeSTEBztWEzF0EvXpuyBnQ3iW7LLLOlp6duw+jc++un7waLCq9dy1HxrpKAN5I9Iz4ExX/BG03pkUYArEtn/73drF6XXEeMn5EQnUCF0bf4JvMlX2Ewes6N41If4GL9p4C+3eBXVTng0MRXc7xLMTfxFTDifPcIF8kWnCl54eWE37QEMOVB74GH/3OjCHDNOzJ57Yy2SVNDrHKuIkzG65kYEirMlFgI8aVRbQTuDyo7t5dKUgny4SVzILWNatnSu8YBtJLprVFjwpH6085BxGXQd2lLmHe2oF7ILj4/fhup7D7RyxaFj+0EGijFwuTUH9HQgsPL+8rx/AyS2kD3RBzQzwp96NAEUDoSFJbFsamlp:ArtifactAAQAAM2K4swP9wWZMpSMawzmyp+75KEU2yFpubfas2GwGgS7xwLbzk7IsVM=</samlp:Artifact></samlp:ArtifactResolve></SOAP-ENV:Body></SOAP-ENV:Envelope>
12376/34: 18-8-2019 13:30:41: Received SOAP response: <?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv=“soapenv:Bodysamlp:ArtifactResponse"http://schemas.xmlsoap.org/soap/envelope/”>soapenv:Body<samlp:ArtifactResponse xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion” xmlns:ds=“<a href=“http://www.w3.org/2000/09/xmldsig#””>http://www.w3.org/2000/09/xmldsig#“ xmlns:ec=”<a href=“http://www.w3.org/2001/10/xml-exc-c14n#”“>http://www.w3.org/2001/10/xml-exc-c14n#” ID=“_28429ba6d1bacf0f0303c16578cce7b6228fb548” Version=“2.0” IssueInstant=“2019-08-18T13:30:41Z” InResponseTo=“_168fefa2-28dd-4e0c-9a8d-27c6ea7fd51a”>saml:Issuerhttps://was-preprod1.digid.nl/saml/idp/metadata</saml:Issuer>ds:Signatureds:SignedInfo<ds:CanonicalizationMethod Algorithm=“ds:SignatureMethod"http://www.w3.org/2001/10/xml-exc-c14n#”/><ds:SignatureMethod Algorithm=“ds:Reference"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256”/><ds:Reference URI=“#_28429ba6d1bacf0f0303c16578cce7b6228fb548”>ds:Transforms<ds:Transform Algorithm=“ds:Transform"http://www.w3.org/2000/09/xmldsig#enveloped-signature”/><ds:Transform Algorithm=“ec:InclusiveNamespaces"http://www.w3.org/2001/10/xml-exc-c14n#”><ec:InclusiveNamespaces PrefixList=“ds saml samlp xs”/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm=“ds:DigestValuesDGQWNAPUg6kS5ZWXYklo/F7Z6R4TXeKNvrpv+2dBMY=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValueY2x2UUQkHdosObOqdfWFg8eda0bh9rVpgY5wEZ3k0blKjwRq0n09ObwhxFIPUptSvoQp4Gt5uwkH9dTEf7locSLxb8HYzCME8h2TNxcsqgp5gOXOD1B5lQG6no6aYG0PqXqhXyGxubPkdR3k+3Xx1VCe9Fgnv6OztQpc+bw6H5SLkX60Ktly5LtwmTshEeg+XOOngermu1xti73kBCYZyR/l6DSIelRNolak5sCVItld5BYcdaQ0jLwHXFdgn4ePFSdc/yhQfq9nwX7Nk5BpDvlryPpCbpVfG0zC8xN0c8HEo8RGRjwwjqupxSlLiTSZ/R/apkCcugS2mLRChH74zw==</ds:SignatureValue>ds:KeyInfods:KeyName2e9046aba2e95ed07efb655f6f50880ef686e531</ds:KeyName>ds:X509Datads:X509CertificateMIIIZDCCBkygAwIBAgIMJ2R7YaPkQO4x1YD4MA0GCSqGSIb3DQEBCwUAMHEx”>http://www.w3.org/2001/04/xmlenc#sha256"/>ds:DigestValuesDGQWNAPUg6kS5ZWXYklo/F7Z6R4TXeKNvrpv+2dBMY=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValueY2x2UUQkHdosObOqdfWFg8eda0bh9rVpgY5wEZ3k0blKjwRq0n09ObwhxFIPUptSvoQp4Gt5uwkH9dTEf7locSLxb8HYzCME8h2TNxcsqgp5gOXOD1B5lQG6no6aYG0PqXqhXyGxubPkdR3k+3Xx1VCe9Fgnv6OztQpc+bw6H5SLkX60Ktly5LtwmTshEeg+XOOngermu1xti73kBCYZyR/l6DSIelRNolak5sCVItld5BYcdaQ0jLwHXFdgn4ePFSdc/yhQfq9nwX7Nk5BpDvlryPpCbpVfG0zC8xN0c8HEo8RGRjwwjqupxSlLiTSZ/R/apkCcugS2mLRChH74zw==</ds:SignatureValue>ds:KeyInfods:KeyName2e9046aba2e95ed07efb655f6f50880ef686e531</ds:KeyName>ds:X509Datads:X509CertificateMIIIZDCCBkygAwIBAgIMJ2R7YaPkQO4x1YD4MA0GCSqGSIb3DQEBCwUAMHEx
CzAJBgNVBAYTAk5MMREwDwYDVQQKDAhLUE4gQi5WLjEXMBUGA1UEYQwOTlRS
TkwtMjcxMjQ3MDExNjA0BgNVBAMMLUtQTiBCViBQS0lvdmVyaGVpZCBPcmdh
bmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xOTAzMDgwODIwMjdaFw0yMTAz
MDcwODIwMjdaMIGYMQswCQYDVQQGEwJOTDEVMBMGA1UECAwMWnVpZC1Ib2xs
YW5kMREwDwYDVQQHDAhEZW4gSGFhZzEPMA0GA1UECgwGTG9naXVzMQ4wDAYD
VQQLDAVEaWdpRDEdMBsGA1UEBRMUMDAwMDAwMDQxNjY5MDk5MTMwMDAxHzAd
BgNVBAMMFnNhbWwtc2lnbi5wcDEuZGlnaWQubmwwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDXUqAvX+Dk6s4BfjJQwwctTw68IFxJyaBMvHj9
gxfwPFy7SMtZ6rQlIwDW0LRsjAnKAWXSkBc56jrDQse4rram+1a7jV8dPSPd
KkgeSyJVENpC0ssnWcUMEnDMZ6NP8ydavUEAzFRYBBqcnGoDpga8K6HczWgz
pC4iQmpGcj+wE7c80C4GHTUKvJ+C7AnZqq5qHP6izxIGLOEiofJqgG7Lyp7W
r5ypITeIlPKFmTY7DD8OsR7p7H8Y34jmbmcum+r8FobykcXX9DEXzVesR82A
3j83Cvwx8lsu1bKwUbF2VzkIC+PWC1aRsE5FtsmJ9ZEdA58Dhe9wQnkZbZRB
Ao69AgMBAAGjggPSMIIDzjCBlAYIKwYBBQUHAQEEgYcwgYQwWAYIKwYBBQUH
MAKGTGh0dHA6Ly9jZXJ0Lm1hbmFnZWRwa2kuY29tL0NBY2VydHMvS1BOQlZQ
S0lvdmVyaGVpZE9yZ2FuaXNhdGllU2VydmVyQ0FHMy5jZXIwKAYIKwYBBQUH
MAGGHGh0dHA6Ly9nM29jc3AubWFuYWdlZHBraS5jb20wHQYDVR0OBBYEFHJ+
P3k2bMVXrjbSxmZwOGSWAjVfMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU
w5qme150K4K2xnL9dE6F0pfN/RgwgbEGA1UdIASBqTCBpjCBmQYKYIQQAYdr
AQIFBjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9jZXJ0aWZpY2FhdC5rcG4u
Y29tL3BraW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBDDEFPcCBkaXQgY2Vy
dGlmaWNhYXQgaXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4gS1BOIHZhbiB0
b2VwYXNzaW5nLjAIBgZngQwBAgIwXgYDVR0fBFcwVTBToFGgT4ZNaHR0cDov
L2NybC5tYW5hZ2VkcGtpLmNvbS9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0
aWVTZXJ2ZXJDQUczL0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAhBgNVHREEGjAYghZzYW1s
LXNpZ24ucHAxLmRpZ2lkLm5sMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA
dgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWlcY7BfAAAE
AwBHMEUCIHS8iwfnyokm9iKrHAsXAOztVID4iub1P/IVBmXWG0qdAiEAvob7
Kgn6Z/dkVVPshtvU+gzQmFifSQcBIJGctLd34xcAdwBVgdTCFpA2AUrqC5tX
PFPwwOQ4eHAlCBcvo6odBxPTDAAAAWlcY7CMAAAEAwBIMEYCIQDefUQL5r8K
vszl9QjKAnxoCZ+RmzDXOyTzd5IzAqrWmgIhALrSqji+HqnmhWMTSzJrFsxx
vb3007Q75F8YzdP7m0EhAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZk
No4e0YUAAAFpXGOwZAAABAMARzBFAiAci7bLk1gKOxijzNYEHE2AtNq+tiAo
dFpzkfL0A/fNGAIhAJXZUfwrB8+zaCD6Ebvny7V3Qg3fyWP7d2/WBLFEmafv
MA0GCSqGSIb3DQEBCwUAA4ICAQCmt4ZqkWj28RQ2aMw0yAIddJlfEfmHwNdn
eOyrhQM2DW9j0F+x7B5XGhU7mNhUac+yL08QjeCf6pLJSwloMizyGdMKjcv7
t9W3HF4gwv0mFkOw6b1MnbwdbINHoIprKbRXs3Gxt5+WdKdh87byPcAeTW0Z
36gZrVHrAlnCiBaqT1xOlZqFzdF3JGaRx51lDk+Ln2R13JDonjnv4hL70Aln
Gt1eiSxjhyhtcwHNVvMhQ9G+u8ZASwFM1BhZMPEateYI6v0dPaXJSHxzasdB
D1/9V//gmRbHAoRu/KYKKDsK6yhNFx2I1PvsVVC6QTYos7euIbcW+gDcJqQb
m/xyFyKkZd/6SXxQAL123RwOPoOxq5my9tXyfEUeBzWTRcX28KSPXbycTfO4
34UADip/U07mpTGRDwCt0xfvp+zzB99jchEj7CWZqukr0xhbO7F4xDvmW/eU
S9CytBSHTyhlA+3Wepulz1QsqERESi2FvAlVljlDRkZrHLk53m3KJOcPVCwW
5Q2d3JnfPRCrj4L8c7cVA0r4Xdr2pZ5U5plz/LBn9oKqIqU0Pdg2TUvNpxfs
tOiNJIjoMR3VJNprvtvYsLmSb7yD8a9eQ/IjtBd7uzyMS+AbAj8ZpXAlbRtI
ycQjMEBxgk2NQSSQQEIfjk9breWf0nEL+NTkuflHUw7HpDaYrg==
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>samlp:Status<samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success”/></samlp:Status><samlp:Response ID=“_314be1e7a32c2d80bc15b6982d29e104edc217d5” Version=“2.0” IssueInstant=“2019-08-18T13:30:41Z” InResponseTo=“_0b3cdcb4-0803-4970-982e-72db23ca26a5”>saml:Issuerhttps://was-preprod1.digid.nl/saml/idp/metadata</saml:Issuer>samlp:Status<samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success”/></samlp:Status><saml:Assertion ID=“_36cd50960b1c95cb5ba117175dc53548404cdd8b” Version=“2.0” IssueInstant=“2019-08-18T13:30:41Z”>saml:Issuerhttps://was-preprod1.digid.nl/saml/idp/metadata</saml:Issuer>ds:Signatureds:SignedInfo<ds:CanonicalizationMethod Algorithm=“ds:SignatureMethod"http://www.w3.org/2001/10/xml-exc-c14n#”/><ds:SignatureMethod Algorithm=“ds:Reference"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256”/><ds:Reference URI=“#_36cd50960b1c95cb5ba117175dc53548404cdd8b”>ds:Transforms<ds:Transform Algorithm=“ds:Transform"http://www.w3.org/2000/09/xmldsig#enveloped-signature”/><ds:Transform Algorithm=“ec:InclusiveNamespaces"http://www.w3.org/2001/10/xml-exc-c14n#”><ec:InclusiveNamespaces PrefixList=“ds saml samlp xs”/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm=“ds:DigestValueODnWklQCsALp3zZKOwyD3yTCDTNjQeB5gGdyDMCYtjQ=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValue0Bc/S1xs6E7IBQ7r10BqOaXKIp5ThRqUZ7fyAXZrzO3XxXCPIiaFb5cpXqgaMJBqh3N2nQ+0EuRZo+naR6xHeW7ce51Wlo2w7rVs2OGJ6r4vmkol7cm8SEoiL7/8pWBMAVijDZhzBNO2ewj7g6MB6NGcuEg71wRrmRRVv8fXkrGvM+vv0k6KoNu8hOnhn7t4JFW9CTJ9XYYopsHTtDUdKxYDdGOYThT5sjqV5B84iFJwuZdNOyLGe5CsM5YmxW2KI7V+liLRrgtJ44lOuqtreL6HW8nGiZjNQE+rvvZHGuoJU99I5fzsUXdIWlrlhQiVrkiv0dPr6C93wMSH2Z+UQQ==</ds:SignatureValue>ds:KeyInfods:KeyName2e9046aba2e95ed07efb655f6f50880ef686e531</ds:KeyName>ds:X509Datads:X509CertificateMIIIZDCCBkygAwIBAgIMJ2R7YaPkQO4x1YD4MA0GCSqGSIb3DQEBCwUAMHEx”>http://www.w3.org/2001/04/xmlenc#sha256"/>ds:DigestValueODnWklQCsALp3zZKOwyD3yTCDTNjQeB5gGdyDMCYtjQ=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValue0Bc/S1xs6E7IBQ7r10BqOaXKIp5ThRqUZ7fyAXZrzO3XxXCPIiaFb5cpXqgaMJBqh3N2nQ+0EuRZo+naR6xHeW7ce51Wlo2w7rVs2OGJ6r4vmkol7cm8SEoiL7/8pWBMAVijDZhzBNO2ewj7g6MB6NGcuEg71wRrmRRVv8fXkrGvM+vv0k6KoNu8hOnhn7t4JFW9CTJ9XYYopsHTtDUdKxYDdGOYThT5sjqV5B84iFJwuZdNOyLGe5CsM5YmxW2KI7V+liLRrgtJ44lOuqtreL6HW8nGiZjNQE+rvvZHGuoJU99I5fzsUXdIWlrlhQiVrkiv0dPr6C93wMSH2Z+UQQ==</ds:SignatureValue>ds:KeyInfods:KeyName2e9046aba2e95ed07efb655f6f50880ef686e531</ds:KeyName>ds:X509Datads:X509CertificateMIIIZDCCBkygAwIBAgIMJ2R7YaPkQO4x1YD4MA0GCSqGSIb3DQEBCwUAMHEx
CzAJBgNVBAYTAk5MMREwDwYDVQQKDAhLUE4gQi5WLjEXMBUGA1UEYQwOTlRS
TkwtMjcxMjQ3MDExNjA0BgNVBAMMLUtQTiBCViBQS0lvdmVyaGVpZCBPcmdh
bmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xOTAzMDgwODIwMjdaFw0yMTAz
MDcwODIwMjdaMIGYMQswCQYDVQQGEwJOTDEVMBMGA1UECAwMWnVpZC1Ib2xs
YW5kMREwDwYDVQQHDAhEZW4gSGFhZzEPMA0GA1UECgwGTG9naXVzMQ4wDAYD
VQQLDAVEaWdpRDEdMBsGA1UEBRMUMDAwMDAwMDQxNjY5MDk5MTMwMDAxHzAd
BgNVBAMMFnNhbWwtc2lnbi5wcDEuZGlnaWQubmwwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDXUqAvX+Dk6s4BfjJQwwctTw68IFxJyaBMvHj9
gxfwPFy7SMtZ6rQlIwDW0LRsjAnKAWXSkBc56jrDQse4rram+1a7jV8dPSPd
KkgeSyJVENpC0ssnWcUMEnDMZ6NP8ydavUEAzFRYBBqcnGoDpga8K6HczWgz
pC4iQmpGcj+wE7c80C4GHTUKvJ+C7AnZqq5qHP6izxIGLOEiofJqgG7Lyp7W
r5ypITeIlPKFmTY7DD8OsR7p7H8Y34jmbmcum+r8FobykcXX9DEXzVesR82A
3j83Cvwx8lsu1bKwUbF2VzkIC+PWC1aRsE5FtsmJ9ZEdA58Dhe9wQnkZbZRB
Ao69AgMBAAGjggPSMIIDzjCBlAYIKwYBBQUHAQEEgYcwgYQwWAYIKwYBBQUH
MAKGTGh0dHA6Ly9jZXJ0Lm1hbmFnZWRwa2kuY29tL0NBY2VydHMvS1BOQlZQ
S0lvdmVyaGVpZE9yZ2FuaXNhdGllU2VydmVyQ0FHMy5jZXIwKAYIKwYBBQUH
MAGGHGh0dHA6Ly9nM29jc3AubWFuYWdlZHBraS5jb20wHQYDVR0OBBYEFHJ+
P3k2bMVXrjbSxmZwOGSWAjVfMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU
w5qme150K4K2xnL9dE6F0pfN/RgwgbEGA1UdIASBqTCBpjCBmQYKYIQQAYdr
AQIFBjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9jZXJ0aWZpY2FhdC5rcG4u
Y29tL3BraW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBDDEFPcCBkaXQgY2Vy
dGlmaWNhYXQgaXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4gS1BOIHZhbiB0
b2VwYXNzaW5nLjAIBgZngQwBAgIwXgYDVR0fBFcwVTBToFGgT4ZNaHR0cDov
L2NybC5tYW5hZ2VkcGtpLmNvbS9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0
aWVTZXJ2ZXJDQUczL0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAhBgNVHREEGjAYghZzYW1s
LXNpZ24ucHAxLmRpZ2lkLm5sMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA
dgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWlcY7BfAAAE
AwBHMEUCIHS8iwfnyokm9iKrHAsXAOztVID4iub1P/IVBmXWG0qdAiEAvob7
Kgn6Z/dkVVPshtvU+gzQmFifSQcBIJGctLd34xcAdwBVgdTCFpA2AUrqC5tX
PFPwwOQ4eHAlCBcvo6odBxPTDAAAAWlcY7CMAAAEAwBIMEYCIQDefUQL5r8K
vszl9QjKAnxoCZ+RmzDXOyTzd5IzAqrWmgIhALrSqji+HqnmhWMTSzJrFsxx
vb3007Q75F8YzdP7m0EhAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZk
No4e0YUAAAFpXGOwZAAABAMARzBFAiAci7bLk1gKOxijzNYEHE2AtNq+tiAo
dFpzkfL0A/fNGAIhAJXZUfwrB8+zaCD6Ebvny7V3Qg3fyWP7d2/WBLFEmafv
MA0GCSqGSIb3DQEBCwUAA4ICAQCmt4ZqkWj28RQ2aMw0yAIddJlfEfmHwNdn
eOyrhQM2DW9j0F+x7B5XGhU7mNhUac+yL08QjeCf6pLJSwloMizyGdMKjcv7
t9W3HF4gwv0mFkOw6b1MnbwdbINHoIprKbRXs3Gxt5+WdKdh87byPcAeTW0Z
36gZrVHrAlnCiBaqT1xOlZqFzdF3JGaRx51lDk+Ln2R13JDonjnv4hL70Aln
Gt1eiSxjhyhtcwHNVvMhQ9G+u8ZASwFM1BhZMPEateYI6v0dPaXJSHxzasdB
D1/9V//gmRbHAoRu/KYKKDsK6yhNFx2I1PvsVVC6QTYos7euIbcW+gDcJqQb
m/xyFyKkZd/6SXxQAL123RwOPoOxq5my9tXyfEUeBzWTRcX28KSPXbycTfO4
34UADip/U07mpTGRDwCt0xfvp+zzB99jchEj7CWZqukr0xhbO7F4xDvmW/eU
S9CytBSHTyhlA+3Wepulz1QsqERESi2FvAlVljlDRkZrHLk53m3KJOcPVCwW
5Q2d3JnfPRCrj4L8c7cVA0r4Xdr2pZ5U5plz/LBn9oKqIqU0Pdg2TUvNpxfs
tOiNJIjoMR3VJNprvtvYsLmSb7yD8a9eQ/IjtBd7uzyMS+AbAj8ZpXAlbRtI
ycQjMEBxgk2NQSSQQEIfjk9breWf0nEL+NTkuflHUw7HpDaYrg==
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>saml:Subjectsaml:NameIDs00000000:900181795</saml:NameID><saml:SubjectConfirmation Method=“urn:oasis:names:tc:SAML:2.0:cm:bearer”><saml:SubjectConfirmationData NotOnOrAfter=“2019-08-18T13:32:41Z” Recipient=“<a href=“https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx””>https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx" InResponseTo=“_0b3cdcb4-0803-4970-982e-72db23ca26a5”/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore=“2019-08-18T13:28:41Z” NotOnOrAfter=“2019-08-18T13:32:41Z”>saml:AudienceRestrictionsaml:Audiencewww.spx-preprod.nl</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant=“2019-08-18T13:30:41Z” SessionIndex=“5e98eca8f157d03e5b62ef4dd83006553436922”><saml:SubjectLocality Address=“31.20.113.75”/>saml:AuthnContextsaml:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response></samlp:ArtifactResponse></soapenv:Body></soapenv:Envelope>

12376/34: 18-8-2019 13:30:41: Received response over SOAP, responseMessage=<samlp:ArtifactResponse xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion” xmlns:ds=“<a href=“http://www.w3.org/2000/09/xmldsig#””>http://www.w3.org/2000/09/xmldsig#“ xmlns:ec=”<a href=“http://www.w3.org/2001/10/xml-exc-c14n#”“>http://www.w3.org/2001/10/xml-exc-c14n#” ID=“_28429ba6d1bacf0f0303c16578cce7b6228fb548” Version=“2.0” IssueInstant=“2019-08-18T13:30:41Z” InResponseTo=“_168fefa2-28dd-4e0c-9a8d-27c6ea7fd51a”>saml:Issuerhttps://was-preprod1.digid.nl/saml/idp/metadata</saml:Issuer>ds:Signatureds:SignedInfo<ds:CanonicalizationMethod Algorithm=“<a href=“http://www.w3.org/2001/10/xml-exc-c14n#””>http://www.w3.org/2001/10/xml-exc-c14n#“ /><ds:SignatureMethod Algorithm=”<a href=“http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"”>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ds:Reference URI=“#_28429ba6d1bacf0f0303c16578cce7b6228fb548”>ds:Transforms<ds:Transform Algorithm=“<a href=“http://www.w3.org/2000/09/xmldsig#enveloped-signature””>http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm=“ec:InclusiveNamespaces"http://www.w3.org/2001/10/xml-exc-c14n#”><ec:InclusiveNamespaces PrefixList=“ds saml samlp xs” /></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm=“<a href=“http://www.w3.org/2001/04/xmlenc#sha256"”>http://www.w3.org/2001/04/xmlenc#sha256” />ds:DigestValuesDGQWNAPUg6kS5ZWXYklo/F7Z6R4TXeKNvrpv+2dBMY=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValueY2x2UUQkHdosObOqdfWFg8eda0bh9rVpgY5wEZ3k0blKjwRq0n09ObwhxFIPUptSvoQp4Gt5uwkH9dTEf7locSLxb8HYzCME8h2TNxcsqgp5gOXOD1B5lQG6no6aYG0PqXqhXyGxubPkdR3k+3Xx1VCe9Fgnv6OztQpc+bw6H5SLkX60Ktly5LtwmTshEeg+XOOngermu1xti73kBCYZyR/l6DSIelRNolak5sCVItld5BYcdaQ0jLwHXFdgn4ePFSdc/yhQfq9nwX7Nk5BpDvlryPpCbpVfG0zC8xN0c8HEo8RGRjwwjqupxSlLiTSZ/R/apkCcugS2mLRChH74zw==</ds:SignatureValue>ds:KeyInfods:KeyName2e9046aba2e95ed07efb655f6f50880ef686e531</ds:KeyName>ds:X509Datads:X509CertificateMIIIZDCCBkygAwIBAgIMJ2R7YaPkQO4x1YD4MA0GCSqGSIb3DQEBCwUAMHEx
CzAJBgNVBAYTAk5MMREwDwYDVQQKDAhLUE4gQi5WLjEXMBUGA1UEYQwOTlRS
TkwtMjcxMjQ3MDExNjA0BgNVBAMMLUtQTiBCViBQS0lvdmVyaGVpZCBPcmdh
bmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xOTAzMDgwODIwMjdaFw0yMTAz
MDcwODIwMjdaMIGYMQswCQYDVQQGEwJOTDEVMBMGA1UECAwMWnVpZC1Ib2xs
YW5kMREwDwYDVQQHDAhEZW4gSGFhZzEPMA0GA1UECgwGTG9naXVzMQ4wDAYD
VQQLDAVEaWdpRDEdMBsGA1UEBRMUMDAwMDAwMDQxNjY5MDk5MTMwMDAxHzAd
BgNVBAMMFnNhbWwtc2lnbi5wcDEuZGlnaWQubmwwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDXUqAvX+Dk6s4BfjJQwwctTw68IFxJyaBMvHj9
gxfwPFy7SMtZ6rQlIwDW0LRsjAnKAWXSkBc56jrDQse4rram+1a7jV8dPSPd
KkgeSyJVENpC0ssnWcUMEnDMZ6NP8ydavUEAzFRYBBqcnGoDpga8K6HczWgz
pC4iQmpGcj+wE7c80C4GHTUKvJ+C7AnZqq5qHP6izxIGLOEiofJqgG7Lyp7W
r5ypITeIlPKFmTY7DD8OsR7p7H8Y34jmbmcum+r8FobykcXX9DEXzVesR82A
3j83Cvwx8lsu1bKwUbF2VzkIC+PWC1aRsE5FtsmJ9ZEdA58Dhe9wQnkZbZRB
Ao69AgMBAAGjggPSMIIDzjCBlAYIKwYBBQUHAQEEgYcwgYQwWAYIKwYBBQUH
MAKGTGh0dHA6Ly9jZXJ0Lm1hbmFnZWRwa2kuY29tL0NBY2VydHMvS1BOQlZQ
S0lvdmVyaGVpZE9yZ2FuaXNhdGllU2VydmVyQ0FHMy5jZXIwKAYIKwYBBQUH
MAGGHGh0dHA6Ly9nM29jc3AubWFuYWdlZHBraS5jb20wHQYDVR0OBBYEFHJ+
P3k2bMVXrjbSxmZwOGSWAjVfMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU
w5qme150K4K2xnL9dE6F0pfN/RgwgbEGA1UdIASBqTCBpjCBmQYKYIQQAYdr
AQIFBjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9jZXJ0aWZpY2FhdC5rcG4u
Y29tL3BraW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBDDEFPcCBkaXQgY2Vy
dGlmaWNhYXQgaXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4gS1BOIHZhbiB0
b2VwYXNzaW5nLjAIBgZngQwBAgIwXgYDVR0fBFcwVTBToFGgT4ZNaHR0cDov
L2NybC5tYW5hZ2VkcGtpLmNvbS9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0
aWVTZXJ2ZXJDQUczL0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAhBgNVHREEGjAYghZzYW1s
LXNpZ24ucHAxLmRpZ2lkLm5sMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA
dgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWlcY7BfAAAE
AwBHMEUCIHS8iwfnyokm9iKrHAsXAOztVID4iub1P/IVBmXWG0qdAiEAvob7
Kgn6Z/dkVVPshtvU+gzQmFifSQcBIJGctLd34xcAdwBVgdTCFpA2AUrqC5tX
PFPwwOQ4eHAlCBcvo6odBxPTDAAAAWlcY7CMAAAEAwBIMEYCIQDefUQL5r8K
vszl9QjKAnxoCZ+RmzDXOyTzd5IzAqrWmgIhALrSqji+HqnmhWMTSzJrFsxx
vb3007Q75F8YzdP7m0EhAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZk
No4e0YUAAAFpXGOwZAAABAMARzBFAiAci7bLk1gKOxijzNYEHE2AtNq+tiAo
dFpzkfL0A/fNGAIhAJXZUfwrB8+zaCD6Ebvny7V3Qg3fyWP7d2/WBLFEmafv
MA0GCSqGSIb3DQEBCwUAA4ICAQCmt4ZqkWj28RQ2aMw0yAIddJlfEfmHwNdn
eOyrhQM2DW9j0F+x7B5XGhU7mNhUac+yL08QjeCf6pLJSwloMizyGdMKjcv7
t9W3HF4gwv0mFkOw6b1MnbwdbINHoIprKbRXs3Gxt5+WdKdh87byPcAeTW0Z
36gZrVHrAlnCiBaqT1xOlZqFzdF3JGaRx51lDk+Ln2R13JDonjnv4hL70Aln
Gt1eiSxjhyhtcwHNVvMhQ9G+u8ZASwFM1BhZMPEateYI6v0dPaXJSHxzasdB
D1/9V//gmRbHAoRu/KYKKDsK6yhNFx2I1PvsVVC6QTYos7euIbcW+gDcJqQb
m/xyFyKkZd/6SXxQAL123RwOPoOxq5my9tXyfEUeBzWTRcX28KSPXbycTfO4
34UADip/U07mpTGRDwCt0xfvp+zzB99jchEj7CWZqukr0xhbO7F4xDvmW/eU
S9CytBSHTyhlA+3Wepulz1QsqERESi2FvAlVljlDRkZrHLk53m3KJOcPVCwW
5Q2d3JnfPRCrj4L8c7cVA0r4Xdr2pZ5U5plz/LBn9oKqIqU0Pdg2TUvNpxfs
tOiNJIjoMR3VJNprvtvYsLmSb7yD8a9eQ/IjtBd7uzyMS+AbAj8ZpXAlbRtI
ycQjMEBxgk2NQSSQQEIfjk9breWf0nEL+NTkuflHUw7HpDaYrg==
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>samlp:Status<samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” /></samlp:Status><samlp:Response ID=“_314be1e7a32c2d80bc15b6982d29e104edc217d5” Version=“2.0” IssueInstant=“2019-08-18T13:30:41Z” InResponseTo=“_0b3cdcb4-0803-4970-982e-72db23ca26a5”>saml:Issuerhttps://was-preprod1.digid.nl/saml/idp/metadata</saml:Issuer>samlp:Status<samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” /></samlp:Status><saml:Assertion ID=“_36cd50960b1c95cb5ba117175dc53548404cdd8b” Version=“2.0” IssueInstant=“2019-08-18T13:30:41Z”>saml:Issuerhttps://was-preprod1.digid.nl/saml/idp/metadata</saml:Issuer>ds:Signatureds:SignedInfo<ds:CanonicalizationMethod Algorithm=“<a href=“http://www.w3.org/2001/10/xml-exc-c14n#””>http://www.w3.org/2001/10/xml-exc-c14n#“ /><ds:SignatureMethod Algorithm=”<a href=“http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"”>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /><ds:Reference URI=“#_36cd50960b1c95cb5ba117175dc53548404cdd8b”>ds:Transforms<ds:Transform Algorithm=“<a href=“http://www.w3.org/2000/09/xmldsig#enveloped-signature””>http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><ds:Transform Algorithm=“ec:InclusiveNamespaces"http://www.w3.org/2001/10/xml-exc-c14n#”><ec:InclusiveNamespaces PrefixList=“ds saml samlp xs” /></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm=“<a href=“http://www.w3.org/2001/04/xmlenc#sha256"”>http://www.w3.org/2001/04/xmlenc#sha256” />ds:DigestValueODnWklQCsALp3zZKOwyD3yTCDTNjQeB5gGdyDMCYtjQ=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValue0Bc/S1xs6E7IBQ7r10BqOaXKIp5ThRqUZ7fyAXZrzO3XxXCPIiaFb5cpXqgaMJBqh3N2nQ+0EuRZo+naR6xHeW7ce51Wlo2w7rVs2OGJ6r4vmkol7cm8SEoiL7/8pWBMAVijDZhzBNO2ewj7g6MB6NGcuEg71wRrmRRVv8fXkrGvM+vv0k6KoNu8hOnhn7t4JFW9CTJ9XYYopsHTtDUdKxYDdGOYThT5sjqV5B84iFJwuZdNOyLGe5CsM5YmxW2KI7V+liLRrgtJ44lOuqtreL6HW8nGiZjNQE+rvvZHGuoJU99I5fzsUXdIWlrlhQiVrkiv0dPr6C93wMSH2Z+UQQ==</ds:SignatureValue>ds:KeyInfods:KeyName2e9046aba2e95ed07efb655f6f50880ef686e531</ds:KeyName>ds:X509Datads:X509CertificateMIIIZDCCBkygAwIBAgIMJ2R7YaPkQO4x1YD4MA0GCSqGSIb3DQEBCwUAMHEx
CzAJBgNVBAYTAk5MMREwDwYDVQQKDAhLUE4gQi5WLjEXMBUGA1UEYQwOTlRS
TkwtMjcxMjQ3MDExNjA0BgNVBAMMLUtQTiBCViBQS0lvdmVyaGVpZCBPcmdh
bmlzYXRpZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xOTAzMDgwODIwMjdaFw0yMTAz
MDcwODIwMjdaMIGYMQswCQYDVQQGEwJOTDEVMBMGA1UECAwMWnVpZC1Ib2xs
YW5kMREwDwYDVQQHDAhEZW4gSGFhZzEPMA0GA1UECgwGTG9naXVzMQ4wDAYD
VQQLDAVEaWdpRDEdMBsGA1UEBRMUMDAwMDAwMDQxNjY5MDk5MTMwMDAxHzAd
BgNVBAMMFnNhbWwtc2lnbi5wcDEuZGlnaWQubmwwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDXUqAvX+Dk6s4BfjJQwwctTw68IFxJyaBMvHj9
gxfwPFy7SMtZ6rQlIwDW0LRsjAnKAWXSkBc56jrDQse4rram+1a7jV8dPSPd
KkgeSyJVENpC0ssnWcUMEnDMZ6NP8ydavUEAzFRYBBqcnGoDpga8K6HczWgz
pC4iQmpGcj+wE7c80C4GHTUKvJ+C7AnZqq5qHP6izxIGLOEiofJqgG7Lyp7W
r5ypITeIlPKFmTY7DD8OsR7p7H8Y34jmbmcum+r8FobykcXX9DEXzVesR82A
3j83Cvwx8lsu1bKwUbF2VzkIC+PWC1aRsE5FtsmJ9ZEdA58Dhe9wQnkZbZRB
Ao69AgMBAAGjggPSMIIDzjCBlAYIKwYBBQUHAQEEgYcwgYQwWAYIKwYBBQUH
MAKGTGh0dHA6Ly9jZXJ0Lm1hbmFnZWRwa2kuY29tL0NBY2VydHMvS1BOQlZQ
S0lvdmVyaGVpZE9yZ2FuaXNhdGllU2VydmVyQ0FHMy5jZXIwKAYIKwYBBQUH
MAGGHGh0dHA6Ly9nM29jc3AubWFuYWdlZHBraS5jb20wHQYDVR0OBBYEFHJ+
P3k2bMVXrjbSxmZwOGSWAjVfMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU
w5qme150K4K2xnL9dE6F0pfN/RgwgbEGA1UdIASBqTCBpjCBmQYKYIQQAYdr
AQIFBjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9jZXJ0aWZpY2FhdC5rcG4u
Y29tL3BraW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBDDEFPcCBkaXQgY2Vy
dGlmaWNhYXQgaXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4gS1BOIHZhbiB0
b2VwYXNzaW5nLjAIBgZngQwBAgIwXgYDVR0fBFcwVTBToFGgT4ZNaHR0cDov
L2NybC5tYW5hZ2VkcGtpLmNvbS9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0
aWVTZXJ2ZXJDQUczL0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAhBgNVHREEGjAYghZzYW1s
LXNpZ24ucHAxLmRpZ2lkLm5sMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkA
dgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWlcY7BfAAAE
AwBHMEUCIHS8iwfnyokm9iKrHAsXAOztVID4iub1P/IVBmXWG0qdAiEAvob7
Kgn6Z/dkVVPshtvU+gzQmFifSQcBIJGctLd34xcAdwBVgdTCFpA2AUrqC5tX
PFPwwOQ4eHAlCBcvo6odBxPTDAAAAWlcY7CMAAAEAwBIMEYCIQDefUQL5r8K
vszl9QjKAnxoCZ+RmzDXOyTzd5IzAqrWmgIhALrSqji+HqnmhWMTSzJrFsxx
vb3007Q75F8YzdP7m0EhAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZk
No4e0YUAAAFpXGOwZAAABAMARzBFAiAci7bLk1gKOxijzNYEHE2AtNq+tiAo
dFpzkfL0A/fNGAIhAJXZUfwrB8+zaCD6Ebvny7V3Qg3fyWP7d2/WBLFEmafv
MA0GCSqGSIb3DQEBCwUAA4ICAQCmt4ZqkWj28RQ2aMw0yAIddJlfEfmHwNdn
eOyrhQM2DW9j0F+x7B5XGhU7mNhUac+yL08QjeCf6pLJSwloMizyGdMKjcv7
t9W3HF4gwv0mFkOw6b1MnbwdbINHoIprKbRXs3Gxt5+WdKdh87byPcAeTW0Z
36gZrVHrAlnCiBaqT1xOlZqFzdF3JGaRx51lDk+Ln2R13JDonjnv4hL70Aln
Gt1eiSxjhyhtcwHNVvMhQ9G+u8ZASwFM1BhZMPEateYI6v0dPaXJSHxzasdB
D1/9V//gmRbHAoRu/KYKKDsK6yhNFx2I1PvsVVC6QTYos7euIbcW+gDcJqQb
m/xyFyKkZd/6SXxQAL123RwOPoOxq5my9tXyfEUeBzWTRcX28KSPXbycTfO4
34UADip/U07mpTGRDwCt0xfvp+zzB99jchEj7CWZqukr0xhbO7F4xDvmW/eU
S9CytBSHTyhlA+3Wepulz1QsqERESi2FvAlVljlDRkZrHLk53m3KJOcPVCwW
5Q2d3JnfPRCrj4L8c7cVA0r4Xdr2pZ5U5plz/LBn9oKqIqU0Pdg2TUvNpxfs
tOiNJIjoMR3VJNprvtvYsLmSb7yD8a9eQ/IjtBd7uzyMS+AbAj8ZpXAlbRtI
ycQjMEBxgk2NQSSQQEIfjk9breWf0nEL+NTkuflHUw7HpDaYrg==
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>saml:Subjectsaml:NameIDs00000000:900181795</saml:NameID><saml:SubjectConfirmation Method=“urn:oasis:names:tc:SAML:2.0:cm:bearer”><saml:SubjectConfirmationData NotOnOrAfter=“2019-08-18T13:32:41Z” Recipient=“<a href=“https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx””>https://www.spx-preprod.nl/deelnemers/digid/SAML/AssertionConsumerService.aspx" InResponseTo=“_0b3cdcb4-0803-4970-982e-72db23ca26a5” /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore=“2019-08-18T13:28:41Z” NotOnOrAfter=“2019-08-18T13:32:41Z”>saml:AudienceRestrictionsaml:Audiencewww.spx-preprod.nl</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant=“2019-08-18T13:30:41Z” SessionIndex=“5e98eca8f157d03e5b62ef4dd83006553436922”><saml:SubjectLocality Address=“31.20.113.75” />saml:AuthnContextsaml:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response></samlp:ArtifactResponse>
12376/34: 18-8-2019 13:30:41: The X.509 certificate with subject name CN=saml-sign.pp1.digid.nl, SERIALNUMBER=00000004166909913000, OU=DigiD, O=Logius, L=Den Haag, S=Zuid-Holland, C=NL and serial number 27647B61A3E440EE31D580F8 is being used to verify the XML signature.
12376/34: 18-8-2019 13:30:41: Verifying the XML signature.
12376/34: 18-8-2019 13:30:41: Exception: ComponentSpace.SAML2.Exceptions.SAMLSignatureException: The XML does not contain a signature.
12376/34: 18-8-2019 13:30:41: at ComponentSpace.SAML2.Utility.XmlSignature.Verify(XmlElement xmlElement, AsymmetricAlgorithm signingKey, ISignedXmlFactory signedXmlFactory, Boolean clone, Boolean declareAllNamespaces)
at ComponentSpace.SAML2.Utility.XmlSignature.Verify(XmlElement xmlElement, AsymmetricAlgorithm signingKey, ISignedXmlFactory signedXmlFactory)
at ComponentSpace.SAML2.Utility.XmlSignature.Verify(XmlElement xmlElement, X509Certificate2 x509Certificate, ISignedXmlFactory signedXmlFactory)
at ComponentSpace.SAML2.Protocols.SAMLMessageSignature.Verify(XmlElement xmlElement, X509Certificate2 x509Certificate)
at ExampleServiceProvider.SAML.AssertionConsumerService.ReceiveSAMLResponse(SAMLResponse& samlResponse, String& relayState) in C:\Users\raas\Documents\OneDrive For Business\OneDrive for Business\Klanten\Stichting Pensioenfonds Xerox\digid_project_FINAL\spx-preprod.nl\SPX-DigiD\SAML\AssertionConsumerService.aspx.cs:line 130
at ExampleServiceProvider.SAML.AssertionConsumerService.ProcessSAMLResponse() in C:\Users\raas\Documents\OneDrive For Business\OneDrive for Business\Klanten\Stichting Pensioenfonds Xerox\digid_project_FINAL\spx-preprod.nl\SPX-DigiD\SAML\AssertionConsumerService.aspx.cs:line 203
at ExampleServiceProvider.SAML.AssertionConsumerService.Page_Load(Object sender, EventArgs e) in C:\Users\raas\Documents\OneDrive For Business\OneDrive for Business\Klanten\Stichting Pensioenfonds Xerox\digid_project_FINAL\spx-preprod.nl\SPX-DigiD\SAML\AssertionConsumerService.aspx.cs:line 226
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.saml_assertionconsumerservice_aspx.ProcessRequest(HttpContext context) in d:\local\Temporary ASP.NET Files\deelnemers_digid\f40fc632\13dbac8d\App_Web_3mc5xrrk.0.cs:line 0
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
at System.Web.HttpApplication.PipelineStepManager.ResumeSteps(Exception error)
at System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr pHandler, RequestNotificationStatus& notificationStatus)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)
at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr rootedObjectsPointer, IntPtr nativeRequestContext, IntPtr moduleData, Int32 flags)

aspx.page: End Load
aspx.page: Begin LoadComplete
aspx.page: End LoadComplete
aspx.page: Begin PreRender
aspx.page: End PreRender
aspx.page: Begin PreRenderComplete
aspx.page: End PreRenderComplete
aspx.page: Begin SaveState
aspx.page: End SaveState
aspx.page: Begin SaveStateComplete
aspx.page: End SaveStateComplete
aspx.page: Begin Render
aspx.page: End Render


The log shows the artifact response twice but it’s only received once corresponding to the one call to ArtifactResolver.SendRequestReceiveResponse that your application makes.

The artifact response in the log is signed. It contains a SAML response that is not signed. However, the SAML assertion in the SAML response is signed.

To verify the SAML assertion signature, you can call SAMLAssertionSignature.Verify. Alternatively, there’s a convenience method, SAMLResponse.GetSignedAssertion(X509Certificate2), which verifies the SAML assertion signature and returns the deserialized SAMLAssertion object if the verification is successful.

[quote]
ComponentSpace - 8/18/2019
The log shows the artifact response twice but it's only received once corresponding to the one call to ArtifactResolver.SendRequestReceiveResponse that your application makes.

The artifact response in the log is signed. It contains a SAML response that is not signed. However, the SAML assertion in the SAML response is signed.

To verify the SAML assertion signature, you can call SAMLAssertionSignature.Verify. Alternatively, there's a convenience method, SAMLResponse.GetSignedAssertion(X509Certificate2), which verifies the SAML assertion signature and returns the deserialized SAMLAssertion object if the verification is successful.
[/quote]

Great! Thanks.

with this method I was able to verify the response and extract the username from the assertion.
Now I'm able to hand it over to my own portal.

Thanks..
(will probably need some help with SLO, but will first look and try)

You’re welcome. Thanks for the update.