Environment
Novell Access Manager 3.1 Windows Novell Identity Server
Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Linux Novell Identity Server
Situation
Troubleshooting SAML issues often requires viewing the contents of an assertion generated by the Identity Provider (IDP) and sent to the Service Provider (SP). The IDP server can be configured for DEBUG log levels and will write the assertion to the catalina.out file on that server. For security purposes, the log files do not contain any values for the attributes being sent within the assertion. The values may be seen by decrypting the traffic on the wire with wireshark and the private key.
However, if the assertion is sent to the SP via the POST binding (frequently used with 3rd party SP servers), the assertion itself will be transmitted vai the browser. If HTTP header plugins are available for the browser, one can view the assertion details using the following approach
However, if the assertion is sent to the SP via the POST binding (frequently used with 3rd party SP servers), the assertion itself will be transmitted vai the browser. If HTTP header plugins are available for the browser, one can view the assertion details using the following approach
Resolution
a) enable HTTP Header debugging on the browser
b) when the assertion is generated, locate the SAMLResponse string. For
example ...
POST /nidp/saml2/spassertion_consumer HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: https://windidp.lab.novell.com:8443/nidp/saml2/idpsend?PID=https://idp126.lab.novell.com:8443/nidp/saml2/metadata&TARGET=http://idpa.kgast.nam.com:8080/nidp/saml2/sso
Accept-Language: en-US,en-IE;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; AskTbFXTV5/5.9.1.14019)
Host: idp126.lab.novell.com:8443
Content-Length: 8118
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: novell_poo_autoplay=1; novell_poo_offset=-3600; __utma=64695856.718819823.1288373736.1288373736.1289923778.2; __utmz=64695856.1288373736.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Referer: https://windidp.lab.novell.com:8443/nidp/saml2/idpsend?PID=https://idp126.lab.novell.com:8443/nidp/saml2/metadata&TARGET=http://idpa.kgast.nam.com:8080/nidp/saml2/sso
Accept-Language: en-US,en-IE;q=0.5
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; AskTbFXTV5/5.9.1.14019)
Host: idp126.lab.novell.com:8443
Content-Length: 8118
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: novell_poo_autoplay=1; novell_poo_offset=-3600; __utma=64695856.718819823.1288373736.1288373736.1289923778.2; __utmz=64695856.1288373736.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
SAMLResponse=PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6%0D%0AcHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRp%0D%0Ab24iIERlc3RpbmF0aW9uPSJodHRwczovL2lkcDEyNi5sYWIubm92ZWxsLmNvbTo4NDQzL25pZHAv%0D%0Ac2FtbDIvc3Bhc3NlcnRpb25fY29uc3VtZXIiIElEPSJpZGJzcE1ocVNpaFl6RjlleC5NQmJhQURM%0D%0AaVliOCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDExOjUxOjA4WiIgVmVyc2lvbj0iMi4wIj48%0D%0Ac2FtbDpJc3N1ZXI%2BaHR0cHM6Ly93aW5kaWRwLmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1s%0D%0AMi9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI%2BPHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBW%0D%0AYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8%2BPC9zYW1s%0D%0AcDpTdGF0dXM%2BPHNhbWw6QXNzZXJ0aW9uIElEPSJpZC5OeTA3LXZlSHVjTTVCLjZPZHU3ekRlWkJV%0D%0AMCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDExOjUxOjA4WiIgVmVyc2lvbj0iMi4wIj48c2Ft%0D%0AbDpJc3N1ZXI%2BaHR0cHM6Ly93aW5kaWRwLmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1sMi9t%0D%0AZXRhZGF0YTwvc2FtbDpJc3N1ZXI%2BPGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53%0D%0AMy5vcmcvMjAwMC8wOS94bWxkc2lnIyI%2BPGRzOlNpZ25lZEluZm8%2BPENhbm9uaWNhbGl6YXRpb25N%0D%0AZXRob2QgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIEFsZ29yaXRo%0D%0AbT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8%2BPGRzOlNpZ25hdHVy%0D%0AZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Et%0D%0Ac2hhMSIvPjxkczpSZWZlcmVuY2UgVVJJPSIjaWQuTnkwNy12ZUh1Y001Qi42T2R1N3pEZVpCVTAi%0D%0APjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9y%0D%0AZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxn%0D%0Ab3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRy%0D%0AYW5zZm9ybXM%2BPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIw%0D%0AMDAvMDkveG1sZHNpZyNzaGExIi8%2BPERpZ2VzdFZhbHVlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9y%0D%0AZy8yMDAwLzA5L3htbGRzaWcjIj52eWtjNGYvTU96RUV5d0hoQlduVzZQRlNIaEE9PC9EaWdlc3RW%0D%0AYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8%2BPFNpZ25hdHVyZVZhbHVlIHhtbG5z%0D%0APSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCnVYL0hsNnM4RkFjUWNQaVlF%0D%0AS21PSXNMSGRlVWFxNExsdjRzUW9zK1Q1ckZGVlFiZWNXY0ZFRW9UdGxqOXFQdkM3K2NRTGZHYmRU%0D%0ASXENClFlMjdUWjJ5WWpCR005OWl1dVl6dUFmV3AyRFZLRjZLaG5Hay8xdG00RjJLTGRCWTVGUWRr%0D%0ANUJIb2R5QnFpVTlZQjlWYTVjUmxqQ3gNCkJFWndZZWU2eHhLdHZWYzZJcG89DQo8L1NpZ25hdHVy%0D%0AZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPg0KTUlJ%0D%0ARTNqQ0NBOGFnQXdJQkFnSWtBaHdSLzZUVkJYRktraDd4N1ZGekJhUDYyNVRZeGN2bnFVV3Q5Witl%0D%0AQWdJUGl4N3RNQTBHQ1NxRw0KU0liM0RRRUJCUVVBTURZeEdqQVlCZ05WQkFzVEVVOXlaMkZ1YVhw%0D%0AaGRHbHZibUZzSUVOQk1SZ3dGZ1lEVlFRS0ZBOXZjbU5vWDJodg0KYzNRelgzUnlaV1V3SGhjTk1U%0D%0AQXhNREk0TVRFek9UQXdXaGNOTVRNeE1ESTRNVEl6T1RBd1dqQnJNUmt3RndZRFZRUURGQkFxTG14%0D%0AaA0KWWk1dWIzWmxiR3d1WTI5dE1Rd3dDZ1lEVlFRTEV3Tk9WRk14RHpBTkJnTlZCQW9UQms1dmRt%0D%0AVnNiREVSTUE4R0ExVUVCeE1JVFdGcw0KWVdocFpHVXhEekFOQmdOVkJBZ1RCa1IxWW14cGJqRUxN%0D%0AQWtHQTFVRUJoTUNTVVV3Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQQ0KTUlHSkFvR0JBTUdR%0D%0ANXFmQ0ludUxFT0xtZkZZbGp6bmFuZWRiMkJJb1VBZVFickdyRDZPNHR2RkIxZGt1cCtmMWFvc1RL%0D%0ARW9NVXduRQ0KZ1ZTT2h3R25BZzNueHBpUnE0UDFJWVZ5U1hWTlpzSlU0UUdKNS8ySmFmdTE4bUR1%0D%0Aa0FwWU5pOXhxZkxBS28zUTBmM05vdXlpVW50Nw0KTWNYaXJNUzY2dGVpemdBdzduU2xKMWRwTlhv%0D%0AOUFnTUJBQUdqZ2dJaE1JSUNIVEFkQmdOVkhRNEVGZ1FVMTRwMjBoZGlGZVQyVW1VbQ0KaDlDY2FV%0D%0ASzJpRll3SHdZRFZSMGpCQmd3Rm9BVUovMk80TWxRUUVrSEFSMldYMG5wdnI3Z1pZc3dDd1lEVlIw%0D%0AUEJBUURBZ1N3TUlJQg0KekFZTFlJWklBWWI0TndFSkJBRUVnZ0c3TUlJQnR3UUNBUUFCQWY4VEhV%0D%0ANXZkbVZzYkNCVFpXTjFjbWwwZVNCQmRIUnlhV0oxZEdVbw0KZEcwcEZrTm9kSFJ3T2k4dlpHVjJa%0D%0AV3h2Y0dWeUxtNXZkbVZzYkM1amIyMHZjbVZ3YjNOcGRHOXllUzloZEhSeWFXSjFkR1Z6TDJObA0K%0D%0AY25SaGRIUnljMTkyTVRBdWFIUnRNSUlCU0tBYUFRRUFNQWd3QmdJQkFRSUJSakFJTUFZQ0FRRUNB%0D%0AUW9DQVdtaEdnRUJBREFJTUFZQw0KQVFFQ0FRQXdDREFHQWdFQkFnRUFBZ0VBb2dZQ0FSY0JBZitq%0D%0AZ2dFRW9GZ0NBUUlDQWdEL0FnRUFBdzBBZ0FBQUFBQUFBQUFBQUFBQQ0KQXdrQWdBQUFBQUFBQUFB%0D%0Ad0dEQVFBZ0VBQWdoLy8vLy8vLy8vL3dFQkFBSUVCdkRmU0RBWU1CQUNBUUFDQ0gvLy8vLy8vLy8v%0D%0AQVFFQQ0KQWdRRzhOOUlvVmdDQVFJQ0FnRC9BZ0VBQXcwQVFBQUFBQUFBQUFBQUFBQUFBd2tBUUFB%0D%0AQUFBQUFBQUF3R0RBUUFnRUFBZ2gvLy8vLw0KLy8vLy93RUJBQUlFRWYrazFUQVlNQkFDQVFBQ0NI%0D%0ALy8vLy8vLy8vL0FRRUFBZ1FSLzZUVm9rNHdUQUlCQWdJQkFBSUNBUDhERFFDQQ0KQUFBQUFBQUFB%0D%0AQUFBQUFBRENRQ0FBQUFBQUFBQUFEQVNNQkFDQVFBQ0NILy8vLy8vLy8vL0FRRUFNQkl3RUFJQkFB%0D%0ASUlmLy8vLy8vLw0KLy84QkFRQXdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRmx5bko3VitHeGVy%0D%0AZUZOMFlVdTB3a3phK0RmdEcxWUQrV3lCVWxtVWRhVg0KaGw2SlEvWjB1cGM1NFBvSTlUQVQyVEhH%0D%0AZWJsT2UzMDJlU2JwRHZQWVBpQS8yNE9XRUF1SytVb3pYOUQ5ZzhENGJOdDd6YW8xNCtvSA0KMmVQ%0D%0AM2ZZSnJVeG5XeW05RDRuM1FHZGtxMmdKWmdPQmtXN0NSd2U1Y3ltZSs3enRkQkxXRHF5VjZUK1RY%0D%0AT1k0S0U5WS8wcjJScWd0Qw0KTW9EMXdYQWkyMm0wbDdPZko2TnQya3gvV0l3cWFIZlVmbzlFMkJn%0D%0ANmwwSGpjZ2ppZG1TUUdwdW1KSjc0aThEd1ZzaUs0TVVTOWo5Lw0KOE44NnlJZzVKbjNrUWY0UTdy%0D%0ARDRVamV1MWZMbGZBaWozUjFsTytHaUFTRHZEV3prd0lnMEdhSkZRVDQwc0hEZHIzWEZZYmc9DQo8%0D%0AL2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25h%0D%0AdHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0%0D%0AYzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIiBOYW1lUXVhbGlmaWVyPSJodHRw%0D%0AczovL3dpbmRpZHAubGFiLm5vdmVsbC5jb206ODQ0My9uaWRwL3NhbWwyL21ldGFkYXRhIiBTUE5h%0D%0AbWVRdWFsaWZpZXI9Imh0dHBzOi8vaWRwMTI2LmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1s%0D%0AMi9tZXRhZGF0YSI%2BbmNhc2hlbGw8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRp%0D%0Ab24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpT%0D%0AdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMThUMTE6NTY6MDda%0D%0AIiBSZWNpcGllbnQ9Imh0dHBzOi8vaWRwMTI2LmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1s%0D%0AMi9zcGFzc2VydGlvbl9jb25zdW1lciIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2Ft%0D%0AbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDEwLTExLTE4VDExOjQ2OjA4%0D%0AWiIgTm90T25PckFmdGVyPSIyMDEwLTExLTE4VDExOjU2OjA4WiI%2BPHNhbWw6QXVkaWVuY2VSZXN0%0D%0AcmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL2lkcDEyNi5sYWIubm92ZWxsLmNvbTo4NDQz%0D%0AL25pZHAvc2FtbDIvbWV0YWRhdGE8L3NhbWw6QXVkaWVuY2U%2BPC9zYW1sOkF1ZGllbmNlUmVzdHJp%0D%0AY3Rpb24%2BPC9zYW1sOkNvbmRpdGlvbnM%2BPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50%0D%0APSIyMDEwLTExLTE4VDExOjUxOjA3WiIgU2Vzc2lvbkluZGV4PSJpZC5OeTA3LXZlSHVjTTVCLjZP%0D%0AZHU3ekRlWkJVMCI%2BPHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVm%0D%0APnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVk%0D%0AVHJhbnNwb3J0PC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjxzYW1sOkF1dGhuQ29udGV4dERl%0D%0AY2xSZWY%2Bc2VjdXJlL25hbWUvcGFzc3dvcmQvdXJpPC9zYW1sOkF1dGhuQ29udGV4dERlY2xSZWY%2B%0D%0APC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ%2BPHNhbWw6QXR0cmlidXRl%0D%0AU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSB4bWxuczp4c2Q9Imh0dHA6Ly93d3cudzMub3JnLzIw%0D%0AMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1h%0D%0ALWluc3RhbmNlIiBOYW1lPSIvVXNlckF0dHJpYnV0ZVtAbGRhcDp0YXJnZXRBdHRyaWJ1dGU9JnF1%0D%0Ab3Q7Y24mcXVvdDtdIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0%0D%0Acm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0i%0D%0AeHNkOnN0cmluZyI%2BbmNhc2hlbGw8L3NhbWw6QXR0cmlidXRlVmFsdWU%2BPC9zYW1sOkF0dHJpYnV0%0D%0AZT48c2FtbDpBdHRyaWJ1dGUgeG1sbnM6eHNkPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNj%0D%0AaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5j%0D%0AZSIgTmFtZT0ibGRhcG1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIu%0D%0AMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4%0D%0Ac2Q6c3RyaW5nIj5uY2FzaGVsbEBub3ZlbGwuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2Ft%0D%0AbDpBdHRyaWJ1dGU%2BPHNhbWw6QXR0cmlidXRlIHhtbG5zOnhzZD0iaHR0cDovL3d3dy53My5vcmcv%0D%0AMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hl%0D%0AbWEtaW5zdGFuY2UiIE5hbWU9InJvbGVzIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6%0D%0AU0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6%0D%0AdHlwZT0ieHNkOnN0cmluZyI%2BYXV0aGVudGljYXRlZDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3Nh%0D%0AbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ%2BPC9zYW1sOkFzc2VydGlvbj48%0D%0AL3NhbWxwOlJlc3BvbnNlPg%3D%3D&RelayState=http%3A%2F%2Fidpa.kgast.nam.com%3A8080%2Fnidp%2Fsaml2%2Fsso
c) take the SAMLResponse string and URL decode it (all POSTs are initially
URL encoded and then base64 encoded). The above string URL decoded (using tool
at http://meyerweb.com/eric/tools/dencoder/)
will show
PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6
cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRp
b24iIERlc3RpbmF0aW9uPSJodHRwczovL2lkcDEyNi5sYWIubm92ZWxsLmNvbTo4NDQzL25pZHAv
c2FtbDIvc3Bhc3NlcnRpb25fY29uc3VtZXIiIElEPSJpZGJzcE1ocVNpaFl6RjlleC5NQmJhQURM
aVliOCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDExOjUxOjA4WiIgVmVyc2lvbj0iMi4wIj48
c2FtbDpJc3N1ZXI+aHR0cHM6Ly93aW5kaWRwLmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1s
Mi9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBW
YWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1s
cDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIElEPSJpZC5OeTA3LXZlSHVjTTVCLjZPZHU3ekRlWkJV
MCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDExOjUxOjA4WiIgVmVyc2lvbj0iMi4wIj48c2Ft
bDpJc3N1ZXI+aHR0cHM6Ly93aW5kaWRwLmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1sMi9t
ZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53
My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25N
ZXRob2QgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIEFsZ29yaXRo
bT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PGRzOlNpZ25hdHVy
ZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Et
c2hhMSIvPjxkczpSZWZlcmVuY2UgVVJJPSIjaWQuTnkwNy12ZUh1Y001Qi42T2R1N3pEZVpCVTAi
PjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9y
Zy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxn
b3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRy
YW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIw
MDAvMDkveG1sZHNpZyNzaGExIi8+PERpZ2VzdFZhbHVlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9y
Zy8yMDAwLzA5L3htbGRzaWcjIj52eWtjNGYvTU96RUV5d0hoQlduVzZQRlNIaEE9PC9EaWdlc3RW
YWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlIHhtbG5z
PSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCnVYL0hsNnM4RkFjUWNQaVlF
S21PSXNMSGRlVWFxNExsdjRzUW9zK1Q1ckZGVlFiZWNXY0ZFRW9UdGxqOXFQdkM3K2NRTGZHYmRU
SXENClFlMjdUWjJ5WWpCR005OWl1dVl6dUFmV3AyRFZLRjZLaG5Hay8xdG00RjJLTGRCWTVGUWRr
NUJIb2R5QnFpVTlZQjlWYTVjUmxqQ3gNCkJFWndZZWU2eHhLdHZWYzZJcG89DQo8L1NpZ25hdHVy
ZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPg0KTUlJ
RTNqQ0NBOGFnQXdJQkFnSWtBaHdSLzZUVkJYRktraDd4N1ZGekJhUDYyNVRZeGN2bnFVV3Q5Witl
QWdJUGl4N3RNQTBHQ1NxRw0KU0liM0RRRUJCUVVBTURZeEdqQVlCZ05WQkFzVEVVOXlaMkZ1YVhw
aGRHbHZibUZzSUVOQk1SZ3dGZ1lEVlFRS0ZBOXZjbU5vWDJodg0KYzNRelgzUnlaV1V3SGhjTk1U
QXhNREk0TVRFek9UQXdXaGNOTVRNeE1ESTRNVEl6T1RBd1dqQnJNUmt3RndZRFZRUURGQkFxTG14
aA0KWWk1dWIzWmxiR3d1WTI5dE1Rd3dDZ1lEVlFRTEV3Tk9WRk14RHpBTkJnTlZCQW9UQms1dmRt
VnNiREVSTUE4R0ExVUVCeE1JVFdGcw0KWVdocFpHVXhEekFOQmdOVkJBZ1RCa1IxWW14cGJqRUxN
QWtHQTFVRUJoTUNTVVV3Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQQ0KTUlHSkFvR0JBTUdR
NXFmQ0ludUxFT0xtZkZZbGp6bmFuZWRiMkJJb1VBZVFickdyRDZPNHR2RkIxZGt1cCtmMWFvc1RL
RW9NVXduRQ0KZ1ZTT2h3R25BZzNueHBpUnE0UDFJWVZ5U1hWTlpzSlU0UUdKNS8ySmFmdTE4bUR1
a0FwWU5pOXhxZkxBS28zUTBmM05vdXlpVW50Nw0KTWNYaXJNUzY2dGVpemdBdzduU2xKMWRwTlhv
OUFnTUJBQUdqZ2dJaE1JSUNIVEFkQmdOVkhRNEVGZ1FVMTRwMjBoZGlGZVQyVW1VbQ0KaDlDY2FV
SzJpRll3SHdZRFZSMGpCQmd3Rm9BVUovMk80TWxRUUVrSEFSMldYMG5wdnI3Z1pZc3dDd1lEVlIw
UEJBUURBZ1N3TUlJQg0KekFZTFlJWklBWWI0TndFSkJBRUVnZ0c3TUlJQnR3UUNBUUFCQWY4VEhV
NXZkbVZzYkNCVFpXTjFjbWwwZVNCQmRIUnlhV0oxZEdVbw0KZEcwcEZrTm9kSFJ3T2k4dlpHVjJa
V3h2Y0dWeUxtNXZkbVZzYkM1amIyMHZjbVZ3YjNOcGRHOXllUzloZEhSeWFXSjFkR1Z6TDJObA0K
Y25SaGRIUnljMTkyTVRBdWFIUnRNSUlCU0tBYUFRRUFNQWd3QmdJQkFRSUJSakFJTUFZQ0FRRUNB
UW9DQVdtaEdnRUJBREFJTUFZQw0KQVFFQ0FRQXdDREFHQWdFQkFnRUFBZ0VBb2dZQ0FSY0JBZitq
Z2dFRW9GZ0NBUUlDQWdEL0FnRUFBdzBBZ0FBQUFBQUFBQUFBQUFBQQ0KQXdrQWdBQUFBQUFBQUFB
d0dEQVFBZ0VBQWdoLy8vLy8vLy8vL3dFQkFBSUVCdkRmU0RBWU1CQUNBUUFDQ0gvLy8vLy8vLy8v
QVFFQQ0KQWdRRzhOOUlvVmdDQVFJQ0FnRC9BZ0VBQXcwQVFBQUFBQUFBQUFBQUFBQUFBd2tBUUFB
QUFBQUFBQUF3R0RBUUFnRUFBZ2gvLy8vLw0KLy8vLy93RUJBQUlFRWYrazFUQVlNQkFDQVFBQ0NI
Ly8vLy8vLy8vL0FRRUFBZ1FSLzZUVm9rNHdUQUlCQWdJQkFBSUNBUDhERFFDQQ0KQUFBQUFBQUFB
QUFBQUFBRENRQ0FBQUFBQUFBQUFEQVNNQkFDQVFBQ0NILy8vLy8vLy8vL0FRRUFNQkl3RUFJQkFB
SUlmLy8vLy8vLw0KLy84QkFRQXdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRmx5bko3VitHeGVy
ZUZOMFlVdTB3a3phK0RmdEcxWUQrV3lCVWxtVWRhVg0KaGw2SlEvWjB1cGM1NFBvSTlUQVQyVEhH
ZWJsT2UzMDJlU2JwRHZQWVBpQS8yNE9XRUF1SytVb3pYOUQ5ZzhENGJOdDd6YW8xNCtvSA0KMmVQ
M2ZZSnJVeG5XeW05RDRuM1FHZGtxMmdKWmdPQmtXN0NSd2U1Y3ltZSs3enRkQkxXRHF5VjZUK1RY
T1k0S0U5WS8wcjJScWd0Qw0KTW9EMXdYQWkyMm0wbDdPZko2TnQya3gvV0l3cWFIZlVmbzlFMkJn
NmwwSGpjZ2ppZG1TUUdwdW1KSjc0aThEd1ZzaUs0TVVTOWo5Lw0KOE44NnlJZzVKbjNrUWY0UTdy
RDRVamV1MWZMbGZBaWozUjFsTytHaUFTRHZEV3prd0lnMEdhSkZRVDQwc0hEZHIzWEZZYmc9DQo8
L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25h
dHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0
YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIiBOYW1lUXVhbGlmaWVyPSJodHRw
czovL3dpbmRpZHAubGFiLm5vdmVsbC5jb206ODQ0My9uaWRwL3NhbWwyL21ldGFkYXRhIiBTUE5h
bWVRdWFsaWZpZXI9Imh0dHBzOi8vaWRwMTI2LmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1s
Mi9tZXRhZGF0YSI+bmNhc2hlbGw8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRp
b24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpT
dWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMThUMTE6NTY6MDda
IiBSZWNpcGllbnQ9Imh0dHBzOi8vaWRwMTI2LmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1s
Mi9zcGFzc2VydGlvbl9jb25zdW1lciIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2Ft
bDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDEwLTExLTE4VDExOjQ2OjA4
WiIgTm90T25PckFmdGVyPSIyMDEwLTExLTE4VDExOjU2OjA4WiI+PHNhbWw6QXVkaWVuY2VSZXN0
cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL2lkcDEyNi5sYWIubm92ZWxsLmNvbTo4NDQz
L25pZHAvc2FtbDIvbWV0YWRhdGE8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJp
Y3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50
PSIyMDEwLTExLTE4VDExOjUxOjA3WiIgU2Vzc2lvbkluZGV4PSJpZC5OeTA3LXZlSHVjTTVCLjZP
ZHU3ekRlWkJVMCI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVm
PnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVk
VHJhbnNwb3J0PC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjxzYW1sOkF1dGhuQ29udGV4dERl
Y2xSZWY+c2VjdXJlL25hbWUvcGFzc3dvcmQvdXJpPC9zYW1sOkF1dGhuQ29udGV4dERlY2xSZWY+
PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRl
U3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSB4bWxuczp4c2Q9Imh0dHA6Ly93d3cudzMub3JnLzIw
MDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1h
LWluc3RhbmNlIiBOYW1lPSIvVXNlckF0dHJpYnV0ZVtAbGRhcDp0YXJnZXRBdHRyaWJ1dGU9JnF1
b3Q7Y24mcXVvdDtdIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0
cm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0i
eHNkOnN0cmluZyI+bmNhc2hlbGw8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0
ZT48c2FtbDpBdHRyaWJ1dGUgeG1sbnM6eHNkPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNj
aGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5j
ZSIgTmFtZT0ibGRhcG1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIu
MDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4
c2Q6c3RyaW5nIj5uY2FzaGVsbEBub3ZlbGwuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2Ft
bDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIHhtbG5zOnhzZD0iaHR0cDovL3d3dy53My5vcmcv
MjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hl
bWEtaW5zdGFuY2UiIE5hbWU9InJvbGVzIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6
U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6
dHlwZT0ieHNkOnN0cmluZyI+YXV0aGVudGljYXRlZDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3Nh
bWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48
L3NhbWxwOlJlc3BvbnNlPg==
cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRp
b24iIERlc3RpbmF0aW9uPSJodHRwczovL2lkcDEyNi5sYWIubm92ZWxsLmNvbTo4NDQzL25pZHAv
c2FtbDIvc3Bhc3NlcnRpb25fY29uc3VtZXIiIElEPSJpZGJzcE1ocVNpaFl6RjlleC5NQmJhQURM
aVliOCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDExOjUxOjA4WiIgVmVyc2lvbj0iMi4wIj48
c2FtbDpJc3N1ZXI+aHR0cHM6Ly93aW5kaWRwLmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1s
Mi9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBW
YWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1s
cDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIElEPSJpZC5OeTA3LXZlSHVjTTVCLjZPZHU3ekRlWkJV
MCIgSXNzdWVJbnN0YW50PSIyMDEwLTExLTE4VDExOjUxOjA4WiIgVmVyc2lvbj0iMi4wIj48c2Ft
bDpJc3N1ZXI+aHR0cHM6Ly93aW5kaWRwLmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1sMi9t
ZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53
My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlNpZ25lZEluZm8+PENhbm9uaWNhbGl6YXRpb25N
ZXRob2QgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIEFsZ29yaXRo
bT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PGRzOlNpZ25hdHVy
ZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Et
c2hhMSIvPjxkczpSZWZlcmVuY2UgVVJJPSIjaWQuTnkwNy12ZUh1Y001Qi42T2R1N3pEZVpCVTAi
PjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9y
Zy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxn
b3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRy
YW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIw
MDAvMDkveG1sZHNpZyNzaGExIi8+PERpZ2VzdFZhbHVlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9y
Zy8yMDAwLzA5L3htbGRzaWcjIj52eWtjNGYvTU96RUV5d0hoQlduVzZQRlNIaEE9PC9EaWdlc3RW
YWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PFNpZ25hdHVyZVZhbHVlIHhtbG5z
PSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCnVYL0hsNnM4RkFjUWNQaVlF
S21PSXNMSGRlVWFxNExsdjRzUW9zK1Q1ckZGVlFiZWNXY0ZFRW9UdGxqOXFQdkM3K2NRTGZHYmRU
SXENClFlMjdUWjJ5WWpCR005OWl1dVl6dUFmV3AyRFZLRjZLaG5Hay8xdG00RjJLTGRCWTVGUWRr
NUJIb2R5QnFpVTlZQjlWYTVjUmxqQ3gNCkJFWndZZWU2eHhLdHZWYzZJcG89DQo8L1NpZ25hdHVy
ZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPg0KTUlJ
RTNqQ0NBOGFnQXdJQkFnSWtBaHdSLzZUVkJYRktraDd4N1ZGekJhUDYyNVRZeGN2bnFVV3Q5Witl
QWdJUGl4N3RNQTBHQ1NxRw0KU0liM0RRRUJCUVVBTURZeEdqQVlCZ05WQkFzVEVVOXlaMkZ1YVhw
aGRHbHZibUZzSUVOQk1SZ3dGZ1lEVlFRS0ZBOXZjbU5vWDJodg0KYzNRelgzUnlaV1V3SGhjTk1U
QXhNREk0TVRFek9UQXdXaGNOTVRNeE1ESTRNVEl6T1RBd1dqQnJNUmt3RndZRFZRUURGQkFxTG14
aA0KWWk1dWIzWmxiR3d1WTI5dE1Rd3dDZ1lEVlFRTEV3Tk9WRk14RHpBTkJnTlZCQW9UQms1dmRt
VnNiREVSTUE4R0ExVUVCeE1JVFdGcw0KWVdocFpHVXhEekFOQmdOVkJBZ1RCa1IxWW14cGJqRUxN
QWtHQTFVRUJoTUNTVVV3Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQQ0KTUlHSkFvR0JBTUdR
NXFmQ0ludUxFT0xtZkZZbGp6bmFuZWRiMkJJb1VBZVFickdyRDZPNHR2RkIxZGt1cCtmMWFvc1RL
RW9NVXduRQ0KZ1ZTT2h3R25BZzNueHBpUnE0UDFJWVZ5U1hWTlpzSlU0UUdKNS8ySmFmdTE4bUR1
a0FwWU5pOXhxZkxBS28zUTBmM05vdXlpVW50Nw0KTWNYaXJNUzY2dGVpemdBdzduU2xKMWRwTlhv
OUFnTUJBQUdqZ2dJaE1JSUNIVEFkQmdOVkhRNEVGZ1FVMTRwMjBoZGlGZVQyVW1VbQ0KaDlDY2FV
SzJpRll3SHdZRFZSMGpCQmd3Rm9BVUovMk80TWxRUUVrSEFSMldYMG5wdnI3Z1pZc3dDd1lEVlIw
UEJBUURBZ1N3TUlJQg0KekFZTFlJWklBWWI0TndFSkJBRUVnZ0c3TUlJQnR3UUNBUUFCQWY4VEhV
NXZkbVZzYkNCVFpXTjFjbWwwZVNCQmRIUnlhV0oxZEdVbw0KZEcwcEZrTm9kSFJ3T2k4dlpHVjJa
V3h2Y0dWeUxtNXZkbVZzYkM1amIyMHZjbVZ3YjNOcGRHOXllUzloZEhSeWFXSjFkR1Z6TDJObA0K
Y25SaGRIUnljMTkyTVRBdWFIUnRNSUlCU0tBYUFRRUFNQWd3QmdJQkFRSUJSakFJTUFZQ0FRRUNB
UW9DQVdtaEdnRUJBREFJTUFZQw0KQVFFQ0FRQXdDREFHQWdFQkFnRUFBZ0VBb2dZQ0FSY0JBZitq
Z2dFRW9GZ0NBUUlDQWdEL0FnRUFBdzBBZ0FBQUFBQUFBQUFBQUFBQQ0KQXdrQWdBQUFBQUFBQUFB
d0dEQVFBZ0VBQWdoLy8vLy8vLy8vL3dFQkFBSUVCdkRmU0RBWU1CQUNBUUFDQ0gvLy8vLy8vLy8v
QVFFQQ0KQWdRRzhOOUlvVmdDQVFJQ0FnRC9BZ0VBQXcwQVFBQUFBQUFBQUFBQUFBQUFBd2tBUUFB
QUFBQUFBQUF3R0RBUUFnRUFBZ2gvLy8vLw0KLy8vLy93RUJBQUlFRWYrazFUQVlNQkFDQVFBQ0NI
Ly8vLy8vLy8vL0FRRUFBZ1FSLzZUVm9rNHdUQUlCQWdJQkFBSUNBUDhERFFDQQ0KQUFBQUFBQUFB
QUFBQUFBRENRQ0FBQUFBQUFBQUFEQVNNQkFDQVFBQ0NILy8vLy8vLy8vL0FRRUFNQkl3RUFJQkFB
SUlmLy8vLy8vLw0KLy84QkFRQXdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRmx5bko3VitHeGVy
ZUZOMFlVdTB3a3phK0RmdEcxWUQrV3lCVWxtVWRhVg0KaGw2SlEvWjB1cGM1NFBvSTlUQVQyVEhH
ZWJsT2UzMDJlU2JwRHZQWVBpQS8yNE9XRUF1SytVb3pYOUQ5ZzhENGJOdDd6YW8xNCtvSA0KMmVQ
M2ZZSnJVeG5XeW05RDRuM1FHZGtxMmdKWmdPQmtXN0NSd2U1Y3ltZSs3enRkQkxXRHF5VjZUK1RY
T1k0S0U5WS8wcjJScWd0Qw0KTW9EMXdYQWkyMm0wbDdPZko2TnQya3gvV0l3cWFIZlVmbzlFMkJn
NmwwSGpjZ2ppZG1TUUdwdW1KSjc0aThEd1ZzaUs0TVVTOWo5Lw0KOE44NnlJZzVKbjNrUWY0UTdy
RDRVamV1MWZMbGZBaWozUjFsTytHaUFTRHZEV3prd0lnMEdhSkZRVDQwc0hEZHIzWEZZYmc9DQo8
L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25h
dHVyZT48c2FtbDpTdWJqZWN0PjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0
YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIiBOYW1lUXVhbGlmaWVyPSJodHRw
czovL3dpbmRpZHAubGFiLm5vdmVsbC5jb206ODQ0My9uaWRwL3NhbWwyL21ldGFkYXRhIiBTUE5h
bWVRdWFsaWZpZXI9Imh0dHBzOi8vaWRwMTI2LmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1s
Mi9tZXRhZGF0YSI+bmNhc2hlbGw8L3NhbWw6TmFtZUlEPjxzYW1sOlN1YmplY3RDb25maXJtYXRp
b24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpT
dWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMTAtMTEtMThUMTE6NTY6MDda
IiBSZWNpcGllbnQ9Imh0dHBzOi8vaWRwMTI2LmxhYi5ub3ZlbGwuY29tOjg0NDMvbmlkcC9zYW1s
Mi9zcGFzc2VydGlvbl9jb25zdW1lciIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjwvc2Ft
bDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDEwLTExLTE4VDExOjQ2OjA4
WiIgTm90T25PckFmdGVyPSIyMDEwLTExLTE4VDExOjU2OjA4WiI+PHNhbWw6QXVkaWVuY2VSZXN0
cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL2lkcDEyNi5sYWIubm92ZWxsLmNvbTo4NDQz
L25pZHAvc2FtbDIvbWV0YWRhdGE8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJp
Y3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50
PSIyMDEwLTExLTE4VDExOjUxOjA3WiIgU2Vzc2lvbkluZGV4PSJpZC5OeTA3LXZlSHVjTTVCLjZP
ZHU3ekRlWkJVMCI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVm
PnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVk
VHJhbnNwb3J0PC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjxzYW1sOkF1dGhuQ29udGV4dERl
Y2xSZWY+c2VjdXJlL25hbWUvcGFzc3dvcmQvdXJpPC9zYW1sOkF1dGhuQ29udGV4dERlY2xSZWY+
PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PHNhbWw6QXR0cmlidXRl
U3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZSB4bWxuczp4c2Q9Imh0dHA6Ly93d3cudzMub3JnLzIw
MDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1h
LWluc3RhbmNlIiBOYW1lPSIvVXNlckF0dHJpYnV0ZVtAbGRhcDp0YXJnZXRBdHRyaWJ1dGU9JnF1
b3Q7Y24mcXVvdDtdIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0
cm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0i
eHNkOnN0cmluZyI+bmNhc2hlbGw8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0
ZT48c2FtbDpBdHRyaWJ1dGUgeG1sbnM6eHNkPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNj
aGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5j
ZSIgTmFtZT0ibGRhcG1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIu
MDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4
c2Q6c3RyaW5nIj5uY2FzaGVsbEBub3ZlbGwuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2Ft
bDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIHhtbG5zOnhzZD0iaHR0cDovL3d3dy53My5vcmcv
MjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hl
bWEtaW5zdGFuY2UiIE5hbWU9InJvbGVzIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6
U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6
dHlwZT0ieHNkOnN0cmluZyI+YXV0aGVudGljYXRlZDwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3Nh
bWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48
L3NhbWxwOlJlc3BvbnNlPg==
d) Using the above string, base64 decode it ... for example, using tool at http://www.motobit.com/util/base64-decoder-encoder.asp,
I get
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://idp126.lab.novell.com:8443/nidp/saml2/spassertion_consumer"
ID="idbspMhqSihYzF9ex.MBbaADLiYb8" IssueInstant="2010-11-18T11:51:08Z"
Version="2.0"><saml:Issuer>https://windidp.lab.novell.com:8443/nidp/saml2/metadata</saml:Issuer><samlp:Status><samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion
ID="id.Ny07-veHucM5B.6Odu7zDeZBU0" IssueInstant="2010-11-18T11:51:08Z"
Version="2.0"><saml:Issuer>https://windidp.lab.novell.com:8443/nidp/saml2/metadata</saml:Issuer><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><CanonicalizationMethod
xmlns="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI="#id.Ny07-veHucM5B.6Odu7zDeZBU0"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue
xmlns="http://www.w3.org/2000/09/xmldsig#">vykc4f/MOzEEywHhBWnW6PFSHhA=</DigestValue></ds:Reference></ds:SignedInfo><SignatureValue
xmlns="http://www.w3.org/2000/09/xmldsig#">
uX/Hl6s8FAcQcPiYEKmOIsLHdeUaq4Llv4sQos+T5rFFVQbecWcFEEoTtlj9qPvC7+cQLfGbdTIq
Qe27TZ2yYjBGM99iuuYzuAfWp2DVKF6KhnGk/1tm4F2KLdBY5FQdk5BHodyBqiU9YB9Va5cRljCx
BEZwYee6xxKtvVc6Ipo=
</SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>
MIIE3jCCA8agAwIBAgIkAhwR/6TVBXFKkh7x7VFzBaP625TYxcvnqUWt9Z+eAgIPix7tMA0GCSqG
SIb3DQEBBQUAMDYxGjAYBgNVBAsTEU9yZ2FuaXphdGlvbmFsIENBMRgwFgYDVQQKFA9vcmNoX2hv
c3QzX3RyZWUwHhcNMTAxMDI4MTEzOTAwWhcNMTMxMDI4MTIzOTAwWjBrMRkwFwYDVQQDFBAqLmxh
Yi5ub3ZlbGwuY29tMQwwCgYDVQQLEwNOVFMxDzANBgNVBAoTBk5vdmVsbDERMA8GA1UEBxMITWFs
YWhpZGUxDzANBgNVBAgTBkR1YmxpbjELMAkGA1UEBhMCSUUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAMGQ5qfCInuLEOLmfFYljznanedb2BIoUAeQbrGrD6O4tvFB1dkup+f1aosTKEoMUwnE
gVSOhwGnAg3nxpiRq4P1IYVySXVNZsJU4QGJ5/2Jafu18mDukApYNi9xqfLAKo3Q0f3NouyiUnt7
McXirMS66teizgAw7nSlJ1dpNXo9AgMBAAGjggIhMIICHTAdBgNVHQ4EFgQU14p20hdiFeT2UmUm
h9CcaUK2iFYwHwYDVR0jBBgwFoAUJ/2O4MlQQEkHAR2WX0npvr7gZYswCwYDVR0PBAQDAgSwMIIB
zAYLYIZIAYb4NwEJBAEEggG7MIIBtwQCAQABAf8THU5vdmVsbCBTZWN1cml0eSBBdHRyaWJ1dGUo
dG0pFkNodHRwOi8vZGV2ZWxvcGVyLm5vdmVsbC5jb20vcmVwb3NpdG9yeS9hdHRyaWJ1dGVzL2Nl
cnRhdHRyc192MTAuaHRtMIIBSKAaAQEAMAgwBgIBAQIBRjAIMAYCAQECAQoCAWmhGgEBADAIMAYC
AQECAQAwCDAGAgEBAgEAAgEAogYCARcBAf+jggEEoFgCAQICAgD/AgEAAw0AgAAAAAAAAAAAAAAA
AwkAgAAAAAAAAAAwGDAQAgEAAgh//////////wEBAAIEBvDfSDAYMBACAQACCH//////////AQEA
AgQG8N9IoVgCAQICAgD/AgEAAw0AQAAAAAAAAAAAAAAAAwkAQAAAAAAAAAAwGDAQAgEAAgh/////
/////wEBAAIEEf+k1TAYMBACAQACCH//////////AQEAAgQR/6TVok4wTAIBAgIBAAICAP8DDQCA
AAAAAAAAAAAAAAADCQCAAAAAAAAAADASMBACAQACCH//////////AQEAMBIwEAIBAAIIf///////
//8BAQAwDQYJKoZIhvcNAQEFBQADggEBAFlynJ7V+GxereFN0YUu0wkza+DftG1YD+WyBUlmUdaV
hl6JQ/Z0upc54PoI9TAT2THGeblOe302eSbpDvPYPiA/24OWEAuK+UozX9D9g8D4bNt7zao14+oH
2eP3fYJrUxnWym9D4n3QGdkq2gJZgOBkW7CRwe5cyme+7ztdBLWDqyV6T+TXOY4KE9Y/0r2RqgtC
MoD1wXAi22m0l7OfJ6Nt2kx/WIwqaHfUfo9E2Bg6l0HjcgjidmSQGpumJJ74i8DwVsiK4MUS9j9/
8N86yIg5Jn3kQf4Q7rD4Ujeu1fLlfAij3R1lO+GiASDvDWzkwIg0GaJFQT40sHDdr3XFYbg=
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="https://windidp.lab.novell.com:8443/nidp/saml2/metadata" SPNameQualifier="https://idp126.lab.novell.com:8443/nidp/saml2/metadata">ncashell</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2010-11-18T11:56:07Z" Recipient="https://idp126.lab.novell.com:8443/nidp/saml2/spassertion_consumer"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2010-11-18T11:46:08Z" NotOnOrAfter="2010-11-18T11:56:08Z"><saml:AudienceRestriction><saml:Audience>https://idp126.lab.novell.com:8443/nidp/saml2/metadata</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2010-11-18T11:51:07Z" SessionIndex="id.Ny07-veHucM5B.6Odu7zDeZBU0"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef><saml:AuthnContextDeclRef>secure/name/password/uri</saml:AuthnContextDeclRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="/UserAttribute[@ldap:targetAttribute="cn"]" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xsd:string">ncashell</saml:AttributeValue></saml:Attribute><saml:Attribute xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="ldapmail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xsd:string">ncashell@novell.com</saml:AttributeValue></saml:Attribute><saml:Attribute xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="roles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xsd:string">authenticated</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
uX/Hl6s8FAcQcPiYEKmOIsLHdeUaq4Llv4sQos+T5rFFVQbecWcFEEoTtlj9qPvC7+cQLfGbdTIq
Qe27TZ2yYjBGM99iuuYzuAfWp2DVKF6KhnGk/1tm4F2KLdBY5FQdk5BHodyBqiU9YB9Va5cRljCx
BEZwYee6xxKtvVc6Ipo=
</SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>
MIIE3jCCA8agAwIBAgIkAhwR/6TVBXFKkh7x7VFzBaP625TYxcvnqUWt9Z+eAgIPix7tMA0GCSqG
SIb3DQEBBQUAMDYxGjAYBgNVBAsTEU9yZ2FuaXphdGlvbmFsIENBMRgwFgYDVQQKFA9vcmNoX2hv
c3QzX3RyZWUwHhcNMTAxMDI4MTEzOTAwWhcNMTMxMDI4MTIzOTAwWjBrMRkwFwYDVQQDFBAqLmxh
Yi5ub3ZlbGwuY29tMQwwCgYDVQQLEwNOVFMxDzANBgNVBAoTBk5vdmVsbDERMA8GA1UEBxMITWFs
YWhpZGUxDzANBgNVBAgTBkR1YmxpbjELMAkGA1UEBhMCSUUwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAMGQ5qfCInuLEOLmfFYljznanedb2BIoUAeQbrGrD6O4tvFB1dkup+f1aosTKEoMUwnE
gVSOhwGnAg3nxpiRq4P1IYVySXVNZsJU4QGJ5/2Jafu18mDukApYNi9xqfLAKo3Q0f3NouyiUnt7
McXirMS66teizgAw7nSlJ1dpNXo9AgMBAAGjggIhMIICHTAdBgNVHQ4EFgQU14p20hdiFeT2UmUm
h9CcaUK2iFYwHwYDVR0jBBgwFoAUJ/2O4MlQQEkHAR2WX0npvr7gZYswCwYDVR0PBAQDAgSwMIIB
zAYLYIZIAYb4NwEJBAEEggG7MIIBtwQCAQABAf8THU5vdmVsbCBTZWN1cml0eSBBdHRyaWJ1dGUo
dG0pFkNodHRwOi8vZGV2ZWxvcGVyLm5vdmVsbC5jb20vcmVwb3NpdG9yeS9hdHRyaWJ1dGVzL2Nl
cnRhdHRyc192MTAuaHRtMIIBSKAaAQEAMAgwBgIBAQIBRjAIMAYCAQECAQoCAWmhGgEBADAIMAYC
AQECAQAwCDAGAgEBAgEAAgEAogYCARcBAf+jggEEoFgCAQICAgD/AgEAAw0AgAAAAAAAAAAAAAAA
AwkAgAAAAAAAAAAwGDAQAgEAAgh//////////wEBAAIEBvDfSDAYMBACAQACCH//////////AQEA
AgQG8N9IoVgCAQICAgD/AgEAAw0AQAAAAAAAAAAAAAAAAwkAQAAAAAAAAAAwGDAQAgEAAgh/////
/////wEBAAIEEf+k1TAYMBACAQACCH//////////AQEAAgQR/6TVok4wTAIBAgIBAAICAP8DDQCA
AAAAAAAAAAAAAAADCQCAAAAAAAAAADASMBACAQACCH//////////AQEAMBIwEAIBAAIIf///////
//8BAQAwDQYJKoZIhvcNAQEFBQADggEBAFlynJ7V+GxereFN0YUu0wkza+DftG1YD+WyBUlmUdaV
hl6JQ/Z0upc54PoI9TAT2THGeblOe302eSbpDvPYPiA/24OWEAuK+UozX9D9g8D4bNt7zao14+oH
2eP3fYJrUxnWym9D4n3QGdkq2gJZgOBkW7CRwe5cyme+7ztdBLWDqyV6T+TXOY4KE9Y/0r2RqgtC
MoD1wXAi22m0l7OfJ6Nt2kx/WIwqaHfUfo9E2Bg6l0HjcgjidmSQGpumJJ74i8DwVsiK4MUS9j9/
8N86yIg5Jn3kQf4Q7rD4Ujeu1fLlfAij3R1lO+GiASDvDWzkwIg0GaJFQT40sHDdr3XFYbg=
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="https://windidp.lab.novell.com:8443/nidp/saml2/metadata" SPNameQualifier="https://idp126.lab.novell.com:8443/nidp/saml2/metadata">ncashell</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2010-11-18T11:56:07Z" Recipient="https://idp126.lab.novell.com:8443/nidp/saml2/spassertion_consumer"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2010-11-18T11:46:08Z" NotOnOrAfter="2010-11-18T11:56:08Z"><saml:AudienceRestriction><saml:Audience>https://idp126.lab.novell.com:8443/nidp/saml2/metadata</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2010-11-18T11:51:07Z" SessionIndex="id.Ny07-veHucM5B.6Odu7zDeZBU0"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef><saml:AuthnContextDeclRef>secure/name/password/uri</saml:AuthnContextDeclRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="/UserAttribute[@ldap:targetAttribute="cn"]" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xsd:string">ncashell</saml:AttributeValue></saml:Attribute><saml:Attribute xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="ldapmail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xsd:string">ncashell@novell.com</saml:AttributeValue></saml:Attribute><saml:Attribute xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="roles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xsi:type="xsd:string">authenticated</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp:Response>
You now have the actual assertion ... which includes all the details about
the user and attributes