We Keep Coding

Consuming SAML XML Response in ColdFusion - soap

We are currently developing a SOAP API request that requires a SAML Authentication:
Here is the response we got from the Security Token Service of our provider:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal</a:Action>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>2019-05-28T03:58:09.114Z</u:Created>
<u:Expires>2019-05-28T04:03:09.114Z</u:Expires>
</u:Timestamp>
</o:Security>
</s:Header>
<s:Body>
<trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:RequestSecurityTokenResponse>
<trust:KeySize>256</trust:KeySize>
<trust:Lifetime>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2019-05-28T03:58:09.114Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2019-05-28T04:58:09.114Z</wsu:Expires>
</trust:Lifetime>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>http://idibilling.com/webservices</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<trust:RequestedSecurityToken>
<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</e:EncryptionMethod>
<KeyInfo>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<X509Data>
<X509IssuerSerial>
<X509IssuerName>XXXXXXXXX</X509IssuerName>
<X509SerialNumber>123456789</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>Y1fId9FFPZfhSOhiPj61Mbqx3fdIpvUeY0SlwTXdOSDkS06PFks7pM209sfwakkvxkdAG7iovy7gpDFlmAkq7ePKMCZhztgBJWnHuzylB3sEyncXXQCrzbJDIqYUXqp/ZJ7SVBp/XPq/jtimhCiHrbm5SGIW+v3R+Zf1lWWUsn9QXaqbj00uKhWKl1EV491SoswCYXAtUdSRSd+Ex+ATK9gvO95LShdUvbEwWYYKyoxKuKyE6sjBiMUan3N/qBK0z7ku0fopRKjbfWPRbdB7tEM7n2f08fxScDzPjFTGsCZz4kDEm7UaRLOYeCQVkhH4tFrS+D/V/AgVU9HErTmuow==</e:CipherValue>
</e:CipherData>
</e:EncryptedKey>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>di2ADzpQFrKWQh4S6m5PsadBvghJfb5fJgZwW7FA2Q4bVgTcm2YhDLOxei6mVWuaOzykh4ft0OQdiViN5Hn/mJYVIzk/p6zUV9/oqaiSpQT9VgZTa1ngtOnszP8H+A1+BdQ+jC4I6VrKHMiA8hXsvED5dhXxHj3k2dBWxwc22+TjswDQHWNzn2bUqJShWSy0JYPsjlTrG6AhVyPLlrPCQXRGMnrLraL3aaAlBHXlTw02TyE2J89BHV6PNrC0TsymQRGH69kOE1GqslQsLOqD0IMS3XEjGY2ZPlqoczSgJXZr9dirbX6jJ1svRRhLT1XhaGpXwJ5l5r/0IAAVSJUAoDBhZBizy5rNfaDZH4UA2IRRVw1J+1RHY1PypjBu0H43NQdODHVt0WtaTaXQhaZs216wX9BbWaK9mySMr9ZTgB3t9LX2PmwfOYiPRrdeyTO2+BxLJOxJ+y1DYQ35RIotQJK9VfekINNeMSS99ARCpc28ueDcdreNcCAjay95ONtEASs9784dwgs3YQ0in84VAxKOT+s321I3h15qPW90uS+5enB+qW5n9E+yTajEW2GO20GDiH8amoFEH+3drpCksDOJjCb5TVcNkqhX6DjekiaCBv+j1Cb6Ixj4YnAF2Rw3ca1UsgZ/xs651j56F1NcxoEZe6VmC729T6t3hVF/2p2nsKqgLt8wsDqhqLae0ZCfK7U41FTuFPPUOk1NNaH5IQzLt3eEsHGzaCi5nh0MUJ5iadiqnM5BxaxD7GRA0fI7DH3YTeq2+hNRHGtPLbSwxddKiiBEJE1PVyv7W8CiJWm5RxjNvc+sf6VSvROTST/mU8/C5u/bVCSUK5Pi/JC24bezW2jk9TiJr0LPU0MdYn6mb7Gr3Z/91owRTL16+P+j9Xpm5lv2oUr1ThXmAry177keXygx/8lezM/5AhJf8DUYMRmJ+IBfs9fMWPPx5ZM4jPECKJGI8o19h2I6guPBzHWyDM3ZH2Khh8GCqOf1WOZNKgxCTW5XBsimMbmfEVDpGGK7hAH1YaKx8LLnugkcwFf8l8lEO7KurKXKUzZ/bKf9JvUoGD7RxQrYpA/6kRxirAIklrKE9tCClgqEnY9+zmksdd2chNbNFy75XGVuNfEl8dAu5A6v80p9TloEQsFMEyb3E/vN5m1T+jp/E9K246of/P/Oz7iblDpHhNbbfV7iZeiO3NEyAlDrxKJAGbE4tFhciKVMA8MEYNYUxikCBgjtOHrO/WPS4woBpvy8ZMnOP2/PbsKD65tMJ3tYu2y57nWva17+rFRxm5U85lwLt3aMrtPQS6OshuvhPIGvOei1D35R7HnU8W9wrw94xKrGJoYoJ52msFIeCpHKaeYaKDoIhEHO4g2rGqYKoW8BBYglsxs7llD8lysZHIcaI9mxZcPTtpz2m6gIoB0MbLaQ92+VDFj8M99cx+O5SM44F/clsKm0+W4y6WokcoFfFMSmasODQRe6D/U3tn6jpTtcXpZnPUDgy//STVl8JYU+g7VG2BYEiAgPiBZ0dKkE5+Og8Zj6wG5qTgrmrN360qnjr4EdxlhsidgxpgWURFS+TZpl0PTh/WrsakaZ9ZpJ9kz8s/rPNTQXucomlERL95mXMfkZYalsvW5NsIx0vQudPV+6LfnbgmWreowa5qdyib4v86rN9tGepz8C4pgs0osj1tnxW9069MvtM2jg0KbtAyLRIHkTovznBHU6DmVVNn2+iNcz7xdVp8K6LnBbv+a7+/HPTGLhy/76og66kpH67B0tRHGVdiJDlh6UyZN4Z0G3qgHJM5uJ2JGYuH7p5uUDiZKPR/RdIQGiuUUXbvY+8QiyFA2qJv6+9VbctX7xEMmULRW/Geo3JaQqG2Zvl5tkXp2m6z2eKFijeVl5P/4mLmiIFw+gqURx840hK/Hmx2+BU69V0hRMlhpLW/X1zPaFwTzdxSX3A1hXLh6TmS5AOmA6KqJ+egrBs+YKmHKXQj4BI/OaYeWhOaXAqCdozljR21O0pSMU2uVYaXwOVE00LV/hlbyjnt2/9iJUWtoi9uTje8ipq6wgFMBHub3pQll7Wy8mrttVx+QVOeh6/y8FRtfCvDoBax/MiiPW40ATYkqSz8AsAGvlYT49RcVo8Vt4VBpb3VjgzsjD+PHEsonQ+0nkRXXrnh6XMxY87OjY40UhqzH01U/JUToZVG5lknf0kEfoFDYJWzJNJl77oukns85MsN1oXWuhvu+JcJ5/V/+UxGXxv7OFv3shP+5N+KhF9wKK7w1yVu84MRK5RcVDY0guAfnTJsAgHHHiWIj8TUamcmuKWClXT/bziFeQtt5QkRVPGW/gTUMbIs2ccK39H+auFqWTofAqcm6cVFUsn5M9jda7TGXOT2mOQDMpTEkkunbgotRMstPZBXXKjy2sRCQ/4wruCVzqLuiJIaY8sTuL8HSDiwwy6AcKn55ebz1xZr0vgvfgLYM+y7RqblxNcna8SsaG/WmV2QEUUzVsgl/FVGz7+nLi7Dw2F59SXTBIkCYIEkFfKFqsyCehUkjH7cbxAsffCpvlT2GWq3ReD2CfValm86MhfbdiR4b3Vku33224FWc6w6Y7MKY5ugLVwaOApPhMRo28OJ3kfsOoQewBIK3LrM+O24qlXHsTfnonbCq3I8q+ZF/InWFgOmxQ+EoHigEHxFyDyFq4ICi4AZPtZsaiBpwv4e1Oh7hvRJw9Db8/UyeU4/n1ccEDGk79kDgRaZWIXMOBguafkON759Y9fA5JsoQkFGun7JYzx55pJ5gmXuXe9cifNTQGepnG1/9mHQ5FZcWNzyU7iGMNSJ03XGpNZoXLhbupCj+OYQpthliw1x4bVMNXlZ4faUnbZWf1nrEvrCiwv77TDgKKaXJsSoiE51OoDRgz+KXWP4kkR/HsUfL0z5UveRsgS+DoZsPKnRcYuzYYQ1nFanjLsTQPmgujkDYQYnu51xQUfIQx5MkDGbRJqUlrmovJLo8XUn9R9w3ZQbcqDxJGUpLsPjLuQJQubjv1RzuBOqwrOzCEQEOliXGDJMYM9Dnez0PYCE6vLD2A+IwPJXyhFclzrnpx9J4UbAzQYqDuU4kO2hzc2wcHK8Cg6xyGn6dVq902sXRdc0x5pXfJvUYK8yR7qo1JZHBiSW8/Naqu2vV3g/b87C1dgpQZdjid4qXGFaUmBEJlUn/I5Mv57TTXuO5VwC0jN+XWyd3HREkYIwkrT0OGhMP2hcVVqvZ0FrDwUWJtDdJCjaZicANqNTb+0SEsZVkmBSuvIeSsDiAxlLmBZsjFzNOYhyKExk2GYwEF3jgmBdsxCLmjqPpz+FM1rq9E6rABbVMe4ESRTp80mZX9wkzAcCSBT4uAfOfIIqlZeeAXmeNNCeQIEnd/jaskrjlZNuqjLqF5X6NG56T/cNodoTCCfrbn2DnC9Mq2H+gev1SVgbUWikHsjH/iIwqJtkRR0li8auSR/WxQ3zOfFg7lXClwNcvnauyvRnVYzjDJVLi9NyST+CUTqerH5b9iGCF4hmaLxfhRjzoa7cKF2j5WtSnKJCs+ARhPqq/1T6znukGDJ82/NRiVs2bwApIodXrcBst4cBSSQNUvwtUMX7ogt5+xouWuSBmSvH9Ll2BRk47ibf3fjXxK+/z7KfIFlck6nHFSHnL6BJR25KOD6Tgw0YR5S1Z8n3DHdrjDnGCd11KI6GIMRz3VKes5h82TyG6NoFFzHpLdubO5m+kmmnDAbnaQQe3p78oZa4i9U6buXxC1AIgEEgzEt9/r9HuCbu4KW/pNm0N3zEk7+0vzJmgnKsEh2644S5kZvEHpXZ7twDJEftReb5/LkJCwiJyq7LVL/4o0LVVRZsEd0QmBxkyIb2rrT/sYC8i9fXx7f0TSAZN2MEHGnl5JVQrYe8N8l2haXWzxiu2btjtdrNJz3jsM3GgZ4sUkhgJp72ZnMd9FTD2QMOkJiA/mLOWprG6N/uH0kueCyYB7zxlKf9758RVlaFb4tgHS6YhN73Cn9kkaDe7rWDeKbyUg3R0vOSTnCIygMhUkz3TqgkDKmWbMoZnfs07B4bLwpvLrddWCO4JBZh0teBQKBu1phMdBnNeMvr7tlF81LzKD01rZeQ5lxFgm2gjlC7+0E+0LoPiHetjFLaOtMW4N3xjr5+CeCxftgvot81hn4evBnueovePikuSo1LYn6rmVOfpsC9CLJ3s8ozE47Kao1Ym+t81hp7b97nPFxVCndcB/CmXebovnmfG9abyFtISep7D5KReB1qM03ZnL+WBKfsjuKMQPbPKdVWhy3F6UpNKG/ZYaBDjP6mQwog8UrQNBZYcqFDA2pE3lLpor/uLPKzrSjxBnxZhE9qKv3KYxbFC3CpA2dZ79HuzGQRIiPA6UXpIksOr+J4vO8v69NCrKefN5nMu4WTYb7DR6GHg56ckSiBGQhAKUO/ZmsgutjRHdHI5V9eTlTC8SGwxVd44Qv/XrsTPafT3Tz80tuPT4e3SAX6T5eGW5fksRkccgLLx7ieEZP05cclEMEkl1FdNILNY/6nJeYe27jmpvAR2wB5CWvcI8w/G7BYU2Nma0rSvaMVN/c5PN6Vw8B4eIgaG223vKzUAqjSQEb3k4VIPdyG8yksZWvWD8QMEiWMXvWjjeB4N52Ahc32N+C2mKJ5ovC1dfRa3n9Hdv7iuLFdiTY13jemvJO6De5jZIdklyuiD37ACCoR8H9Ehp364pgl4aY/j1EpCg8ZPvd5P8c5esEnXoA3+woQRM0q6sSNimBJqvH0Jf4C0kZ6q2nUHkiP7k0A04cmxCaCJaEcrjdtCUkBPk+Tlmz2S3PIT0s6jEjwpZjTgj4la+sqlIYT47cwLtPQWkT3XfrnalwfMrDA9RP0vJ6zPu8ehC2D2pJWNoRumNrDKH3HtzBy+l7UljXzXS3+ZQMdEFS1OJsYE07qi8gc/BgYJO8R9GHkosJtbFT4SJ5+sXA6F37yOTBr/QR/NkoqWOEI5AGhpe+LIUw12nrVoE/03/k5kFncY53vpemKlPMN3WSeKWC2sTZRUAknJegBB48rHm9WALgqmX8ZqB9RqfDt/uJVbnz5QYv5NjtgthOyfewny/UPvxMNSpP356j0Mcqa7mroQLaujYfDNBn4U8VJCmlhZh6E5+tLlmlZekDUzpjLaLT4KeS/wSxVpP0paEzZrphb9zxH00fl9Z1g+lu9GlzKUMCoWMpX6vA6dODT1YLyC4tVIiGwLXAsv62oYg7GaFrmiFfhk0++Vmb5mtsnPhBY8ii0MDWadioMtLZqh3aPiXJwNkPYdXFb5GwZXxpqCEZYCvRiJ6dixQ/PpH5+Y7Ub8xfOCCKU8lQWxnjsiV1MaL5evGIMSzsh26MCaswSbKijryxaFU1FegKMOuustdzu9jk0fIuCp/wih5DqgeTdWu90VEL/ooLWwUGbvSs4JzUiQ9IOslXH87Ajyr6PGezooPqGDdw6iE0kl6iBKgcRQsyxIZTNq8To3+ikbw0YztrFoPLtmHBzIbP7+Ixq5lacWKhJ2Hwo+B7Qlg9OoTgRGZWBFLRUg2A7CZ3nLyo2sRkc4+uRr3Rux4MQ6zAFYz1Tds5CuqKwOuLI+uR62UzJYbhKGrZxal30VYdbY0GhS7FBArjpB3m/4grbHfzGgzzoNRwP63HOlgmEC87lN/K2qS5aIMhDC3opfaYbhQOyOgpsmhjQzZXeeBtIj0lgiPl3dmiXCEPHNWtkjxHjtRcp/EXAfR6uPeP/UWv4mI5kpZMbR6V4nHQDLKVdsfRQXUj2iqOwYwNti1KYa3vwMYBuuULndjfLJ51QXdjbnIe12shVSnZNivQZa3oEb7Df+g0vpByAiNVNMS+ZCBa6+JwhOnjtYdfd6kOjM40WaFu/ea/DQ3QnEcRTwc9W9ViTTn0nLsgXEIWHKo2R/Ckj2ncrKlnOCrogq+Jy4BqB+PBtIyyuyMm53loztfXjJnDeyb6w0kekV4DlDUrTaDNgTzqeJzF85KtDIEzoCXrQdje/JfZYwbYMzKG5qtk831QFIZSLmH+FyBmsRJgmLYXiCd+4GHZ1HQsbuATt8uaR1myL9NfrrpQJ3MQEaoWrx+sy1oA4zIKDO7z7aV2UEf5Ov2Xmp8HYVqss3zUGiOX9g6Wy2GHzci9A7lwFLw8q1D9vqmejf+93GI/GAyNAMmpz6XO6AIxNOQXp8bG9+iaHF91DfQQmRCcuvxinaBOZD4TMNe+F2KSfldUwh4vHhthgTUmtKTY/jiqDUbsPGSGPTTMJFu7vFvKAA1vlk9VOsehwIpE90ja1J/xbsT49NxlOG96JdiBrsOqUXU55Ad647x286g1jornxjaSNLxetjkE19FjLM6AMlEB2eKn6dtDzv6x05hlTlJ7/9nruvvkLY3V6MFQSMokoid8pXqmjAJc2tdXRD57lQJpCTFN+K8ZA4I+oc98HAHEPl/DggIjAX3mjjp7DWDyWqd9s3cnagSdxd9RxCXzJdIjlA9YXPN96qQ/lpL1NBzXBrPVgRUixEYuEPLlhzqdcnCT9WYptA4c2pOBvq6V7TGg8gksmhyApgRCeozPASmwZsVXYNZdAjdTNfvN4GZolUYKmfc0vHZpG6MUWeriF4liXhOqDCG2ZIlnb66tVxMSr9HwX/iFlhbrqTtrzYYHnzM28aUjg9rLNTCjNOAoMNkMms2N7anuzoyuJ2seiS97shvc/UydAJZXG9twJ9f7Bw2s0y51VboVX/WLAtJ79Vh+ZDOFWK7SWAywtmO+u85TaEOOXkDR7nRZCZCtjMxEwfAgV8Ezzfn5D1aZuptAc1H+37r+TOEhtRZtuALC9Rk/z1vlocGCfBs0tjrPXfKMS2kMYk/6C9BjkwOqSErXjrNxyAkb8ISBOJlPQrF1AYtCs928oAUH2xH2Id4l4R9WAfs5Ry2mQj2xGEiw68D3wg/Y3UAaYD6XQukYiUlrJ42lDyk69s2eSMZ8+QAYMRJgj3QtjhHq7Y2XhNN1Q4KhvVQ0WMSZ+B3mktQuJ3SXIi1IfZnkfV266hN8WDkFf8P5knSiyIJ0Hb4GbIbdaSgIOMw7RIiJ2bEXwg8Kxt2Iq6v+4wu0ZmwJ8igRg1w4BWDG6fCZhMSoS3B0UijrST+JzNTFsKU/SVrErUP4agIpYt5ytfiJtgwHD2R85AD5yaIeWn2/hrqNqMW8/ahoJDN7jGCGKTY4B11hWC8QkTI6Q5+WRIU2vQRongrwOFAaf9F29BDxFYCT+p2BEGLkOwRVghpKTaI9Y+4dlRR6mquTwIJ4jsdEeP94q6VgrJNqRPxjlJUVDWF/wpxT5p3teS+xO3c++NANS3mFXiSdRtl9etrbF1XNQ8sJ0PYYFRYn+UJqoJ/78HfWQkdtsReqJlGSu1AD13VJ9gvCNSxcxEPq6skMr1KZnBPsdLEAmPeXSWf5J6pRR59oXDtOWeQlYz3d55+btBzO7AVuYmArW96vLcuEXOlFTZLlJ0LKHzDT5Wi0Cq9ihlctnLmmRmwJ1y/Wenx/eeLYvIFblBohmrVKZao0HbVAjIR2H08fQpczAgThdG8qVxjaNzgZRzWVbIaXn1efEsLQ0gDcNftb2f+sH491h6MHDI4kcLQZ0jc0V7rJE4XUya1RsU+FGMW7Fareq3E024pALJbnu0C3TgPu1Acvv4ajN4HUC7qwGGeXPy1XGUN+OqM</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</trust:RequestedSecurityToken>
<trust:RequestedProofToken>
<trust:BinarySecret>bOkZdTCufrwieMmOdcO5T1e+JSzlDB5SlcLhPgWwlsE=</trust:BinarySecret>
</trust:RequestedProofToken>
<trust:RequestedAttachedReference>
<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a13abe92-0956-407b-ae40-8266bd218521</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedAttachedReference>
<trust:RequestedUnattachedReference>
<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a13abe92-0956-407b-ae40-8266bd218521</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedUnattachedReference>
<trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
</trust:RequestSecurityTokenResponse>
</trust:RequestSecurityTokenResponseCollection>
</s:Body>
</s:Envelope>
What we want to accomplish is to consume this SAML Response so we can use it in a security header like this one:
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
<s:Header>
<o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<u:Created>2019-05-21T05:05:05.573Z</u:Created>
<u:Expires>2019-05-21T05:10:05.573Z</u:Expires>
</u:Timestamp>
<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
</e:EncryptionMethod>
<KeyInfo>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<X509Data>
<X509IssuerSerial>
<X509IssuerName>XXXXXXX</X509IssuerName>
<X509SerialNumber>123456789</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>LGRkzAOljXa1jSLVJijxJoYtsEf0ac5zZKxBHxEddowiMSDUI03Ggw5GTvl5/pf/yh6V5sbO17HQtbudN7PBmbGb8fXj07bhJzjqgnibyWTF+Nn0zk/Hq+hwqNZY+MT27LoRgEshKuGLl7ll/lQTvB7fjLMXxwZsyQ2T1NcgKgoyj0BqOifPQfD1ruoiNRaTlvWC+cxpz0k4UcwN6LjQx2QfOsEDYevoIhxAPZwy1eyGhExwPaGTgbrzVvqLLszzkBjCKT+rSZ7mof1cGjRAl9tGXoyiBW/KEhlqy5N15LU141zHQpAwwBhOVNbsYPWQGc1JCgZgNu5T0914yfmGmw==</e:CipherValue>
</e:CipherData>
</e:EncryptedKey>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>4p9Gt7Km9Rgh7+v9+NlQQBLHyMZ0QniADiytP0hiaDOGEaaZNXnLptetyY9pOFwz+PY4x5BxbJAYn22+585ArxEOJsE9+RHGim1ytYxsb26YKSzkJubKW7bNbCS+DfKiChOjgkk6Z3s4Tlp8v5LCAxk6AtLwnTSpF/w7DSE6lyJB89Qt9/HYPlx6KLd4GbbHqm8eeq/cH2mCMsTVMxmsxiQsMNFOeCeVA8iOAog+aH4rGOsOM6+KajxjTmxC6UgvkYJ3BspCM/ZydSjNH62FUeciqicQim9RglpIrKJpNyubsFEBB3sNj1fP9ynnk63RHMOdteodCdkJCuYsP6EDz3V18mgn61FbnnJvKUVV0x8nTTFva/AG213lEVULrgQYbuSyoYsaSDUQK0uQyZZzzipujZ/rvi5LNYs6/MhMPvaIJ7Lo4TxJG9ZYzJVTdKL0o76NHkJ3eRwlEx3hY3Sdgt0X167OJiqRLA+ElEEELXWAeYy5dr0on3x7o/xDx4Kmhu3ZCsm5D9Oi2hoCzX8p7t6mYwq5Idlxn9AF6oQyBvELMDPw03x/LIyXHMr5l60PWdIgTVk4R19hUxE1WhLIshaLmFS+tM3PMP4KkESrJ0uMx/HAzcvou79flRpbn/qh0p23V6d76f+bXWV8dDbZurWlPO2T+5oF2WxzLzee+PNGrelEiuWPlRyY455/7Ad7lhaSphTfEoBpo6Db6X4X+q+tJ8vMNe7/UEazXp38Ye0JxwTIPePY7Y1ulEa+hxWeJ0Y1XMXO+iJSGpMac5d2WMQQ/OcyWeuhVmrsK8xfodlxgPHPnk1hlPN4cyL96aUy7zP0fwUhtIZ+P+LEF/1wifyVu2NmG58anHfaREjxn991cBay47XKibgsjSYaEY7hk+kAzysLH3DvzMCQzb+LoUFNbQWnOqqKNRn5TYsYNbcHGxIHo+rSZIHSeh9IUSYUsdRQuLybvH/dW+OlDr2zW6VgbESuGYBnd/Qnt3VELHCE/EsAr5CWKjQ8pVZQqtUI090E4bLzhF8HI5EwvDWDZ0RXzY6Hypc3/rmP5kwsraHup10BE0Z5TqSt/doDtqw3r3c69U7Fi5RDiWXWTLJ6aUHBnfiFH3GfIomTGFTJPe5amD5Rfqf80BhkoMgmfrhrYgusAJm9eTCmqCcP6p2F8LWkOmT6TBP3HXyTO9VzfaYk4j9SRqczpC/FAWcZO+XAngB9AwCzldp/CgRqlt6zHT0vhhpFKbMdwSSRDSWWeiXU5/4POcJuSBtfsuSt90AsHBEAagNfhDUWDRBa5wb4YHBpN+dOLicE+DtwkfjjHER+zw2RJzAZ7xF9XALiR8x4vufMbr6Idbm0ycIObtMPvdo5jrtt4HTiy4bu6vlg1wR+TY75Nqk+J/KHF17XHyUVeSyOzI0sLgecTDOnFo38bOnmN9lebFWKLwXoXd4/YRwFEpQ3rz0jGgUfPib0w7y9hQYzOBB266c5lJzk1WUp6Rfg2Ms+SrKkqM0wrscXC8puQ6WK5EACSa05qFdpV+yAeqLgKNsaKG3HoAmJqjcyuHP6zSwHNR3dKE1kVLZJOUCPv+MSQqMZEBA1aARcZzJuyEnOaEMdOKltnVYHa4VsO172ilolCTmC/ksWHwYApfhfXm9IhQ96ImG7wqzPTolFjj8uGjR3stcUMlOV7Z8HmRovc9EGtynZxxqZ8FB1J2Kv6t0oK1RwrBAnt8PmY8wtF80CwPUNE2sPmFxDFg8P8gHX8i5u8VT+44cu3rw6fnYj1xFDCFi8i9lZNo7a5g1zBisQYwlTPauPMXvcuKXZ2PXk5v8Iz4AFkQ3MUd42CrBQC7qQuTUDR42eSGnjrbQyH0Zsqg1zZTGhtTt2lsHqtCkGuKvkC4n3eFfeYJUuIf19nHlDZuccJd/EZ2Msr7T6wRxg340n33+XpO/YocnEEDjTP3ROF5siRG2kTRp/vIBHMhQzzto38V46hl2oO6PUFompnuleOKME4HqzoNBSowDRX3YdPVD0uHsc/DHp1aU+qpzQzn6egdvEupRLuqkEE4ieFESGDPuW5lhYs++yVW/xOqdACsJxQhAwpKqTZlxPoQhbdg+JhxPasnbxWeNRv4YTNq+Kq1YTU+Sz3kzOlIz9/glhNc1Key4a02NRTedlNLafHJl7+JEwLGJT2qRC8kewvzKCJkJWSVaxXYOv9Bi/UlkR8Jm8NkpxXIM5RpU0KsXMKrcwnoZExNdnlxYoPFIWNtkGS+lOlJ/OX3UBW4lokfJn9g+iJjA09B7Om/F7jEmeA8YGjyqNVMDNu9m0q9UPUyRnS2SqsFzVvb3MHAThX9oPaX6AK0howE6o7DrbJIUMgecItNv3nqddk2ikdqyjPiB8/QBHx5H+nZ+wTn8cpI3gJiSAt7RW9biQkoBSH6fFlcyH/yQArojB/kjJTxOBazilfps8quTjzlYh6I3HiG7boX2HFGlHJ/sW3jXjPeLvtBlbGe60aujXATJLGxueRp5cF1/YTtWoKkFAEfpvKCjsOKUC00PVEAqs0bFgG7mgl4y/7esfZpf/xlIPNIoDipMyrM08pJr3a4P9Hy+ZdIUisQLQSggL1CKEs+LlhysiaBd4E3ltArDmk/uhlI4zxlNCcHk2d2dOEXd1gtW6u5UE9zbzq/oj6Ik/0guzsOsTtTL0Dz+etji+m/qE/JT02lSlM5xAGV2/N2ykTNrP7bZW2RXuMWmyL//BuUylq3ZfwdlLMEKQzZdJb7Wi068vzzMlqSW6GBEGHjSWDM8Z5sg6K0uM5pYkBSpzHY/WETs+GV54IA9k2242yJi5OH+xGITZpSk/PMuoPYFhatqybRWl5ZtUhcc3VOJXbGbkw9C43hRJ5RDGmys2ILLDnLB2DqosCnWR41f4m+MqEvi4eXamKnbVSJZQwyTkd6aJL8lb9p39puWU5Gl3/lzTMqi9xVDcbYd/GVtwmTZASY+o88qGAs7kghpO9Z7+9PPG3Q/DR7az9oUyyQEfmEbY758iiwirmIrlfrJt6Uqx4io5HsVN9e3z/oIwqyf8e6qeAaA0EY9vcJUtdWz/bfJDt/SJXKg3u5/tC9urw9BYMnMS5quRh0hDRt/9DfLkEMBJYIb5QLsIOGA1mxVAJqYQFRoKloxDFqGj93G/NhTUqYPZm0VCEFitPHZN6LNuOS1OfgWUjfoGP7jzEUt1NSIicMUQ6NFeztxpiRgZWGtM25OfNVR0ah1avDfyrcdObdbwbVgaH7ztI/+R8Lq7XdT25QWv71aSNg4S0xwo0OvE0eyq3o6xhoJkvrtBTlkOna6yD3Htgym0fnfSc7tOAjPVj/napW5aY854l5lvzxlbvOioZjY3cADf8XVHjyG0kg9OYOt8jF0qwDp9l4cjMeG3srPqZxiXelN/rfAxjh0ylhlH+5moDwfTJ/1wCe/PhvBR7mYZY+TCZcj0gZGQlrmS5I+pB3ELFuVxBGMSHzJiATSiCCb94CvINKyrp/xNKeVpU95Pc1Yl17Qf2juY9S7etp92w6DpZCjMr3NF1ypRCWkvAh/ugiWV4rp9fdS39tILJ5mxJ58KIAi1WPksZNxYFpPWFIyncbdMILPOV/Tiy7qOfO7RksxYxyxAG1IRX82Wofn6fEo90ePqQIHTYx+DgwYgt9WPn1v26IjotFDOYJ62w0APJqtFOBdDgcYVddLTljCArJf2kd8jdg+9SPSkFdqLdvLxK6ITyjHcoq6j2M2MbzjOJCSpc1qI4/MM7J4r29tNaxUCAmncf7alBTk91WOaybpfzUVMDTqrdKboCQlzj10DnMt2HiKxRaF4MO2liKXwJkPRN+OzvR95ZyaKUj84Tyw690zr76K5GRnwfQZg59VFZUgLM1g1FuSOlmsJCukwKF/fWThU6qRahpG/VRhFqM07JXPh3gjYetDhdPMS8IrO1exruhASM1DFwNebKRKLhfJOlgVCBCtZ/0NYtPjqIb/JxPvaxWH5FLPj44fePvjHau+nBYB5i89QQ4S5cu3tZFLq7u29KrwlE9rYfoHcVXMiJmPlQJTUVn0lzMuRcgVeF5YELSIWZ0vtqHxq5yLB5+YuQW3mQ4YG+hvq6jf31t/BmGMkaiEJb05ebR8yGZevWRJUSNBJw2QMWxXL6WudwH9eJAmDZUtXyIp2lfwu0evm8ff2SYos3D6WD1bW9G1OJS0OMrJzUJX9s3cdqKLpL9WCMjQp52X/kHU+k2yLPFNlmnRc+IakaHrXd2fjbnOdjBzNfBI/nzd7bLOv4VJcqVFYRaYMs7gZ/7G781CpRsHyOHnzCRw7oSUO7gE/4sGvlWHIEGi+SVaoVePvSvoAeDTXD6ue1ByWf2H054ZoERqdgixr2wiMKPiMG6qM/IZWWUtt256X/DpmoF0yWS+n50Z0psW/+OJ+DEsmQ6iLp/wpd/4MthvpusytSRzY8JgC0KYCQtGVMvGy3hRLL4jMwlGZvmZfP8Xv6CRVL+NBSAETpnxjP8JSX4uaxSQu2YNCb9PAhfUv4OH/pXtZiVtSax1Qy3yGv9t039ItpZKdkt5wTbM0p37puPbCZZgRxrJ1W7FBWm1vPgm7rjtVTjmNTA20lLo5KuWcabmiqfUfTJiwA4aAUqodQRCDuQxxdFq+Q0J1WYkkoG9EGVR8tVUHjUyLpVpwaO2uY54UC50lLZk2a4FWI+kD6lI44G9QXVhFkZ/Etf6kgkDFzWWugVE8Z9CdharU/C6j6H1KDA2xzsoKBJjvUVjGDok+R3+LgIXTsw6kkowKA7PTLM4mw4aRmy7PrElX/vKMSb/UOei1f7R+KunbpEh9Mu2PEsY+HrE8bCll4XmrpuDQ6bRENlLcDLIh2Vf7HS4ccrlMupTjdX4uOfpmXpc8xUB0vcKAjI2+7d1P7OPXfeMia4KNg/g+Wk8lpo61mfuXlUcvxW0Ef4x6IJfvQjhfBj7QG8g/LwG478Rmzfkkmx65iMqmd9aiM0xkamQmqsi+lEVoaoRyZ+lvLSU6RUDbXjxx1yMbXvps+byCYdoge+TLKo2h+NNoRybvMi2okkrhVf3v3dhUxgMeVomuvUUQ2iLObjLO6RI3X9wluO1p5+iP3pFM2+i1+9WyA0AXbeDrb1su6puel6d5dlGqU+MPGpUV8FkVBVCLXdQ73GxcNjEG4FnILQgA7eCXnGAD3K99358BD1DF3wqBfZELuYiaG+yoCr36hdZ0sTAO0wtj3yr/32BcjP76tWmOmSLcLLZJ4o//AYNMalAYjPXHTmfkSRTI/RLX2mphu43dDMxlNmqL0DyRpmzq7WlvaF1lu8jGsbGzuHqjCywSgY9lGtQILptsNRh6m5IB1DyhX+5rC8JRBwjF6STnfWjJyJ9Z3v/qQCcUq35MsS5MqbkpQIaM9wEW4bo6pQVJe2L+t570hLeoUOqeifCTB8TsHMlfL2+4GlnHH8ZRrpLhCknwRiOBYSiwu5t1uca21uDjuu2h9msYqfZ/UY7jmwuByRq+wTHr7G9Tz2HwurtKH90Bzv+iV0LZiRn3fEUApbrUkhI8AyTcr4NhJrvuk8G88Jtlj2sjmgETuedaEj7Dlnk0HQJw+pMvTxEGpPU7tVqUlAfxtrVKJ2/SKpDYfq48WGWKabw34/UdxUiySG/vGaHIg9/6xE5KEpZoZB8YkkKhGKGeZdosBxBw156Dw/qL+FA2OundBpz38ckL9ABUiRraVmj12qwZ8Chw5uXDb+BeGXV988WcTzEOEIS+2xWruycwmyWKTWIYqXpH3/3glpBw6QbZnecqLuGmG+3Byt7qnriEi9JPQ9Vda4NH9y1PDt5RMeaghbnS2yHZx41Xkiy9u6C1jA6SPELz1/eZAFpsdcuDVQy3+WVk0AS4wDKNtwv0EPqORe9H6rGTXBXp/SX6XxXpOFSMtCI2OOAbx13T3q2Fm5D4LMaoT/+S5Woi0fSmujMcfCP22x6OAwHplkAyhjL7LhtZ4Irqr7xJ416ybkOqxYJLAM5LypyhHgdypguEYyeEI2adLdztlBZ+JiV/X+YYsVyLcIV0kP6k7p6x4ZYi3OVZIKigi0EyGfoQV5KXYmdrA1kQjTRAwDtQA+OrH3H7HwFYfCrxYlKf+lC3dZ5a+2v/K4g3UBbQkMEKJLONi2iepbFoYciSPX76EFkQv0UPLn2ZNnDCWLnij3hCZnJVUZSShtuL0XnzUXITbpiKU6za1APaf0/BsUK8Hkp6uiQ7MRHMYZl7d+eqUzPH2zpz6eNW+3rmRukFJQT9pH5ePefeKCbDlEZD4k0NLxQHiU3gET2FzxiStBVZKOS4VIIDYbXMhKfOCnYmLwJkDrGdp8n8XWJZkELqRgeryIFhvx0f0zvIuwLlYFPsuB8lvRuu49QXbbJNrIKdqaH+pi7LRPH+qR0vCNyJaQuS14tu1pfnoSgBwAT4CWkz0YcfJqv832EmbG7OITlaX3r/FGbIEfQZcsS7u+0mcIhCK0tR0KvcDzXSA2CRYhVCrCCmalbLZgHdM/Hg9l9Fnryr0RAah5wZ8oPeqBoxpBeYai+FTrdchIIPpbXU+bHJt/e2QigCZgNOXmrmr78g9XSZPlhYicHIgWT7fSqugog36VMkavaQQzbzilg84hiH35T5eeyw/Uz6LyNEk6AmUDV0PHPByKNX3rayMqVls9kfTzU/gQQAb5iqKbFoQR7WWK4SoCRo3gIy1Umx7X2gVseB6P4ICgGC+dFlxMYc0v1El6Bfuy1nDwFkgdr1B2+PFrWQZ3xUMSnB3g+ORfEn0VapCacEnim3RT2ow+mq7H2DCqQAftVBXfpEiciYbJKL0FunpByn+lGpzNgGBBfeAYbRP+TqikMeI6KPbKens+FoK0lnKsoCtiV8GBuVDzYERopw793VGipJ5pStywbKget29inLbK3JcEC98ez0dsekU6n99WrmYlhZbCZmIDASib2fUfJxJNRT8XexxTCGd+cDkcOvgiv4yy2moKEUnwzlXyuwuBy/+uchgU+9xKPq8OsIYQXPJd7psVapyUTijk/i4WnWMoLWesM3FU1tQZnuO5tJ9Jbq96f/5GsEK3E5jGROko7PMk4SPZ/tEGks2PqpOnbkd3YiVpEXtRmm4/h38WYSaBca36siLeLLo4G9mRzczcfAahqgYxyvaVcUTM+INk0y+o+vh1CepSA2t5K2xUHbwpSaUm/zhNJQJs3Nz1BjiWxOiQdVnqlRAaDLekuihnBdn74Ru1C0rRebg+vHJeDayA0lZoVaoPdoBIqG9Xgt54oTU1lhQFpXcXb2oJwuZugvbue3vP9Jd3JtJI3gAvygz7Of+VSgX9xUwBwGgVsMsbT7S6j0xwnq7TlMp8WSNtU/ToZNOsm0mcOTzeipeUsmJQaZX3oE1pel8v7LEmaGYKV2yA4K6Og92C3YduJvW+p5YiQ9AA+MIGFawvVOE6m5XBQiDWla/eFutXF0sgNnhQkhhiQG9hUO+S055wk8SFORt109DXvkeaSdlo2ufk3mcvbobBdr8OVlbT6z1ddxd2mIHAK1olfaU4WLsEGGgsbEHrnLMFfi39tiO+fhVQB2oDlDTQolqS88qFlmceDkAmWpxvALG3GJOvc1Yl6Yc36eZO0i9rfpjaywPsTq2pArlnYYnzWdiMwX9mVxZz4FkEBf6J/yT9k=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="#_0">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>dl7TJsR0gVfPKQ/CVl2eDQpa0Ic=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>T+DZmdJXWeNnnfMXA0bZOKNJ5b8=</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_b49d8768-4b11-4032-95f0-d4c85bc3dad0</o:KeyIdentifier>
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
</s:Header>
<s:Body><CustomerLookup xmlns="http://webservices.idibilling.com/Customer/1.0"><Requestor xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><AuthorizationToken>deprecated</AuthorizationToken><RegisterID>0</RegisterID></Requestor><Request xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><CustomerID><AuthenticatedKey>deprecated</AuthenticatedKey><ID>25020</ID></CustomerID><ResponseGroups><ResponseGroup>BalanceSummary</ResponseGroup></ResponseGroups></Request></CustomerLookup></s:Body></s:Envelope>
So far we do not have any knowledge on how to get the following value to construct the Security Header:
Digest Value
Signature Value
Security Token Reference
Any help would be appreciated. Thank you in advance.

Related

I am generating unsigned SAML response with signed assertion for my IDP. When I am validating it using samltool.com, it fails with following errors:
Issuer of the Assertion not found or multiple.
A valid SubjectConfirmation was not found on this Response Found an invalid Signed Element. SAML Response rejected.
But when I generate Signed response with Unsigned assertion it passes without any error. I checked the overall XML is valid. I checked other posts but could find any answer.
Any thoughts around this issue, would help.
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_c2658c71-1361-48c6-b733-c95858146230" Version="2.0" IssueInstant="2019-02-10T04:19:45.482Z" Destination="XXXXXXX" InResponseTo="samlrequest_25369109d2af475ebe51e0e94a95967a">
<saml:Issuer>XXXXXXX</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" ID="_3c6a8bfd-292a-473f-91b5-fac5352de06a" Version="2.0" IssueInstant="2019-02-10T04:19:45.482Z">
<saml:Issuer>XXXXXXX</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#_c2658c71-1361-48c6-b733-c95858146230">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>AYG+ZKBzsXPfpq94EcgFsvRgFLg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">XXXXX#XXXXXXXX.com</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2019-02-10T04:24:45.482Z" Recipient="XXXXXXX" InResponseTo="samlrequest_25369109d2af475ebe51e0e94a95967a"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2019-02-10T04:19:45.482Z" NotOnOrAfter="2019-02-10T04:24:45.482Z">
<saml:AudienceRestriction>
<saml:Audience>XXXXXXX</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2019-02-10T04:19:45.482Z" SessionNotOnOrAfter="2019-02-10T04:24:45.482Z" SessionIndex="9cb0eb45-3a0c-4fcf-90b7-3fab83a855ac">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="Role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">XXXXXXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="Gender" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">XXXXXXXXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="FirstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">XXXXXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="LastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">XXXXXXX</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>

The reference of your signature refers to the Response element whose id is _c2658c71-1361-48c6-b733-c95858146230 (search for ds:Reference URI="#_c2658c71-1361-48c6-b733-c95858146230"). You need to generate a signature for the Assertion element whose id is _3c6a8bfd-292a-473f-91b5-fac5352de06a.

I'm trying to read a security token form a SAMLP 2.0 reponse with unencrypted assertions, but where the attributes are encrypted using EncryptedID.
I'm using the Saml2SecurityTokenHandler to get a secrity token via the ReadToken method. This will eventually call ReadSubject and that one throws the exception: 'Element' is an invalid XmlNodeType.
According to the source Saml2SecurityTokenHandler.cs EncryptedID is not supported. So I've to write my own implementation. Does anyone has experience with this? Or can point me to good code examples.
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">d1fd410b-d485-4956-a9d3-eef9291045c8</saml:NameID>
<saml2:EncryptedID xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData Id="_29dbab2c7ef41026f9ae573703ad233b" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_06c497ce9c9142a1f2d425011ddcda17" />
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>EmXVT1jw+uVQWTaAmYBYONRvoHkUDH+zTAJPg0a/AWT9XNjB+weF+NKDa5l9Tm1dNJd9OE8GyOGCrLLAcxCHvJwg9gk5WMUeBhtWltHJutsd94PioWoLFnaRRZUmF/wAJ4YK1AcOgK2cPZ0PH4lt18qkjcf/otmDUePQOSb8qox4JIINAgzlItJ5j4un16jh2tooIoRpklxglhISycv/RI2lTKmhSL4zpSrlTBwJWyBKPq0SEm29USrbVhrQK/z3RfZIO5DPghveT/fiJiuUrA==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedKey Id="_06c497ce9c9142a1f2d425011ddcda17" Recipient="urn:etoegang:DV:00000003544415870000:entities:0001" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
</xenc:EncryptionMethod>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>B9DC06853C0435DA253F23816E3665BEAE9C4A8E</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>iVTdD2P4k14PgQ6I3YR3M2rw1DmrsgAa2mKLvOD4Jhhwl8W7UDAIX5vc/tAFwyu1tF72WU4h9Oa8EapqaHazBw8c7VedDBwZTm6cIzTndbVDNXTP6iJTbvB2M4HIjo3y5lE4cbWk5fGaAtJ2jnQXoxTGxrC5B0Tllgf+L4oAFxxwKDueAEc9v736l/CoPteZhPp+Je4SYZlDZqq1isNSk40EQikrD9GubAdDuGUG3X22McuaQWi5FGWZLFoRfTOxZgls1TOsjtFiFToZ77/3+HlZYQ+6/25o1Nqvfci+MVR1feerkra1NzVwoScjJS+1BCYd0OyKBF4PvSx7io3R6Q==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#_29dbab2c7ef41026f9ae573703ad233b" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
</saml2:EncryptedID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="_3d9c46ba251c38d74901355011391aa4b7712a1c" NotOnOrAfter="2018-07-27T08:47:20.653Z" Recipient="https://eid.digidentity-preproduction.eu/hm/eh111/eb_hm" />
</saml:SubjectConfirmation>
</saml:Subject>
Thanks

I've been trying to use SAML to authenticate google apps for our company. But I always get "This account cannot be accessed because the login credentials could not be verified." It seems my signature is good because I have it tested on https://www.samltool.com/validate_response.php
Response:
<?xml
version="1.0"
encoding="UTF-8"?>
<samlp:Response
ID="_fc7fc038e01043acd7d4"
IssueInstant="2015-12-28T04:57:37.087Z"
Version="2.0"
Destination="https://www.google.com/a/sellyx.com/acs"
InResponseTo="inkglhhncmbkicmioiiinchbbhepenfoemkcpiej"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference
URI="#_fc7fc038e01043acd7d4">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>
m0Lhn42KcGeOXuTdzMRY93MsPNY=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>I7nlVY44KWeURB35YjOZ2Rt3kkN8zj1rzF66789U7diOaR4WJazv/i+38RkqlCc1DvSxy3uVsXCq11BmdA3k0r9vnhuKMsZUktrpIAhW93H1cs37PfuYoiu7FFaEgbCcg+OcyjyJ18JcvbgXqKbvv/i8ltRM7JUOr6V+OT/
U6l8=
</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<Assertion
ID="_bba47c30283081e8468c"
IssueInstant="2003-04-17T00:46:02Z"
Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Issuer>https://auth.sellyx.com/IDP</Issuer>
<Subject>
<NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">abc#sellyx.com
</NameID>
<SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData
Recipient="https://www.google.com/a/sellyx.com/acs"
NotOnOrAfter="2015-12-28T05:00:57.087Z"
InResponseTo="inkglhhncmbkicmioiiinchbbhepenfoemkcpiej"/>
</SubjectConfirmation>
</Subject>
<Conditions
NotBefore="2015-12-28T04:54:17.087Z"
NotOnOrAfter="2015-12-28T05:00:57.087Z">
<AudienceRestriction>
<Audience>https://www.google.com/a/sellyx.com/acs</Audience>
</AudienceRestriction>
</Conditions>
<AuthnStatement
AuthnInstant="2015-12-28T04:57:37.087Z">
<AuthnContext>
<AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef>
</AuthnContext>
</AuthnStatement>
</Assertion>
</samlp:Response>

Add another enveloped signature transform and then solve the problem.

I want to do SSO through SAMLResponse, which is generated after receiving the authrequest from Google. But with outlook, I have found that error:
Google Apps - This account cannot be accessed because we could not parse the login request.
Email address and cert is hide due to security.
SAML response is given below:
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Destination="https://www.google.com/a/dev.authen2cate.com/acs"
ID="gahbmmoclhngahdkmgijdmfnjoajnonpfhojkdii"
InResponseTo="eopmnjkanijnhaooojjipjcfiapacicmgfnkmhmj"
IssueInstant="2014-01-09T07:43:26Z"
Version="2.0"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://debug-ad.authen2cate.com</saml:Issuer>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>XmexZKht13MLScVBPcrd+Dp1+jw=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Z5u23PrImHZndHYkMbJtj4+n1F7bW3G3GLwogR6wYDLi2vFwt1EzKWSd5ATJjRlTnQT11W8+Wf8P
mlVthcvuQeZY9/jijoOT88y/Li4+B9hgmpnZI6WmgZWtOdRmAUvTvUGF3fR13iUxuttmWCNG+0Bf
bwxj5pnkQOsXVdnDgY0rkN9qe2XxFx3VFuFcoEE3dQVTxLT4xZBsjX+N/ao9b/+tEwQHvdwHsAr7
hDaQWxkSXT5/T8+0Lljtv1NZ4GZHkI59i3f2j8UQ3LR19LfY0EykEvWCHP3x5EdVSarkzYyQOddB
R3480a6KQjJOOw+Hhsu/tL+bWrw2sJ7HpUXVkw==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIEzzCCA7egAwIBAgI............</X509Certificate>
</X509Data>
<KeyValue>
<RSAKeyValue>
<Modulus>wB4Uiws31Hjx0folWTMCJDrGFniKajRUgTgcVjNo8r/MUoWQEEh7lH7fOBPbdcREUQFllBMNLiFX
uSpKIsQPZVzPOwaWkWkBjTTISmG+nz9FCgOsyZnkWc0HFprC8Eg7x6I2TfPWZ1lKJhIiBWOI35m5
z9Xcr/LhleOPrDq66yTeCHABej4xs5kxFRGdgYtm9fdTQ78psHJseJm7hP6DbVCtVlBkesq7AAd6
r7B9Rj8nEQk4ZVtQWoo/4soF+nFwW6u4UyaLKswystI+B40XTizv4pNYQM6U6XZ+eoYJxTGlW2sU
gkeMWvYgM6BbNu5ex2i2DzTq3/lS8VnTpZEMWQ==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="gahbmmoclhngahdkmgijdmfnjoajnonpfhojkdii"
IssueInstant="2014-01-09T07:43:26Z"
Version="2.0"
>
<saml:Issuer>http://debug-ad.authen2cate.com</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">email_address</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="eopmnjkanijnhaooojjipjcfiapacicmgfnkmhmj"
NotOnOrAfter="2014-01-10T07:43:26Z"
Recipient="https://www.google.com/a/dev.authen2cate.com/acs"
/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-01-09T07:38:25Z"
NotOnOrAfter="2014-01-10T07:43:26Z"
>
<saml:AudienceRestriction>
<saml:Audience>https://www.google.com/a/dev.authen2cate.com/acs</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2014-01-09T07:43:26Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>

I need another pair of eyes for this problem.
My soap sample from vendor and my code generated soap
Pls tell me what could I work on to make these two alike.One think for sure is the Signarture tag. Mine has so many URI's..Looks like it is encrypting the whole message. Also the securitytokenreference in the Signature
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mhs="http://org/emedny/mhs/" xmlns:urn="urn:hl7-org:v3">
<soapenv:Header>
<wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d">MIICeDCC....(eMedNY signed user MLS cert).......</wsse:BinarySecurityToken>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685">MIIDFj.....( eMedNY MLS web-service end-point public cert)........</wsse:BinarySecurityToken>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-970e9a80-00cc-4c86-8ec4-3ba16e029a5b">
<wsse:Username>....your_username.....</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">.....your_plaintext_password....</wsse:Password>
<wsse:Nonce>KNyu6MsXCkTg4DDyvwvEiw==</wsse:Nonce>
<wsu:Created>2010-09-15T18:00:30Z</wsu:Created>
</wsse:UsernameToken>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>gpBAWt91pdwhKva............</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#Enc-0641b860-b16d-4941-91c0-d60bece67794"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
SAMP L E R EQUE ST W I T H WS S E CURI T Y
eMedNY Meds History Service User Guide Page 13 of 48 February 16, 2012
Version 1.1
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Id-f10674fd-b999-47c9-9568-c11fa5e5405b">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>wRUq.........</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>tBSsaZi........</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="Id-f10674fd-b999-47c9-9568-c11fa5e5405b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedData Id="Enc-0641b860-b16d-4941-91c0-d60bece67794" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>SQsTCAK6ZaVhojB8+Y.........</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
This one I generated using a custom binding
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1" u:Id="_3"/><a:MessageID u:Id="_4">urn:uuid:848a7231-015c-4312-8f33-5d780929e826</a:MessageID><a:ReplyTo u:Id="_5"><a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address></a:ReplyTo><VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo5EXKV18H0NGpFzQdQUpyfoAAAAAZ8XUgTPDn0+XJhO5/IiN5w7sG3fELmtHj/xndkfuYrIACQAA</VsDebuggerCausalityData><a:To s:mustUnderstand="1" u:Id="_6">https://service100.emedny.org:9047/MHService</a:To><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:BinarySecurityToken u:Id="uuid-b6dbb7d6-5204-425c-bbad-a48fdcc6bc02-3" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"><removed=</o:BinarySecurityToken>
<o:BinarySecurityToken u:Id="uuid-b6dbb7d6-5204-425c-bbad-a48fdcc6bc02-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">M<removed></o:BinarySecurityToken>
<e:EncryptedKey Id="_0" xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<o:SecurityTokenReference>
<o:Reference URI="#uuid-b6dbb7d6-5204-425c-bbad-a48fdcc6bc02-2"/>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData><e:CipherValue>cpNzU2vWQVjpUunQyy8D7dHUooHWF96tybpgEWxNiddkNBh38f6E/pDykBMI4+8LBmM7Y0o0QCDleK65kxddypo7kfSDK6NZRx8k7+wF/GOk2iMx4qufP/bBkUECIM5p225kDBanQcW7jCuLJuZN6+mUVIXwYpCePL/XLNRtfss=</e:CipherValue></e:CipherData>
<e:ReferenceList>
<e:DataReference URI="#_2"/></e:ReferenceList>
</e:EncryptedKey>
<wsse:UsernameToken wsu:Id="uuid-b6dbb7d6-5204-425c-bbad-a48fdcc6bc02-1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:Username>XXX</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXX</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">ZjkOD1RqShv7ZYpA4wEU+UhX7Aw=</wsse:Nonce><wsse:Created>2013-05-19T08:36:14.948Z</wsse:Created></wsse:UsernameToken><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#_1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>F7UsmXHI4QTXK3WDc6z+2uRUUFI=</DigestValue></Reference><Reference URI="#_3"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>DonC3xMPywpTOjov235wsJMaMcQ=</DigestValue></Reference>
<Reference URI="#_4">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>2dFhw0FhPvuQ3KmC49UXXP8I8bI=</DigestValue></Reference>
<Reference URI="#_5"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>k69pykploFPkXhw5ogDHcjcJUI0=</DigestValue></Reference>
<Reference URI="#_6"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>UGa8rjex4LcxUj2jNn/6oipzpdw=</DigestValue></Reference><Reference URI="#uuid-b6dbb7d6-5204-425c-bbad-a48fdcc6bc02-1"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>9KFMwwujEgkI/CFWqWtpJh05bhA=</DigestValue></Reference></SignedInfo><SignatureValue>Om7OYdNv4y8IlQCBqbOJhm+pjiMmMN0XlhkEQiQ+6xCAJ0z/ukLR/few30tWPrt6HBXjiAoy2E5N0UXmGBtaBL5Fd1jP3d8IY2mg1AvzdXkJly9zoI2Capj4QpqCDP7jjUwuE6T5BeSajLHvHp2goCspX1gZkTB4KhgMH3LOYsY=</SignatureValue><KeyInfo><o:SecurityTokenReference><o:Reference URI="#uuid-b6dbb7d6-5204-425c-bbad-a48fdcc6bc02-3"/></o:SecurityTokenReference></KeyInfo></Signature></o:Security></s:Header><s:Body u:Id="_1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"><e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><e:CipherData><e:CipherValue>gvhF+xGuMqxaQFpVFjxE+</e:CipherValue></e:CipherData></e:EncryptedData></s:Body></s:Envelope>
Thank you for your time
Sun