<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="mpbjjibncopjikaegdheinnnhljkapegmilnmbic" Version="2.0" IssueInstant="2012-10-22T19:54:58Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="google.com"
IsPassive="false" AssertionConsumerServiceURL="https://www.google.com/a/XXX.apps-poc.com/acs">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>google.com/a/XXX.apps-poc.com</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="true"
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</samlp:AuthnRequest>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Destination="https://www.google.com/a/XXX.apps-poc.com/acs"
ID="_48b9b368bcb048c392e14568b8fb7be7" InResponseTo="mpbjjibncopjikaegdheinnnhljkapegmilnmbic"
IssueInstant="2012-10-22T19:54:58Z" Version="2.0">
<saml:Issuer>XXX.apps-poc.com</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion ID="_7c3c9cf9b30e41eea419fd262e81ec10" IssueInstant="2012-10-22T19:54:58Z"
Version="2.0">
<saml:Issuer>XXX.apps-poc.com</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:email"
>US...@XXX.apps-poc.com</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData
InResponseTo="mpbjjibncopjikaegdheinnnhljkapegmilnmbic"
NotOnOrAfter="2012-10-22T19:59:58Z"
Recipient="https://www.google.com/a/XXX.apps-poc.com/acs"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2012-10-22T19:49:58Z" NotOnOrAfter="2012-10-22T19:59:58Z">
<saml:AudienceRestriction>
<saml:Audience>google.com/a/XXX.apps-poc.com</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2012-10-22T19:54:58Z"
SessionIndex="_7c3c9cf9b30e41eea419fd262e81ec10">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="uid">
<saml:AttributeValue>USER</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="givenName">
<saml:AttributeValue>XXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="sn">
<saml:AttributeValue>XXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="displayName">
<saml:AttributeValue>XXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="employeeNumber">
<saml:AttributeValue>XXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="employeeType">
<saml:AttributeValue>XXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="departmentNumber">
<saml:AttributeValue>XXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="mail">
<saml:AttributeValue>US...@XXX.apps-poc.com</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>G7NNJ82H9NCDO/xAEvjB1SXx+TQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>adT7ZXk0LC8MWtpSMt5WChegDK/ShHfa/H1pd/XajUn91Bwy9hl0ZwIX8OVwO/ldno2c7GFn6J3L
1gnBtqaHBJXHaLIOKq6mGVNo41FSQabSpFuc5LVpKpbLM2XCrJ4b3z/WumiIF2FWYkiT03U3V17Z
hSx695ckAUWoJZX/MwwfTFrCFSwbfNXAgIyldrf/XjOdNlbvguN51IgHWH/UFvWDfGRkc6c+dQL0
oNxbg6fi6W6MhKfgCtYEPmjHmZPoSIoHGGO64YG9t1f7l9ySJgt9U96lPGTSIsWDjA7u5vbEaC0D
rdLw0WLJNxuJUk2v/2AmMsC2RzBZ6Oiaxouz2w==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDkTCCAnmgAwIBAgIEFvzmHDANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzENMAsGA1UE
CBMET2hpbzERMA8GA1UEBxMIRmFpcmxhd24xHzAdBgNVBAoTFlN0ZXJsaW5nIEpld2VsZXJzIElu
Yy4xCzAJBgNVBAsTAklUMRowGAYDVQQDExFTdGVybGluZyBGZWRlcmF0ZTAeFw0xMjEwMjIxOTQ2
MDRaFw00MDAzMDgxOTQ2MDRaMHkxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRPaGlvMREwDwYDVQQH
EwhGYWlybGF3bjEfMB0GA1UEChMWU3RlcmxpbmcgSmV3ZWxlcnMgSW5jLjELMAkGA1UECxMCSVQx
GjAYBgNVBAMTEVN0ZXJsaW5nIEZlZGVyYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAo1F9Kslp8F1XkjaPperaZbVP3GAtSjPqlCCzL0uKPhYjeQJDi4oSWcQIurA8YczXzRpipwl0
2TvUewuSfmLCKnrXzTmXXIgoXczu9RdrQT7P4ftRnJflzoKllPlLbmHiqMoS6QDlYk4Eom9U0IXw
ZnDl7pmY1QvmilHe7cTteQWqz66S2AZb36vndz00nXspJXKi/y4WISU4xOQQF3sKl6H0865aFd4p
ifh0+Fu16uVzPzFzHX4QsrjwRkaIOfG9/DI4OZINr2bXKTJTs2d7RM1mB5Ph3vr79iewjd4CA7ev
1MjxrLw9/SZNrsJ6nI6rOIQYiAbMON6asMtgHboM/wIDAQABoyEwHzAdBgNVHQ4EFgQUOEbUyOdZ
nS6yX8O8tXaDl1ji3HcwDQYJKoZIhvcNAQELBQADggEBAGcYBOFMc8ZEvAaH8Me4eODvW03BrjqY
BxBEeMJ8pbBxfRIyRwwC+hAIHdzZYQJpeiYrefN/+S9jM9pIW06810Cz0aM5GoTZlCGtCfuywjFd
/WkChX6I3UlZDo6LZYZMFTKGcFvf3W/MOZ5BCylvUHmXQXyZcPE1PN5HQaiu7i0DGe9VByw0PkEP
6r3rSbRkSDNgaLziHLONURNAlsP1uTeLeIQCB0IPoXak23bh9Vv+8mtOakzbpKvfasRcVxHPRNjD
rJU6Ed0aULWrxDTrYuZl85okRWCrpxgfgYqOiwgHH7xHEmdpDXK40OMJuhNcRGNz4UtDfqcjIhb+
PZgN45Y=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</samlp:Response>
<saml:AttributeValue>USER@XXX.apps-poc.com</saml:AttributeValue>