I am developing a play application using pac4j for SAML authentication. I have already setup a shibboleth based IDP and it is working fine with a couple of SPs.
I have based the play application on the pac4j demo, which works fine with openidp-feide, but is failing against my shibboleth IDP.
I have generated the keystore as per instructions and have also configured the IDP metadata in the application. The request goes fine and i am prompted with the authentication page. Once i enter the credentials and the response comes back to the play application, things go wrong.
The error message that i get is as follows
[debug] - org.apache.xml.security.signature.Reference - Verification successful for URI "#_3b44b10eeb4a12dcf2abfe318a01885e"
[debug] - org.apache.xml.security.signature.Manifest - The Reference has Type
[debug] - org.opensaml.xmlsec.signature.support.provider.ApacheSantuarioSignatureValidationProviderImpl
- Signature validated with key from supplied credential [debug] - org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine - Signature validation using candidate credential was successful [debug]
- org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine - Successfully verified signature using KeyInfo-derived credential
[debug] - org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine - Attempting to establish trust of KeyInfo-derived credential
[debug] - org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine - Failed to establish trust of KeyInfo-derived credential
[debug] - org.opensaml.xmlsec.signature.support.impl.BaseSignatureTrustEngine - Failed to verify signature and/or establish trust using any KeyInfo-derived credentials [debug] - org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine
- Attempting to verify signature using trusted credentials [debug] - org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine
- Failed to verify signature using either KeyInfo-derived or directly trusted credentials
[error] - play.core.server.netty.PlayDefaultUpstreamHandler - Cannot invoke the action org.pac4j.saml.exceptions.SAMLException: Signature is not trusted
at
org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validateSignature(SAML2DefaultResponseValidator.java:690) ~[pac4j-saml-1.8.3.jar:na]
at org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validateSamlProtocolResponse(SAML2DefaultResponseValidator.java:206) ~[pac4j-saml-1.8.3.jar:na]
at org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validate(SAML2DefaultResponseValidator.java:144) ~[pac4j-saml-1.8.3.jar:na]
at org.pac4j.saml.sso.impl.SAML2WebSSOMessageReceiver.receiveMessage(SAML2WebSSOMessageReceiver.java:96) ~[pac4j-saml-1.8.3.jar:na]
at org.pac4j.saml.sso.impl.SAML2WebSSOProfileHandler.receive(SAML2WebSSOProfileHandler.java:55) ~[pac4j-saml-1.8.3.jar:na]
at org.pac4j.saml.client.SAML2Client.retrieveCredentials(SAML2Client.java:246) ~[pac4j-saml-1.8.3.jar:na]
at org.pac4j.saml.client.SAML2Client.retrieveCredentials(SAML2Client.java:75) ~[pac4j-saml-1.8.3.jar:na]
at org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:191) ~[pac4j-core-1.8.3.jar:na]
I have checked against the response that shibboleth is sending and its clear that the same certifcate that has been configured in the SP metadata is being used for signing. I have also checked that the signing certificate of IDP is same as the one provided in the IDP metadata
The SAML Response at shibboleth is as below
2016-01-24 23:47:12,017 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:198] - Marshalling and Base64 encoding SAML message
2016-01-24 23:47:12,024 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:220] - Setting RelayState parameter to: 'myappidp', encoded as 'myappidp'
2016-01-24 23:47:12,040 - DEBUG [PROTOCOL_MESSAGE:70] -
Destination="http://lms.myapp.in/auth/complete/tpa-saml/"
ID="_51e20c09b33474416b337650cea49879"
InResponseTo="ONELOGIN_3873668f77ebeefc8e0f4011223f8877d98b17db"
IssueInstant="2016-01-24T18:17:11.804Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
https://idp.myapp.in/idp/shibboleth
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
URI="#_51e20c09b33474416b337650cea49879">
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
nuS/WnS4LarO4u0tcLy99kbZwXVk9RG/fD8ooZi/Mbs=
kaESN6JGaUfMs1SbAr1BsmJCD/2kddZFCarJcO1jmULQJHrqfRkBrnaqQeFT129+jKXqksxSdv0C
nSENGWDVJS+A2KCJn7MzJdMjUTokJEf6M76dKycYD9/W0zQFKG6FFcCUReeH/GZm9iezCyP9C4Wc
qpeaC+2po61TTQ82OtGh3pIvZ2bUcDmbU/UWBbUX1EJv7twvCayW5+jlIfIWjZjpt73PqtvwMxht
IT9vwcme5i6NYZTxYlJ9w2wvIFLXInLOM73pD+TG4eEZtONeztW+BGgGZ5McJdpPMnkiNouOo+WA
B77yGBq8w+ubIIlxPU5ASv5r/YqxOPJyZZIhEw==
MIIDMzCCAhugAwIBAgIUf9lIsNpjiw9W3K/sv9ZtXwDb5PkwDQYJKoZIhvcNAQELBQAwHDEaMBgG
A1UEAwwRd3d3LnRlYW1yYWluY2xvdWQwHhcNMTUxMDEyMTczNjE3WhcNMzUxMDEyMTczNjE3WjAc
MRowGAYDVQQDDBF3d3cudGVhbXJhaW5jbG91ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJVLITrYciKJv6y/LWAkrAdDfW5wUCNFMwMy6zA2CKZQFAWNCrqzLUztOgVL0Yob/9onxaGX
Mx5khA96/kHrJ3UNy1tZy9s9JDkvwVxzyPgkevHO9wCcT3NDqwyqJk9Xyw9qN3ve0KYpJglXuy/z
dVYVmIoJF+6rdk/dIg2mTSMCRFccyJijMcfw7ceL9tEJw1iOry5HO9emJYKkAS2WwAxPXerYvNGn
AA13kb/501dzWjsCkTnG8ip0gzCMFAFnqi+sgsEHr3YzN20mZTEohpHs5hPUqnk36FK4a9Q4lLMe
KO487DxdT5RBxty9VjqYPWRYfZWAUEhQ75YepBZPJA0CAwEAAaNtMGswHQYDVR0OBBYEFHwNiLBy
y3pf+1YL48M0RcW+zyPGMEoGA1UdEQRDMEGCEXd3dy50ZWFtcmFpbmNsb3VkhixodHRwczovL3d3
dy50ZWFtcmFpbmNsb3VkLmNvbS9pZHAvc2hpYmJvbGV0aDANBgkqhkiG9w0BAQsFAAOCAQEAkhXy
6blk5vMcmIRkQhMit8D7STzUGx+qiaYo/MYWBBNDu4NBbmNvzdvhwpNdmHvIYHbbB6TcWeaELYo9
kIjMtw/70RTI6K40DRZDtt33SE5R87AxHIlGPDhGXQgC1oB6FWcJjvTq3rKYYMmxDLJLl8orHxiI
OKb9SYZR96bXDdqygV5PPJfe68TaIPJ1TRechFDxKTam+8HNEstOot66k+ERXfvu6gsGe+EbyIUZ
913zHxlf0xM+YH7O+OPcNkKo9jGpLyzbJZa7NsBM7RzVdH1RyGF1El1JyzDNyD2H1sQ3YCqxLdnu
UCQ8Q7+2cB3xRWgjGrPXc+y8zWMmI5CQxg==
Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
Id="_1f15b021e3b9352a57cc33a7ef00626e"
Recipient="http://lms.myapp.in/saml" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
MIIEBzCCAu+gAwIBAgIJAKFBsY8ExEytMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYDVQQGEwJJTjEL
MAkGA1UECAwCS0ExEjAQBgNVBAcMCUJhbmdhbG9yZTESMBAGA1UECgwJUmFpbkNsb3VkMQswCQYD
VQQLDAJJVDEbMBkGA1UEAwwSbG1zLmFzc2Vzc3JpdGUuY29tMSswKQYJKoZIhvcNAQkBFhxqZXJy
eWt1cmlhbkB0ZWFtcmFpbmNsb3VkLm9tMB4XDTE1MTAwNTE4MDUwN1oXDTI1MTAwNDE4MDUwN1ow
gZkxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJLQTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRIwEAYDVQQK
DAlSYWluQ2xvdWQxCzAJBgNVBAsMAklUMRswGQYDVQQDDBJsbXMuYXNzZXNzcml0ZS5jb20xKzAp
BgkqhkiG9w0BCQEWHGplcnJ5a3VyaWFuQHRlYW1yYWluY2xvdWQub20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQChj08jTkeW2JpUeIFSm8vVjtSkOtKHPsjHuKTEvSHY1ms2+bKPOvZr
lRAsVnRZxFBG95hQe5/SLGvX2K58dbKb/T1AVxDdn6l/v2wfPyVhIlRFvc4S1nDnrdGTMnA6jLuR
r7dtUkMS7UiuT+riVxH9S4Mdj6q5Yo2hI0tIDSSSlD/wxDeN6siyU0uLRbt/cxHjphGNx8aU59in
BDfiKd8M8y1wDmzUxALYgohIKJWugblFOxcTFkU6fdTlOyw6uxKdyo8wT0Cf2K9u9uXM47Xkc5/O
RCrKKL2KduWOekKSrTWZ8gswWIAb1QEOkBbkasvoFepVmsazoF7WxBShXhILAgMBAAGjUDBOMB0G
A1UdDgQWBBRCd7MD6nA1pdlwSeLASZ+VJ8g0SjAfBgNVHSMEGDAWgBRCd7MD6nA1pdlwSeLASZ+V
J8g0SjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBPj0rv+GLPB51+0w8gcLzR38vb
Byd2rpSFy3H+5gNjMBXo4hDqip4VCarvYNHH2UX0P87mprdryakdF+woLgTuZg0RPqlyaeNvMECC
osyo9hmY+MFIPZXECASu96FKh6IhWMXdljEcUCjQo06xrFEMKS4NVrIJMasRcPg3KO+VZ55Zn3hB
OANDcXqT6X0o4ml5ZvsRDs+Yk4b4DTVzGrErz2/AKcKdyjNUnAA9UNBe1aQXiJ4HGGyOPAfxwJnt
DgSGiHnk3B8ru3c5sDICxjVyebgtJFa/Q0AeTy9gPAVLWKp6Y4kcincl5T00j0IWchM/fNsXiViL
NRoMrvixc9eU
Ewo8Qu6Wq/rDo06DoiiTkyIx8FJTio1gltDg1rz9x+R6hHkXuJKJupTHF4Idk2K3CoF8uwFPDPNp
f95/EOzYfWAVMI8VDH1hv8DCez+ArKLIcqYywgZc2zRk4ZETSLkIznzemqF8fiCpD/F+jQhFz0xX
o5YA0jkOUel25iW7+3VvPOWwXmJBZrZn3kmTmoM3wiC5DQQnkOoJJFDUNLSax8ptKn8CiQfQeiG1
/2EyTBIW+EKvrahCVjyE8k5sbeXlRY3YIsX8ep0tY9QbMEZkyOD4E4DNpXJqsNBBsEsrpW6+nnQJ
3Chx8ofq1eAWeT+bVa+fLkx2BiNWrQicEhfDPg==
ad2hJpuF+fEwR0CjvpZkNvOhk5jvEjz55UvpeUWyBHxVLK2Loo2GvUCTZIOmQMNfcovK19BPAjZd
OK5ib3oUYU7RhliymjCGT/ItJ5E5DeTx25+jBaoX+Mv9H2lfGgNAQ70KHuCDsjvOT3xyOWicjRIC
JCIM4dB9LD37mut0C+Q3ukUAGKv/QkNd6GgOS2j9Cda6dJCmgBoFOUGgQ69xLDBqSqIwsupwd7k1
X6qad/5grNscc2q07FO5oi4OLPooI3CjAdCm0iYpLXnIaNi5VxXddD7H0XQ+jslLnGF6sN6uS+YF
d6cZK7X/Gl5uIO6h/+N0uKicqX6ZC4DyCr+5dUIzOgZJRtedO3eSgj13WKbOaRURFYpeCRLYiY4K
Xymv1UFTkIw5VKjFxL2VewWQfnj1R5yKR7AIJzaEtKUH9rXonSBluyYJ0HpdTBp2zh7X3DirPna4
hRtGUg5x+3cLfR6u38jEAdSS5NkzpgftUE0tm9VXjMyEfXozseqBHKycPcmFWRLai/2lpCk04jn/
ExNKOOagBnQqD0jfM4lnQfkFTKtUMeNoVk/WL0ae7WEZpLMwsl6bRFfdSsLipKgHSuM3RKkQUWwl
4aIhN3v/ViM46j0CJWF0ZJmwplXR/WuBoxNelFFrqIJKTVAtXhxeTHAhDsABnNxmwt32UFJiGuBx
5mCYDrCUu7p6pHWyej44khnolCIwpdVIgbsue0hj6tenkwo76MjxW2KtOaWbAKAbQ/fVBezjBdol
red/N+FLri/aoVFx/hio5iXc1ZUye+ULNV8kvcR6Xz9QR8HpipxfmXze7IyN0rT8iMWICSolhEhk
LxhWD7oJd7ES/HhwiDd047nDEy/rofnMMxrSwScGnv5gk1mCddHOMjQFiRFN8j9v0b35StAtqFzF
WE1VsZa3PeaCnqy6/VDHUai840FGdzMQVAsN/r4Se5ohKQOVK8kHHS1zD4ejIIMcWC0hRkcXS3X0
MAxfmRkTljTRRdoTkw0HK7uhYjcrkLdhenPdrtBKj01Po6m50SnVmGEtx8FZdv2X3s2BTpT/sNcy
BGI/dVE5aBJRF+nyUZzts7kx+o9nN8Wwmfy5gIqdd9F3TVTVbOQW046gC+LPFWa8Ux9qaTRkQKJS
t8Cdw+cLMW3OA8zHIhXnOKSY86m6fUwKa4fZ2/EDPDQRkwnhtNRdmdbOfwrJyN0IMerQ2k3F9zQ9
5HeF2VMBQvhAXfTELdsitetiVByftqxxq5cGujewNRQwGSK5DVbg8NIbNHJmJt8ywoBcozNBkS5x
6KhYOHDQ5HdpFrYgj3JpU7FhKYzQqBO8qdQKoOACD5MA5eehrVJd2IyJxTkrVUfVnCQNnj3WiYC+
C+X29i39uhaCorFsetAejz33rHUCGN8RggCEpbRLF/feK4n6bpmSjgMzujekRsLZl7Rxpu3Lamsh
bPWxvGwB9BdnX9qgyrOz+QDJY1jX6eY2whXx8qekTX3waINkFeSDZJvhFLbZbOjAZgNUu8/MxQzR
6oM8bUrgVR4JV+pqkMkNhK2PyWu51Vw8i5f2OSylRRdd0TPLOPoDvmUejUjG/G8amvIi+BMQDUXX
C8VNibgNt5znGGpOcN/B9Dz7C7+y/rS5UcPRkOwtCe+tvASWUh85FGWNzJ/g5iHri/sT+Cv5QwNj
xHRQ2sdyGLI1la8k0KJV9KCCTnBxenlgtZ2ITT7Hojq3cmOG9db0MUzgV/LyJVkQSo1xGX8LaNys
K9prHaAD0fy+Dtonm92ElXHsYrR+YgZlF5ZsIRq2evQR0weapB8jWrDVluroq7YO8g1lg823y900
baNx10NjHrLoovKHq7M996or0og0W41hSjfKamm7bRMYYzPQS5B6Y4tqI0d+7y+Czt8F37jGkmn+
HOLgmKorJn3Vyrn1JW+KvQW7M9cvwGkC68MV5m/NAVcm6UdU6OqyeRcbkyd+degdL+RiLv8pTHYK
aC/zGr8OrUTl0Hz3VnFo/YRY6mL0Ss3ERNEG2NuYSjyPtuACa68RxUUl0kInafZ6aYIZ0g/ZvRII
ji0q5qSS36VOVgfC3ZS1H5uF9DKOEuUvklvL62jnXILSdd4ZoTyKCOxW+N0mmao5XgzQ4ExckUJq
nS0AuQPKRMzZ//FabfTI0y9yIhOrNADGRl1MqkrmBAmdSwDnzKzJzhUWiI0E9r/Vr56i895/X5Cv
HxR6NwBisvn1StHPekqD25HAqrpd6gaLjmbZJlQYssHNSzrfiMyErOAfsuDL/lD+qLR7vp8q3QXa
LT6F50dTfn3dlWQ/q1bpAaQtGNpaBvzaeDvH8fNVuE0SUQt2Yk0TKqweAXqByQ/S7bV8Qse2cy7r
mADzoat6cJyCpGtfp6juOLpVGD9b4HSwPBWOYK9OorlGd7MU1jO/DXm1hSPT+/hfD5vjK1XGZSiS
EJjbEduk05WZ55aWu493XqLunsGrPaSfGCeKAme7T0HR44bRsITFcpcOZQAAdZvBGDg+CMcEVhff
Kb6a40lm2YVe/+B1BFKbZRi19VDtu7GTq1EhVqkqnUQ1V++EF7zd3VibjJhINiJQbQ0Kg3sG1W+S
tWqOQwsDpexwCcxoQJUxWLT5XL201qTQyQCCF6ym
While the SAML response being received at Play is as below
[debug] - org.apache.xml.security.signature.Manifest - verify 1 References
[debug] - org.apache.xml.security.signature.Manifest - I am not requested to follow nested Manifests
[debug] - org.apache.xml.security.utils.ElementProxy - setElement("ds:Reference", "")
[debug] - org.apache.xml.security.utils.ElementProxy - setElement("ds:Transforms", "")
[debug] - org.apache.xml.security.algorithms.JCEMapper - Request for URI http://www.w3.org/2001/04/xmlenc#sha512
[debug] - org.apache.xml.security.utils.resolver.ResourceResolver - I was asked to create a ResourceResolver and got 0
[debug] - org.apache.xml.security.utils.resolver.ResourceResolver - check resolvability by class org.apache.xml.security.utils.resolver.ResourceResolver
[debug] - org.apache.xml.security.utils.resolver.implementations.ResolverFragment - State I can resolve reference: "#_3b44b10eeb4a12dcf2abfe318a01885e"
[debug] - org.apache.xml.security.utils.resolver.implementations.ResolverFragment - Try to catch an Element with ID _3b44b10eeb4a12dcf2abfe318a01885e and Element was [saml2p:Response: null]
[debug] - org.apache.xml.security.utils.ElementProxy - setElement("ds:Transform", "")
[debug] - org.apache.xml.security.transforms.Transforms - Perform the (0)th http://www.w3.org/2000/09/xmldsig#enveloped-signature transform
[debug] - org.apache.xml.security.utils.ElementProxy - setElement("ds:Transform", "")
[debug] - org.apache.xml.security.utils.DigesterOutputStream - Pre-digested input:
[debug] - org.apache.xml.security.utils.DigesterOutputStream - https://idp.myapp.in/idp/shibbolethMIIDhjCCAm6gAwIBAgIEVqTnkzANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMCSU4xCzAJBgNV
BAgTAktBMRIwEAYDVQQHEwlCYW5nYWxvcmUxEjAQBgNVBAoTCVJhaW5DbG91ZDEWMBQGA1UECxMN
UmFpbkNsb3VkIERldjEoMCYGA1UEAxMfaHR0cDovL3BvcnRhbC5yYWluY2xvdWQuaW4vc2FtbDAe
Fw0xNjAxMjQxNTAyNDNaFw0yNjAxMjExNTAyNDNaMIGEMQswCQYDVQQGEwJJTjELMAkGA1UECBMC
S0ExEjAQBgNVBAcTCUJhbmdhbG9yZTESMBAGA1UEChMJUmFpbkNsb3VkMRYwFAYDVQQLEw1SYWlu
Q2xvdWQgRGV2MSgwJgYDVQQDEx9odHRwOi8vcG9ydGFsLnJhaW5jbG91ZC5pbi9zYW1sMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswYEntA5SkySM0F4bLhAAwP/UwBH8R6q+nWPGOUk
EZBZ0t1HVEV5U4IRsNzxRCWE+qmNmmhjuYoi4xABTz3dxdS3iHyqBz96/aydNbHoc0g1Yv5XPmNJ
CH+z+atJPMTatQd8zOfeFmueBXM1YYSIzjiJEI6RFAKM8qPzgpMU6TZV+fsHQCkhsDyHBO4PS120
trCskm4x5gOYw4hJBkL7t7WWSJQOVl8TsmfYtHZXErV3f/E9USCb52SFpNrc2nSLarSoqvu59156
TfoKu86gYhKJnGm8wx/cURA8fC9JsQCL/GaHe5rzvby63lLQUVsfK2cQW7O2yJE+6gfaWFlTOwID
AQABMA0GCSqGSIb3DQEBBQUAA4IBAQAKzPLph0TK+MSpya1P7cD8EsO7d8C+xH0Rn07C5/ieYYrp
0yNispd6FfegaxBPk7tmIWeAlfviEGSLZqXlW/bPQrL1oOASB++LiGoTedj2lPjnsygvu1B8v6ze
6vi8+yJy1vhg9k94ll5+3w8jG7uFZhodXzChjiTeC948mqeI+27CJglsH4M1YddmdBz1oaEhBb/8
Y00zMipDdX9p/wW20wGyWVt1a3VLtHX02bbb70vp5/TnECimU8GvUr2Ku2zrdRrc39PAXH2RT8n8
B7kbwRQ0I+0PGc8jaf/gSKXEpUzjTGBjya2pHV51qSgAR+nBErgZJTsJQuDsnBrS6OmFLjiZaaGgldyQS4AJ3y2sJbbnQHF+4epKHQ9kUiGdOphITxClArrqpSUXO+9DlQnhfLLhvfk+yBkg
OyTkMhTq+UA9oTKTGLDRkwwAnhRiaILfIW3ajTMXsfE0SBJFBnhoWERyk0EMppPa+2Q3d+ErxJGS
0RA14nOfweNtX8S/Utl1uwoewFnIjobSVxHbwQB3ARxK92nXfJnRNEDaAVp73MPkhib9n51GlVNt
yjyqN+YuM1MHbfxZxN7KMvtcborhCz2oyhfq9ZSVkJA0nO+mSWZkiuF0fBG2TwrbABd/zecTTy/U
lGUR4AkqpFfuMvL3KouOrJHVrQ4ipZGw8BA7oQ==zW0B1jmTWtbx6GDm/l6hzErGhDDE+I9tnsWIWjvlmsIw2s9lbEji/+BAJs7WN1pIfds06oIPT+1A
rq8xJ5FEmJEM7X3V0ZjMvSVHmlT2ZXryQn35CVoO7kT6qBQVrRrUPIwZdqunMia3uZLF/Iw3QuOJ
1Nb6lI2qtoLSueoQXFVXvJK7WFNweCULsLrJQU6O26BDQ8Ym79CWkKJF2UjgEerJc+9V5QC/0iPF
NDJgaMJ8dTztRoK2keMjqQHhSrEDscxYuGu5SrYEmAHRTe+szOf3FNb+1mzcOM70dyND5tqL666W
aWwIsxWICmDqEugzVdJir8nEgx454cX4RmhdnANpTCwwvRuOrjdMRQVp2UMtaN2T1VvL/tdRgFy4
MR+oijH/LU4oaQMUju5/aFslHvp8rj0X1SwufujA/SWssbZ6VBs09ggMUj517zhjtYCxH5JnbgKa
dmFs4zf0ATgnd2QJPxXaRTSMcjSxykYau7bQOROy9FmczInOooUVHqbayAc7v9j1jMDUXDZ/9/cp
J+VOcA895QkzKR7frPoJyXQEHGPvPXkwpA0Knb4LlZO+M7+49nyGPP85IsHLd/AE8QkyjaHWjuW9
4HC2fNUHFLpnHNpRsZqt4jq4nsHvjRP/iJdMnj2mwZ4iqcocBTrv9nvVk7jPFlJCajic9UESyL7E
VAAT4q0Xx3PVtBE71DNMpRrCIRD0zxbXflIFQMkRUKGTXV00ncF4ZtsUKuM9/3c2xY7aeAdRDhg4
oVA06vOh9agvF0VIIgjY1hno+qZZWzhD8CT+H5EZTLIiITRVFTK9C2tyEwPtBG/WehVokrdcLSHW
DR1sOv9ES3fsJCWzKn5gqc7iP1bSO7QeYz2FVluXF7EOFVtqBhIg9hOZau3Jl9FZ+YonHYYNTkxJ
9j7d55ZmspJsIUfywFEqO3aILBMh3k3Rm0wsG9vgckr0rLCBv9gYzF40u+8i2jZVR3Ejr8ThBJWh
329hjQiyMwYPXoOGLn+gbQCIR2tXAspYAbuO2OUfzBja/CyF4QMFKmfZXutTq3CAdI/6VYR30QOD
Oxit6cvuNwok5RtJwihxM72tVNzMxms6E4OZ5kDGsQdTF8azo9GpbsHLvpXn4ekjPuwI6WG5HQAn
QCqxJstlEKM+MD0UcHk4onzi8v71KzEvQrl3Mi6cxv7PUK/0q0Ttyzghgx3ms0ppC1S/RLdbziXd
gPox1GDztEv/pzFNF3Q4phR+CzlY/TMKYCpq5hfNsY/PUykKfy6pmudanMtrazIdJfsp0qHnY0+C
7lcB7TPWkv2DDn7iSbYchUZxvRrOAfchF2wV73YgFNIfRtxg9mRH0rfmo9PbnUNsAPy6HDuUDVoX
eSDD+UXRwg8gsjnmK7V5/Y9EDGgMKBBLwaZLdgSLyIrdjM8uaZa2uYvgp3KhuBTe16Nv51mPhQtx
mMUeXou7sR0fR4xp4F4nOUEvzAHEpCIfkC8kw2JOdud/uYvoB5x/F1yGkz0s9+0Gddq761lD1XGt
XbfqOYCGq2xhPywQco2dBJThA93keLitW4CaYwwvLF7vzqmwKsa0jlXjqBQCEy0hAuNCMsi5QfdG
Y2QK/BzCAxi/ult+Ja9BQ6EERmXJguefZcJVkwq1UQr3E4FDSP3qbMaRhZSZ4th4Z6xFFm0fI1+4
JwL+V6iHrNcc9FV6VSiy2UigGwnM5Dtn5Ez3IuGVOVSSGZXShv86WPwjo0y67GSr5qsvPxc8MaCM
XEtX+kpLesvpM3FCKjOtixojpgeoImM40lTQKTOyh3Xwa3Uy/e+rVICVCkgjPH9gjJGq007bRa/F
6aqF3pNwpHX7FVbqQ5Ys5vXZ5d92EsGIJA+oIaD85+AlcOe+SId9pQPAOzHwg7ntqWFXWIoSrLr3
XN65FiEfWTlbGhlFFeulnXMwnGOcOWNg6AH92Z/5gEDwJ/3OdBJ49YWVAiH05KrXsjUVV0Ug1VEJ
Jn79hR3FP9B3nfSJjcmA8gjFFJEu9HrBuORsy2fB0qv41YJ5BTl+GQ2kxK7DfMureCyPlfuUaao7
isMcSXB6Q93tavRfdj5vRdv8WnCniK0A0/s149jdpYqy3NID4gbJBg7hvfp8qDWdhzFZi68hawcb
GNwZssn5l/5Zuntyc7kYJmDzZXv78K5E8pWMo3j/1wZUohHkHlu/djfpVvyYa6KhLGolkJl4cluo
F0iu+41l3ls1SiAF2FBpiD0dY9Q+T/DaTI0nRBuKsppKgBI+kriG9QnFj1kdGfSMiCI8YdM1750J
ZUYCVleGxzfuYLD99REAhA8Htam+Jl5X+Rht49y+4V8vJwgYnXNPHmyvTrrDkn28/Y8=
Really not sure what i am doing wrong here. Appreciate any help in this matter.