diff --git a/README.md b/README.md
index 59d764199..1a4a0b654 100644
--- a/README.md
+++ b/README.md
@@ -89,13 +89,12 @@ Once you've redirected back to the identity provider, it will ensure that the us
```ruby
def consume
- response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
- response.settings = saml_settings
+ response = OneLogin::RubySaml::Response.new(params[:SAMLResponse], :settings => saml_settings)
# We validate the SAML Response and check if the user already exists in the system
if response.is_valid?
# authorize_success, log the user
- session[:userid] = response.name_id
+ session[:userid] = response.nameid
session[:attributes] = response.attributes
else
authorize_failure # This method shows an error message
@@ -103,7 +102,17 @@ def consume
end
```
-In the above there are a few assumptions in place, one being that the response.name_id is an email address. This is all handled with how you specify the settings that are in play via the saml_settings method. That could be implemented along the lines of this:
+In the above there are a few assumptions in place, one being that the response.nameid is an email address. This is all handled with how you specify the settings that are in play via the saml_settings method. That could be implemented along the lines of this:
+
+If the assertion of the SAMLResponse is not encrypted, you can initialize the Response without the :settings parameter and set it later,
+
+```
+response = OneLogin::RubySaml::Response.new(params[:SAMLResponse])
+response.settings = saml_settings
+```
+but if the SAMLResponse contains an encrypted assertion, you need to provide the settings in the
+initialize method in order to be able to obtain the decrypted assertion, using the service provider private key in order to decrypt.
+If you don't know what expect, use always the first proposed way (always set the settings on the initialize method).
```ruby
def saml_settings
@@ -147,7 +156,7 @@ class SamlController < ApplicationController
# We validate the SAML Response and check if the user already exists in the system
if response.is_valid?
# authorize_success, log the user
- session[:userid] = response.name_id
+ session[:userid] = response.nameid
session[:attributes] = response.attributes
else
authorize_failure # This method shows an error message
@@ -330,8 +339,8 @@ The Ruby Toolkit supports 2 different kinds of signature: Embeded and as GET par
In order to be able to sign we need first to define the private key and the public cert of the service provider
```ruby
- settings.certificate = "CERTIFICATE TEXT WITH HEADS"
- settings.private_key = "PRIVATE KEY TEXT WITH HEADS"
+ settings.certificate = "CERTIFICATE TEXT WITH HEAD AND FOOT"
+ settings.private_key = "PRIVATE KEY TEXT WITH HEAD AND FOOT"
```
The settings related to sign are stored in the `security` attribute of the settings:
@@ -354,6 +363,28 @@ Notice that the RelayState parameter is used when creating the Signature on the
remember to provide it to the Signature builder if you are sending a GET RelayState parameter or
Signature validation process will fail at the Identity Provider.
+The Service Provider will sign the request/responses with its private key.
+The Identity Provider will validate the sign of the received request/responses with the public x500 cert of the
+Service Provider.
+
+Notice that this toolkit uses 'settings.certificate' and 'settings.private_key' for the sign and the decrypt process.
+
+
+## Decrypting
+
+The Ruby Toolkit supports EncryptedAssertion.
+
+In order to be able to decrypt a SAML Response that contains a EncryptedAssertion we need first to define the private key and the public cert of the service provider, and share this with the Identity Provider.
+
+```ruby
+ settings.certificate = "CERTIFICATE TEXT WITH HEAD AND FOOT"
+ settings.private_key = "PRIVATE KEY TEXT WITH HEAD AND FOOT"
+```
+
+The Identity Provider will encrypt the Assertion with the public cert of the Service Provider.
+The Service Provider will decrypt the EncryptedAssertion with its private key.
+
+Notice that this toolkit uses 'settings.certificate' and 'settings.private_key' for the sign and the decrypt process.
## Single Log Out
diff --git a/lib/onelogin/ruby-saml/logoutrequest.rb b/lib/onelogin/ruby-saml/logoutrequest.rb
index c75e2f049..b00c7aed8 100644
--- a/lib/onelogin/ruby-saml/logoutrequest.rb
+++ b/lib/onelogin/ruby-saml/logoutrequest.rb
@@ -101,15 +101,15 @@ def create_logout_request_xml_doc(settings)
issuer.text = settings.issuer
end
- name_id = root.add_element "saml:NameID"
+ nameid = root.add_element "saml:NameID"
if settings.name_identifier_value
- name_id.attributes['NameQualifier'] = settings.sp_name_qualifier if settings.sp_name_qualifier
- name_id.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format
- name_id.text = settings.name_identifier_value
+ nameid.attributes['NameQualifier'] = settings.sp_name_qualifier if settings.sp_name_qualifier
+ nameid.attributes['Format'] = settings.name_identifier_format if settings.name_identifier_format
+ nameid.text = settings.name_identifier_value
else
# If no NameID is present in the settings we generate one
- name_id.text = "_" + UUID.new.generate
- name_id.attributes['Format'] = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
+ nameid.text = "_" + UUID.new.generate
+ nameid.attributes['Format'] = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
end
if settings.sessionindex
diff --git a/lib/onelogin/ruby-saml/metadata.rb b/lib/onelogin/ruby-saml/metadata.rb
index 209f3e43b..ebb108970 100644
--- a/lib/onelogin/ruby-saml/metadata.rb
+++ b/lib/onelogin/ruby-saml/metadata.rb
@@ -42,8 +42,8 @@ def generate(settings, pretty_print=false)
}
end
if settings.name_identifier_format
- name_id = sp_sso.add_element "md:NameIDFormat"
- name_id.text = settings.name_identifier_format
+ nameid = sp_sso.add_element "md:NameIDFormat"
+ nameid.text = settings.name_identifier_format
end
if settings.assertion_consumer_service_url
sp_sso.add_element "md:AssertionConsumerService", {
@@ -54,14 +54,21 @@ def generate(settings, pretty_print=false)
}
end
- # Add KeyDescriptor if messages will be signed
+ # Add KeyDescriptor if messages will be signed / encrypted
cert = settings.get_sp_cert
if cert
+ cert_text = Base64.encode64(cert.to_der).gsub("\n", '')
kd = sp_sso.add_element "md:KeyDescriptor", { "use" => "signing" }
ki = kd.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
xd = ki.add_element "ds:X509Data"
xc = xd.add_element "ds:X509Certificate"
- xc.text = Base64.encode64(cert.to_der).gsub("\n", '')
+ xc.text = cert_text
+
+ kd2 = sp_sso.add_element "md:KeyDescriptor", { "use" => "encryption" }
+ ki2 = kd2.add_element "ds:KeyInfo", {"xmlns:ds" => "http://www.w3.org/2000/09/xmldsig#"}
+ xd2 = ki2.add_element "ds:X509Data"
+ xc2 = xd2.add_element "ds:X509Certificate"
+ xc2.text = cert_text
end
if settings.attribute_consuming_service.configured?
diff --git a/lib/onelogin/ruby-saml/response.rb b/lib/onelogin/ruby-saml/response.rb
index e2e1eca00..3f58b23ec 100644
--- a/lib/onelogin/ruby-saml/response.rb
+++ b/lib/onelogin/ruby-saml/response.rb
@@ -14,6 +14,7 @@ class Response < SamlMessage
ASSERTION = "urn:oasis:names:tc:SAML:2.0:assertion"
PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol"
DSIG = "http://www.w3.org/2000/09/xmldsig#"
+ XENC = "http://www.w3.org/2001/04/xmlenc#"
# TODO: Settings should probably be initialized too... WDYT?
@@ -24,6 +25,7 @@ class Response < SamlMessage
attr_accessor :errors
attr_reader :document
+ attr_reader :decrypted_document
attr_reader :response
attr_reader :options
@@ -39,7 +41,7 @@ def initialize(response, options = {})
@errors = []
raise ArgumentError.new("Response cannot be nil") if response.nil?
- @options = options
+ @options = options
@soft = true
if !options.empty? && !options[:settings].nil?
@@ -51,6 +53,10 @@ def initialize(response, options = {})
@response = decode_raw_saml(response)
@document = XMLSecurity::SignedDocument.new(@response, @errors)
+
+ if assertion_encrypted?
+ @decrypted_document = generate_decrypted_document
+ end
end
# Append the cause to the errors array, and based on the value of soft, return false or raise
@@ -76,11 +82,18 @@ def is_valid?
#
def name_id
@name_id ||= begin
- node = xpath_first_from_signed_assertion('/a:Subject/a:NameID')
+ encrypted_node = xpath_first_from_signed_assertion('/a:Subject/a:EncryptedID')
+ if encrypted_node
+ node = decrypt_nameid(encrypted_node)
+ else
+ node = xpath_first_from_signed_assertion('/a:Subject/a:NameID')
+ end
node.nil? ? nil : node.text
end
end
+ alias_method :nameid, :name_id
+
# Gets the SessionIndex from the AuthnStatement.
# Could be used to be stored in the local session in order
# to be used in a future Logout Request that the SP could
@@ -205,9 +218,10 @@ def issuers
issuers = []
nodes = REXML::XPath.match(
document,
- "/p:Response/a:Issuer | /p:Response/a:Assertion/a:Issuer",
+ "/p:Response/a:Issuer",
{ "p" => PROTOCOL, "a" => ASSERTION }
)
+ nodes += xpath_from_signed_assertion("/a:Issuer")
nodes.each do |node|
issuers << node.text if node.text
end
@@ -371,11 +385,7 @@ def validate_num_assertion
# @raise [ValidationError] if soft == false and validation fails
#
def validate_no_encrypted_attributes
- nodes = REXML::XPath.match(
- document,
- "/p:Response/a:Assertion/a:AttributeStatement/a:EncryptedAttribute",
- { "p" => PROTOCOL, "a" => ASSERTION }
- )
+ nodes = xpath_from_signed_assertion("/a:AttributeStatement/a:EncryptedAttribute")
if nodes && nodes.length > 0
return append_error("There is an EncryptedAttribute in the Response and this SP not support them")
end
@@ -391,7 +401,7 @@ def validate_no_encrypted_attributes
#
def validate_signed_elements
signature_nodes = REXML::XPath.match(
- document,
+ decrypted_document.nil? ? document : decrypted_document,
"//ds:Signature",
{"ds"=>DSIG}
)
@@ -452,13 +462,13 @@ def validate_conditions
now = Time.now.utc
- if not_before && (now + (options[:allowed_clock_drift] || 0)) < not_before
- error_msg = "Current time is earlier than NotBefore condition #{(now + (options[:allowed_clock_drift] || 0))} < #{not_before})"
+ if not_before && (now + allowed_clock_drift) < not_before
+ error_msg = "Current time is earlier than NotBefore condition #{(now + allowed_clock_drift)} < #{not_before})"
return append_error(error_msg)
end
- if not_on_or_after && now >= not_on_or_after
- error_msg = "Current time is on or after NotOnOrAfter condition (#{now} >= #{not_on_or_after})"
+ if not_on_or_after && now >= (not_on_or_after + allowed_clock_drift)
+ error_msg = "Current time is on or after NotOnOrAfter condition (#{now} >= #{not_on_or_after + allowed_clock_drift})"
return append_error(error_msg)
end
@@ -551,7 +561,17 @@ def validate_subject_confirmation
def validate_signature
fingerprint = settings.get_fingerprint
- unless fingerprint && document.validate_document(fingerprint, soft, :fingerprint_alg => settings.idp_cert_fingerprint_algorithm)
+ # If the response contains the signature, and the assertion was encrypted, validate the original SAML Response
+ # otherwise, review if the decrypted assertion contains a signature
+ response_signed = REXML::XPath.first(
+ document,
+ "/p:Response[@ID=$id]",
+ { "p" => PROTOCOL, "ds" => DSIG },
+ { 'id' => document.signed_element_id }
+ )
+ doc = (response_signed || decrypted_document.nil?) ? document : decrypted_document
+
+ unless fingerprint && doc.validate_document(fingerprint, :fingerprint_alg => settings.idp_cert_fingerprint_algorithm)
error_msg = "Invalid Signature on SAML Response"
return append_error(error_msg)
end
@@ -565,17 +585,18 @@ def validate_signature
# @return [REXML::Element | nil] If any matches, return the Element
#
def xpath_first_from_signed_assertion(subelt=nil)
+ doc = decrypted_document.nil? ? document : decrypted_document
node = REXML::XPath.first(
- document,
+ doc,
"/p:Response/a:Assertion[@ID=$id]#{subelt}",
{ "p" => PROTOCOL, "a" => ASSERTION },
- { 'id' => document.signed_element_id }
+ { 'id' => doc.signed_element_id }
)
node ||= REXML::XPath.first(
- document,
+ doc,
"/p:Response[@ID=$id]/a:Assertion#{subelt}",
{ "p" => PROTOCOL, "a" => ASSERTION },
- { 'id' => document.signed_element_id }
+ { 'id' => doc.signed_element_id }
)
node
end
@@ -586,20 +607,106 @@ def xpath_first_from_signed_assertion(subelt=nil)
# @return [Array of REXML::Element] Return all matches
#
def xpath_from_signed_assertion(subelt=nil)
+ doc = decrypted_document.nil? ? document : decrypted_document
node = REXML::XPath.match(
- document,
+ doc,
"/p:Response/a:Assertion[@ID=$id]#{subelt}",
{ "p" => PROTOCOL, "a" => ASSERTION },
- { 'id' => document.signed_element_id }
+ { 'id' => doc.signed_element_id }
)
node.concat( REXML::XPath.match(
- document,
+ doc,
"/p:Response[@ID=$id]/a:Assertion#{subelt}",
{ "p" => PROTOCOL, "a" => ASSERTION },
- { 'id' => document.signed_element_id }
+ { 'id' => doc.signed_element_id }
))
end
+ # Generates the decrypted_document
+ # @return [XMLSecurity::SignedDocument] The SAML Response with the assertion decrypted
+ #
+ def generate_decrypted_document
+ if settings.nil? || !settings.get_sp_key
+ validation_error('An EncryptedAssertion found and no SP private key found on the settings to decrypt it. Be sure you provided the :settings parameter at the initialize method')
+ end
+
+ # Marshal at Ruby 1.8.7 throw an Exception
+ if RUBY_VERSION < "1.9"
+ document_copy = XMLSecurity::SignedDocument.new(response, errors)
+ else
+ document_copy = Marshal.load(Marshal.dump(document))
+ end
+
+ decrypt_assertion_from_document(document_copy)
+ end
+
+ # Obtains a SAML Response with the EncryptedAssertion element decrypted
+ # @param document_copy [XMLSecurity::SignedDocument] A copy of the original SAML Response with the encrypted assertion
+ # @return [XMLSecurity::SignedDocument] The SAML Response with the assertion decrypted
+ #
+ def decrypt_assertion_from_document(document_copy)
+ response_node = REXML::XPath.first(
+ document_copy,
+ "/p:Response/",
+ { "p" => PROTOCOL }
+ )
+ encrypted_assertion_node = REXML::XPath.first(
+ document_copy,
+ "(/p:Response/EncryptedAssertion/)|(/p:Response/a:EncryptedAssertion/)",
+ { "p" => PROTOCOL, "a" => ASSERTION }
+ )
+ response_node.add(decrypt_assertion(encrypted_assertion_node))
+ encrypted_assertion_node.remove
+ XMLSecurity::SignedDocument.new(response_node.to_s)
+ end
+
+ # Checks if the SAML Response contains or not an EncryptedAssertion element
+ # @return [Boolean] True if the SAML Response contains an EncryptedAssertion element
+ #
+ def assertion_encrypted?
+ ! REXML::XPath.first(
+ document,
+ "(/p:Response/EncryptedAssertion/)|(/p:Response/a:EncryptedAssertion/)",
+ { "p" => PROTOCOL, "a" => ASSERTION }
+ ).nil?
+ end
+
+ # Decrypts an EncryptedAssertion element
+ # @param encrypted_assertion_node [REXML::Element] The EncryptedAssertion element
+ # @return [REXML::Document] The decrypted EncryptedAssertion element
+ #
+ def decrypt_assertion(encrypted_assertion_node)
+ decrypt_element(encrypted_assertion_node, /(.*<\/(saml2*:|)Assertion>)/m)
+ end
+
+ # Decrypts an EncryptedID element
+ # @param encryptedid_node [REXML::Element] The EncryptedID element
+ # @return [REXML::Document] The decrypted EncrypedtID element
+ #
+ def decrypt_nameid(encryptedid_node)
+ decrypt_element(encryptedid_node, /(.*<\/(saml2*:|)NameID>)/m)
+ end
+
+ # Decrypt an element
+ # @param encryptedid_node [REXML::Element] The encrypted element
+ # @return [REXML::Document] The decrypted element
+ #
+ def decrypt_element(encrypt_node, rgrex)
+ if settings.nil? || !settings.get_sp_key
+ return validation_error('An ' + encrypt_node.name + ' found and no SP private key found on the settings to decrypt it')
+ end
+
+ elem_plaintext = OneLogin::RubySaml::Utils.decrypt_data(encrypt_node, settings.get_sp_key)
+ # If we get some problematic noise in the plaintext after decrypting.
+ # This quick regexp parse will grab only the Element and discard the noise.
+ elem_plaintext = elem_plaintext.match(rgrex)[0]
+ # To avoid namespace errors if saml namespace is not defined at assertion_plaintext
+ # create a parent node first with the saml namespace defined
+ elem_plaintext = '' + elem_plaintext + ''
+ doc = REXML::Document.new(elem_plaintext)
+ doc.root[0]
+ end
+
# Parse the attribute of a given node in Time format
# @param node [REXML:Element] The node
# @param attribute [String] The attribute name
diff --git a/lib/onelogin/ruby-saml/slo_logoutrequest.rb b/lib/onelogin/ruby-saml/slo_logoutrequest.rb
index f8482f364..1d39760bf 100644
--- a/lib/onelogin/ruby-saml/slo_logoutrequest.rb
+++ b/lib/onelogin/ruby-saml/slo_logoutrequest.rb
@@ -76,6 +76,8 @@ def name_id
end
end
+ alias_method :nameid, :name_id
+
# @return [String|nil] Gets the ID attribute from the Logout Request. if exists.
#
def id
diff --git a/lib/onelogin/ruby-saml/utils.rb b/lib/onelogin/ruby-saml/utils.rb
index 1bea29233..430ade0d8 100644
--- a/lib/onelogin/ruby-saml/utils.rb
+++ b/lib/onelogin/ruby-saml/utils.rb
@@ -4,6 +4,10 @@ module RubySaml
# SAML2 Auxiliary class
#
class Utils
+
+ DSIG = "http://www.w3.org/2000/09/xmldsig#"
+ XENC = "http://www.w3.org/2001/04/xmlenc#"
+
# Return a properly formatted x509 certificate
#
# @param cert [String] The original certificate
@@ -86,6 +90,83 @@ def self.status_error_msg(error_msg, status_code = nil, status_message = nil)
error_msg
end
+
+ # Obtains the decrypted string from an Encrypted node element in XML
+ # @param encrypted_node [REXML::Element] The Encrypted element
+ # @param private_key [OpenSSL::PKey::RSA] The Service provider private key
+ # @return [String] The decrypted data
+ def self.decrypt_data(encrypted_node, private_key)
+ encrypt_data = REXML::XPath.first(
+ encrypted_node,
+ "./xenc:EncryptedData",
+ { 'xenc' => XENC }
+ )
+ symmetric_key = retrieve_symmetric_key(encrypt_data, private_key)
+ cipher_value = REXML::XPath.first(
+ encrypt_data,
+ "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue",
+ { 'xenc' => XENC }
+ )
+ node = Base64.decode64(cipher_value.text)
+ encrypt_method = REXML::XPath.first(
+ encrypt_data,
+ "//xenc:EncryptedData/xenc:EncryptionMethod",
+ { 'xenc' => XENC }
+ )
+ algorithm = encrypt_method.attributes['Algorithm']
+ retrieve_plaintext(node, symmetric_key, algorithm)
+ end
+
+ # Obtains the symmetric key from the EncryptedData element
+ # @param encrypt_data [REXML::Element] The EncryptedData element
+ # @param private_key [OpenSSL::PKey::RSA] The Service provider private key
+ # @return [String] The symmetric key
+ def self.retrieve_symmetric_key(encrypt_data, private_key)
+ encrypted_symmetric_key_element = REXML::XPath.first(
+ encrypt_data,
+ "//xenc:EncryptedData/ds:KeyInfo/xenc:EncryptedKey/xenc:CipherData/xenc:CipherValue",
+ { "ds" => DSIG, "xenc" => XENC }
+ )
+ cipher_text = Base64.decode64(encrypted_symmetric_key_element.text)
+ encrypt_method = REXML::XPath.first(
+ encrypt_data,
+ "//xenc:EncryptedData/ds:KeyInfo/xenc:EncryptedKey/xenc:EncryptionMethod",
+ {"ds" => DSIG, "xenc" => XENC }
+ )
+ algorithm = encrypt_method.attributes['Algorithm']
+ retrieve_plaintext(cipher_text, private_key, algorithm)
+ end
+
+ # Obtains the deciphered text
+ # @param cipher_text [String] The ciphered text
+ # @param symmetric_key [String] The symetric key used to encrypt the text
+ # @param algorithm [String] The encrypted algorithm
+ # @return [String] The deciphered text
+ def self.retrieve_plaintext(cipher_text, symmetric_key, algorithm)
+ case algorithm
+ when 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' then cipher = OpenSSL::Cipher.new('DES-EDE3-CBC').decrypt
+ when 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' then cipher = OpenSSL::Cipher.new('AES-128-CBC').decrypt
+ when 'http://www.w3.org/2001/04/xmlenc#aes192-cbc' then cipher = OpenSSL::Cipher.new('AES-192-CBC').decrypt
+ when 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' then cipher = OpenSSL::Cipher.new('AES-256-CBC').decrypt
+ when 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' then rsa = symmetric_key
+ when 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p' then oaep = symmetric_key
+ end
+
+ if cipher
+ iv_len = cipher.iv_len
+ data = cipher_text[iv_len..-1]
+ cipher.padding, cipher.key, cipher.iv = 0, symmetric_key, cipher_text[0..iv_len-1]
+ assertion_plaintext = cipher.update(data)
+ assertion_plaintext << cipher.final
+ elsif rsa
+ rsa.private_decrypt(cipher_text)
+ elsif oaep
+ oaep.private_decrypt(cipher_text, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING)
+ else
+ cipher_text
+ end
+ end
+
end
end
end
diff --git a/test/logoutrequest_test.rb b/test/logoutrequest_test.rb
index b5cc0a52a..148f0f4bd 100644
--- a/test/logoutrequest_test.rb
+++ b/test/logoutrequest_test.rb
@@ -32,7 +32,7 @@ class RequestTest < Minitest::Test
sessionidx = UUID.new.generate
settings.sessionindex = sessionidx
- unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings, { :name_id => "there" })
+ unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings, { :nameid => "there" })
inflated = decode_saml_request_payload(unauth_url)
assert_match / "there" })
+ unauth_url = OneLogin::RubySaml::Logoutrequest.new.create(settings, { :nameid => "there" })
inflated = decode_saml_request_payload(unauth_url)
assert_match / "urn:oasis:names:tc:SAML:2.0:metadata"
+ )
+ end
+ let(:cert_nodes) do
+ REXML::XPath.match(
xml_doc,
"//md:KeyDescriptor/ds:KeyInfo/ds:X509Data/ds:X509Certificate",
"md" => "urn:oasis:names:tc:SAML:2.0:metadata",
"ds" => "http://www.w3.org/2000/09/xmldsig#"
)
end
- let(:cert) { OpenSSL::X509::Certificate.new(Base64.decode64(cert_node.text)) }
+ let(:cert) { OpenSSL::X509::Certificate.new(Base64.decode64(cert_nodes[0].text)) }
before do
- settings.security[:authn_requests_signed] = true
settings.certificate = ruby_saml_cert_text
end
- it "generates Service Provider Metadata with X509Certificate" do
+ it "generates Service Provider Metadata with AuthnRequestsSigned" do
+ settings.security[:authn_requests_signed] = true
assert_equal "true", spsso_descriptor.attribute("AuthnRequestsSigned").value
assert_equal ruby_saml_cert.to_der, cert.to_der
end
+
+ it "generates Service Provider Metadata with X509Certificate for sign and encrypt" do
+ assert_equal 2, key_descriptors.length
+ assert_equal "signing", key_descriptors[0].attribute("use").value
+ assert_equal "encryption", key_descriptors[1].attribute("use").value
+
+ assert_equal 2, cert_nodes.length
+ assert_equal ruby_saml_cert.to_der, cert.to_der
+ assert_equal cert_nodes[0].text, cert_nodes[1].text
+ end
end
describe "when attribute service is configured" do
diff --git a/test/response_test.rb b/test/response_test.rb
index 43cf47edb..a50340168 100644
--- a/test/response_test.rb
+++ b/test/response_test.rb
@@ -35,7 +35,7 @@ class RubySamlTest < Minitest::Test
let(:response_invalid_subjectconfirmation_nb) { OneLogin::RubySaml::Response.new(read_invalid_response("invalid_subjectconfirmation_nb.xml.base64")) }
let(:response_invalid_subjectconfirmation_noa) { OneLogin::RubySaml::Response.new(read_invalid_response("invalid_subjectconfirmation_noa.xml.base64")) }
let(:response_invalid_signature_position) { OneLogin::RubySaml::Response.new(read_invalid_response("invalid_signature_position.xml.base64")) }
-
+ let(:response_encrypted_nameid) { OneLogin::RubySaml::Response.new(response_document_encrypted_nameid) }
it "raise an exception when response is initialized with nil" do
assert_raises(ArgumentError) { OneLogin::RubySaml::Response.new(nil) }
@@ -54,9 +54,9 @@ class RubySamlTest < Minitest::Test
end
it "adapt namespace" do
- refute_nil response.name_id
- refute_nil response_without_attributes.name_id
- refute_nil response_with_signed_assertion.name_id
+ refute_nil response.nameid
+ refute_nil response_without_attributes.nameid
+ refute_nil response_with_signed_assertion.nameid
end
it "default to raw input when a response is not Base64 encoded" do
@@ -70,7 +70,7 @@ class RubySamlTest < Minitest::Test
response_wrapped.stubs(:conditions).returns(nil)
settings.idp_cert_fingerprint = signature_fingerprint_1
response_wrapped.settings = settings
- assert_nil response_wrapped.name_id
+ assert_nil response_wrapped.nameid
end
end
@@ -626,20 +626,20 @@ class RubySamlTest < Minitest::Test
end
end
- describe "#name_id" do
+ describe "#nameid" do
it "extract the value of the name id element" do
- assert_equal "support@onelogin.com", response.name_id
- assert_equal "someone@example.com", response_with_signed_assertion.name_id
+ assert_equal "support@onelogin.com", response.nameid
+ assert_equal "someone@example.com", response_with_signed_assertion.nameid
end
it "be extractable from an OpenSAML response" do
response_open_saml = OneLogin::RubySaml::Response.new(fixture(:open_saml))
- assert_equal "someone@example.org", response_open_saml.name_id
+ assert_equal "someone@example.org", response_open_saml.nameid
end
it "be extractable from a Simple SAML PHP response" do
response_ssp = OneLogin::RubySaml::Response.new(fixture(:simple_saml_php))
- assert_equal "someone@example.com", response_ssp.name_id
+ assert_equal "someone@example.com", response_ssp.nameid
end
end
@@ -657,11 +657,11 @@ class RubySamlTest < Minitest::Test
response_time_updated = OneLogin::RubySaml::Response.new(response_document_without_recipient_with_time_updated)
response_time_updated.soft = true
assert response_time_updated.send(:validate_conditions)
- time = Time.parse("2011-06-14T18:25:01.516Z")
- Time.stubs(:now).returns(time)
- response_with_saml2_namespace = OneLogin::RubySaml::Response.new(response_document_with_saml2_namespace)
- response_with_saml2_namespace.soft = true
- assert response_with_saml2_namespace.send(:validate_conditions)
+ Timecop.freeze(Time.parse("2011-06-14T18:25:01.516Z")) do
+ response_with_saml2_namespace = OneLogin::RubySaml::Response.new(response_document_with_saml2_namespace)
+ response_with_saml2_namespace.soft = true
+ assert response_with_saml2_namespace.send(:validate_conditions)
+ end
end
it "optionally allows for clock drift" do
@@ -852,9 +852,222 @@ class RubySamlTest < Minitest::Test
signed_response = OneLogin::RubySaml::Response.new(document.to_s)
settings.idp_cert = ruby_saml_cert_text
signed_response.settings = settings
- time = Time.parse("2015-03-18T04:50:24Z")
- Time.stubs(:now).returns(time)
- assert signed_response.is_valid?
+ Timecop.freeze(Time.parse("2015-03-18T04:50:24Z")) do
+ assert signed_response.is_valid?
+ end
+ assert_empty signed_response.errors
+ end
+ end
+
+ describe "retrieve nameID" do
+ it 'is possible when nameID inside the assertion' do
+ response_valid_signed.settings = settings
+ assert_equal "test@onelogin.com", response_valid_signed.nameid
+ end
+
+ it 'is not possible when encryptID inside the assertion but no private key' do
+ response_encrypted_nameid.settings = settings
+ assert_raises(OneLogin::RubySaml::ValidationError, "An EncryptedID found and no SP private key found on the settings to decrypt it") do
+ assert_equal "test@onelogin.com", response_encrypted_nameid.nameid
+ end
+ end
+
+ it 'is possible when encryptID inside the assertion and settings has the private key' do
+ settings.private_key = ruby_saml_key_text
+ response_encrypted_nameid.settings = settings
+ assert_equal "test@onelogin.com", response_encrypted_nameid.nameid
+ end
+
+ end
+
+ end
+
+ describe 'try to initialize an encrypted response' do
+ it 'raise if an encrypted assertion is found and no sp private key to decrypt it' do
+ error_msg = "An EncryptedAssertion found and no SP private key found on the settings to decrypt it. Be sure you provided the :settings parameter at the initialize method"
+
+ assert_raises(OneLogin::RubySaml::ValidationError, error_msg) do
+ response = OneLogin::RubySaml::Response.new(signed_message_encrypted_unsigned_assertion)
+ end
+
+ assert_raises(OneLogin::RubySaml::ValidationError, error_msg) do
+ response2 = OneLogin::RubySaml::Response.new(signed_message_encrypted_unsigned_assertion, :settings => settings)
+ end
+
+ settings.certificate = ruby_saml_cert_text
+ settings.private_key = ruby_saml_key_text
+ assert_raises(OneLogin::RubySaml::ValidationError, error_msg) do
+ response3 = OneLogin::RubySaml::Response.new(signed_message_encrypted_unsigned_assertion)
+ response3.settings
+ end
+ end
+
+ it 'raise if an encrypted assertion is found and the sp private key is wrong' do
+ settings.certificate = ruby_saml_cert_text
+ wrong_private_key = ruby_saml_key_text.sub!('A', 'B')
+ settings.private_key = wrong_private_key
+
+ error_msg = "Neither PUB key nor PRIV key: nested asn1 error"
+ assert_raises(OpenSSL::PKey::RSAError, error_msg) do
+ response = OneLogin::RubySaml::Response.new(signed_message_encrypted_unsigned_assertion, :settings => settings)
+ end
+ end
+
+ it 'return true if an encrypted assertion is found and settings initialized with private_key' do
+ settings.certificate = ruby_saml_cert_text
+ settings.private_key = ruby_saml_key_text
+ response = OneLogin::RubySaml::Response.new(signed_message_encrypted_unsigned_assertion, :settings => settings)
+ assert response.decrypted_document
+
+ response2 = OneLogin::RubySaml::Response.new(signed_message_encrypted_signed_assertion, :settings => settings)
+ assert response2.decrypted_document
+
+ response3 = OneLogin::RubySaml::Response.new(unsigned_message_encrypted_signed_assertion, :settings => settings)
+ assert response3.decrypted_document
+
+ response4 = OneLogin::RubySaml::Response.new(unsigned_message_encrypted_unsigned_assertion, :settings => settings)
+ assert response4.decrypted_document
+ end
+ end
+
+ describe "retrieve nameID and attributes from encrypted assertion" do
+
+ before do
+ settings.idp_cert_fingerprint = 'EE:17:4E:FB:A8:81:71:12:0D:2A:78:43:BC:E7:0C:07:58:79:F4:F4'
+ settings.issuer = 'http://rubysaml.com:3000/saml/metadata'
+ settings.assertion_consumer_service_url = 'http://rubysaml.com:3000/saml/acs'
+ settings.certificate = ruby_saml_cert_text
+ settings.private_key = ruby_saml_key_text
+ end
+
+ it 'is possible when signed_message_encrypted_unsigned_assertion' do
+ response = OneLogin::RubySaml::Response.new(signed_message_encrypted_unsigned_assertion, :settings => settings)
+ Timecop.freeze(Time.parse("2015-03-19T14:30:31Z")) do
+ assert response.is_valid?
+ assert_empty response.errors
+ assert_equal "test", response.attributes[:uid]
+ assert_equal "98e2bb61075e951b37d6b3be6954a54b340d86c7", response.nameid
+ end
+ end
+
+ it 'is possible when signed_message_encrypted_signed_assertion' do
+ response = OneLogin::RubySaml::Response.new(signed_message_encrypted_signed_assertion, :settings => settings)
+ Timecop.freeze(Time.parse("2015-03-19T14:30:31Z")) do
+ assert response.is_valid?
+ assert_empty response.errors
+ assert_equal "test", response.attributes[:uid]
+ assert_equal "98e2bb61075e951b37d6b3be6954a54b340d86c7", response.nameid
+ end
+ end
+
+ it 'is possible when unsigned_message_encrypted_signed_assertion' do
+ response = OneLogin::RubySaml::Response.new(unsigned_message_encrypted_signed_assertion, :settings => settings)
+ Timecop.freeze(Time.parse("2015-03-19T14:30:31Z")) do
+ assert response.is_valid?
+ assert_empty response.errors
+ assert_equal "test", response.attributes[:uid]
+ assert_equal "98e2bb61075e951b37d6b3be6954a54b340d86c7", response.nameid
+ end
+ end
+
+ it 'is not possible when unsigned_message_encrypted_unsigned_assertion' do
+ response = OneLogin::RubySaml::Response.new(unsigned_message_encrypted_unsigned_assertion, :settings => settings)
+ Timecop.freeze(Time.parse("2015-03-19T14:30:31Z")) do
+ assert !response.is_valid?
+ assert_includes response.errors, "Found an unexpected number of Signature Element. SAML Response rejected"
+ end
+ end
+ end
+
+ describe "#decrypt_assertion" do
+ before do
+ settings.private_key = ruby_saml_key_text
+ end
+
+ describe "check right settings" do
+
+ it "is not possible to decrypt the assertion if no private key" do
+ response = OneLogin::RubySaml::Response.new(signed_message_encrypted_unsigned_assertion, :settings => settings)
+
+ encrypted_assertion_node = REXML::XPath.first(
+ response.document,
+ "(/p:Response/EncryptedAssertion/)|(/p:Response/a:EncryptedAssertion/)",
+ { "p" => "urn:oasis:names:tc:SAML:2.0:protocol", "a" => "urn:oasis:names:tc:SAML:2.0:assertion" }
+ )
+ response.settings.private_key = nil
+
+ error_msg = "An EncryptedAssertion found and no SP private key found on the settings to decrypt it"
+ assert_raises(OneLogin::RubySaml::ValidationError, error_msg) do
+ decrypted = response.send(:decrypt_assertion, encrypted_assertion_node)
+ end
+ end
+
+ it "is possible to decrypt the assertion if private key" do
+ response = OneLogin::RubySaml::Response.new(signed_message_encrypted_unsigned_assertion, :settings => settings)
+
+ encrypted_assertion_node = REXML::XPath.first(
+ response.document,
+ "(/p:Response/EncryptedAssertion/)|(/p:Response/a:EncryptedAssertion/)",
+ { "p" => "urn:oasis:names:tc:SAML:2.0:protocol", "a" => "urn:oasis:names:tc:SAML:2.0:assertion" }
+ )
+ decrypted = response.send(:decrypt_assertion, encrypted_assertion_node)
+
+ encrypted_assertion_node2 = REXML::XPath.first(
+ decrypted,
+ "(/p:Response/EncryptedAssertion/)|(/p:Response/a:EncryptedAssertion/)",
+ { "p" => "urn:oasis:names:tc:SAML:2.0:protocol", "a" => "urn:oasis:names:tc:SAML:2.0:assertion" }
+ )
+ assert_nil encrypted_assertion_node2
+ assert decrypted.name, "Assertion"
+ end
+
+ it "is possible to decrypt the assertion if private key but no saml namespace on the Assertion Element that is inside the EncryptedAssertion" do
+ unsigned_message_encrypted_assertion_without_saml_namespace = read_response('unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64')
+ response = OneLogin::RubySaml::Response.new(unsigned_message_encrypted_assertion_without_saml_namespace, :settings => settings)
+ encrypted_assertion_node = REXML::XPath.first(
+ response.document,
+ "(/p:Response/EncryptedAssertion/)|(/p:Response/a:EncryptedAssertion/)",
+ { "p" => "urn:oasis:names:tc:SAML:2.0:protocol", "a" => "urn:oasis:names:tc:SAML:2.0:assertion" }
+ )
+ decrypted = response.send(:decrypt_assertion, encrypted_assertion_node)
+
+ encrypted_assertion_node2 = REXML::XPath.first(
+ decrypted,
+ "(/p:Response/EncryptedAssertion/)|(/p:Response/a:EncryptedAssertion/)",
+ { "p" => "urn:oasis:names:tc:SAML:2.0:protocol", "a" => "urn:oasis:names:tc:SAML:2.0:assertion" }
+ )
+ assert_nil encrypted_assertion_node2
+ assert decrypted.name, "Assertion"
+ end
+ end
+
+ describe "check different encrypt methods supported" do
+ it "EncryptionMethod DES-192 && Key Encryption Algorithm RSA-1_5" do
+ unsigned_message_des192_encrypted_signed_assertion = read_response('unsigned_message_des192_encrypted_signed_assertion.xml.base64')
+ response = OneLogin::RubySaml::Response.new(unsigned_message_des192_encrypted_signed_assertion, :settings => settings)
+ assert_equal "test", response.attributes[:uid]
+ assert_equal "_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7", response.nameid
+ end
+
+ it "EncryptionMethod AES-128 && Key Encryption Algorithm RSA-OAEP-MGF1P" do
+ unsigned_message_aes128_encrypted_signed_assertion = read_response('unsigned_message_aes128_encrypted_signed_assertion.xml.base64')
+ response = OneLogin::RubySaml::Response.new(unsigned_message_aes128_encrypted_signed_assertion, :settings => settings)
+ assert_equal "test", response.attributes[:uid]
+ assert_equal "_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7", response.nameid
+ end
+
+ it "EncryptionMethod AES-192 && Key Encryption Algorithm RSA-OAEP-MGF1P" do
+ unsigned_message_aes192_encrypted_signed_assertion = read_response('unsigned_message_aes192_encrypted_signed_assertion.xml.base64')
+ response = OneLogin::RubySaml::Response.new(unsigned_message_aes192_encrypted_signed_assertion, :settings => settings)
+ assert_equal "test", response.attributes[:uid]
+ assert_equal "_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7", response.nameid
+ end
+
+ it "EncryptionMethod AES-256 && Key Encryption Algorithm RSA-OAEP-MGF1P" do
+ unsigned_message_aes256_encrypted_signed_assertion = read_response('unsigned_message_aes256_encrypted_signed_assertion.xml.base64')
+ response = OneLogin::RubySaml::Response.new(unsigned_message_aes256_encrypted_signed_assertion, :settings => settings)
+ assert_equal "test", response.attributes[:uid]
+ assert_equal "_ce3d2948b4cf20146dee0a0b3dd6f69b6cf86f62d7", response.nameid
end
end
end
diff --git a/test/responses/invalids/invalid_issuer_assertion.xml.base64 b/test/responses/invalids/invalid_issuer_assertion.xml.base64
index 07748ecee..217caa901 100644
--- a/test/responses/invalids/invalid_issuer_assertion.xml.base64
+++ b/test/responses/invalids/invalid_issuer_assertion.xml.base64
@@ -1 +1 @@
-PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2ludmFsaWQuaXNzdWVyLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+ICAgIA0KICAgIDxzYW1sOlN1YmplY3Q+DQogICAgICA8c2FtbDpOYW1lSUQgU1BOYW1lUXVhbGlmaWVyPSJoZWxsby5jb20iIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5zb21lb25lQGV4YW1wbGUuY29tPC9zYW1sOk5hbWVJRD4NCiAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj4NCiAgICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIwLTA2LTE3VDE0OjU5OjE0WiIgUmVjaXBpZW50PSJodHRwOi8vc3R1ZmYuY29tL2VuZHBvaW50cy9lbmRwb2ludHMvYWNzLnBocCIgSW5SZXNwb25zZVRvPSJfNTdiY2JmNzAtN2IxZi0wMTJlLWM4MjEtNzgyYmNiMTNiYjM4Ii8+DQogICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0wNi0xN1QxNDo1Mzo0NFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wNi0xN1QxNDo1OToxNFoiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+aHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPg0KICAgICAgPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgPC9zYW1sOkNvbmRpdGlvbnM+DQogICAgPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDExLTA2LTE3VDE0OjU0OjA3WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAyMS0wNi0xN1QyMjo1NDoxNFoiIFNlc3Npb25JbmRleD0iXzUxYmUzNzk2NWZlYjU1NzlkODAzMTQxMDc2OTM2ZGMyZTlkMWQ5OGViZiI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgICAgPHNhbWw6QXR0cmlidXRlIE5hbWU9Im1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPg0KICAgICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5zb21lb25lQGV4YW1wbGUuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPg0KICAgICAgPC9zYW1sOkF0dHJpYnV0ZT4NCiAgICA8L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICA8L3NhbWw6QXNzZXJ0aW9uPg0KPC9zYW1scDpSZXNwb25zZT4=
+nVdbc6rKEn4/Vec/WK7HlOEuYiXZZwQ1XlARNCYvp2AYBOUmg4L++j3gJSYm2Xutp8Se7p7v+3pmunn4Kw/8yg4l2IvCxypzT1f/evrvfx6wGfhxc4pwHIUYVYhTiJuF8bG6TcJmZGIPN0MzQLiZwqYO1GGTvaebJsYoSUmq6lVI/HNMnERpBCO/WlEQTr3QTEsobprGTYrC6dZx7mEUUCi048gLU3z1nwnxfezG1UpPeazGTm41oAAFTqpZdVGqOQjaNQfaXI3nHUTWeIllG8Q5PBMzosfq/wXRgpYj0jXRYpwazbCoBhssUxMbLFlgOMviiiCMt6gX4tQM08cqSzNMja7XGNFg+KbANxn+rVqZn3UkvKpExkqlFLJZxiZPJ0qeHd+j3AxiH5XEHqhrpwcbN3VvSWTYJmfhbXzRI8uy+4y7j5IlxdI0TdESRXxs7C1/nXY8xSO7FzpRmU42wyj0oOl7h1JcFaVuZFeAv4wSL3WDb5IzFEMXyWsohzXI8OGvKlVu8b5JCfJfpvuANcFmDbsmc8pY5JsiByUohKgym/Yeq7/+bTlLikZihtiJkgB//Pl7qFC4Q34UI7uGz+QIwN9L+KVqD9QtRsVbkvP+J+KdhHtPMjf9LXqqd6e6PlU9TRjpfVEaL1iqTs0ZvK43HksA186l4SL58eenY3Mp8DFCUbUFMth+wM5TrMnLpSrxstwaTplpKxss4YzbTfmlx4DtIHvDq5k/cjXZnvLtfR8e7ux0YoxovIGZEHGrLb2b7CEVBuOpLwZrecP0WWMyVwHf6q1HL2OB995io6tCMx/frejp4KU/YGfOAFBB3p+arc0sdveD0Z0qhCN3NxyH00Hg530B9hXnsAWPFzpX+MmrRowDtL8QXAi0pJipefkhF4+XQ25Kip7UXk/uHmQZvGqyrMmjEdQWUcCxcwWMWsv1xl17XSmjW0CbdYDS0lUNZ7L2qsw1rdvO+vPZoT1UwboLmFlbbqmyPuPzjgGM1nI0bwFoKG1/+9b1XSvoZBabx/DQnqqgcfR31Z7BCr7RlULzhc8VBQyOcdgA9Hz7dgCok9H5SAG0ulLzsaLlqtIxS5vx0aZ2erl8AP1j/KsB/LlxhbVHsPaNVXuuttRy71auqvqLsDZfOtvXRWtndf2DOm1nSlb6D9qZO7GCuWqxdmyt2qoKoiNmstv0RQjVXtdRAd2V9U1X71mcorULjQDguyOgyC1PI1Q0JaoHd9rb7lWj8iHd9ofLbTxgNAW+DnlHmMB1hkdLXYpnu7noHIyN/LxuGO4wN9Y8q2qsCvt4jGb9+URkGwN3H6w68iZfTvj5NpuupSQGPn0XuPu6OrH3qz2odxl+lSgvel3Y4yF0B3xK7bK4rRxoXfPbUZdZqwff1wPx8KZziwQtgaisRubsVdtkPQVooPWZU+vIqQWGKrvryp5G7YI7s77j6bv5gj3Ym2fAahSz6zCepR36Aq/25fH8ZYfvdtrCeeu4dkCPJyrbS5SZGG12g8lmUs/HAPUH9Wd6PxFV/nXIOWaq73qvQeDsF7K0Tjl9d6BG++T5MHFnYZ/eIwrP9EUeHrQ8gwElTTKwSTQTcFqsrZ8FcW91qHGU7CfojnXLa/H5oF+Mx6tAXV+SD9fovaHFTT0lJnzuBtc2ObJRpbxxP7d9XHo39S2ECONzH6Bu0h87KDgPFqeOmH/XERlqoQ516KLArF58vX92rnlla4foMkuIDZ6RJIY84iLn1HiaE2qIRWQ2YEQa0oixOcT/6VjwzWAQ7kiPtu+90vrDjFAkuE6jb60Vgukp9dk6Ipr3lEqHdBwz/b4YzD1TWjzSXEvXJpHD84FtJ0VhKvqkSKRtCTTHQwmREvl+VKCqPuEoQFGI/ncF9YT0uPknRCecchQ6XrFTUc9jA/z5rMCgaSEzQUn1kvCHlMU5/rMZbxSl43CcACcteLI0S18VUzoWc4qgF3uoqPZvjajUuxbUd8jPZ4P6oqpHusTb9gpXXIBtIVIxVB67a6Rcky+Q3rBhbth8qg/Y2l4xDhDp0sSDV5BufZ5+YB+g1LRJFQriJzKXsE8qfL/lyeGd8QchwDZ1w+KZQAGpRaX8+f01pEWih06OM8nTC22UF0eCsRAnSnWBzJKCIEp2g+YYnqHFusTVbcgiyWZsqYEs5xL6raIse77sN4oSXIRCivL0CynfF2WffDuReezpx88r2ISFHzFPyJ8sSuyLjF+kupH6Bsv1ykXMjzqnpCzWNkWfl28cKsWVf6wWb0e1/P+fHp6SEYkurOenxyJ+8PaWXzYpG0uFvOjNdB+T3XLyiUmWwuVPb9HH6BtZzqufNPma+Hn13I+KsZL6+LX89Dc=
\ No newline at end of file
diff --git a/test/responses/invalids/response_encrypted_attrs.xml.base64 b/test/responses/invalids/response_encrypted_attrs.xml.base64
index 324498995..ed04ded5c 100644
--- a/test/responses/invalids/response_encrypted_attrs.xml.base64
+++ b/test/responses/invalids/response_encrypted_attrs.xml.base64
@@ -1 +1 @@
-PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9InBmeGMzMmFlZDY3LTgyMGYtNDI5Ni0wYzIwLTIwNWExMGRkNTc4NyIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIiBEZXN0aW5hdGlvbj0iaHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvZW5kcG9pbnRzL2Fjcy5waHAiIEluUmVzcG9uc2VUbz0iXzU3YmNiZjcwLTdiMWYtMDEyZS1jODIxLTc4MmJjYjEzYmIzOCI+DQogIDxzYW1sOklzc3Vlcj5odHRwOi8vaWRwLmV4YW1wbGUuY29tLzwvc2FtbDpJc3N1ZXI+DQogIDxzYW1scDpTdGF0dXM+DQogICAgPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPg0KICA8L3NhbWxwOlN0YXR1cz4NCiAgPHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgSUQ9InBmeDc4NDE5OTFjLWM3M2YtNDAzNS1lMmVlLWMxNzBjMGUxZDNlNCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDYtMTdUMTQ6NTQ6MTRaIj4NCiAgICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS88L3NhbWw6SXNzdWVyPiAgICANCiAgICA8c2FtbDpTdWJqZWN0Pg0KICAgICAgPHNhbWw6TmFtZUlEIFNQTmFtZVF1YWxpZmllcj0iaGVsbG8uY29tIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI+c29tZW9uZUBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ+DQogICAgICA8c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+DQogICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyMC0wNi0xN1QxNDo1OToxNFoiIFJlY2lwaWVudD0iaGh0dHA6Ly9zdHVmZi5jb20vZW5kcG9pbnRzL21ldGFkYXRhLnBocCIgSW5SZXNwb25zZVRvPSJfNTdiY2JmNzAtN2IxZi0wMTJlLWM4MjEtNzgyYmNiMTNiYjM4Ii8+DQogICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4NCiAgICA8L3NhbWw6U3ViamVjdD4NCiAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0wNi0xN1QxNDo1Mzo0NFoiIE5vdE9uT3JBZnRlcj0iMjAyMS0wNi0xN1QxNDo1OToxNFoiPg0KICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgPHNhbWw6QXVkaWVuY2U+aHR0cDovL3N0dWZmLmNvbS9lbmRwb2ludHMvbWV0YWRhdGEucGhwPC9zYW1sOkF1ZGllbmNlPg0KICAgICAgPC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQogICAgPC9zYW1sOkNvbmRpdGlvbnM+DQogICAgPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDExLTA2LTE3VDE0OjU0OjA3WiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAyMS0wNi0xN1QyMjo1NDoxNFoiIFNlc3Npb25JbmRleD0iXzUxYmUzNzk2NWZlYjU1NzlkODAzMTQxMDc2OTM2ZGMyZTlkMWQ5OGViZiI+DQogICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgIDxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkPC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPg0KICAgICAgPC9zYW1sOkF1dGhuQ29udGV4dD4NCiAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KIDxzYW1sOkVuY3J5cHRlZEF0dHJpYnV0ZSB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj4NCiAgICAgICAgICA8eGVuYzpFbmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyIgVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjRWxlbWVudCIgSWQ9Il9GMzk2MjVBRjY4QjRGQzA3OENDNzU4MkQyOEQwNUQ5QyI+DQogICAgICAgICAgICA8eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMjU2LWNiYyIvPg0KICAgICAgICAgICAgPGRzOktleUluZm8geG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICAgICAgICAgICAgICA8eGVuYzpFbmNyeXB0ZWRLZXk+DQogICAgICAgICAgICAgICAgPHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS1vYWVwLW1nZjFwIi8+DQogICAgICAgICAgICAgICAgPGRzOktleUluZm8geG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+DQogICAgICAgICAgICAgICAgICA8ZHM6S2V5TmFtZT42MjM1NWZiZDFmNjI0NTAzYzVjOTY3NzQwMmVjY2EwMGVmMWY2Mjc3PC9kczpLZXlOYW1lPg0KICAgICAgICAgICAgICAgIDwvZHM6S2V5SW5mbz4NCiAgICAgICAgICAgICAgICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgICAgICAgICAgICAgICAgPHhlbmM6Q2lwaGVyVmFsdWU+SzBtQkx4Zkx6aUtWVUtFQU9ZZTdENnVWU0NQeTh2eVdWaDNSZWNuUEVTKzhRa0FoT3VSU3VFL0xRcEZyMGh1SS9pQ0V5OXBkZTFRZ2pZREx0akhjdWpLaTJ4R3FXNmprWFcvRXVLb21xV1BQQTJ4WXMxZnBCMXN1NGFYVU9RQjZPSjcwL29EY09zeTgzNGdoRmFCV2lsRThmcXlEQlVCdlcrMkl2YU1VWmFid04vczltVmtXek0zcjMwdGxraExLN2lPcmJHQWxkSUh3RlU1ejdQUFI2Uk8zWTNmSXhqSFU0ME9uTHNKYzN4SXFkTEgzZlhwQzBrZ2k1VXNwTGRxMTRlNU9vWGpMb1BHM0JPM3p3T0FJSjhYTkJXWTV1UW9mNktyS2JjdnRaU1kwZk12UFloWWZOanRSRnk4eTQ5b3ZMOWZ3akNSVERsVDUrYUhxc0NUQnJ3PT08L3hlbmM6Q2lwaGVyVmFsdWU+DQogICAgICAgICAgICAgICAgPC94ZW5jOkNpcGhlckRhdGE+DQogICAgICAgICAgICAgIDwveGVuYzpFbmNyeXB0ZWRLZXk+DQogICAgICAgICAgICA8L2RzOktleUluZm8+DQogICAgICAgICAgICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgICAgICAgICAgICA8eGVuYzpDaXBoZXJWYWx1ZT5aekN1NmF4R2dBWVpIVmY3N05YOGFwWktCL0dKRGV1VjZiRkJ5QlMwQUlnaVhrdkRVQW1MQ3BhYlRBV0JNK3l6MTlvbEE2cnJ5dU9mcjgyZXYyYnpQTlVSdm00U1l4YWh2dUw0UGlibjV3Smt5MEJsNTRWcW1jVStBcWowZEF2T2dxRzF5M1g0d085bjliUnNUdjY5MjFtMGVxUkFGcGg4a0s4TDloaXJLMUJ4WUJZajJSeUZDb0ZEUHhWWjV3eXJhM3E0cW1FNC9FTFFwRlA2bWZVOExYYjB1b1dKVWpHVWVsUzJBYTdiWmlzOHpFcHdvdjRDd3RsTmpsdFFpaDRtdjd0dENBZllxY1FJRnpCVEIrREFhMCtYZ2d4Q0xjZEIzK21RaVJjRUNCZndISEo3Z1JtbnVCRWdlV1QzQ0dLYTNOYjdHTVhPZnV4RktGNXBJZWhXZ28za2ROUUxhbG9yOFJWVzZJOFAvSThmUTMzRmUrTnNIVm5KM3p3U0EvL2E8L3hlbmM6Q2lwaGVyVmFsdWU+DQogICAgICAgICAgICA8L3hlbmM6Q2lwaGVyRGF0YT4NCiAgICAgICAgICA8L3hlbmM6RW5jcnlwdGVkRGF0YT4NCiAgICAgICAgPC9zYW1sOkVuY3J5cHRlZEF0dHJpYnV0ZT4NCiAgICA8L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICA8L3NhbWw6QXNzZXJ0aW9uPg0KPC9zYW1scDpSZXNwb25zZT4=
+rVhXk+LKDn6/Vfc/UOwjxTgnamfOdQCTjDEmzssphzY2OOFsfv1pwjBM3D1b92nGakn96ZO6pebnX1XgNwqQpF4UPjaxB7T519N///MzNQI/7sxAGkdhChpQKUw7J+FjM0/CTmSkXtoJjQCknczq6Lwy7uAPaMdIU5Bk0FXzziT+3iZOoiyyIr/ZkECaeaGRnaG4WRZ3ECTNcsd5sKIAAaEdR16YpXf/GVb6ELtxszGQHpuxU9EUypo4TbcJB6XbLIZhbQwlnbblkMC2bdNhOBoqhy+BzaPH5t8UY1pwBW0zJua0UQwHbYvFsTbD4nABI0yTYKFRmuZgEKaZEWaPTRyFruEWGDPHyA5FdjDyudlYvvAI42pCGhuNM5Gds23ydA3Js+MHUBlB7INzYD+Re6WfdtrRvS2kIU9eiLfTGx9lWT6UxEOUbBEcRVEE5RCoY6fe9sd1x6s9sAehE53diUYYhZ5l+N7xTK4CMjeyG7y/jRIvc4MvnGMIhp6ct0FltS2MDH80kfMWr5ucQf6muzdYk9Rop66BXT2e/M2AAxIQWqCxmA0emz9+N53nEOeJEaZOlATp289/hwqEBfCjGNjt9CU4CPDfOfyUtZ/IR4ySt4X1/ifkXYl7dbI0/Bw8cQ6p9+kDpUn6ftIN66WwzV2ZibFk83gGcK98Ftwov3y+K5tbgi8WmKuqo03fVvS8iz3vi8VuS6K6Y4qYWgAjUJ0UoHNQ9GheTEOXSLiWpuBDttpjXQzhPCvrI1JckbN4NqKSgDoG87209riKZ+wQG+4hA1OWmsldR/USKzmYq72lOAbN7liplDk0s0xZyo+k2JpwQZnK+zqIDIp1yP4Bj7JD5fqRbvqBigzJxeMtnDv88FaDwhGobwGuKZSTjMy4fYiny8uBJyUDT8pgIMpHUeQ3mihq4mRiaesoIPClxE+E7f7g7j2ZK1GB1xY9XhJ0RUtLUdtIS02Tu+VwuTh2xwq/l3ls0RUFRdQXZNWb83NhO1kKvDWXun7+LPuuGfRKE69i69idKTx70XeVwRyn/LnMhcaKrCSJH13s0jmPLvPnIw96JVpNJB5VdkqlSlqlSD3jLJu/lSm9QSUe+eHFfjPn/eX8DusAYh3Od92lIijnvYVKUfQVtTdWvXyzFgpT9o/KrFtK5Vl/1C3dqRksFRO3Y3PXVRQ+umCGu81WVKgMZEfhUVnUD7I+MAlJ65444nlSnvCSKHgaDEWTIjpoac/FRkOqMdr1x9s8HmGaZG3GpENNrX2ZTrY6Fy+KJeMc5wexv2fn7ria70lc0XDFGqYqWAyXUwZnR24d7HriodpOyWVezvZcEvM+2grcmlamdr2reVrGyF0irXSaqtOx5Y7IDCnKuCsdUV3zu5GM7ZWj7+sBc3zWiXUCtjwj7SbGYqMdyoHEa7zwPibhEpPAjxW8kEVPQ4qgZdAFibaWa/xoH/o8riFY0cM8UzsOKVIZiupyVaStQls7zz3XDlB1quCDRFow0aEYTQ9TulJ5MBzRfbSeMgq5GROOkenFYBMETr0WuX1G6MURmdRJ/zh1F+EQrQGSLvR1FR61qrQChJuW/CHRDJ7QYm3fp5ja7CFqlNRT0MLd87F4X+g34eUoIPeH5M0xem1ocUfPoCh96Qb3MjGyQeN84r5v++lZu6PnlgXS9KUPIB/cXzoo/zJYXDti9VVHxJC1MtYtFwRG86br/Vq57Z1buwVuswTDkhjHYfASZwinTaIE1QY4gLMBxqAWCjCbAOSfjgV/MhicrO5t9dzcASu7+nuRTiDRA6nRg23GyL7OAPaAnSWe3XbOqh3Igefztp2cstHQpydHWg5nBscDCeQP+H50QtV8SqMARCH43x3UK9LL5u8QXXGKUeh4p51OSbx0ve8LxAo6JjASkDRvDr9xeSrePxvsJlGmhmrCO9kpThzF0bsMcpcMzoDlxR44pdj9ZjANQGbYEMh5JkVeeUC+Qv1SDMgnGb2ECrVt76SanoAKAGYLnOvsHiXRIU8oP0SCfYjkXW743PZO/R/SliWwRb9C+qjz9JuBX4O5mb1j4estrwqvEb8hgs8zNzzdCyCAeWicP78+dygD+dBhKUM/g9AG1akcMBMQcGKkHGBSFMPZLEpgJIYyNEfQtoUDzsZsjgWmczP9klEcfzndHxiFuGAIGaiyT6h8XRR9+FiCA9jTt+8pq2Od9KB4Cv+UUWLfaPzE1QeqP2C5X7mR+ZbnDKbFzDPwZvmy1g2tpI4zYN+U/uBleMcK3LOCtfDq93yKr7c2XPjy2kbJ0zAMNX7AGxjeI3/3CI7GKb5HswLZE1GGFUWGYnEJZyWUkjix2ZjXMfgNf13/HPNblO9w/psn1KtnA6Q4Rbct07q7Gq7eX3vuH7z4vsQJbOj0g8r/JZjT+y0yQNwOtg4Wfwjoq6C87Z+Fdefv1GOeaJygKMe0MYfGSQolLMriaIYhURxYloGiwDmtMMzLNHM2+gTi/bDzFU+iF7sgOQ9Hn8K6U7o8NEZoIIwrZ3z0RsvFqMurG8BIdL7UxWnNFvVq6RKwn4TTrt5itT3vqvkMPqmQsRb3EtTNB4gndmsutgGmbXcbaZzt+la+G3l4JR9W9G6/XiHdfBQFh9V0yuPVJsWcWMDSnDTWC1UTaHXIoEgkWWpaswS5dXuGsPL8LuscaklYCMWqhQ8KQ1k8G2Y5QVIuWO5XR4VICDTz9+54xHhqYsq8bw/6ZW9BHZnpdEbPVGJDOINq11+QqBqO06FFVIODPe4TzjoW0f3WoxZpPLYPGAkoNVrvxtFUJgSVOJYqPxiy64mw2lC5Fjn0KBmZVpE96xvUUYrpxt04k10269VsTXJRMeaccifO5pI/p1pG/5CKcyEpH+Gj7gPVn6X0V0m7anxzRr4pi1+WxMdyeD6KOW1U8pbfPPeXDsNM1qwRP48ERB5KIF/SZk+oBR3lB1tvvS+kBR+Mxdgw5/xKUFr1EeMin6eTpM5VJ2FxUODmcTpZzIqA1DeV4Rb5mJx6ZkiVw32NCj5FLg+BtWjxhx1q84W6PchYTazJUuVCzpyl84LmcCxAwWHG92KX3Y/YMed6yQgTqo2w2eGzuidGPWlaLZ+psk4M4kAegi6JdE8VOqUDZ8GO1yaaR6vhYicvgK/jvMGYz17KHrtxGRWkWGb+ZOdnmueSQcFkmcg7m4OlDXpHYS60JN5AW+vtthLHli0QrUDzZhZ8JDtlvz9ktrMgzIXuFqzmhCiPDGJiMrKyVp286o16VDwA7mobEXt7oo0NP0rY2XJFD9gpMmAdjSB6oDVJ+8twCAtP5xHE+GXZfF8y78vlncK1oX7sjO8a7qdd9bb60hxPP1Igb397ffoH
\ No newline at end of file
diff --git a/test/responses/response_encrypted_nameid.xml.base64 b/test/responses/response_encrypted_nameid.xml.base64
new file mode 100644
index 000000000..2dec37fc8
--- /dev/null
+++ b/test/responses/response_encrypted_nameid.xml.base64
@@ -0,0 +1 @@
+PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgSUQ9InBmeDUxOWI1Y2JiLWNiNmYtOTQzNS0xNjNmLWJkMzVjZTM1YzNmMCIgVmVyc2lvbj0iMi4wIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDYtMDRUMDI6MjI6MDJaIiBEZXN0aW5hdGlvbj0iaHR0cDovL2FwcC5tdWRhLm5vL3Nzby9jb25zdW1lIiBJblJlc3BvbnNlVG89Il9mYzRhMzRiMC03ZWZiLTAxMmUtY2FhZS03ODJiY2IxM2JiMzgiPjxzYW1sOklzc3Vlcj5odHRwczovL2FwcC5vbmVsb2dpbi5jb20vc2FtbDI8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPg0KICA8ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPg0KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNwZng1MTliNWNiYi1jYjZmLTk0MzUtMTYzZi1iZDM1Y2UzNWMzZjAiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPjBTRFRrNXNYWjdoMW9YUWVRMm5YY3BLZnZoTT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+WENPVmk4U2c0MllRS25oMWpNTWYvV0dVcDh5Q1dFQWV4UE5taVNWT0M2dUFBUGc5WWwySUt4Um1SeGczcHpVK0o5SzlTRUVEOEJWenJERTZ4VDlxV1JUbXZ1WExqemE0TndvRmFGWllIc3ZzN0FPR3l5UEJjT3Z2R3JoM2RGWmVTUzF5U2tVc3FBWW5Wck54emRkRVFZa2trRmNxQkNqZ3dnd0Z5Vlpvbkc4PTwvZHM6U2lnbmF0dXJlVmFsdWU+DQo8ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlDR3pDQ0FZUUNDUUNOTmNRWG9tMzJWREFOQmdrcWhraUc5dzBCQVFVRkFEQlNNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1NVNHhGVEFUQmdOVkJBY1RERWx1WkdsaGJtRndiMnhwY3pFUk1BOEdBMVVFQ2hNSVQyNWxURzluYVc0eEREQUtCZ05WQkFzVEEwVnVaekFlRncweE5EQTBNak14T0RReE1ERmFGdzB4TlRBME1qTXhPRFF4TURGYU1GSXhDekFKQmdOVkJBWVRBbFZUTVFzd0NRWURWUVFJRXdKSlRqRVZNQk1HQTFVRUJ4TU1TVzVrYVdGdVlYQnZiR2x6TVJFd0R3WURWUVFLRXdoUGJtVk1iMmRwYmpFTU1Bb0dBMVVFQ3hNRFJXNW5NSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURvNm0rUVp2WVEveEwwRWxMZ3VwSzFRRGNZTDRmNVBja3dzTmdTOXBVdlY3ZnpUcUNIazhUaEx4VGs0Mk1RMk1jSnNPZVVKVlA3MjhLaHltakZDcXhnUDRWdXdSazlycEFsMCttaHk2TVBkeWp5QTZHMTRqckRXUzY1eXNMY2hLNHQvdndwRUR6MFNRbEVvRzFrTXpsbFNtN3paUzNYcmVnQTdEak5hVVlRcXdJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQlFVQUE0R0JBTE0ydkdDaVEvdm0rYTZ2NDArVlgyemRxSEEyUS8xdkYxaWJReko1NE1KQ09WV3ZzK3ZRWGZaRmhkbTBPUE0ySXJEVTdvcXZLUHFQNnhPQWVKSzZIMHlQN000WUwzZmF0U3ZJWW1tZnlYQzlrdDNTdnovTnlySHpQaFVuSjB5ZS9zVVNYeG56UXh3Y20vOVB3QXFyUWFBM1FwUWtINTd5YkYvT29yeVBlKzJoPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgVmVyc2lvbj0iMi4wIiBJRD0icGZ4OTUxNmIwZjMtNDUzNi0xMGY2LWM2ZmEtOWRkNTIzZTE0OThjIiBJc3N1ZUluc3RhbnQ9IjIwMTQtMDYtMDRUMDI6MjI6MDJaIj48c2FtbDpJc3N1ZXI+aHR0cHM6Ly9hcHAub25lbG9naW4uY29tL3NhbWwyPC9zYW1sOklzc3Vlcj48c2FtbDpTdWJqZWN0PjxzYW1sOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBOb3RPbk9yQWZ0ZXI9IjIwMzAtMDYtMDRUMDI6Mjc6MDJaIiBSZWNpcGllbnQ9InJlY2lwaWVudCIvPjwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPjxzYW1sOkVuY3J5cHRlZElEPjx4ZW5jOkVuY3J5cHRlZERhdGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTI4LWNiYyIvPjxkc2lnOktleUluZm8geG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PHhlbmM6RW5jcnlwdGVkS2V5Pjx4ZW5jOkVuY3J5cHRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNyc2EtMV81Ii8+PHhlbmM6Q2lwaGVyRGF0YT48eGVuYzpDaXBoZXJWYWx1ZT5ZUkdFZGF2dWpSNlYwNUZsWERHbmxCK1VUWTFjak9DallkYlhKN2JBZHFURWxDTyt1eHl0aytnMWVTTGVuczhJcjlZaVBNNUorUWU5cXo0TkdORXdyNjV6aDM5L0ZJVXNMQ3BhaXQ3QjZXM2lFcmR4aVUrSUN1cUw3TCtNSmlGVHZiVG90NVdleWZvVkFnSE94Z1BodDRONlZSL3BhYzRDdFZEQ0ZBbDlEMjA9PC94ZW5jOkNpcGhlclZhbHVlPjwveGVuYzpDaXBoZXJEYXRhPjwveGVuYzpFbmNyeXB0ZWRLZXk+PC9kc2lnOktleUluZm8+DQogICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgICAgPHhlbmM6Q2lwaGVyVmFsdWU+dFdQZEV1dXZmSjh3WVBhOFVUQTRvR2htRENQTjFhQzVkUUFEN0g5SkhWQm5VS3Y0UkljNEQ3SnVJem12bXlyalZGWmRGNW15K3cvUGd3dWlOVGdpOUxid01iSW5adW1HbDhlSndFblBaVXBPQ0w1dDNXbEdKbU85OVVNejZQUVNLeGlGSU1DYzcrQXlRQmpjdTEzaUxWeU5TbFQyWDMxRXBOaW5jQ3FzSldvPTwveGVuYzpDaXBoZXJWYWx1ZT4NCiAgIDwveGVuYzpDaXBoZXJEYXRhPg0KPC94ZW5jOkVuY3J5cHRlZERhdGE+PC9zYW1sOkVuY3J5cHRlZElEPjwvc2FtbDpTdWJqZWN0PjxzYW1sOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDExLTA2LTA0VDAyOjE3OjAyWiIgTm90T25PckFmdGVyPSIyMDMwLTA2LTA0VDAyOjI3OjAyWiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL3NvbWVvbmUuZXhhbXBsZS5jb20vYXVkaWVuY2U8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE0LTA2LTA0VDAyOjIyOjAyWiIgU2Vzc2lvbk5vdE9uT3JBZnRlcj0iMjAzMC0wNi0wNVQwMjoyMjowMloiIFNlc3Npb25JbmRleD0iXzE2ZjU3MGZiYzAzMTUwMDdhMDM1NWRmZWE2YjNjNDZjIj48c2FtbDpBdXRobkNvbnRleHQ+PHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sOkF1dGhuQ29udGV4dD48L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==
\ No newline at end of file
diff --git a/test/responses/signed_message_encrypted_signed_assertion.xml.base64 b/test/responses/signed_message_encrypted_signed_assertion.xml.base64
new file mode 100644
index 000000000..102709939
--- /dev/null
+++ b/test/responses/signed_message_encrypted_signed_assertion.xml.base64
@@ -0,0 +1 @@
+PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfYmZhYWE3NDEwMTQxZTUwZDNhNGMyMzY2MTBlY2U3YzdmYzYyZGE4YTU2IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNS0wMy0xOVQxNDowMjoxMloiIERlc3RpbmF0aW9uPSJodHRwOi8vcnVieXNhbWwuY29tOjMwMDAvc2FtbC9hY3MiIEluUmVzcG9uc2VUbz0iXzc3MDYyNDcwLWIwNmUtMDEzMi01YzNlLTAwOTBmNWRlZGQ3NyI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwLmV4YW1wbGUuY29tL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhNTEyIi8+CiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNfYmZhYWE3NDEwMTQxZTUwZDNhNGMyMzY2MTBlY2U3YzdmYzYyZGE4YTU2Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGE1MTIiLz48ZHM6RGlnZXN0VmFsdWU+S1c2bXlRZmtoR055c0JvMklHVWlickZqWEJYekd3YlNmUUdYYnlwOWxuQlRIcjZidEJyWlVZNHJJVkkzMjRVR1VwL3FjRnJMcXV6VTJuVk9IYTB1WVE9PTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5GbVpMR2tGL3FWaGN5QmcvKytqeFZpRGQwSlhURElMNDNqRjFJNEU1TmN2dUJMK1I2MTlhNFAvV21qZXp6ejZkUm5RY05VbTVYUzFTeGppU2lQNm5OWTM0Mi93Q3phUFNCeTFoM0M0WEczZUwzb1pERDFuSUJtclNKQTBTWTR1ZUF4V2dNeWc0bDZ3eDhCM0YxWDUyWUxDNGtXbDlKdnh4OXRBanJ2UHdBZlE9PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQ2JEQ0NBZFdnQXdJQkFnSUJBREFOQmdrcWhraUc5dzBCQVEwRkFEQlRNUXN3Q1FZRFZRUUdFd0oxY3pFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVZNQk1HQTFVRUNnd01UMjVsYkc5bmFXNGdTVzVqTVJnd0ZnWURWUVFEREE5cFpIQXVaWGhoYlhCc1pTNWpiMjB3SGhjTk1UUXdPVEl6TVRJeU5EQTRXaGNOTkRJd01qQTRNVEl5TkRBNFdqQlRNUXN3Q1FZRFZRUUdFd0oxY3pFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVZNQk1HQTFVRUNnd01UMjVsYkc5bmFXNGdTVzVqTVJnd0ZnWURWUVFEREE5cFpIQXVaWGhoYlhCc1pTNWpiMjB3Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQU9XQStZSFU3Y3ZQT3JCT2Z4Q3Njc1lUSkIra0gzTWFBOUJGclNIRlMrS2NSNmN3N29QU2t0SUp4VWd2RHBRYnRmTmNPa0UvdHVPUEJEb2VjaDdBWGZ2SDZkN0J3N3h0VzhQUEoybUI1SG4vSEdXMnJvWWh4bWZoM3RSNVNkd042aTRFUlZGOGVMa3Z3Q0hzTlF5SzJSZWYwREFKdnBCTlpNSENwUzI0OTE2L0FnTUJBQUdqVURCT01CMEdBMVVkRGdRV0JCUTc3L3FWZWlpZ2ZoWURJVHBsQ050SktaVE04REFmQmdOVkhTTUVHREFXZ0JRNzcvcVZlaWlnZmhZRElUcGxDTnRKS1pUTThEQU1CZ05WSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkRRVUFBNEdCQUpPMmovMXVPODBFNUMyUE02Rms5bXplcnJia3hsN0FaL212bGJPbitzTlpFK1ZaMUFudFl1Rzhla2JKcEp0RzFZZlJmYzdFQTltRXRxdnY0ZGh2N3pCeTRuSzQ5T1IrS3BJQmpJdFdCNWtZdnJxTUxLQmEzMnNNYmdxcVVxZUYxRU5YS2pwdkxTdVBkZkdKWkEzZE5hLytEeWI4R0dxV2U3MDd6THljNUY4bTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkVuY3J5cHRlZEFzc2VydGlvbj48eGVuYzpFbmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjRWxlbWVudCI+PHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI2FlczEyOC1jYmMiLz48ZHNpZzpLZXlJbmZvIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjx4ZW5jOkVuY3J5cHRlZEtleT48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjcnNhLW9hZXAtbWdmMXAiLz48eGVuYzpDaXBoZXJEYXRhPjx4ZW5jOkNpcGhlclZhbHVlPnl1NDFNN2Y1NlQ5VndLb1hoWnBrcVZhKzJhSkhyaUJWQUtiVlpCdkxreGM3K2JtTnBqMHJOMTEyWE5kMmlmZ05VR0xhVUp1cVBZVC9EZW1vVzZvRjhkR0t5UktBdjJwVjNBbk9NcGFDNXFUbW03T1Q2Vm9pd2VWUWpIbitPRThuUmNiYmVreW9mQmR3VXUvSlFTMjJObkw0VEhwVGViNUFSZk5GWmNtTU93MD08L3hlbmM6Q2lwaGVyVmFsdWU+PC94ZW5jOkNpcGhlckRhdGE+PC94ZW5jOkVuY3J5cHRlZEtleT48L2RzaWc6S2V5SW5mbz4KICAgPHhlbmM6Q2lwaGVyRGF0YT4KICAgICAgPHhlbmM6Q2lwaGVyVmFsdWU+Y3Q1eHE1Q2E4dVR5aWVnZzBrQnZZRmg3REhjcUtCVURTVTRPVHAxQ2dkZDU1ZllmY1dZQ01vaGlRTnlpQnVtWEpLTjZjN3JTSllPRkFETVFYZ1p1ZGVabFR6Rnh2TzdwUlRBYmdMY0V0Q0JjNjRKclc4V0ZrN2hDbzd1d1Qvd1hXZGIzTXFVSTBWZzdQWHdkQnBlMjROdVNwa2hpenVIQVM0WHRjQ2lrZ0w0ZnRrWjd2Qk1NM2JkaU1wVEs0dktlYWwxMmJPaFZJVW9kaDhIUzM1SjJiSEs2aloyNkdGYnVOMU5xeG1vQ1ROZGpJN1Q3YU1yZTM2YURVQVo4NDNQc045aXViRU0rc3F5Um5sYXFTTHJrbW9YUmcwTG50MkR1dy9BK3JTRGlCVW0zbG1LL1JTMXlzalBoTWd4UFZGVGR2S3l5dDlsdVgvN0w1L3dSQzgzTTM0ZHBpMXNSazJxY3VWOFRzMmcvd2JBVVovT1loeTdLYk1mNE5KeVIrazlKVWpMMFIxNHNQc2ZlaTg3ZEo2YjhjSkYzSVRaaUVycnMwRHBKT2NBODFjcFB6T1BaMDk0WHMrTnBBQUY5c1gvWXZwYkR3RWEySTRwMXY1Ymw3eGZSY2FRekVnT3drZm9NMVUxbGZld1NCL2gxb2FaTXFodWtQTEdIMVl2THhUNkVKZDY1Um9ESGhYYmRCS0RKR0ljMmUrSFBQV3krbDBPaklLVXNHRzhNejBlbk56b3VIUjV3QVhtMHRwTGQrMHA3ZnRoL2FqN3hQcGd6bEpmaTJRa29uSFpDc2ZUd242UXV4MytVeUdpOW8wVzVreE4yQkk3cVhtdkxwdm5NM2FKYzk3bmI2YWw0dkg3NlRwVk1mSmlzSmhpcGpXMGRUS0FlMXJaaTNCM3JnWk4xU0tZUnlSOXRXeVZ4eGhYYTh6dmNvZmVUcFJNY3ZGeldpNyttSlFxU2pHL1Z3Y2hqM3d5RHBHbGF2dlNsUzRMaGxRMTVpS2IyRzMvR3hCVzFJMk5WcnFSREZuaTZlQ1BPTGd1eU13WUhuWVQ0ME9FdmFVOGFGOGtpaHlXbE1UbVZRUlVPZFQ4VjByM1BBRmQxMlQvNTRlMldISGxvUVFYVndhRHdnSjJJKzRZTW1VRnd4SUpjYW9OYm1IQVNySkhmTUdneU40K0czc3cybHhOZ3AycmUrUWJadEphMGNLUlg3bTh5UXlPYnF3L2lMYk9OMEhUQS8zUnNwUVNtNzdMRnFlVTF4Z0svS0RiVzRINkZuVldKVG5hNWhMdGhSb1JXdkNmdjFZWjMwUnZLakVmeFVhaURLQVBNcEdMS0M0RFpMSHduRUNhNlk2M0sxZGN4TCt6STJER1RUbWFtQXFKUlk0YnBaUE5LT3R6N001OXhWNnRYeEtpMS9IcnEraVE5dDRZeFQ0cXVXZFYyQitjTG1qUVYyQ0FzUjZSN2l2Mk9FTndBbjRoWDBhZDZnd2kxeVM4QUlZSFJiTmxzYlVOVVdTamR1RmRYYzliVHc2dERpWDVvQk40d0d4a2o4WThWRmFHUU1jd2xxZFprMTlyRjNQNndQMHFZNUN5L2RKM2RjRVIyM2tBcWFvdGlWWTBUSUFkb1V0a2lZOTZkVFRKNWVvVjdJOGc0YVhUajczblRCRFVPOTB0d043RHp1dWk0and5YlZKVloxZnhuRUZYL0R6SDI2RlM1K041bjV6djZLYTVYelE3Tit3Uzl4STVRYlRYdElWTXNKWmVBbnVIa3hQNWFmbFYzcXdyRnZpaGI1d0UvZVhqK09sZHlhenlBY0M5UzhGSXhEWktDN09HampxKzc1NXNLRmR6aWlnS21OSkJxbnVQVzI0VnlXckpNNGdwbmZqMzQyNkNFYUpkWnZ5Z0IrVC85d29INWNTY3NFcmtwaEZ3M0ttWFhSUzlCQmh5ZUNib3VsQXFROEdtMzdJdEZZN2tpbm9yeWd1VFN0STBDdDhLL2RrZFVTQll2NGJGek9TRGhScWJhMkk0ZHIwME1PWDJsVUloNHJjb1lha1BRSjk1K1RWOHcvbytXcHkzbmhTczJEOVprSklyZ0c3QTNpTkM5VTliY3ZjK3lpR1RqZ1hic1hvK1BlUm5SWVBQd1RIaXViRWF6QlR5cWlIZE9MODlUNmpaVTFSdzF0U0FmSmFSNnJ5TnZSdkFvVURlY1FGWmcyWFlid2E0SVoyYXgvNmZNRzliY3FtV0lXd2piamVJdkRGNUprTzd6ckQvT3lESmxTRDJmOC80Y1U4dnAyUm1paDdHaEMyclA1bkNtaEFza3lKYytKR0pML042eWVRbjFIRUxBYWpQVERVNzVsZFUrVUhmTlJNaFU2ejZaa2diUVpxMlQ4dlU2N2ZkMFJHTlhnT0RGZWZ6T29VUXU4VTQrZmJyZnM4emEvT1Vsb3lKdS9zZUplWWh3SEpLblRlVzNGOG5WZ1hrYm5PNmk5eDdsZEVaazIyOFRUSmp5VmhHbWFmT3hmZzVwN1RlTm5qUW1Vb1RpdDVMUHRuS0phTGpabHUzbWhMeGlucThwVUxkQzhwSWwvUit6L2ZoUWhWd2xJMEdFNEtkS3N4OXo5RWxtQytVVVF4OERoVHFhZUtZKzFObGdPOFJ6bjVBRUdxWEFMZk94OWFnMDNCbUlxSUtXM2RsQ0xuVVRmUDk4NUowTm9qYmRRUldVSDVpKzJGclJLR1V3NldnR01YNWdBVWJSYXZWK2RzVVpCMkxNdTlreEpsNjd6b3Y1cEtVTnZ5Tk1BeXNLM3BtSkUrVHlud0JuZzZwOUJnUWp6Yk1hdEl2ckw1dk5sNUovQzI0T0FQc2tqeUxHc1poVlBVd1IyY0FHMGhaQUdocWk2RDV1a0w1andoSUUzbWsrdTNYcS90L21ka1RtTEp1MW5KNGFYaFJaL2d6ZkJES25PZzBxemUxYUtFejFUbzNMWUN2TE1EZ0lMMlV3Um13RGFsWmNHMWQzWWYvcWRLajNoWEhWYjdTYjRwRm5ZeXJucjBKT3NPV3VseTVOeC90YmNXNFpuUVh6NU5HUDZ2RWFyOXRNMjU5Z2xKWW9jOWJ2TiswK1djTndkSlBtSUx5QUtJVUNHSzlMUXhCY2pYQ2hYYWpWMW5Bd2RZampPVzFxVENJOHhkNFFtekk5Sjg0MUVzVlFSaGZkRmkxK3NYQ0dmT0x1RkpoTndmd1lReU9jMTNicElOckx0MnNaVmxQaDg1YWhuWFpjU2JGSlF3LzB1TC9WQVc4NEl3U2x5Z2p1TXZheG9FWXhVZEhTT1krNjVLWElqWks5cHNvbkRlZGNvdFZBWXpzbk51SkoyYnFZblpqVGxWVnRFT3p0VStFZGI2WDhSQS9RKytTbVpqMmtJVFV5MHhPbVdsaFJwNzR0blgvMVFPc2xjdmRGUXN2c25lRXNaRyt2VWlKRkFGbHA2RlNJelNhakxOVnRLSC8vUEQyVWduV1VTenJ2S04wWm1ydWhHL0N0c3lIMiswR2E3ZGFFZXAyNURVd3B1N2JHenR6RWpvVXBLd2lnOWdJaTFtcnJKaFdadjdQMW04NDJTdzdzaGd3cjZWZ3VhTEE0THdiam5XNzdHbjNTTVgycFk4ak9yLzhNR05laFc0Y1hCUTVUNkQ2ZGdJM3FTK2YrTUNncWladzJ4ZUFzV2NoWnB5a2RoVy9URlYxd0pWV05yZWE3VTN6d1ZleE1YKzJXOERmSWt1QlVjb3JwZGJJcXNMODl5OGtNT3hjTzAzTC8xK295M0hLTjZXaEx5NDB2Nnl6bkliR09mVW1tNTl0VHFmQTlOOC9OTHR6VitLQzZpZVRqY3hGdWwxdGhtQVRuKzg1YVd1dkhvN0FZajVMNy90Z3p1aTE4OXBVNjYzV2hNamZZaGRobXZVYXp4dkltbDMwdnVublZVVDRwWU9aMlN2dXZRbjkzRVBiMmQ1cFhzYnN6aVFDeXVDV1FLRzJhcnFPcDF4K1ZIL1BnTXhDZk1SUTZGNzZEWk1vUjJhOTBramJkTnNIS2pxcVh6Zmxma0d1RWRGVTBqekZvZjd4Mk1mZ0UwZmZvR3UxQU5iR2hoU3BSNnE3aVQzZHVCeHhDbm9UTFJhQ3ptaDM5Vkg1NzYwbU5tMDM2VFcwZ1J4L0VQRGJidDNpeGFmZFNhSjE5bXM1NUQyNGoydVhtaFlFNWZKTVNvTkFSZHpvVjRXMUhvaForYU14by9sZFZBWGVMUkhHUHN1RnFSelc5ajZTSGIzOGhRSXVkUXdBQkNMR2ZrdmwzaWFlVzNKN1hPbFNmR3FQTkFvMVZKbnMvWlU4cUpuVTRBZFNXRDlWMGMzbDREVzdIMGdSdnM5OGxGQmozZzBCczRrMmFEbHFoTC9tcE9xTkZaeUxTQ3BsYmxaV3lNbHZUd2xOTWNQY25Bd1g3YnkzcDlORTlFbVNjbjE2dFRRV2o2NkFldjJGTGxGakpqL0VwRVNXTkVXZ2FzR1RZVVpxWGs2ZW84dWVSdHd1TzhRYUxHb2htOFcrSDdCanlhNGNnRllBQWFkc2hvc2NzS2dwOFBGdVQ4Qm9JQmYrS284ajR1MHdobnM4UWtpdXJGLzl1K3owWktDd0oxUGFwdFAyQXZPZlVEM3JUc00wYUZlYVgxRE9NU09yVzQ4M0xNVDdiMUE1Q1lidW5EWksvSS9keXRMU1piYjVOY1FPckN0RzQrd2NOOGNHRXhIOWlsMDBhTWNiTVZobXd1ZXYxSG5iYTBNQkZkNzNiK0NWY01oMFhrbkVRMXBMOWNnMklaRHViMDNqR1cybkhhRGlSV2YzN05LOTRjdmVlT2Y2eWlPVjlXbzNBZTNiREF6S1llVUhlWEdWTWtUUUtDdy9ZNUl2WkFMVlpBdzVMdGNOakJVa04vakRWdVVPS0JZMm9ORWovWHBFMkJyOCs2dWZoeVc2dG9yYStJbkc5RGtqbWZmRy84eHJ0eCs5YVBLaVV5Nm12encvTG9YcmM5LzFsRHNzZndjek92MFloSDdwRGdXb0kyM0NXbEU3MjVtNCs5UVZmRWRJY3Y1YjNpaFg0aE9kc3JrT3Blb0xxRXBtUXBnQjYzQmdLaThKYi9pV0N2Zm9nWEVTYzNKZUZkejJubTZMbXAwb0lzaWU5ZUJZMWFYYWpmaHBhdzd5N0Z4UFdwUmZsRm12d3RucUE1WHBZNXNDUzBMQTd2V0NmOU9LRzdGOTdhL0hiR1RGZGV2MkFUY2lKcGxYNWNzaG5DRDNjR05kUzRPSkgzNHBJTG05Y243NFl6MUt3TEhqOWRLOUFDNWp6d3lmSjNIVnpLVk9mN3NtelUvRVNxUUM1c1paY3FHR3pSandtWnpaYmxsTktnVTdmTGhqMEZ4bTlKbzg4US9BV0pjaEdmWW83MiswdmcxSEV0dlB4ZW1pOGxvOTFDYmdkVXk3UStxdXBlWGQxc3FrMzBId0dQME5WaDJHVU9WZlhPbmcrUW9HZDlQU2l6bjd4ZjRITGpLQ2h2RmovYm5QblZzZjRzdWNLTFI4S1JKWTF1U09zMEU0WjRXd0xoSmYzTlpPWVdzc0ZGbjR3VjdXNDdrLzhXSVlkMTBlb1dDdFNjTndYNVh2ZC9nZHAwL09IencybnBTVDFGdTBrSnJFeHJ0N295c1FmaFltVUp4b1F1dkI5TzhGOGFndHhjWDRyUDNXMklPcExqYmZibFFnTVpTK2xEZkNud1NVeWk0a0x5d3NmRURSVUJvejZiSkVBa3lXSzhTak9scEpabEJkb1dycDJCZjNOd1l3akovcnk4bVVSS3lOdndxWlRSYSs1V0xZa1R0VE50Uml4M3ZneDFKcEVPY0lSUnJlN2drODVyeFhPOENzMm5kU2ZITlowVDNrQ1E2d2VpVFQrU2FnYit2emt1QndjNVRoYm9ENElldHpOT24xcnZvbDB2Y3V2SWp6VElDTmUzaGNPT3pmSEhJNjFRQllKUDcvbkdickJsQkdSV1Z4bmZybkZZb2JMYXFidVFDRmExSGRNdFhZWnFMTGd5UWhzQ2dkdGRkTGp1eG1Ha0VQRGpaZDNRRnNSMjkraTArZE5Sb3U0dWFrTzk5ZXhZa1kveVN5NmsvenZDbWc5eklrQmt5MUtuL2E5Nno5MG9BaHZHemsyMnFienhQWmYrK0JlSkxHcEtwWjEwZFFKajJ3RG0yNU9VTVJhaUs1TTVaMmhqSFpkb1htWmk1S0NtRDN6Q2taYzBGYWlhT3Z4VVN0WnBtN0hmdU92ZEdWMzExZVBOMElIaUNsRW9wZVdwMEJHV0VpanhiY2IwUDcwd3c3bU5DVEEvczlmL3dmby93endITUxLYmtmVW5ST0hqbzB4SlF5a1lxTVhoVkQzMjBsU3h0b0grVExObXJhYzJoeUFtcVk1NFg2MFNnZGs2N3ZFUlQ5L2EzR0dEdGtXdEJnYlFBMzdIMlB5T3JTUnpHZjVBeWxEZUFhTWdyVUJiRHZEdzZnMlVtTHpZNUJFZnBnWWpEMWlNZ0VxSnBhQlZwWmM0VzlMZUdodGJpVHAxUGREVktPODNVS1g2UC9hOTh4cjd6eXU2bHJSd1BNNlp1LzJkRkVoSTNieFlXV2NsQ2l0SGVac290YVE5VXRvZXgvV0lmdXZNWGJLbmFNMjdiN3hCNXhORTZsSDFaSXlsMnNCUHpVeTFCL0pzUkk1M2NGdVlJVWhGSGpxV1FsK01xcnJvMEpmNzlrc09PRVFQNlpaalNUWG1aU0l2cmhjcitKejVlZXhyZW5TNmRjbG5Cc25pTTJLeGZTN3BSbDVUdG10Z0JpblBSK3YzMHdnKzJreTZnR0NMdDZHTi95WUd5N0JlZkc5QWFocWdxb21oelBETnNERThBU1Ivc2ZHdy91WS9uOERLZVRFclFwMlo3THppb0JsOWE1TEpGcy8yOXlIRkVybVA0a3pkVE9jcnBTVXJGSUxHSytvUzhqVytxalRBaXhydmpQZTBONTVURW9SNHJ6UUJtbGZ5dElna3AvL3FRbHhvUEhTTVRHTXIzMkJpOFNWNGtZMG5Cd1R4dmFuc1NEeksybmorTUxvR21KbzQ2T0g4Qm1qbCsvT3BpS3ZYZGNkbWtDekJucnlocThxUytaempBbDdOeHJqTi9TSVJiWEtIT3B2VEZzR1RNOEFCaDVXUHVmMmZUdkhLa05SQWtZK0xJSTAxM2dMUXQ3NFQvNmJkQktmQzJESjBrejVXcmxoSDZFSHpWcjdNNVl3MG9SVjJxekZXL09sSVhwYWdYUmhqTXZoUlRweE1ta2FNdjBZSlZuSGhTZHNLS1ZuYzkrTG95WnlsWjk4YnhzKzFBYkxlUllia0pxNjk4RGpWOE56WldMRjFhbTRRMjZMd1UvU2NxUllILzQzLzNSbjJnenJNSi9IY3QxQjVvbzI1aHVTaDY4ekRNd25lSXd0YXhqNW5yTG5oNUlhQkV6cWoybDd0NDNhVEZPRVFGM0MyYTlHWWVRRHFiRHRJblJzT3h0elRPOTBpUUxRS1ZNQjAwUTM0aDEzelVSWjVIR25aVkc2Qk14bHRieUxSaWMrYUltdEtmRktKTzFrTkx1bUljaThyOC9TaE1HaXpYUVpUb1JhbGlmTzNZSXdPVUJKK1FZaG9pRzVNVnhDUGFZQmxiQ1h6TnVZSEFXWE5qMVZOUDYxdDNnWStob3gzZ0tMYmoxVkkrMllrUHJ5UDVvNW83SHZWUlczaWxPR1JoZ2FlNlBtTFpEVjdBemVpbktOdm1JRkN1RE52NGtpR25RMklJYWhzWnRMU3JhU3VMbXVobktDVDlabUVOZDBZVjdHalJXS1o1MTBCd0p2MUdWNGVXQkptb3Y2eHRxR1M2cy82dEFub2NhV3pWSS9DNzFHWEZFbExVL0NOTFpYUnVmUGpMWmRjeTlhZFNUV2ozOGY4c244Mzdhc1NtYm9HdEVPMG9mNWp1cUhxSVVnNlNpQ2dVMW9nZWV5NUNNSGR5TitCdm9ZckkvbnV1Ym1Yei9qVFFzU2taZ0dmUjFUcm81WnBraUhwRURjUnFYY0haVWpzV0crU1FOcEdXeE5IUWJ1OEIyRlBEc3E5bUhlWmRWNXFYNlIyWWxyczhydTFwT2x3VCtkeG9HczFHNmp4SDI4azlaUHhMblQwTDFiZHBtTzVNQ1B1RkcyU05tdnZoTFBlQStVbEJEK0dNc0tPdnFpZ3drRjYyTEV1c2xlb2V1bGExZEFqRkdsenlmZFJ1aWJCT1pZOEFzc2JuaTMzb1BKUkhsTkI5RDg1alEvNHVoYWxtTlkvNmZuVk9LU2FXbGMxWkN3UWV3T25PaXRsUmI4RHlBcy85K1VQQ0F1aWY0STZVSEJOc0U0NWJlZGZraWxRdU9FV0xjTG9xNzhKM0h5ck02UjRocisxdWYvS1lidHlxUDd4cENWa3ZkbDQxelJSbGcvWnd3TFZZanhrREhRcUNJVDhoSk9MNXZFemFXR0o1Q2Y3N1AyN0xWRy92WnpYTm9ac2cvVkxTVHNaYlR5aHhNTG5zK2llUHZwUll2UGE3MEJDcS9SSVZ5bm1CUnFhY28xME1nTnlZY0hCa1o4UVFhZXZWbzdHRkI5OHJTYkRzOXI2WWdKZDQveXBXQklyUCtrVFFCczJlT0dzVFI4MU1KVnlwQXJFODArRlIvTVkrd0pvbWdLODFWL0lpTGM5c0xvVUlnTUF6NEZieFlSMG1UZHBKN2JNWDlBTE5ITVpiSEVweGNjNXRMKzNUMmRlQndWZHBIeUd1MlJhd0VUZnp1MkhuUzFIdjZQTEhNcDgzd2lYVXVYL0ZST2x4Szc0aFhYMWRvdWU1L0tyczhLSm90NmtNekRBMmtxcXlxQTVoeklFWkR1RCtsTU9yMGJOdTVVejA5eDdmRU01WHFmejNpTkNWQlJhVlQwRzdoMUJ0Z1hzcUU4cENMNDJiMWhacmNqak5GNzJGMWJ3WnNhR1VpbHBlelR5UWMvcXp4OFlnQzlnVHhKK0VqajRkME1vZGxaVmI5SU5NT3dUbStHV3M1ZElzbzdGSTJab01MbWdwNjFJc2kvUllVOSt6cmV2YmdBZ0NCNDgyS01HVVF4am1yd201Um1pNzI0YUdwamw3R3NSSVpJTVBJWnZTbC80MGRpS2lYdkRBbVZuSVo0a0NRYmszSGxHaWJJU3lDMkZNa0lqR3RtZ0lqSFE1YWRUMnV3M0M4bFZyYXQySU90bDJ2N3lRMjdUS3JhL0laVUxOVkErZmdqQ0crYWxzUysyTERaOXlVTkZSVnRxak1RUUtLQXhaNHhEdUZ5Q0dXd2l6Ty9BSlBJSEdPelA5emhoZVZSOGoxQnBJVllKK3MwczRka0RVSzR1c255elB2NWdBc1JTU0gzc0pzRTFTTXFzV3Q5NGU2V3JvdE42dlpad0lwNkFDR0ROc0xxZlNYdXpSNnhDSWw4cUVPTXQ1NnFyc0N0SXBuL2xhbnhySGplR205K0FBT0h0NXNyT1NWUUt3OXlPV05jNFRycDhIeW82QTBQY1JFWEMvNGpoNWcyMmt5bnpnVUc2VUtKeEVYTEVjRFYrd1ZBak1ZbGF2UGZXVHdxaXYvUlFXNkNtUUpLUGc3SURrVkN1RC9pZDJWQmpPOExOMUUwRzJmQURobUZMYVh3dUJGeDhzQXNObXRld0lvQ09kMWx2NEU1R0crb25aVklQMlNDSU1rNmErOEU3UjlLaVNPeUxWZXhyWlVsZ0p6UUZRS2RQU1IvUHhCUU1Ud0ZncGxXRHJML3dzRnRMZVJnTldmUCtwd1hYMnE5M3JtcTBYazNnZGFkS3AwenFiM290Znc3NlJjb3Fwd25ic0JiRHZTVzZPei9sdXBnTi9YRlVGdHBRV2dNa1Z5ektJWCtObVVXNFhHdG1xekwvWC96NExBckZOWDBFejM3OVlHY0Vka3hCZWNNcGtlYXJxanRIdHQzaUh4K1J2TjlmdWVpYTZ1WUo3NVJVUWdVRXJwVThHZWUvZFFaVG5TeDNISC85UVJ6aU40aGdDWUdvY1FmRWk5UkJhMlB1LzFocDV1aUZFNkVDZlZnRW9YYS82RWIyNk1JNjNYN2h2bjdERWFGemhoZDNHWERraFVZeTd2bUZzYVlHZXdqd0FXdXJDS0cxalR5STA3OURCb0RYVzlRcHlaKzZKTHlUS3Y3RFdoSzVta2wrdk41d0I2M1N5L1A0cjFoVG5UWmFrb0FqUTBlTVpRblROME9hOUorQWRxdEY5UzdJU2NUNTR0dk84NjNkdnJHWmc0VU1hUERodWQycC9IMTAwdkxpUmxuajNsOXlsQ0tqOWphTEE9PTwveGVuYzpDaXBoZXJWYWx1ZT4KICAgPC94ZW5jOkNpcGhlckRhdGE+CjwveGVuYzpFbmNyeXB0ZWREYXRhPjwvc2FtbDpFbmNyeXB0ZWRBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=
diff --git a/test/responses/signed_message_encrypted_unsigned_assertion.xml.base64 b/test/responses/signed_message_encrypted_unsigned_assertion.xml.base64
new file mode 100644
index 000000000..b1badfd28
--- /dev/null
+++ b/test/responses/signed_message_encrypted_unsigned_assertion.xml.base64
@@ -0,0 +1 @@
+PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfOThjNjA3ZjdlZDBhOGRhMzVhMTEyNDUxYTE5ZWE2ZDFiZmM5OThhY2ViIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNS0wMy0xOVQxNDowMTozN1oiIERlc3RpbmF0aW9uPSJodHRwOi8vcnVieXNhbWwuY29tOjMwMDAvc2FtbC9hY3MiIEluUmVzcG9uc2VUbz0iXzYyNjAzNWIwLWIwNmUtMDEzMi01YzNkLTAwOTBmNWRlZGQ3NyI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwLmV4YW1wbGUuY29tL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgPGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhNTEyIi8+CiAgPGRzOlJlZmVyZW5jZSBVUkk9IiNfOThjNjA3ZjdlZDBhOGRhMzVhMTEyNDUxYTE5ZWE2ZDFiZmM5OThhY2ViIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGE1MTIiLz48ZHM6RGlnZXN0VmFsdWU+aHB2OGlYRnhlRlVmeFRHbE85ZVhaTGVZWjg1RHNacW4vZ1NWZnQ0anNUdS9aU2FrUittclRaVnJSa0daRDQvcjFlTUtyUjFOTWdDb1BTUTN0Q3E0NUE9PTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5hU01NOXg3NU9zMGpjN2h2Nzh3OFBXYW9OZGI3aVM3aEFoZTM2L1FDVWp1R2liTDVhQUNYWjVwRE5YeXVpbXMrNFJxYWlTdHRLc1VYRXhLOUVEMk44Vjc1M0crNlFNRmRIY2tnOEx5cG13MHA1cUxwNWJ3TGRPMjdMU2d0MXk5ZnVJeDArYWE5ajh5d1UyWFl6VzlqUWpsVmJNbFNGMGRYQ2NUelFuOXlMczA9PC9kczpTaWduYXR1cmVWYWx1ZT4KPGRzOktleUluZm8+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJQ2JEQ0NBZFdnQXdJQkFnSUJBREFOQmdrcWhraUc5dzBCQVEwRkFEQlRNUXN3Q1FZRFZRUUdFd0oxY3pFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVZNQk1HQTFVRUNnd01UMjVsYkc5bmFXNGdTVzVqTVJnd0ZnWURWUVFEREE5cFpIQXVaWGhoYlhCc1pTNWpiMjB3SGhjTk1UUXdPVEl6TVRJeU5EQTRXaGNOTkRJd01qQTRNVEl5TkRBNFdqQlRNUXN3Q1FZRFZRUUdFd0oxY3pFVE1CRUdBMVVFQ0F3S1EyRnNhV1p2Y201cFlURVZNQk1HQTFVRUNnd01UMjVsYkc5bmFXNGdTVzVqTVJnd0ZnWURWUVFEREE5cFpIQXVaWGhoYlhCc1pTNWpiMjB3Z1o4d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ1kwQU1JR0pBb0dCQU9XQStZSFU3Y3ZQT3JCT2Z4Q3Njc1lUSkIra0gzTWFBOUJGclNIRlMrS2NSNmN3N29QU2t0SUp4VWd2RHBRYnRmTmNPa0UvdHVPUEJEb2VjaDdBWGZ2SDZkN0J3N3h0VzhQUEoybUI1SG4vSEdXMnJvWWh4bWZoM3RSNVNkd042aTRFUlZGOGVMa3Z3Q0hzTlF5SzJSZWYwREFKdnBCTlpNSENwUzI0OTE2L0FnTUJBQUdqVURCT01CMEdBMVVkRGdRV0JCUTc3L3FWZWlpZ2ZoWURJVHBsQ050SktaVE04REFmQmdOVkhTTUVHREFXZ0JRNzcvcVZlaWlnZmhZRElUcGxDTnRKS1pUTThEQU1CZ05WSFJNRUJUQURBUUgvTUEwR0NTcUdTSWIzRFFFQkRRVUFBNEdCQUpPMmovMXVPODBFNUMyUE02Rms5bXplcnJia3hsN0FaL212bGJPbitzTlpFK1ZaMUFudFl1Rzhla2JKcEp0RzFZZlJmYzdFQTltRXRxdnY0ZGh2N3pCeTRuSzQ5T1IrS3BJQmpJdFdCNWtZdnJxTUxLQmEzMnNNYmdxcVVxZUYxRU5YS2pwdkxTdVBkZkdKWkEzZE5hLytEeWI4R0dxV2U3MDd6THljNUY4bTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkVuY3J5cHRlZEFzc2VydGlvbj48eGVuYzpFbmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjRWxlbWVudCI+PHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI2FlczEyOC1jYmMiLz48ZHNpZzpLZXlJbmZvIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjx4ZW5jOkVuY3J5cHRlZEtleT48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjcnNhLW9hZXAtbWdmMXAiLz48eGVuYzpDaXBoZXJEYXRhPjx4ZW5jOkNpcGhlclZhbHVlPklVYXZOSWtRZlR5aWtDcWlOMVJ3aHF4eGQzbGJhSzN3MnlZOGpIeWQ2NVFBRFhUVmR3SFNxdnc0akFyanRSWHBuZzBQaFRXMlE1NFpUVGtjUWJsSmFZT2lEVFNrdTBQN2w0TGFWNlc4bkp4RFBMM1c1Q1pRaFJJT1E0TTUrTDNrakptZWpyTmhhOHcyV1J4cDlHSmZ3UXJpdkxRenlSUHhxdzRJKzBjeFpBWT08L3hlbmM6Q2lwaGVyVmFsdWU+PC94ZW5jOkNpcGhlckRhdGE+PC94ZW5jOkVuY3J5cHRlZEtleT48L2RzaWc6S2V5SW5mbz4KICAgPHhlbmM6Q2lwaGVyRGF0YT4KICAgICAgPHhlbmM6Q2lwaGVyVmFsdWU+NWdjT2JEdE5jRUZLWlN1NmdGVzl5K09nNkJlMHhDRHVzMEM3Zm4vTmgrYWs4YU5ya3ZvanJIbWNTdTJRcTV0K25nelNQTFgwV0RYNE1FMGkySmp6eUVQTW93NU9CRWcvY2lTR1dNRzJXWDk4L2RndlFPUndCc1QwQUhNWmo5czBsUWNoanRHeTcwM0VNNWFOemZzMmJyOTczaTR6M2tVcHJjbzBRL0I3T3FnQXNPZ2lNdndPWk95VHFRWUZSUEdOQ3dmLzhFY1puZmh6eWhHR0tvWWM4aklveFNRUWRWMUVmQ3N6R2ZXRzhEczREbG9RaElYbkhHK3B4Y2NTN1VuN0N4MmNEc2tlU2swayttSlJ1RnAzcnhXeHZWU3ZTOTFBWjRJZ2RHdnFJa1l3Qkt4cWd6SXNCZDV0TTRWblBWc2YzVHBIZE5lZVVjUmNJYjFrQVQ3ZGMyZFNsVjNoKzJkS1hyZEFlclVJeGdEejluc0g2ai9Xbno0YzZIOGp1Z01SaFlyaVNMS05KNTkrbHlKL1RjMGYwaEpvMDlldmw3aE5KUzFsVmMxVmUvbENUSW10R3I4WEtUNFdrcnozSVkyaTMrWWJTNmZEM0UxZ2JtTVY5TTFCRXI5cVk0YUcvcW9TakZlNjFvUU8wT1lKdFU4YU5TaHc0eDMrMDQwWHl2cDlRbVNpNVRWMzJtU05MS2xDTjk4Wk9YRS94UEMwek1hQTBSdW14Sm5zMmRMUG1VaDJvU3VqNjJXM0VoZGdFRnBEMUJ3THA3K3ZTVVdkUFBmVG4wWld5R29UUGh4dTZreWNpOXIzVmhYM242L2sxL2t5MEJjaU5Td042Nlc5K0lHOEFwRmxoK2owVXUranpNT0NhemI2cSt0dGZtMmFzR1huSFZya3ZkeXZ4WWJiU2FwT3I5ZTQ2bWd6QkZoM2lmODE0VkFPOWhPcDZxWnFOQmJHMFhOZGh1aElaSEZkVzA2RjVZc3hZWjNxU1B6MWJ3Ym13b0gvbUdnWlYxTHJWNUVrdmdrSHVFUDkxRURqL1VLUXVncCtSRjJ4Zmo5N2VybFAvWE5NRUhOY3FhRlFVODZMcVNSVy9Ka2kyaTIvWXRaU0dkMTNRNlNUUUVYOVNBN0hTYjhSV0x4WnNWU0QycDR0UEJ1ZXlweFJ2Qlh5d0ZjM2MwUWNuT1A1L2VSNGtGVTEyRkpqMXNUMU9qRFc0WkdCVm5QQ216OHBuUTBhTnpTWlVjQzhJMTZpa1lJdlVIM1pzMkJFS04yM0pGdkVTL2Z4TWhMQWdhSkRUajRWK2x0Y1l3UDVxTUw3NkxMeldSS3lyMTVWOE1keEREcEFQTDZKNUNuUkUwd1Z4S3pRcFJUUldNRTEzQnhNL0RRTHVOQkZjQXM2blB0ZURxekwxYWxpQmUvVGwyOXRmZURTa3lSOXpXNGs3V1M1Zm1UcHU3eE9CWWFnUXRyRWJ3elZqNFM3dkhpYTI3NmZLaDEwUTZzWFZ5Yy90ZzJ5L3ZBT29oSWJOUnZoT3UxdWdGcis3dmt3S3A2MnArTmErdDZEK0xRNEluUG9nZStUbEJreGNvcEtRdGJXM1ZlellTazJsSVc5YXZ4aFJiRmdwZ3kwd1NRUmoyRnlIOHpaUUo3NVB3SWg2aHRrckVISUpHdmV6RklTR0ViSGZHazY4WEFXQ1ovYmhVOXZTYlVXQzU4RHR5M2xkajVXUFo4bjBJS2JDTm5STFpxeE81K1pmN2tMMlgwTkh0Zzg1cW0vMWU3bE1COXh4eUpjS1FhblloamFybXM4dDlJZ3BTeHV0MlFNenNNZDdVRVMrcTE4dmpqZXFGeENNZWZQSmJCN29QWmEvbUEyb0Vid01MT3lkaVh6NUNxY09rQ2szaE04a0hWNDBiRWFwUytxQW01ZVYwalNoZEhVRVcrZ01mU2xQemcwTDhma2lITmpnVmp6OFVLOFBSOVFPQkE2d0lGZDdhZmNpYVFwbTdnNlREbVRDdGlmQ0Y4cnlEeWJxUU1hUlBGMnp3bTJaMWF5OUJJNXpPYklCUVlaeCt0clNmRUgyM2Q2VXBWaFdpd2dsbWxPMW5MZERwWTBGWi93UUJEMWU4VmtZNHRSZ3kyRURobkh4NWdnR21wMndRckt5WW11UlRSRWI0QVJOZ2U3TmVvT3M4NEt1M0c3RGtpZTArWFBrQ29XSXFkRUNweFpJaitRakwvN0Zqcm5sR3ZvSTROWUY2UVVMQmQ5ejY3cGZwN1lVMXhTcHVUZ2JxdWFOelR4UU9CMVkrTko1U09lQnRWczhIbFFvampwSWdRZ2cwQk1TcGEvVFNRMlU0eHd5c3Jpd21OcTkwTjJlbndIR1h3OEdObFh4aEZmRytYU3ZVaUw4MjVMTWNadDRYaERRN2FCamdSWFBYMUp6V0l4RjE5Q0JERUpIUWt4OS9mSjFCanVJMW82UHFpZDJldFNIVGpvOG5CKzNJSXZBcC9sU2NPc1Rtd21OWjZjeHZLOFlKUkVsZmYxVXhjbXVjV1k0Z1M3eTNjQkRXekVUUzNGVmdKdEJIaTk3YmUyRDMvVUFkcER4U3dBUzVLblNYVTlWYjZ0QnBJRU9jZ2IxNFBJZUJ5TnhkVDJrZEJHSXpERnNqT0c2VmZ0am9hdVIwMXZSQjFwVHUydEMxOHF5NVZBVHVMRW1LVlUyOW5KZ2tzQTlrSFFGQkxCb2xuK2ludS8zSW9EQyt1dXNzemd2cDJiZmljbTl2M3pQY2NRZlN0TGQ5SzlURm41Q1lkVmdVdEJra3l3VXVOMWhIRk5MUEpNUnFFSEVLSkRYandGb2ExODRHTC95UUw4OXFlazNkNEZkaHhqNVJCM0I0V2xkQkNsaEg4NnlsR3E1V1pVaXhjb1BtZ2xmYzhLZi8reUVXeFpTdUlUcXJyZU5sNzl1VkRxUzRwV1paQXV1ZUpvSG92SHBCYWMyQk9WQTdVNTB4TUpCbEd0WjFCWUNWZmNCZStjcUhqdlZCU3c4S3BuZGhjbXh5VW1URXFsNkRxazRNQW96eWdQODBFQnlWUTYvM0gyK05xeENKT2hJaTNndkFMV3QwMFJIeGUwbGdLdEFOOHdzWjJITlJDdzJyZ3NtVEtVUHVBTTZWZWdwbklLbGFlY29Gc1l1dHcvMEdpazR1RktXQ2dxSGpZbWprNmFDUnIrU0RrbUtCWk5sOTFuS2FTK2RCUWFPUFo4WFo0Wk1TcWJVSkY4QmxiOE9LM203N1RRRVVIbGN2ODE1RHpXQUdmRy9NSGRvZG05ODZyb1dTL1VHcEdhWmFCYVRRVCs1RFN0MkFYYndYSWpab2ZNUG9zUFhVdUtPTGw2UWRUNGNEZ0ZzOEtXbDNFaFdWN1JuREQzczUwa0lDSjdlNEthTmdKQXR6cWxkWEw4bndFelFxL1I1MnlZOW4zMGl6cUdpT2p4UGZjZnR3UFBNQ0IydDlYOXFwOUd6YnEzK21relFsamw1S0pxSVVuem5WODREUTFlU0FBT0FKVGYxcjJjblI4aDRVaytyb0RLaUVBSXliaWltcXZhMFY2QVA4QlZNZTRYeFgxV01oNWVkYUNBbjZmb0pZVWtXb24rU0wrOTl2N1pSUThmSUdpaGxkTEdlNXJTYTM4bUJGMFlEUWVqT2NlVWU4b0xvclFGK0gvL1RxZFBmc2dNYkZMczhpWExydnZxZXdYUTk3RVBxQjFKUFdCS0dVSVZReW1ka2l1VlhqY25UWXppN1gyTnNxcDRiU1lpL0lHbjhaSHNFQjZMM04vRkxMZ1lYdXhlYkVXZVU4a1RGVnd5eW0xNndRdkpLcEN5L2hIVmVqdUlWWVNSVml2enNqZmJzbi9wYklYQUlJMTJRdlVPbTZsOUU2THNqTC84RnhQUklhVXZGaTVGdUtUb1dMZlkxSXJ5cG81UlAzZ25wT2FyS0pQL2pmRXB5ZzYyWmh4OUJZVEJFYjhST3BKOXZvL1hMRlk1NDlJaWNoalNwelUrMS9mQ2hYU3M4VzIzMHRqc2kxdUJRa09EbXM2d21sRnUxQ29CZmhYRlVEdWhDNys2QXpEeUNENlNOa3RiYXhQWndMWnRROGsvc05ydUFEaHVjN3JFVWpJQ004RkRKWXVsV0Y0YWdhYXMxdzJZNjBjMm5RK2dRUXpSYzNUaENxQllYeVJ6cTNtMEIxSzUzSUhJcFlXRHVldHl1aXBMSWtFVFhIKzd6R1BQNHVpbW5mOVFCbEFEcEErVHhhalN0M2JxaUVFdDN5U3dBci9CMTlsQUZ0M2U2UWxYUm9HUTlaTk0yK3VSVFZTQjJ0bkhVN2UzN3FPV0EvdU55RWtmMXJoM0ErTUpiWExiM3NTeUs5WDJ5bGYwUm45RG5NcHhFTGVtYjl4Y283UFhpaEdRYXpaYmxpczhWMTRYWXM3RVU1SEZXTHpwOTJpMFBhaWZRS0pXWFQydW1BZmNqcmlNSEkya210ZDNrR1dXeGc5cmtheEhLanU5RDdxaXFaTWpYbEJJd2dYNG04TmF3dFZEaTA0cXkvelJReXBRWHRqVE1vQzUzTEN2YzZudWN2MjcwRTl2OUpCU3ZtUXdCS25IOE9ncEhqb0NKM2ltMG1vVnk0Zk1GSmpjbGdxMDRRQzVFMEZKQnBLWUcvaHdkZloxb3h6aVB3TDlmcjFJc2F3dHhwOGtPbHlLUWhHN2VWNk8zekYxeGNtUGJlSnc0a2hNY3JWM0VBVmN0ejQyNVZON05tWVh2dUI3WUZvTXhwQkhRWUFXZkI5M3FpdHZDTE5qaDFVUlpOS1JNNG1oWXg1RFJwUUJYU2lPdm5kUUtjZmtacTZIOVUvdUFzNHRZVmlMcjI0RDN6WWpVekZCaWxIMXlvSGdOTzBuVGx2YUVnS0pUM21nQnR0L3BZTXFhbjJ3ZjcyTHg5UnBKTUxsN1BZcUg2eU52ajgvTjZpQ1ZKRjRwdlRaK2ZYa3Y1bUZzcm1kdE45THd1VUxQQWF4b2lkMkxDTExWUXpUZThaOUVteWd4WWNCaU42WnBKd2RFNzVSYVlTbk5sV25SWDVnd3VvZU9MekcxdFgvNDEyeXNaZm1uNUhxaW5JSVMyR0lIK1VYR21VbXoyUGVpY1M4d2xJcUFJenN6NjRCK0FOMjRyb3NpVXpQbjhxalJNTEFWWXNXaS9UWW5VVW5JbHk2RFpqZXkzbjJxMElrZ3B3SkVtTG9sbGc4TTgxY2VZcm5hcnlZcDZhclN0RzBHeEZTc09UTUd3c29hS2R5NGkyaG5McFhqbkFMSlBFMnI5NnVtR01vMFNHMTlHQURsUTZlK1VvazJmN0JXWG1qellEZXJEZERFc0kzVEgvVUlFOUZQL2UvWHRGak1SdXBSNWlYVXQ3Q293SnJuLzVmUVpxbFZmQ1NBUlBJOGFsaXdWV1A1OEZ1QXJkWjROeW1qOWZ3dEZnM3lMZzRkeG01Y3JvZ0lVeWY0TzJFZnBhdUVlcDFNMjlZS2RSa3R4WGRMcWtuVWN0WXJTbllvbHNBd1UvN3ZJNy9XMG5xWmttalZmdUVNTGVFbE1YaFg0aWMwQ0Y0NGwyNlpDK05PQkxod0V2RXNzc1YxbTdTYm1odnlsd1ltUEk0a1dZbHJFRHROYk5kTXNWOGlnYWVlVk04K3JTNlhZeGVFbkxmS204Q1hhc0tLMDlOVGkxSGJWb3FjeU1ERG5aL0xtbERCL0hldllnU1YwT0I3a2JKZllrMmxnYzQydGhLVUNKbkdCWUFoczNwREVZeEZjVjdkV0RpVzYyN1NpUzNFaTREcnNodHd1WFBORWZ4dDVzcVdTRkRPWVlxcnlpQ3ZLaWJ1eGlGZkdQNkMvcXorS1dESHN5Q0FHNXR3bWQ0ZzYzM3pLWlNMdHU5QjVQem5MbnlaVkh3dlVBK1hIZXRMcjhXMTF4MWUrbWNmS2hVWDlFUlhySFFUYW85aTBpbDFEVzV4SGJnb3hkOE1ZQWJMY0gxSC9iQmhjeFpyeDFPcnJxZnZ1eEhyRmUzMEdmbXgrd09ONC9wUnpaaHoyeEhWbjlJREl6eXZoQ0xwaXlXc0NjRVpPZWkwcjdPVDhCUzFSdktnZkt5KzNLbjVkend2aUxIQzBpV21CWk5iMys4a2lVL1ZDd3NSYjI4QnlPNmdHdElBYnc4OEN4YXVLcHI4aTNmOVN2RW93SDZ3eHd6Vms1anJZSk5SaVFzVDErRXlRLzQvWXl1LzBjQVVBdTJOTDRJTno5UkdOMk92SkFmMDlBTllRYlE0RmNQL0VqRHVjYUNxODVLYVRvaGRxeFZTOC9BNExRa0IrM2paVHZRY1I1UkIwUFJ5cDZVQmJVQ283SnZ0SGhoMTE2UysybDJrMDFBQVdvbFlYejZBLzM4anBuN0hwdUlKRHRzdlJhY1hkV1NiaGQzMWZkM25ScWdVdHpyY2h0dlN1RW0wOXd5UTFDNmsxYVhtLzFmN0pFUFlncWRxemVPTG9icEhrVjJQVFB6ZS9NbnJFZFVPVjY0d3BSOXRZTVEwbnJ3N1JmZ21RUThqUHQxVk4wNk8yL0NEQXV1ZmgyeWlId0U5eHFtWUc5VEMzNmF1aHA4MkRmRDJqVTRtQU9GcXp2OWdyOFdvMkdtK3V6M0ZqQUNRaEN6Zm5SakV0aUhVWUEwQm5VSTlWM254RUZKYVRpV1EybndUK1RNSDRFUVhpbnVLZ1llQU5RZlVGYnVtMzBwUXcxR1FsWHZkcFMzb0p4amlnbDFPclFvN2wrTkZjYUZqVVhPcWJZdlpYOGlNaWhDeW1VSWxvMk44YjZYMTg1SG40NFNwdVhzWjVEeTNEYnl2YXJmNlFDM3N2ZUFFaTFJcVBmd2xmMlVUUFNsR2hBR0JjTTVLSWk0MGwzQXcwNldEUEVYWis2SXVPQVZ4aFRsNlBYeFc0ZWlrMG9xWm44RHBwZW50M3Jvdy9jYjRDWG9ONDdwdjNJNHRXRnljMmkwRDEwUE4zVUNnVE9mZmJQSmg0RzhyWlVONVlEUXUxNHpTa2hSS2c9PTwveGVuYzpDaXBoZXJWYWx1ZT4KICAgPC94ZW5jOkNpcGhlckRhdGE+CjwveGVuYzpFbmNyeXB0ZWREYXRhPjwvc2FtbDpFbmNyeXB0ZWRBc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=
\ No newline at end of file
diff --git a/test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64 b/test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64
new file mode 100644
index 000000000..026e25684
--- /dev/null
+++ b/test/responses/unsigned_message_aes128_encrypted_signed_assertion.xml.base64
@@ -0,0 +1 @@
+PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il84ZThkYzVmNjlhOThjYzRjMWZmMzQyN2U1Y2UzNDYwNmZkNjcyZjkxZTYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTA3LTE3VDAxOjAxOjQ4WiIgRGVzdGluYXRpb249Imh0dHA6Ly9zcC5leGFtcGxlLmNvbS9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzRmZWUzYjA0NjM5NWM0ZTc1MTAxMWU5N2Y4OTAwYjUyNzNkNTY2ODUiPg0KICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPg0KICA8c2FtbHA6U3RhdHVzPg0KICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz4NCiAgPC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkVuY3J5cHRlZEFzc2VydGlvbj4NCiAgPHhlbmM6RW5jcnlwdGVkRGF0YSB4bWxuczp4ZW5jPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyMiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij4NCiA8eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTI4LWNiYyIvPg0KIDxkczpLZXlJbmZvIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgPHhlbmM6RW5jcnlwdGVkS2V5Pg0KICAgPHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS1vYWVwLW1nZjFwIi8+DQogICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgIDx4ZW5jOkNpcGhlclZhbHVlPkViWU5vanhlSS9Yc2VYYU9LTGlEakVkdkZWUXlhajg2cjNkeWRhT25TZEhsK0NmVmRpMUpKSzNIN2REb0xHczkNCmFZbHdlL21xa0E2ZUl2dTFtNWM3eFQ2c2NUek5sbFlqcWplaUlDVEtaaUdzb2hjTE0xbUt5Zm1mUUpJeXQ4ZzANCkk3UjIxOVdKR0hOd252MGl1OTc5b3lvSkQweG43M0hpNlZnMXdDZE1hS1E9PC94ZW5jOkNpcGhlclZhbHVlPg0KICAgPC94ZW5jOkNpcGhlckRhdGE+DQogIDwveGVuYzpFbmNyeXB0ZWRLZXk+DQogPC9kczpLZXlJbmZvPg0KIDx4ZW5jOkNpcGhlckRhdGE+DQogIDx4ZW5jOkNpcGhlclZhbHVlPmp2US9lMXpCWTB5aXViSU9rQlpCY1FSSXBVVUpYWVlTd0JHZ1MyYTRZMzZ3ZXJKczMyc256bzNhanpscDY1eUcNClFKd2hwRHIwdVZ1MXRjdlJ6ZEt6NWltWUF0WnBGVWRva1h6L3E1YS9vNnN5bTNnOGJJeEFnZXdHZEkzamE4TkgNCmtBbUhxNmZSUFVJKzVUTGI3bXUrYkxnR0FOTU1HZ2htb2NUKzh0MXIrSDBNQjRVQVdIeU8xYWYxNTJvOVJMaFANClcrNCszdXpLU053YmtOT09UZGNyY0FuWHhjTHMwa0hGSDdkNC9makNSZUdNMTdydjZFTFVzT1d0dlVKdUtCV3UNCklVdnhOaU1BSnRmdC9scHVnanZ6Q2w5a1RKVTh3SWx5YTk0T0FyMWN0cElGKy9PMWYzNUFlTGF5SERtb004QmwNCk0xdHBxamRaeDBET3JxVUtWMzR4NU8ybnhBN3dQZEJQSjF3TmVaNnhiampRWXA3Y1NyQTBRWXlLcVpwZ2kzYTINCm1EOGhINTc2U1dsNkN5TkpHSkFFNXA0VlBQZkVUZjBHOVgweW5mbVpuUERFQVg1dGVCQmYycmVUQkJtRW9xNE8NClpIODBYT1dkMCtLdlExb1ZqUVBBU3JPU2M1T3g3MEdheWJWcEhOaEplbzFuTHZmOWtxQThBUXRmTHhLSTJnRkoNCkw1UjhZL1JRc2pDOUJ5bHdTTTJyUENkSEZoSGdBMXZId3ZZWmZLV0JLVVIwdUt1TDV4dEJ4STlVNzJwYVovY3UNCjFTbXNzUjNPNmNBSkhGbFArOTJJZDkzSENwanNrTVBtc3hzbWJlUFJYWlJhOUc0YlBlY2lOZ3JPSzY3VzFReU8NClVtWEZjVHNzTkJWTFJibEs0VnhMWTlGWENvWWZtMFB2QmVtSzFVSFhYd1lSZkk4Nkc0VnIwemRFSGc5NUY5QTENCmJFMFNHaEkwaURlak41elZDTkh2dVY0T09CMUorZEtkdUMzSythbkJ2TTdnT2tZblpYY3VPb3lNejJ4Y1p5NFYNCld6cGNkYTdtNXc1NThJSzVXallBUFVXamcrS055OWM5VzQ1SWJQMTdFcXVrKzhuaGtWWVFWUjBOSHU0SHRPWjINCm5jNURRZDhNcC9rQTRZMFVLSjRVQ2hRcUpYUmVHT1dFbi9tcnJKVCs0OHMycGVyYTVvUUowTU5yZGJvK1hLUWMNCnJsNFV0V0tocVRCZGhnSXQ3d2dDL2F5ZEQ3YXRhS0xoOE1Yb1dQMGtMd0ptSnRGUi9NTHErTXJ3VFE5SDI1QWkNCmU5M1ova01ab0Rkdlg4enFkN2xDNXh4eHVtcU03SkVveXdoS1BkdFFXR3V1RUFLUUxCYkxLRlpoYWFRRktKZlcNCmxoTCtWMEpNenpSZkhZN2F3a1JBNzljRUtEMnZKZGlaYjlZMksvTXBQN2xLdjNxMlFqbEl2K3c1cDFQZ2Zqa2sNCmRJcUoxZlZnaWhIdHVIWHN1cDh1R1VtNnQxUVpNSlo1L2tMclpyQnhWOE1pR0M2REEyak9uQjZVZjhKV3UwTFYNCnlPL1YxSHpGZEZ4b25lcStzL2FsRklmVjBYR2FEZytmV1RWTTdPdmZqVzZRdzc5bTQzRWRpa212YUU0N1hLNzENCkNFRDVlUHBZUFQ0MnFKRklRbElIbm9UeEVmWnNIbDVNeElVWERhaVNmY0NjMVJHcGdaVTJpRnhHSmZidk5RQmMNClh3S2hJNFFqSTN5TjNkcS8rVjM2MFpTVUFmR0xveTFkb1hsWlRoN0ZRVXhKaDNMVkN2TmJneWxIcXhObWNWRGcNCmxGY3dKODhPY0tjdEI3cjZEVEFFMHlxTHJlTGNBZU40V1FLeDJMZExNOGNoQ000QS9aYlhlYWF2bzN6cU1VTS8NCmR3emZ4QWNzVTVMdXdxSE9xemhyY1ZqaUwycTIwdlNBZER0SkRwa282ZnpjUWtyNkhsb2pTSFVCYldNSzg2MWINCnNUNzBjQmFtZlFoNnJvcFN1SEN3enlQZnBzODVBU0ZJVVpUU2FPcXEvOHBkSEtLcUxoaVBSajlOMVFBaDRDN3QNCklmeWdnZDdaeFpwYXpDa1BQS1RoSHh1WXVOMFNEZW9TbDRncjRCMHdqV252VFAyR2pYMGFiZmhyM2VvWUxiR3oNClBMVnEwR2I2aUdvNVRMOCtjZ3RmK2tVYlVQOWtOam1oMFlSN2VITTR4Wm42bkRSYmRjZzN3Q25vK2tDU09LNEUNCkNqNHZZTVdhVXBScTl5WGJEZ0FkWjlUOGZ5WnQzVGc1T0ZsWmRuNHNnUCszNmRqZWwybG5hOEJXU3d3dEgxMm4NCkdZRy96TXZqTnZSUVFjdkkxWHo5OERRbEhKV3d6bmMyaWp1NFE1MHBIM1h2K24xVC9HQkRib3B4SUVKZnRzem8NCm9XRW1ad3BlK2pLS2p2dWtVYTBRQnlWSDJsbkI3WjJpbCs0b3BMeFE3YW9vNEpCbDVoUzc0WnM0SVdhRStFZXYNCkU1Umt6bjVyWnZXMyttczhtUDQyWUhQekFwbGNWRFlXRGQvM21XSy9RYm1QMmJQL090V1lFWExld01yaHhZQmwNCnk3MEYwQnhkelpKYzBuZ09pNDlDbE9CL2NTemowQWd5L1BleUhIRE5xalpMU0VZUXJXM3JUQ0U4cUV4ZU1ZQmYNClN1WkZnZEdSanBSUmZlK3JUZEVmd0o4WlhpTTBMbXV4L1NHcjJOWkl6NTVMV0lDVk1KSVdwdmxXVFdrZ0swc0MNCjlwdTVXZVRXbnpNZEpDTnlnZXRnMEtNdFBUcXIvT0huS1lQVU93ZjZlZkU4bjF2QmFpeXVodncveVN3OFRqNmgNClhQdHRJN0djcWtWbUt1dTI4WThmeFdSL0huYjFLeWlzQUZLN1RGV3ZFY2FzUVlCR1JKSkZQdzIvbCtnWmZka3kNCjFhdTVpcWs2WXBCbFJ6d0NsKzlDLzFZS2lSZlQ0dU8xZG5LWm4zVkd3MitoeG1OS0hOUHBwY1hvQWdLa3YzWXMNClQ2M0ZtWXJVcTl3Z0dhblVuVDAyVFFMdDJmbjl4bDJhZGhSM01pUThCaVk1b1hyaktva2lkZS9yT2xKOURnNnQNCmZXQ3k0L0RONC9zcng2UXIraGNhcHIwdmhCaFZJUHFqOEJ1c2xCUXV1WlFXaFNiSkVzeXZ5Q3d3REJmSjdMdDMNCjlhTFAvL0N5UVVqd3lFczdNNFJWb3haaXRSTTdaYWI5NTc2aGFIRzQ3RDU0NlZBNXUxU0puMUs2d0s2SFpIcFoNClNnblVCZFljOVJNVSt4N2FZQW1Mam5NZG5aSzNjSGhwN2VNbWJBcEE3aGZkbnhMVzNKemt0cUY0aFBiclBPVncNCjJtdENuU0RXenVJT3FEcTdUQU9xOXhrN0pyQk5VcmEzc3VydnFGbElzeVQ2SWdhNUpPT1BwL2p6RTJUcFd0WmMNCkFxdUFhYU5QY3ZRT0wzcHp0ZU15Q2ZuYmNIRXZOaXFObDVqbE5Ua3N6MG9Jd3BvTHFEaTFRTDArYUhJQlRHTmoNCkMrM1JnMGl5SzdxT2hQc0ZndkFIVXBVc2g3NDJIV0NJQ3B2cXVlM0kydi9VRWtPVTQvdUVaMmFHdG91blkyQk4NClRzV1NNRGJkWHNGMC9mbVpoaWdPaFdKMXRkRXFxQjVSNklGUnV6Wm5Hd1lkamxQM3ZQUnZmdEtuZWVqY2h1VHoNClJXNGR6WVVyUmxDaTNGVU9tT21OMVhvK2tJNlVsb2xIY3hEbGlTeWVKNlhsSkxUYkJzYktGUUdnMEdWc01MN3MNCmRZblNMZU55aEtKVjlydzFwVlp5cUpLb284NDcxcHFHRnlZMEZlbWJubVFqcTJtVk85Qzl5c3MvQ2lsTXpyeGoNCmFPZFlzK3EzUEhPRmFNTS9wV1BjcXdtOEtmQnNPMENSVW9RdFZ0TmJDNFB4WjVKa1pyM1ZFa0FJOUgwQnRsMWUNCnpySERTTFpUSGZZMm5yQk9JMWtKQmlucFJweWtyUVE5Vmp4OWVNek4vRFlzWVFuTTJUR2RuUlVYYW80NTNCZ1QNCkdxK1NCVkhVRGExOFVLL2tEdGNONmJqNUp2RlNSalc2N0RQYUp5ZUZzVFhJay9wMHIwRHQ5WkpseTUzQnNtQ3ANClBTbXZab0REbHB0b0hLdmcyRjEwR1I4cVdDeEFMYkhNTWJOZU5xNm11ZGVmRTh5dUFsdFoxZW9ic1BXSmYvZ2MNCmNkemhyNHJ0Vm4rc0dUTHRFWE03NmhUaEVaVEN0YjkyZHFNNFVzK3FUT3VpWklwMGxHNGVxblZsaVYrZ2JvdmoNCkQ2VHFTNnlYVVVZMGt4MDh5U3NvRndBTG9pRk1ZRXQ0eE9IcHNtaDc4cEJOTGNkSm54ZDkzSTFsb2tpd3puNlgNCm9DeVNmR3pMZmNFN1lPcVRaVmJBekFYaWlBY2s0VWZHY0h0TmJ0M3E0VnFBWkdRcW1ha2VLY2QwbUVjbnRTSUoNCmhyb0ZZajRza1ZCY1BnT0hxdFYzTGQ4L29jNnhCY2FyUTE0U2F0TzQ4OXhZbDVCYXFGVGgxTnkvbDNVelVkejANCnlNdGlHQWVqYTVNNEh4SkJodWFMWnhNSDhyL0xYQWthdXA5TFI0MEJyTDF2YTJwWXZYNlFoekFIZi8xT0MzcE0NCnE5MGEyTkdaNGg1VGdnMkRIQU1oMHV3Z0NFd2JxSkthMUpqMHlyaVRtbVlJS0c3dmV4MzF6Z2pGNWFhK1RTM2UNCnJKRDBJNW03cFZTS2hGME1WbHRYQUtIQkNPUnNPTmM1SjU2bDFsenJmRW40U0xjQ2k4MVdXbzFxd0VTenpBWngNCmU3c0hwSHdQUnljWDRWMHlKSnpmNmM3dDlkZlpqSFFJMW5lYzNsNStONWZ5TzhwUWtjUTduK01NdzN4SnNKRC8NCllVb2x6TjU5cjJEYlhnQ2MydFNJQXE2dFpKUnZlb2k2c2NpeGozSE53TFl0eUpwUEhJeGNsMjBXYVRoaFpQbHcNCllRUjQ0U1l3NE5NZ29yQzArSXl1RFZTckdFNHk4ekJFOE1yNGlwcjBLYzF3V2NUSkxobHB0MXlQYXpWU2xCRmkNCmVqckxFbHNjVlR5NDBnMTlhQnA1N2tMSGl2KzkyZnFDY1ZoSVRvOFFtK0QzOEJ3UU90UFJwY2REb1ptb0tLVXgNCmprbGpBc01vOERmMlViVzQ1dkJ4TnBaVm0yQWhSaldzcHFNVFBwb2ZaUThVUVJwaWlHNTAzeFhUeThZbWR3TWENCmFJZ05jdXpUV1phbXN3ZUtFT0ZCWG1VR3NnWElMWjJsVk1RMXI4cUdDc205ZWxWekhCZVMrVkJzUHltdUdBRHoNCndOUC91cHcyckZSa1lnellyRUFpend4b0RvWUJHRXhrSXAzRGRuc0ZPd1NXSGh4YzdkMkhjbkhBK1pKTEUzN2MNCmRDTUQ2Z2NnNEgwQSttd2tibkNBc0p3alFPTUk3bGU4akRaWEJENjZjM1V3NGVEZUlyc25CTTl6Wi9lUmhlSXQNCmdxOWluam1jMFNRU1R0UE5jdzM0QmlkcEFwY3RwUnpYOVlTVmFicFoyaEIyc2JUTG9weG1ZeGVZM00wNlJBcGsNCnRZT3gzWGQ3aGFLdStRYkZ0YnhPMHJhSEQyYkgwd2ZUSVRtSytzd1IyTGVOY29sMXgxMGt5bVBlb2tlMGw3dm0NCjgrWEd1cC96WU5LVnc2SW96eGtuUFllL1JRZm5LMTNlNnp5QitrUW1XUmJ4VEFyZHlpbWJLSUZxQWVVVmh4L1oNCjBZK1FqQlh0MnJuYnlFM2VjcXRQdkVwRUZXQlpnZUxXV1VSbkVZa2lnN1RpSVNoZnVYT1JPYllpVUViTlAxQnQNCklWQ1c1dFBvMGREZmtGTWc0b3k1NHQxWHNCU3AyOEpHNVUvMjRJUU83NXNyZ2J4eTlrTjRQM1hRNWQ0Y3h4S3QNCkZHQWJvZmVBOEsxMFdYOFpPT1JsdGxMTE1oUjVmcmxFMVc4aDI0S3hTczM5TTErbm1IRHJTT3c1MzhYNDg3bSsNCm9jZFNnOFpwWVhtaDBHTm0wRGM1d0M5aXpRdERxakR4ZTJCc0RCSDk4THhPcW9TYjc3dTdneTVqQ09mdXh5MncNCkhXL3FIWXpIWkdnRzEzWDc1akswVmJUUzFNaERJWm5MTjRnWUxKalI3Lzd4bHcxVEdqajhIMHFHRks5eGw3L2MNCmxGblZTampwc0lyaWF2SXJ6TUdJaFF6YnJQK1hhNDdVRFc4bHBEZXBwbjZlbmRaa0RlVjNvZG5HcGUrbGVYd1MNCjhQbTE0TmNIYmVLSHViT0ppdzhWSlZtUS9BY3JrblBXVlBMdDlxY1loMmpSRUtpbVMwVlFlTEg1OVNQZmQyM0cNCk9jTnJ2dFFyVHdXd1hPM0x5cnBhTUIvbXowNU1EMzYvalBWSnFoeCtYS1c2M1JmUWhCQ2lIdVhCVUR6R2NTdWMNCjhjQ1NqRDhXWmJhdmlYbVVQSFNuZFptUG9BdVo1NDJhNVUrTjZ4azRueVpuT3M1emdWUTdDUkU4eU5lcmZKQWINCnM3N1BkZCtoUDdSeGIyNWd4d08rS1AwN1pxNDgrSTkvYUlwSVBmZFhWNkI4ay9VV3VBeERJQUZsTzFjYUR5VloNClZxN0RsN1RaRmpnRUN5cWNQWklqaUdNbWpUNDRHY3V6cXR4MTdTVEZhRlFYeHBjQXZhQlhOYUxrQWdwYVBod2oNCmVjdFQ5cTJFb095SVJpTEI1WTJ0OVY4Z1BKdE9XRy9CSjliRXIrV0wxRHU4SmdiMk9RSFlWVnpDbkdQSkVIZXENClN3azRUL3FwL3cvT1RTNlJuRWFwNWlyaEw5bVlIVUhXYjI0K1liYUo2YS9KTVJBelRpbWlwWEQrR2xjRnBYTlYNCmUzL0l1dW1Cc0R3UWo3SlFqUHB1NUl1NUZFdjYrUlB1eDQwa3JRTk9Vd0QyMWJYWnVGV2ZnNW1YSzBJSDBsMkUNCnVJcDJWbGFtNDZLSG11eDQwVTlFOWg1dERRUVZwbStucTFrdE9Yc3gvcmRZcXpsUHNhZkpYbUdrTEJ5L3prMU8NCk9DSmYrNGdQYUthN0ZCRXdSaUJtY2UxN0JvQkkwaEpRUGJjVlpOZC9uUzZSazE5OXNPcytTc0E4TUZEbG11OGQNCk1odmlqUVBERE5uaVVBWDhvKzE5WXlESFN0N29kM3pqQkJ4UHdwa1ZaZWZGSXhvY0l1NFp2ejBwTExsL1FGZGcNCi9MbjdSdjhuYzNMQStsZGdidjV6YTNpTTZ3YVlzOUhud0JJRGQ1ZUk2VDVvYU8rN3o3b0cxaHZZd1ArMzFDc1MNCkcwRWZIWWNQU3lyNlVBNkdFZURuWWc9PTwveGVuYzpDaXBoZXJWYWx1ZT4NCiA8L3hlbmM6Q2lwaGVyRGF0YT4NCjwveGVuYzpFbmNyeXB0ZWREYXRhPg0KPC9zYW1sOkVuY3J5cHRlZEFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+
\ No newline at end of file
diff --git a/test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64 b/test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64
new file mode 100644
index 000000000..eafb5bd9c
--- /dev/null
+++ b/test/responses/unsigned_message_aes192_encrypted_signed_assertion.xml.base64
@@ -0,0 +1 @@
+PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il84ZThkYzVmNjlhOThjYzRjMWZmMzQyN2U1Y2UzNDYwNmZkNjcyZjkxZTYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTA3LTE3VDAxOjAxOjQ4WiIgRGVzdGluYXRpb249Imh0dHA6Ly9zcC5leGFtcGxlLmNvbS9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzRmZWUzYjA0NjM5NWM0ZTc1MTAxMWU5N2Y4OTAwYjUyNzNkNTY2ODUiPg0KICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPg0KICA8c2FtbHA6U3RhdHVzPg0KICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz4NCiAgPC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkVuY3J5cHRlZEFzc2VydGlvbj4NCiAgPHhlbmM6RW5jcnlwdGVkRGF0YSB4bWxuczp4ZW5jPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyMiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij4NCiA8eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTkyLWNiYyIvPg0KIDxkczpLZXlJbmZvIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgPHhlbmM6RW5jcnlwdGVkS2V5IHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyI+DQogICA8eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjcnNhLW9hZXAtbWdmMXAiLz4NCiAgIDxkczpLZXlJbmZvIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgICA8ZHM6S2V5TmFtZS8+DQogICA8L2RzOktleUluZm8+DQogICA8eGVuYzpDaXBoZXJEYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyI+DQogICAgPHhlbmM6Q2lwaGVyVmFsdWU+M2JJdnZsUDhvTDZNL3N1ZjdmTThHaFVhbjFhU2hMRHE4VDBpZE9hQXlLRlkvKy9iSlhiT2JIeEp6d0FVbG9jUw0KVTRrL1crc0tsL3J5cCtEaW11L0ZPQi82dm5sNnErNlJaMjZjVXVUNWFQQ0xWS3A4Q3RpL2R6SlNyT3lYQkR0dw0KQlQweXZJWVBsZ1hKSS95c1JyY0drRDVwVXlPRGsyVjl2bTY5eTN2azcxND08L3hlbmM6Q2lwaGVyVmFsdWU+DQogICA8L3hlbmM6Q2lwaGVyRGF0YT4NCiAgPC94ZW5jOkVuY3J5cHRlZEtleT4NCiA8L2RzOktleUluZm8+DQogPHhlbmM6Q2lwaGVyRGF0YSB4bWxuczp4ZW5jPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyMiPg0KICA8eGVuYzpDaXBoZXJWYWx1ZT5uL3FZZ1c4cjVzdnA2TGszditDWjg0NFVqMUF2VGxjMHM0VnlFOFQxSnRDYWVxV0xJUWxISHAxNGxjcUdta0VvDQpTRmFQSVlZNFdqNW5YZHJzL3RFUEtqbStiN3RibWlzelBBQ1V3U2dtWDJSSm1taVJ1VWlDTXdsU1BhZEwzQzZhDQpqZXNYRVVyTzZXb1NNaDFaeDA3Z2hDelZuTG8xQlFrMGJwVXlsYTFoQ1BOSjNCNlZWb0NVVlpiTHBlaGRaaGwyDQpCYTlkbHZ3RDQ1U3RxZXFZQ25mZlBKZGp0ZVo2NVhhNEhjbnVDb0JLbVdDZjVYVUhVNVd5alRQQzBacnFUU2p4DQpBYkgzNTVFVnhzSGdNMGdiNHd0c2czRzMvaVQ0YnBZZUJhQUtzZzgwMExuMG9rQW5jY20rMXhYRUpqYW94bFoxDQpVTURVTVY4Zm1JaEh0alJzRjVnQmxWVDFSSWJhYUxyeFh0aVVFN0tvbTFwd25DNURoSk0rRHFOV0ozMUJDemYyDQpBeUtyQkgrbFZqZ2JLMlhFQ0dLVnE0K010aWhvMHZwK0ZFd2xUWUdhcGFsV3c3U3JnSWE5MUltc2RIWXA2d1luDQpLeTVpYnVqQkRpQzl1OUtHMENEUk5Mb0dFM1Rrc0E3OHNQZ3l5NnJNTHljZHFlMjdudlNsWko5cUZaQU1RdWZVDQpFYnM1SmxvRVlDcDdUY0lqMENCT3lKMW12NTNmZzZxbmd2MUQ5OVBWdkZrMmNSa0UvZDZkQWdXaVh2WEU1VTliDQpncVhwR0JWUndITkRCOGVnYUhlUGVEWCttRTF4V0lsWWtZQ3FIVkw0cm9BZHgvNjdYdDhqSWJJcldPZzMxVkpUDQppTk1pK2ZZaVN4RGxXZmpBdkdoNTVnWjNyaE5tQnRYdjZ6MUJDcnowYVZzZDQ3UG9UbXVzVkwvbDNHbzJZTXpqDQp6QlRsWFRrK0VYSUJLL1NSUnl6UFVXaEV6ODlFMGlVMHNZYW5CSld3ZGdKZDlqQXBzK2cwem9oS1IybHJUVTh2DQpNMEl6Qi9XcTRSZTg1TDNjMDFnTXlvSE9YWXpXTFlmcEMybzE3TkRERENLUW4zNGgyWkxZalFESWhpQWRhSVJQDQpJelp3NUJTbGo1NUl0WVU1Mjg1c1l6Wk15NjdjWnRyNlcybUdDNkFObXdaRFo1N2dYb1BVOVp0NDI2dVFZRUhjDQpURjg4Y0FIamcyNG9tZkNybzlsMjdIK09PYTNmYnRrU2hGRTRlcVlSSkp0anRteUdxNWhhMlpFeldMSmNUNlcrDQpSQUdXY1l5Yld1Mm1YU3FWS2VJZ29XM00zV2VGUzY3Slp5WVdUeDl5TTE2REJ1bGZ2c2xjazBEaFJxek5vYW11DQpFYW5adW5iT0V5Wk9USC9QckVPbUI1d0tzRng4aUgzUEZzaXZ2UE90R3hhcy9wbmxib05CeTlwRllVbmpaM0tEDQpPdGV6bmx5WGdOWTVKeHUzeFRrNTdaWTh6YnU2L0o4eG1jTjAxNnhCeEphWlkzSWlYSHJnUHIvQVNnZnErcjlEDQpidjZ6OUF3eEV6ZlFpK3RDN0RrM3FBMFZuT2kwT1Uzb0pEZFk2YXBoYUN3UVNkQXRPamNsaDh0bmo5SEJ0aGJODQpxZWxhSi9Td1Bub015UGk4RzZzb09oNkZjN0dHNk5nYTB2bWxBK0p5bFB3bmphS0hwUUtDYXdPSFZUSGdPaHhKDQpYbVhacDdUN1c1M2I3ZzlqeVc0QWF5ZXllUXdzM3lQTSsveDZ0b3VYYmc0TTQzL2prWllnbnFxcFlqdEppN1JzDQprdWhyZ0VGY2x0RFFTWVhicG02T3ZwOEdPdDlvQ1hyTWQ3dzJzOVR3MDRndWdVeEcrUmZ6bGhaMmswTDJPSWRMDQptSmFUSU9ZRXJmZGZsd0pDdTFMQ2hyQ2xKZHpIVUw0L2h1T0djeG5iZUpSUlBvMVFPMlFFVlpHc2RGRkQzdkJLDQovSDI5b1BSOEJxNHlMY2FFZkRva2lnSnZSbW5qck1KVkxMRmtaMkx0Ym9BelVvRFM4Q3hUcWFDNktacjhqMTJNDQptYitKbHh2VlJJbUFvemlEYWpyM2dOOThjTEZPTDBsbzh3QnJZSUM1Y1JqYmFJR3Ard1krQVBBNVBaSUhJZzJmDQorczlydkZHUjVsazFZQTlvYVkwTHM2RHEwbEh4aTMxRmR2dkcyMEcrcktRdnl6aGtIYVIraDI3Sy9yaDA3S21HDQpPSTgzSlgwamw5WnJieno5eTlONVkyaTEva2V4U3hMS2lXZmpjM3JyOHdPODU2Z2tmd0dmTHBFb3FiUi9sSmlPDQpVdGRUZmtqYW52VjcxclJEQlU5VVFibXpXV2Q4R1MvY0JnR1NKVk14R1Y5OThob1prRTdOTDFaWUlUSUsyb1lZDQp5czZCSG1YYkZ1VGNrbVozZy9ETS9NUmg2MWFwZS9VUzRMSXZRNm9PY08rRjRENmp6emVGeXFsdmlXcEVNbW5wDQpuSUFLU0ppOGVWSStqN3hJYjhzZ0VrU1VRVEt3M3Z1NEx6MW1aSy8wSWFDZCsxY3Z6N0hrUWRzSHZVNmZFSjFQDQpXazBKTHd1akxvT3djRlRXSzVTNVpPSjN6Q3BZU1YyTWxSMldvd3M3UzYxb3AxTVpRRzZUYTRXVldXRm8rR2xIDQpnek5xTFpNb1VZbGk5NzF1ckV2cHVmalFUYm45N1NxSXlXc1F2OHp5WVlPdVUvYk15ci9BVVJyNHF1aFE4WnpCDQo2S0Vacm1ZZzI0dFdTMFhpN2RTdWl4Z1ROenZwd2cxaU1oMnBoSkUzdFMyU0RRNzNqdGZmaVBmck9tcDhUeU9KDQpRMWpWMitWWVVqMzdnSllBbmd1bE8yZVYvUzAzUkdOUDU3YkJjeUFhdHpxdU9vemduMjcyL1FZRG1tWE5JWmFvDQpoVVBxK1U3blNUWXpIMWFzVVdGZXFDYW0wM1gzVWVDWWNYb2JhMlc2b0hVMEtwbld5MVo5TVI0emdGSllqbk13DQowVVZZaFMvWHNqQUQxNEZMNFM0VzBoNk5rdUhhRnJHWDVRKzlGRDVseGNOV1l6emhIU3VHbWRhYk41Z3dSazFUDQo0NWY4SUxwYktxSHowZU5hc1ZiS3hpVytqQUpqRzAxNHhkeC83Q01VUzZvSzlqWVJWdlZCWjR0S2FpakZFQmhpDQpiWW5nL0JPdEo1S0xIOWh0ZEkvZUJScjYzQWVreWNXSVV4T0sxdWZ0QTdGTUdnaW83TnRrSFF4eWxlMTVKUzh6DQpCT0ZrQ0Zqbks1TkdKQ1FhakNaM0VRV2VVQ0dIL1JiajJTZnYvS0dXQUJIM2x4c2FSZTIrdDJ6YmlETFlkNEhWDQprNEF6dnZwWHI1N1F1by9aMkJDR0VwKzlDTTIvYnZLajgyK2I5MDlOMDN6cldCVGlCZnVlaitXNG10ZjhWdDJKDQp4WXpSb05Yb0NCcFFDb3RLNzgybm5TR1ZHNU9SQXB1NmN3bGNHUzdhNDUwTHRoOVFVNlA3ME5BcjJIcDJ0VlZmDQpBa2hscyswQmtVQmxCOCtIMWhqbmpwNVNlTHRZMGt0Qm0xakx4c3laWnlaWGdJMXd0d0JaRTdVSFFjMUhvY2RoDQpkNmJFekVKNURvUG1Zc3U0U3cwS3NKMHk4emVLMEVjWElUS0J5WVlLMll5L0I2YlZxRHh0QXFRc0g0VXE5TWRWDQptMzd4NUxwTHFzM3hOMEpmWVZONDVMS0FYeXBsMGFiTFdBR3JTaHFBY29LMDRMN093RFFhTHdDNEF0MkFsSVAwDQptZEpjc2dkS3lmeTBjR0FrS3lqc29Hc0c3eDJ0TXZQQVhjV1NSNHFKakIvaE1aQ3Q4aGlpbENrUWNZeDNsSDJoDQpHN1hPVUU3THRuNllvOEllaGxwK0VxemU5cVlLQTJVZHBkbysyRWlBRlphUjZSd1k3dDZQWERiNkd6MHJsQXBrDQpaSlZ1ckJ6OFpmUmJLUDY2WWVyblk1bXNzYnY1eC9FZDR0cTJEdHViZmNIejhRdzBEZ0lHbFFyZ0JVUGRIMVhTDQprV2FhUUF4cDVaTHAwVVFRWmVMd3VJOHdDKzhmaThKS0ppLzRZdTBzYnk4ZGhJMTl1QXR2aktxUm9FRjhmdGwrDQoyZ1dBaWhiWUUySUg0bHF4cTlBQVQxaWhvcEwvUjhkK2tKQ1ZRdjh5ckw5ZGNyWHFtbDFFZFFJMXR0dTJIWE5IDQpTakNuUlNZVTl1dnNTRzVWaVdkVkRxQU5yWjhkS29GbE9wZnFXRjd6WGdFVFpnZFlOdU1kcEtvRlRUMEs0dFV1DQplZGpvdXNPcFlacWRsaDcyelZEQndIM2E4OEJTZ1krVkNGN2s1SEhGK3M2SnV0YjNNOEdzYTdrdWZJaUpCMWRODQo1aWhJMU5TOEFmUjJ6Yko3aXEyRWJDQk5UNHBMR2pqL1owTXNJdGt3SmlxWStuQnZ0N2VyZmE1bitpZWZIamt0DQptcDVzKzEvKzFKNXJTZkVFL1R2TnpFRjFBUlNrZy9PTlNTcVNsVGVuQ01lWDl4TElzRGo1Ymk3M0QyT3hCN01VDQpoTEpxS0YwMEl6aU5pVnpTVEU4bWZ6em41OWVDOUluOWRDM1FxQmg4MjQrT3ZxSC9WWHpSbSszZ1ZjUytCMG9HDQplN21GNGZuWXRsNlhGeEphazdmSWNoRE1NTGIwSEVsbHFKQ3FOMDRyRHhITjhwZnlKbGlHamlxeE03TGY2OG1TDQpkU200ZFBmQzFhbUY5TWxPaVVnbk1mQitPSnc0OEhRM3U2YUpTd20xTFFwRHB4MHpKRy9OMzBOaCs2RklTQ1pDDQptNEdGdWl1c2VjYjNZSVNsNEw5angxOU04RWdHZk9EREJma3dJSW0vdXF5dzN4OGhNRjM3eXlMK3ZCdlFpMGE1DQpZRDU5RThIdnVEUzgwL3d3dnZnNGhGbUtvckt0V3Z0WjA3MHJJOThQcG1OTG1EZ2RabUxqZTFra2hSWDhpY2pkDQpvdHpZTFJsSDRKTTNOR3dQenlvS3dMREdiUVBaRFNSYXFTeHpQR0YxRVk1THVVUE5rcTVHSnpIS3hKM1hzNmIvDQpLNlZFY2kxbURuWE9od3NiTTgrV3oxWGZnZU44YzlWZyswNXFmMk9kOXNmYllNYWJ6dU5QZkhxU3gxTU5rU3lDDQpxdFVsR2poRVBWemE5TDdUTkdqdFFmdTFjdGZmQWpUODlocjYxYk9jeGtvcHpEWWdqeXNwc3N1dGxFYXpoRE5sDQp4b1FXNmRZcW5qak54WnBMRjR1c3htZkRJaWg4VHd2T0NEZm5yOWFTVlEzUHMwbWt1VzA3czRJRHJ6d3VGQ2EwDQo2RXBMNmFJaGdOYUNrMmdMYjVyYUJ0blJVcm9QNnVxZXdOaUZJdU14Zmp4TGtLWGJtdjM0K0Jxazl5N3VMOWNtDQpnSUNwSi9DWXVsaWZJSXNGYk1CSnU0T2lLTUNhYytZa2ZuQUJHdkFjYTljUllOVXMzamxCUE5FYmJiVUkyeHRKDQp3YmN6aDljUjdPY1ZzV0JHZkdLSjN1cnZLanVKZzZQR0FXRkM3cER0TmRNb1RNTVF1SytHc2Z5blBhU1N5RmF6DQpleTJPeG56WmxGd01yOS9lWHlsNWJNTGtva0ZBN0Y1L2Z1VzNlVjJPOWhobWg0dUhwTFU0Y29zR1dYNi9KaVFuDQp2S281Qmx3cTM0L3hlOGJwU082N013Y1RzbkpnR3FtbUxoaXBPZXlCdk9Ca0lYUTU1QkZlMTVDNmxDd1VEdUQwDQpsNkh1VnpIcFFnZEJCRW16Um40VWplYWF5cWFJSG5pSVlsVUVzWHRiUVNWUWw2N1N6aWFoYmFtWkVuM3BmenUvDQp4a2VrQUorZG9UNG96NEVsNXlNVDZvQ1AveW1zUkM1WlV0MDFuNmg5VVFMK3A5WXh0czdrZURSUXZtZlltcGVkDQp6VEwvSHBkNEtqZkk5U0lyVjFXVXYyWkljRk5sQU9IckREc213M3E1V1R0K3dFc2kveDQ0dkk2RDFrbTZJOHFjDQpnSndIN0QzdXRMMGEwU3ltN3JQUVpJV1piazdpMU1JeEJsRnEzbEI0OUF2M2o5MzdRT1o3MWRxQjdsK05oV3doDQpvbWR4enpzTU1aVWtudnI4TEt1bEF5NzUzK1FCWWZTSVU3eVFIU2xxeVcrcTI3NXJUM3lidFVCMG9xdkdqZDAzDQpGNzd1QzVqT2tldjhGQktxRFJJK21hT1kwQkVaMTd4NTV1Sk1uN1FpbHh2UnB5cSs3MCtITnQ5TEhOeEVQVkFuDQpDcHlhNENFUjJoellDaG9JM0w5UlIwZVFTSUMzSVlNV3c5SzJHK21xdnJIdnlURnBXREVYQk9LSWJtWXhsYzdhDQpUUnF5dzVGY2dWR0hoK2NkOXlPVWFUR1Vma2ordU1JVWxicjBnVWdPdG52THRJOGQxQmpUcjFpUWN1ZlhIUkYxDQovM3VqVzRpTFJpSHkrdlpiZE1wbVV6VzhRMm9QU3Zlb3lzbFZXNDdYVGFZYkMwQkY4bUNzN1ZPMU5EN2hPZjBIDQo4M3BJd0xsM3g1ZWhyM3FNZFZjU0lmTGNieVFhaXgwOVNvMkI1MDZiZUxHQzNSYUxIVG5Pc0liZVV1ZE9WNjA4DQpwNDY2SjdBUGZxNmhUV08wZGMxVlBucGtFeERteEcxNzlYT2VacVJUcm0wSDVKSklJL3RmY0RSdEQwMkJLMGljDQpnNGM2Nk42bzgvQXA1bFFVQXNhMXlYT2FSNXhqbldsbEszUXZuZWRWK2lWWTRKK09vQldCUlJhSHFZWGpWM2tFDQoxdlpGVC8waVhXcFpBN3lNaVRuYTZHVVA2Nmtmb3FVVlI4bzhJem9acFBpUm9JY1pDR0xZMG9rYlhENnhjYTFqDQpTZm1GWjF0NWZxZC91T2NXVUJFSFBHK0FQaHNWbXdRWS9MT1RlK2J4TS9uZFJLbkd6VnRjcHpPVTd1cmdpSE1JDQppNHdKWmNtRDE0c00yeFBNTk9IZlBGU3ZaeHltYjNvVWEwL3NhdGNKdkVQN3lUcExadGNhSkhKTURnU2dTbWgzDQowc1NVZkthci9OZXdHTVVFNG13TmFCVmtLN1RiKzRqaWFWT0Nua216T3NEUjVuTHVaUXhlaDNxWDJBcXRBR2R5DQpEMy9vUEE2VEp3THlUS0RINkd5bXZUNXViTzlkWDJnKzRoNUprWnZROEFpT3Z6UjZta0dIeUJ1YmdJNThGOWF0DQo5RmIwaExNYzh6TVlzY0NCbmJNSE9sOVorc3JLRXpGNXRST1Y0L21SaThRc3l3dGlLMTNnUWl1bktxYVVHTWxODQpUZWoybDZ6VFNCZ3NJUWdRbWJRb3JRPT08L3hlbmM6Q2lwaGVyVmFsdWU+DQogPC94ZW5jOkNpcGhlckRhdGE+DQo8L3hlbmM6RW5jcnlwdGVkRGF0YT4NCjwvc2FtbDpFbmNyeXB0ZWRBc3NlcnRpb24+DQo8L3NhbWxwOlJlc3BvbnNlPg==
\ No newline at end of file
diff --git a/test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64 b/test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64
new file mode 100644
index 000000000..6308fd1ac
--- /dev/null
+++ b/test/responses/unsigned_message_aes256_encrypted_signed_assertion.xml.base64
@@ -0,0 +1 @@
+PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il84ZThkYzVmNjlhOThjYzRjMWZmMzQyN2U1Y2UzNDYwNmZkNjcyZjkxZTYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTA3LTE3VDAxOjAxOjQ4WiIgRGVzdGluYXRpb249Imh0dHA6Ly9zcC5leGFtcGxlLmNvbS9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzRmZWUzYjA0NjM5NWM0ZTc1MTAxMWU5N2Y4OTAwYjUyNzNkNTY2ODUiPg0KICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPg0KICA8c2FtbHA6U3RhdHVzPg0KICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz4NCiAgPC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkVuY3J5cHRlZEFzc2VydGlvbj4NCiAgPHhlbmM6RW5jcnlwdGVkRGF0YSB4bWxuczp4ZW5jPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyMiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij4NCiA8eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMjU2LWNiYyIvPg0KIDxkczpLZXlJbmZvIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgPHhlbmM6RW5jcnlwdGVkS2V5Pg0KICAgPHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS1vYWVwLW1nZjFwIi8+DQogICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgIDx4ZW5jOkNpcGhlclZhbHVlPmcyaE1tVWhNVTQwV0V6a1lNbVErVDhYTU9KWGIxc1YwYVdLTXlxNXEvOFR2QVY1UUNncEdGbEhRUExBNkRUQk8NCmpRRGFINkZrK0c0cWNmcVZ0VFI5Zy90WC9iZWNyMWduaVRzQkI1Zmkwd1JPRmVzejVpUUZ0bHdyMVpkdkdrd3kNCmk1WDZkc0dQeVVWMiswQy9WNnVNR2V4VzVCUlQwVjQ0RHhKR3VaZGNycVE9PC94ZW5jOkNpcGhlclZhbHVlPg0KICAgPC94ZW5jOkNpcGhlckRhdGE+DQogIDwveGVuYzpFbmNyeXB0ZWRLZXk+DQogPC9kczpLZXlJbmZvPg0KIDx4ZW5jOkNpcGhlckRhdGE+DQogIDx4ZW5jOkNpcGhlclZhbHVlPkJzL0dsQmtST3dtQVR6TkhyRnY5T3hna1p1YjgvamJ5MmQ4eDZCZ2Zrc1JycHFiMkhnM1lDdjNvQkZjMThOZFYNClFMNG5GTUlhcmtYVXR3TGJJMHNBNHc2ckJMa3luSVd5WkRqVm9oRWRKa2JtZUg2Wlc2Wmk4VDJLa2lmUUFxYWINCk5wOXBhOXVEOGdKWXhPWWpheE9FT0FzNVA4MDNXcjJ3djh5QnZCNzNwVlFXR0xrY28yK2hHL0NuK2syS1VkQWQNCnNnZDlMQkdjU2RjQW9xL1ducStGMXR1cE5XazJlRWt5cUR5Y0ZMZjdzaFhKb1d4UzNUb29KOUc5QURscS9xb3kNCjNRa1FxRFRPY3hFdU9ONTF6K0hTT043Nm9wK3RHZTJkVHlmM0JZTDFPWi8wcXhjNGNPTE56SDdnZ3VWTlJFZmUNCkVXTHN0eDhCWHlUTzM1aEtIbmVGRjBjUTlGSVVMMGVROHBSNGZGVzJiRWxtbmovM2ozdXlBRUhsQ0pGb0J4a24NCnNrckcyMDQ3THhpcXRScm5pMEU1TXppajI5UTVaTnFOT1d0SzZvdkNRVTRBdkRzMWQrcHFqdFRFcGJIeGRMSkUNCk9wcWxvT05LSGNEa0JuY1I5RVlXN0FIMzNzcGV2MVIzSFJoVGx6UHUyREwzd25RMjhSaFdjYzV2QXl6STFxRncNCktKdmVzdmlHa2FLaE9KbEZMQklVcmZrcGM5R2Raa0JSeS9KN2tWeC95b1JiRW0rUW1Ud0xWNDE4ekc5R2VEVzMNCjhGTXlhQjJyMUdKRThuejd6Wk9IWkpXek4wUHpxSEV0UFRHZDE1Z2ZucGVGaTgxZDRiTE9XK2g3TWREQjFTVGsNCk1NaDJrUjIrSklzYjFVV0tXM1dmZENiU0FndlBMY0g5Y1RoOFFHMUw4WGlGNFlUWjZzREk2dEVMM3ZYMlZVeWwNCmc2TUVEdTdOc0FFK095d004K1JXOVcrUXNzcTNra20rWVEzeVpFYjlaVVFpeHBOVUhadnoxRzdYcG4zZzRPbnENClpwZDJxNGI1cDVOUkRQSXY1dksrNnFBTnU2SExGRlVjRFBJTGJhcWpnWHN4b0hwWXk4Y1daZmlIc2Q3MFFXOSsNCmRhSi9YZzJpN0tiTm9vNEQ3OGYrTTYrdEpLOC9PZ3FOd3YyYXpjaER3SStCN1FNN0JEclJrSFlOOXRaUGZncXANCjVQK1R3YjB4QTUwV1pkc25ValYxYTlCeUhRQURGUUw3Wm43ZE5QRUxZYzdaZXpxRnJxZDJoSlo5NUxRbE5MSDENCjlBMDh3Q011a1ZzaVBjYktYa0JpTXJOUDFrY2tZYjVwalh1UWJqTldLVXhWMzU1RGUxMVIyYm5zT2hsMUlFenUNClpWUjJvWWZ3bXJwNG5OMlFkbURDL2J1bzNsYnQ0UGM3SHM0diszbW0ybXRHM0ZsbnpNRXVMZHBUcUFLS1J1NkENCkVTYkJZMmttdlJ1cGpOWWNDclIxeGNhSEUwWlhqcitWT21NMDRQZWxhSWVCQXNTVi9XVDZrbFVveWdERDhxVEENCmkyTDMwZXREbDE3VlFZcTZCSTNvbGZRYXl1TXNSYmVvcWlLYXZ6dHNCdlRVNE8yaFhFTm53MER1Rk1sYy90VGcNCitXWm5SZDdmUkp3YndnSHRwdWNiZWtNdW1hWlJOVk9QNGxKd3Qxdk9XRG9QamFMWmhUaEZZV2dQRXVIdkRIUEsNCmxVM2hvNjRobkxDaUFtdENLcGJxUDBvNFV5SXUvN3hwaGY2cTJRelBydUlma20xSHh6VVo3TUludDkwU3MrUEENCkFBV0lhTEp0T1NCUTVQRmVsWXA4V2pncjd0eUQxN1YzUmNYVUU3Q0lZSUVQZ090dHdYcHkyd01KczBWRXpiOUkNClFTZDA3dG9GVHlMUzlKZklkelZWbGU0eVBQV0w0aWNkWjFFMGIydDNNME1scDdjZUF5OEJscWVHc0RwVSsxMUkNCm5FeTdkNlVPZWdaK2c0ektMNFpUaDJaSWkyL1JJL3pKV0tCRjRpVVk3WTFNbVV3cFlpeG4wZ2J1eVJUSGtiZEUNCkdvV3VhNmhqcXJFdzVqNVNObEFDbmd2TGt3MGRGUWVteHdHdWZHRG82Mk9BYmdTNkh2VXJsSUVaWVJZV2xKdGcNCmlac2FsTjJva0xVWW83VU9JRWVxejd3WllSNzdxMUFrNTVpd0JrNXlCcVpyZ1ErSzRXWkg4REFQK3d6QnNybksNCktyYkNTMUVpd2pNRnlPVDZYZHdDY3FPMEI0S013alpZV2k1emhSRHRjWnM4ZDRmbWlnL3Yvby8zRCtpVlVXWWwNClFqSExRY2wycFFsd0I2ZW5OYU53dy9xYmliTGl3UGVRcHpEWVZnMlRyQ0IrMUNyZ1NvZnoxLzNWZWFoV3J1cGgNCmo0YmUyVEFNcU1sNTZrN0ZGV0VuUzBmd3hNaDgrbGhDajNDdW14d2JNaFYvYnlncW51OEdnMzUvbHJtMUt3MWQNCmhuWDJTem9LdVdSbHFkOGZWaXphQUNOYlNaeVl0UTNZTmtrQWhUNDdGcVptNWF0c1VWWG1veFlxci81TTdtVlcNCjBWU0djOVR1aTJHSThqb0IvT3h2VmVUK1F5bjdWakpVaDZ0ZWtJK2JYVi9uRENvVHNDMUgvaUxBc25VZmRydW0NCisyeCtZSjU5MHVlWUJhaHBMWWJZQVdZTHVaalcrSlpTbHc2Sko2d1NocjM1VFNGd0JIMkpNNmljUGdnQXEvMkwNCnhVTWZPQmFDcVQxWEV6c25iSG1RQkxXcUpuUWpZb3QvdVRFSjJEYUVyL2p4MDhnWHZVRDJSSitBYTg2Zks0ZW0NCktyRVNMdURvY1pzOHZLS2k2QnFVS1ZnYm05STZQTCtObUk0dWhSeDlyWURtWjQxSUZuK0JTSDN1cDJucE1QVmQNCkR6K3A5VTdjTnd5OHVDSXZBcUdONnVnamJSaEoyVkN4WDdQU0ZYa0tUcUExUXdDZWNDekRPaVM3VmFaMWIyZHINCkVRNXRBVnBsakdydERnYWFNOHFWa2ZPb2JZeDRrS2JReCs3VjQrd0RPWEowKzVpOVdjWVM0YlUxZUJPU3h2NEoNCkk4QlFGSU9ON3hzejNvWnY1TTZ4NnNzc1dUQ1FpYklhS3ZzRWhQQ0RBMHk3UmlYcXd6SkZEMGI1cHcvSEhoUDkNCmZrZGU3VU1ydDQ4MUY2RWtodXJqd2RnK1pjeU03THJZblJFeTlFT1cwRGVRS1c5UjBPSk9mbXhLcU9qZ2NyQjQNCkd2a0FBUHB2S29SY2k5enpCaUZMaCs1R1N3Tlp6c3RKcnhaM0NXSnhWWWNETkRwV0x3VkFJT1A0bkg1VWVuU3YNCklNaE9ZSE9VdTVwQ3NvMFh6enJlVUN4K0w3dnduQ1g3L0FEZjdzenQ5TlN4RTVZU1NEcExrMytnRzNLZ1lEY3MNClU3MWtiekhlaUk3bmdWWWJhQStQZmtsTE9sY0VHRDdRMzVsRHdja0U1WDNQU3ZNc2dBVm4wTnB3RUp3cmcvMVgNClViVXpXb1c1N2ZzZEhRNWw5THlmOERJNXFtNVJuMjkzMnZFWE51MmtLTXRtdlZGdHRrVnptYW1EaXV1WjlTWjENCko0RXRSVlRwRkFQL1RDRmR1N0orSWtQUDdtaWZjUFdtcjhwSGdRZGhjYVcwMUs4QWl6VnhER1QzYkdjZExGTHcNCmM0aWp5WmNGakNhN3dOZEViZC90RElndEFhOXc5ZFZSVW9qR2VCQ05wOU0vZlUyMXFiYTgzallFNG9MTnplVHINCjU5a2ZvZkJ2dDZ3aVlBS2NtMWdlQ0hoRmpsNHloTy9vSkJCZ0t1dk9KZmU1UUR4Vkl3cWhyWGtWU1IwTnZDZWwNCldJb0pPQkVJVkRqODFIVjdjbjhDR096RlhCY1U1L2pVSGdsR3RsdnlJcVVJZVROK3pCVUMweHhoa05LTUFYaWENClRzS2xkOXZkd0JEK0FDQnVSSHZxbmk1SUxtOFhIK2lIMFlYdGJSZUtrL0p0djhxcEVTTGNOWC8ySmt3dTE4WTENCmg3VnhZUWxxZlhHb0V6d0N5VSs2cFhhZnkxc3VQOXlkcFQ0a2FMNjJ5NFJQL0hsWndicGNGK0NoUHpPTzZxUU0NClZRMmN4SlU0WHJFeUQyQ3M0L0hxbVY4dzdCZHBhZ3BMVXM0SkFpR1FaV3lrSW94MlE0azkwSGpEd1dGeEFyMkINCjJWeE1iSENXbmp0Qytrd0hIZUFtT3NkbHhjSHhabFZKTFhqQ2orVWR6M3o5RDdLT3FoQy80ZHZTaURMUW9XaTANCk5wL0dMS1BpNWdwVkhCbGJPaU1YZzBZMFVJMXRjbVFueFNYUmpOb0RFekdCa1FVWXgrTzVHSWZpUWg3N3pEb2oNCjg4b1hCeEd2WDB6alJ0dUVuSXprNS90cmloS3pSeHVsTFBhdkl6UVE2QVRnZEo2UzBwUlpEYUJNVkdDMEFRcW0NCk92Q01wUy91dDJiUllGaTJBRFdSN1JNaUR5K1lpM1FISzJyTDJKTGc3M1hHcEN6MjFlbmFKUE0wQ2lKbWZHWWYNCkFQYnlpWjVrZlNIWDRxTlUrZXRYQVhiRFptSkoySDdtYVByWC9LVE1zVFBrU0oza1QzS2NSNHVSYWFYQWVtby8NCktZVTB6YUtaVDZwbWlkK3FmenA0emdpZS9WelNyMGFmb1o1eEEzUVFVV21tc2VvdEpBbGd0UVFKVDNIV29TYVoNCnZ6Z0gxcnJHZzNKWjgwYlFMS29jQWs2c2tTRHAzSEs1VVlXZUJVZkVKbXUwVkh6cytpUCswSmd3ME5XNlJ2ZWQNCkpiZTExYnZTY1V0Z1lKaUhqVENhdlJDaVB0UzlQVmxreDgzVEZVZkFGTWZNRUhYUzRGWE5adWRzTm1RTzA5bkoNCk9GaDBpUzhxd2FEWXhYNkFabGo1dm5jZmhqNUJxK05PVDNOY1hhVWlFdmxxQUhTRXNENUwxN3gzTTQzc1lRMEINCmVrRklUdTJnWlRnU3QzaGNPdVBSUmZJV3dFQmk2Z3g1MnROTnJFQ3dXWnZ2SUZGQWZVS1lMUTlZZzR1aGVzRDENCmVXcXdYU3BUNWpmazAvRHRaeGJQc3FXQk9CRWlmZk01OUNMK0FReE9SLzRYS1ZYNm5uWFZpQTJpY0tLUGprY3QNCis2c3EvcVAxNnNpWDlCS2tROVYzY0E0K1Z2QjUzbFR6R0FUSnB5SEIzRkxvZ2M3WFFkdkdBczM3b1N2R3pEclANCjRBd3I3V1VYMzB2VDN1LzE1dnZCS0I5T3Rmb2l2MUFRZVphNEhCWUdwbWQ4anVNeVN1SUVnWElJNUhVcDRUZnMNCkwwc3pCRnhQc1NGTDdKNFNtSVF1UXpGVzBRNjRBRVNiSnp1cUc1WldHNGZSVmlYb3M0S0x5RWNpelVhWHFScVYNCk5BL3IxcWpRRXF0dkdTaGw5NXBib085d1d3bjZIWi8yQjl5UkFNd0hndU1keXVhTURLMW1OMlB2d094TThJZGMNCkJqYTlHQXNwampJcTFqNDQxeXlZNjdkdDlnYVVLK3p3Y1NNNzlNNTFUS1dlaEdmSFJnb0dHVFZhbTJjMWIxL3INCkkrdUtKVUpCN2NpeXF4RXA3QWtzSTNhNmxyRisxM2lmd0FTNUlLeUY5WVltQkQxLzRuMVpvOWIveXF3cUdiaXANCk5XbjZxWmVmZ3kvOS8zNUJORk52VndxWTkwaE9Od3JoaUV3UGJEZDdrVmZubEIvSjFjMUZjZkh6cFR2aWltT1oNCkptb2FWN2xHMUd5R3ZJZjlPMHU5dmFLQ1FscFN2V0NtTm9QeUlOdklxT3U3YjdzemtoM0Y5d1lUazdKWDArenYNCmh5Nk1RenNRRFdmbjRaL1dXK3pWY1BwMS9ybGRFcUQ2cXgrQmFGQzRLczJJUFF4Z3hhNUwwZUlDa2kvbHhyYUMNCkR4bVlId25LNG1zbjFRcFJlY29XMTd2dTJrbE4wcmtiK29jZ3Vxa1g4REtYT2xBMnlYZUVFUDB5L2JOY0swb0gNCmtidk9USnFKZlE3MzJFSHYzZDRDOVhQUi9NY3o4c2JvVkZleGZ6ZXh6Z3c0TTNibm15SXNrVUthS29jU3hIWDkNCkxwMWRBT01KaU1uaE9yY0NJRGs3TjhCakhGYnV6RHNxc05pSG13aXhyWW1rZUg3cUZ3a1Z4MEdjeTcwdUM4SEYNCmV4bDYwc09KTC9xNFQyeWJBZFVWODZZZUJLdDMxK3hJdCtRaHZVY2NyMWhNSTZlRHZ3RVc4UngxMCt2RFY3Ry8NCnF6V1JkV3lRRHdvRHdrZm1KaWxUaWhmRUV3a0syeEtlY3RrdDZPcnQ5ZDZhVE0reXZKUjZkalZwTllHRVE0eTINCm9rQktJNjVReG41MERxSC9HZFdMWXZXUUU0K1cwMndJdkNCUjBobTJrVUdaU0lqbWl4NzJKQWN1Z3V3T2pzb3oNCmRnR3VCSGdRaGx5cWJjcUc2MTYwREIzN0JMM1BONUordFprOXlZaTQ4S1dGb2YrdG1SdFJDTWxRUTlsYU9LS2INCmRqNitiWGlUMXdpTkdrWlJoRFd6RmFrMXBzNUFmb29DSTZuODlSU240ZzVPeENKaVZHQ1gwN2NXZU16aE5aaGsNCjBPR01Rd3pMVnUvK1pYVTdPaFZHMHg0M254TDhjcVRUakZialU0aUpuQThVeWZaT21oWGw0NE91TWVxNmVDY28NCmNVVFlxb3FXRHBqeUFUOW1xOGorMitEcERWNFFGeE5GckNySEJNS2RlcEpLNjBYTnRBOWEzbnR6WVpsQ3ZnelcNCjBncDVZMVpMVktNU1lJcEZKWDR0b1I1bmxIV1NvR3d3ZzNEZ0RHbVNjN1VqaVJDMHU4RmwzcmQ0WitzdU1HVDINCk5tTXVnS1FFK3JNemlLeExpYUl4YkthTERWeDR5MjdlYWNLS1NtM3V5ZGtnK3N6eHdDVmx2WVlqclg3L2d6ZzkNCmo2SllYdm1SOTNrS1dBandhN0FOb09VcWdPSHRHbDM3SGpuUGd2TGMzZkNHd0xYRkl6d24zR0lXcmpUT0w4Y1INCjV5eG41YzhrM3VDVkx6bXVOcm82UlRiMVpwcWZYZFh6S2FYQUtONHNOZW8zb2w5dHJOc0xFOTBVOEhkd3RtQXoNCmd4RER5NHIySWlOWDRnWVVqc1VaKzhIUkRpNlFKU01IVDZNb3M1bFZrakZEZEluLzIwTWdwem9SU1FuR3RHeTkNCmNZUlpSK0hlSHpVQlJyWWFJeHFqTS9Zb09LSGVDQThLRUVndWVtb1lGMTZrQXhlaDNGRVZrWENBZHhEbEdKQm8NCkQwaktxMWxTVllMSno3NWlpVjY4S1E9PTwveGVuYzpDaXBoZXJWYWx1ZT4NCiA8L3hlbmM6Q2lwaGVyRGF0YT4NCjwveGVuYzpFbmNyeXB0ZWREYXRhPg0KPC9zYW1sOkVuY3J5cHRlZEFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+
\ No newline at end of file
diff --git a/test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64 b/test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64
new file mode 100644
index 000000000..903e823ad
--- /dev/null
+++ b/test/responses/unsigned_message_des192_encrypted_signed_assertion.xml.base64
@@ -0,0 +1 @@
+PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfOGU4ZGM1ZjY5YTk4Y2M0YzFmZjM0MjdlNWNlMzQ2MDZmZDY3MmY5MWU2IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNC0wNy0xN1QwMTowMTo0OFoiIERlc3RpbmF0aW9uPSJodHRwOi8vc3AuZXhhbXBsZS5jb20vZGVtbzEvaW5kZXgucGhwP2FjcyIgSW5SZXNwb25zZVRvPSJPTkVMT0dJTl80ZmVlM2IwNDYzOTVjNGU3NTEwMTFlOTdmODkwMGI1MjczZDU2Njg1Ij4NCiAgPHNhbWw6SXNzdWVyPmh0dHA6Ly9pZHAuZXhhbXBsZS5jb20vbWV0YWRhdGEucGhwPC9zYW1sOklzc3Vlcj4NCiAgPHNhbWxwOlN0YXR1cz4NCiAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+DQogIDwvc2FtbHA6U3RhdHVzPg0KICANCjxzYW1sOkVuY3J5cHRlZEFzc2VydGlvbj48eGVuYzpFbmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjRWxlbWVudCI+PHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3RyaXBsZWRlcy1jYmMiLz48ZHNpZzpLZXlJbmZvIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjx4ZW5jOkVuY3J5cHRlZEtleT48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjcnNhLTFfNSIvPjx4ZW5jOkNpcGhlckRhdGE+PHhlbmM6Q2lwaGVyVmFsdWU+VkVQYzBwa0o5NEs1RXFTVnkrSTBjdWVSMWVURDZMdW5Bbm5ETFd4eit2Q1ovTEdrdms5MXM1cktlRjFWTXE1d3V2S3AwZFFFUmJ3di9KU01vTGMwMVBiOVY1azZJVy9udUljeEZ5ZnYwbnRTckVibldobjVPbGJqYlBiZ3JGN3hxaEdPSXdENWZWOGJ4dzUyMWVYdmwyVU1iNVFiVCtNRjdSdGhieTROcTNBPTwveGVuYzpDaXBoZXJWYWx1ZT48L3hlbmM6Q2lwaGVyRGF0YT48L3hlbmM6RW5jcnlwdGVkS2V5PjwvZHNpZzpLZXlJbmZvPg0KICAgPHhlbmM6Q2lwaGVyRGF0YT4NCiAgICAgIDx4ZW5jOkNpcGhlclZhbHVlPmpuYlBmMEtvMUlUdXJJM1lTKzc3cVdWbmwzajRpaU9RcWl3RVdsT2tmRmwyZ3JJenhxS3JURCt0ZDJmWkZvOXdvbVV6TUdaZkUxNzVST1lvb0NXdm9MbS96elNTZUpiUTJmWjExbnlZNjdNL3pBNitpWDBVQStyVDM2aFdxRytRZjY0V2dsekNKaWhPNk51bmdZTzFFYy85dXNIVFJvQ1FPTm4rK1kwTEFUcityTndUbXEySUVNS2F6YVFFL1IxWHVxWU5HZnNGL3pHYkJYY0VVM0d0WS9LdlJkSVlTcVU4VzdSTnJZTlFwZGJFOWtLZ0Q2UzJxRUZqSUcrbmlKa05DU1JQWEpSR3pxNHJlZ2ZEcktaSGpOWXdadVlnWDBKTEsyczc2dU9BMWw3R29EY1JrUnNRRnp0Slc0enp1T1M2S1pjNVRBSzVHQ0tlbFRQZU92YWdJcC8yMmpMZ1VJN2dDUFJManNhelZoOFVtRUd5UVNmamxGbkROVnNWTUJCWFMzaXNZaTBPeFRmeStDS0hpbmlMOXNXb1BpT3FCMCtIZURLcVlrVUREMVByT0hlbkRKdDVjd0s5N1lObGZHL3didU5XSjk0UDFabHZVOXBVMCtzd2Y5RmNHV1dIQUNhcXRRMWU4SUcwU3hiZWdDNG9Kb1Z4eVNTQ3BFVUhWajVWWkdhRkpGOHI4OGxwZDE4eExOZ0NZeGg0cmx0MTB6cVVianp4WjRIVDZXSUxsVHBaVWVBRG4xMDlCWmNVbnNwSm54TFpxN2tFZlBlWnVacWpTcVZSOFZBVk53QUM5c1lFNzB1TllTRGRQbGxVbTJJZ1hDZDhqT05SckJvNHc4SUlUR1BTUGNabmJTbUlSRnVzY3dnSERVQ3IveEsyZFprK29uOFNKV0dCTUJTWDAvWkhxRkw3WnFEdWV2QU8zZ1hGSkgzRERscm9VVW9CcDlmMmFjMm90MCs5bE9CcFpFcjRZbmJyaENpa2lFYmI2ZThPQkJlQlNNemhuOENSVVpFTjRReGJxVlpIeEZ3bnRjUjhpSCtjRm42Uk9UL1l3SUQ4OTV2YS9wZEhGb3NHWndyZ1lOazdEbGIyYmo1bFhOYjU5UHN1aVZUZUdiV1d2QTZmRWMrVzRFZjl4emFUNzg5Q1lIRVdtMjdGSC9qdEw3VDlGdTBXcFZoZzU0WlUycC9Balg1dEljbkZIWjJrSFB2WVNUemVBTWNacTlDMVFEelhjZUxaSWhPUUc0Um1JVW9YM01JbXIyVzlRY2tOVVRKcnJ3VHBGNnR0NW83YU5EOXg0bmt6Qnpkb2ExajhHaVVIOFNwTEJpV0VJWWEvSnVOTDNWazEyQS92WnBndGpBUS9PMVZiSm1pZGg5bnhrUHY0RHFNcUVnV2M3bFRBV2JqWmowM1U0K1dKMnlrbmk0U1pXdjdZUUowY0d5VlZkUnNXS2hJM3VTcmZHZnNSNXR5eS9ZTFkwY3lGcVdGM3dYWEp6bFJ6WUI4N01CcGlWOEVZc1UxclpsK2thaXcrZWpiYThFWWVITFBLSi9HUldCREdxc2h5VGFJWkVqc2J1cllpN1VRVGQzRGRBdjUwd0tFUGhMaG5kTHJEWUtTbkRLQlRkdE9sSnBZYmlmWnBublBIZjM0eHFiZks1M0M1WUFEdXNrSWdPRnppMTZhNEsvakt5TXdkQ00zNE9yOXdlbGJtb1JiaFZTUVNMdDd6NS96eEVPSWV1bloyelZpRThMaHp6V01NQ1dhcU5HMVdhbHVjZWc5MmRwaG12U2VVTzhzSjM5dUNtRkNZalAvenA4YnRMemNFQ2tIUjVyZ1NjUDVNRFhwZFdmOFpIaVIrOUp3RGoxbHlRbXZJaXI1bHBHcEVaQjRMTUtuaDNtZ1oyVzF3TFhzZVZYMEVsemxlbW9ua2Frc0lFYWYvcElZVlZheHJVblBJdGhuWnl5SWI4aEk4VHRLbFh6blAxSjNnVVdzb1lnVHdmaUlDOGRTaEdoQ2ZCRWt2aEFLNnBNOGFkUGxsaHJoTTlUclgvVHdtbnpyODNrZm9OcXBBTVRUdk04QzRvaGNaZEJLRmpRT3A3b3dodDFXdzd3bHlvRXo2Z3IwWEVIOUdhR2k0NjFhVDN4YWQrWDVsdFJKRmliZ0JlNjgwYnRyTW5zZWhNL3QyazZtS0N1dDY5Sk9DT3kzaTl4cTZLa2R1RnZvN3JNQUFtRE56ZzdHMU9aUWwzT3VRaldKWFVIRi9TK21Yc0JpNEQ4NGJPL2NLaHFlc3MzRlRRL0VDYjdNcGpKV0FuZVY2bmd1aXcwWlZ0aUd4N3JkWWRQbkRGK0dQOVk3YWgvNnNiUFUzMWFuN3pBa1ZZamFKai9oaWNZOTRoUVVMQ0dYRnVwWUtuTHp0R1dEY05xbmY0cCtBLzhLTWEraVJDRVFkNVFwNTg5QzdLOVl1eXhFb3pILzNFcUhCK3hGbFBKb2c2c0lEY3ZBSWI3RHduSVdkOEQ2Ty9ZOHV4Vk15QjZjdk14R1lPZXF5LzZhSzFNODFrR2x0amlyWXZyY01NMEVqaGxybGwrejFuWmxLRU9UYzB5QmNERDlCbExZbVBtV0szaTFmeXpOU3o1OVJlOG80RlEzV25pSmQyQjN3bHdyRmplOGVKbkNHdEM2dm9pSlJDaHNMb0tKc2hGTmREWWRvSkRUR3RPbHpRZWRjZ1NzRXhFVEcvM3MrV0k5UE5ZNU5OUUlhZzdBWlhmQ0RseVJwemIzenRSNyszTFQxZnZPMERBb1J5NFMwV3doQ2h5K2t0RGtDSU5LMFhlRW8xaUNnK0ovaVlNam5FZmVQYVZmcllvVkJzSzg1bnZoVXUrQXB4NktBUGQyZXpGcDVNRVcweWQ2QXRCRmNyWW5DbjVZc01RSHJxcHMrMDNDYWRZdkF1YlVSOEJMSDJZdEVXRWF4bmlkN3hGbWRoZnNWZE16Ly9jem14NHJudGlSTjJNK3RzUDdScFBteGpDL1E0cEVCTGNNOUswUHFDSTBKdGpkVUt5YnFvaHRhWEMzNndWUHNrUUJRZTB1UFJ1L0o5SVZ5K3dUeVo2RVAxSTUvOHdLdDFycWxSODczTFRqenp1UVFUSXdnMThzWmQ4RkpuQ2Q3NjFWd05MMkRNRUNEaWN5UjV4NHR3ejZDblhQeFdMTXFHakpCNlVkRGU2ekxEYlc3VThGQzhPZTVBSkJ2V21pRW9oU1BDWHVaWi94UFMyY0hESDd2NzliS3JaSitaMHhValpCdHZRK1BtY0ZZbHNneTBBcGpWZ2kwTjludWFObUFrZ0tGaUtFWFhGMUZGUTcvdUdiTDdTY1FGKzR2R3l5UzNwdUkvcUhrU2hTSWI1S09TTzkwcDBvY2JIdlRvSWRsYTBONC90SGIwYnFuaHpFY1FhSGRnY1oweGtpNVFmSVRUam9PeWhFd3doajc2UytEK2R1ejdpRldEZUNVb0ozNk9BK2pPODNrdHJDUW53bEJ1OEo5V1NYeVdnRjFvWVBtKzNxNnJGZEd4blpNb28yeUNheDI5K0JHQ1pHT3lnbi9IOUVhWUF5VU41akFqMnQxUDlOdEFmV0U4QnltaXBiV2NVVFZTYUM2Q2NBQVpDbXpYcWd3VU9BMUpOc2tlZ2MydTFoTHhnWjBCL2w2cm01bXY1a0U1akpPdkU3NHJPbUFvc2tlSDI3Y0xiUXBJZjdqN1Q3QXRpRkNqQjhpeTNvZm5RVU5zckpUODNSVk56T1hPaWkvdUpHY2NORlVSbm4zdEUwK0ltK0xGY0RPbTdKVnZwbVdYZUIwVDRDWXRSMG5rbHFCTnBxM3FZN20raHpFcnE5WUFNQ2UwZ0tjdFdLNW1ZcXBTVkpZN2t0QXlMN3V5cW9DVVVCRHJyWjIzYmxGNU4zWGdmRnQ4STIvN29IQ1lkWEU4Nk9ScGhGOGRGMXMzS1gyOVZtMHVjMkZsa0FrUUZFWVdDU0JvUVJwcmVoaHhnN29qTVRBYkU0cXY0RHZheWFab3VVZTlvSk55WTF3OFhza2ZSVVhnK1Z1UVo3SjNkaVFveVdaS2RwUmFIWnl5UXJFdkJmRzRUdzVidFowMUQzU3MyK1Z5N1QwSHRFVXkzUG1kcHVQenluNW56YnFBOVdGU28zeGN0WiswblNYYW8vaExGblN1dUptN1JBZytRY1hRMWxuUHk5WWw2MlRlOG9nL3pYaHQxRmd3dDJSdmJJc0hnWmJNUWlJNVpYbjAzYkFJYW8vcVQ0QmkwbEdPdUFLS2taZjM0YXkraEcrQURmU0hQNkRjV0o4SkZxMVRVMG9TeFNzWkpQMW5Ra3c2SXJnNG94WWpjV2hOME9FRVNFTkE5RTkvZ2F1RGhwTDRvMHZsbGx1QlJRWkRaNWRieWJ3K1FSRU9VU2dkTjdwUm53WERkM3dkZFZRVzhjd3pVRVYxWGUzRzMzY1JUMVAwQS9HeU4zN0pKSDNvSzhHRnJWM2MrS1B5Qkl6T2ltVUpaVjVlbHBaSDh0QkZmTmxVSCsxZklxY0ZQaVpVdC94V0pPYnh2bGUrc2R6cjdQdkVyTmVlSmVLQWw0TmVta011SzcvcDVXWUI5K0Z4cU5aN0hray9jQm0zdXBoZitnM3dzYUI1QUZodUZJOHBhbk16SkN0dU92ajhsOTRtTXViMGFOcE5LaG05OVEvTmM5eDVkS0VVVTVJWjVqS3liTkJIbVd0R3hGVkxTcURpOXpyL3NFTkZXT0ExUUx4b1I5NUViVlJYSSsxZ0hhMkVLdUhHdkVNUXFxc2pRMXUxbnAvU2pqbUdpTnNaSUFjWnJJcTVHTEo5N2JDd0dqODlWYWRCZGdoaytEWGpXVENaOUZmUE9lbjNtK01LVHZ4MVI0SFJjOFJXcitRbXZoQzdJNG5UbjVaaDVwUjNOa2t0Zkc2UlBEWEJvcXFPcHBhVldTcTEwNldVOTNid2x2Z2VEY0JaeHFhZUJkNjdVN1RjY2IvbG5yRDc3ekNaK3k3S0xNQjlPVC8yKytyZTRNZCtCT3NmeG5RRzVUZSttVCtaNFJKT3h5RWp5UHkwL0dNd1dtYng3SEs4V01FU0NjR3dLekZzajhKcExzTndIOEYzaUlkMkZsRUo3Ym8wbXM5QXpSL05GZzhvZnpKVWd5VEMrVVRBZmovV1M0RFRGemg4enVVWklYd2pTZGZmakZtRG5DMS9vZ3ErOGt0TVN2S1RUeENwdEJpdERNYmpxNWVDeVc2bEQzTjRxd3oxS0k3clc1WDZocWV0bTlyUm5pMDh3SkJNT0U0VWQ5ZzY2V0NPNHdRdG0ySmk1VHU2WHBiU1hvNGN3bjdkbVNUNE05NFRwL2ROdld4OUl5WDV4ZURPM3BtSzF2VFF3Ly93ZU01WmliNlFjbnNsUy9hT0c2TFJvd1M5bE1INCt4aHdwdWxRbUJVU3ZDM2IyeG9UMjQ2YzZVbWViRDZHNmVxVDNydDZVZVRMOEpQWlA2cmU5b2prVW83emlXYVNNK2pHaTl6NDFJY0JEc3JuZnRZYXdLQUJVQmxKZWJVcFJWWWkycVIxZ2lPcVA4N0FBYSttYlYzZUp0SzdOT0JxUUZlcUN2WWVkbFNYc25jUXUxYTlSdm5UME9SQ3JnZU5IcWRsWEJZQmE3MTM1LzZNZ3FHTkhQNkJyRWpLUC95TTJ3OExCRTFJWEtYTEI3VFlJd2tqa05XVDVSUFA4K2cwbDJOUlFHMTIrd3EvTFozbWZSVk9wMHBMMnQwVWI0RHp1S3cyekNERXc5OEpja0VDL25KZWtETzFsN3VkeUJOUlZZZi8rbTRPWno0LzFVQjRuZm4rcXptekpaZVJqd1psek5HOGNtckhaNERvMnlwNTRmM3FJdHdJSWEzZ3ZWMUZVQ0hDeWR6Q2FjV0o5Qk02ME1MNW95TFZIalpCdUFRNWdpQm1UejhtZ2VrOUh5dTF6ZEkydmFHTFhTb2g5WXpKWUpJUmZlV1hpWk9IbHdVbXFFcmw0RmErTWdneUlCMXhQSTFQbHNVUE1KZGcreW9ZZW1WZXk3R0lCc3ArWTJTaGZzMnh3MUlkT1p5VW1qOHNEd3lZTngvUGVsc1dhUkpjTFBLWFJheEpDcWRDSHMvVXduNnFQcUlhTUphSXM1ZHV3MXA4VGpHZUpTQUFpNU1pL2N3MEdpVERhZXBKeldwL3UwUEE0K2tRWm9vcDEzTGRSMlJpZGpVaGFJdFowYUpMdHI1bE9WNTBhVy9KbkRCOXJOd3RDNXk4K2NWR2N0T0tWNW10SXhNMkNtcGg5QjZCZW9ENG9Iei9XdkJmYnREY0RETE9vTkYzdGcxYVNtTnRPR3krSUJJUmw3bzU4MCt0RjFwRlovbjh4OU5JR256QVpaZXY2RFBYRE1UOXhhS0dVcHZzb2Vaa2QvV09LakJrR1MrcDJsWG4xME5SMk45U0dVaCttY3ZxUXZTaGtIUG54Sit6Y3lBeWo1TWMrZHUvVlU3b2hJM0h1WENvYXBDTDRMUkFuMTczVk1jUktwUkNGOHRWbHVnYXcyQ20wd095cXJRVy83RHBZbFk5dU5yeG00VHRGdnA5NTc5QkFCNTdPT3Jhc0oxMXE3WWtLd3QrNUdNbmlRaUtsU2RET2hnQVowdHJ6dEhwTVJ2Znh1RkZBSVVDNDVnN2swWHFYbUE4UjhabEhtcTVxTmFyRVZpZkw5UWF5eWxqaFNxYXpqenR1MVZiS0JvWnd1MXVOeHVxenhlTGEvOG5GUkkzTXZ6dXA0OFc0aWROeWtoOUlYeXdMOGk2V3VPNWE3KzIza2xiNEpHZjNjdFcxR1YyM2FBbEhSWlkzZzdseFlER2MwKzhzSjZGREpUdm5tcTlDd3dhRkdYWWFTNFJhc3Y3UjRoaWE5bWRoRzAyVmVYOG5aM2UzcnZvNUlVOHd2UjVHSllkdGxPZlhFUGlZYkZsUi9QU0NwZTViR1hzbDkyQUJqOTkyaUJoZUZmZkZvSEJya3RIeEMxL2V5TVRqZEVseFVIcSt0TWtHTEVKQVZKUlJva2ZxQ0xIaTJBcmNQWU9EaklSNStnNmd0aFd5OWNGdmtidDFTdDBCTXVSZGJiVTVsNFo0ams0aWdJbGRpUVloRTdFMlNhNXRaTDJMOVhUY1QvcUYzaW92dHlIcHJZbU5vUzwveGVuYzpDaXBoZXJWYWx1ZT4NCiAgIDwveGVuYzpDaXBoZXJEYXRhPg0KPC94ZW5jOkVuY3J5cHRlZERhdGE+PC9zYW1sOkVuY3J5cHRlZEFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==
\ No newline at end of file
diff --git a/test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64 b/test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64
new file mode 100644
index 000000000..75b65d0ca
--- /dev/null
+++ b/test/responses/unsigned_message_encrypted_assertion_without_saml_namespace.xml.base64
@@ -0,0 +1 @@
+PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8c2FtbHA6UmVzcG9uc2UgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il84ZThkYzVmNjlhOThjYzRjMWZmMzQyN2U1Y2UzNDYwNmZkNjcyZjkxZTYiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDE0LTA3LTE3VDAxOjAxOjQ4WiIgRGVzdGluYXRpb249Imh0dHA6Ly9zcC5leGFtcGxlLmNvbS9kZW1vMS9pbmRleC5waHA/YWNzIiBJblJlc3BvbnNlVG89Ik9ORUxPR0lOXzRmZWUzYjA0NjM5NWM0ZTc1MTAxMWU5N2Y4OTAwYjUyNzNkNTY2ODUiPg0KICA8c2FtbDpJc3N1ZXI+aHR0cDovL2lkcC5leGFtcGxlLmNvbS9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPg0KICA8c2FtbHA6U3RhdHVzPg0KICAgIDxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz4NCiAgPC9zYW1scDpTdGF0dXM+DQogIDxzYW1sOkVuY3J5cHRlZEFzc2VydGlvbj4NCiAgPHhlbmM6RW5jcnlwdGVkRGF0YSB4bWxuczp4ZW5jPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyMiIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij4NCiA8eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTI4LWNiYyIvPg0KIDxkczpLZXlJbmZvIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgPHhlbmM6RW5jcnlwdGVkS2V5Pg0KICAgPHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3JzYS1vYWVwLW1nZjFwIi8+DQogICA8eGVuYzpDaXBoZXJEYXRhPg0KICAgIDx4ZW5jOkNpcGhlclZhbHVlPmQwN0x3NnFDbGlva08rR2ZMTnJuT2lOaUFhQmpReWoxRnZtRVNSbFN5aUFpYXc0cE5HcUpqeWU0R1h3R0FXdFoNCjgzNm9OdTlQbzZLbngwdERWZ1BDdlNNMHBvQndINkRML3NRQ0FWV3p0MisvNWMyLzVTN04vQnp3eTJnOEFhNFANCnpwZmplN0NSUmU1OUo4WTM2Rm1OVUdMT2hDVmJQZERCVmNZczcwMDZvK2c9PC94ZW5jOkNpcGhlclZhbHVlPg0KICAgPC94ZW5jOkNpcGhlckRhdGE+DQogIDwveGVuYzpFbmNyeXB0ZWRLZXk+DQogPC9kczpLZXlJbmZvPg0KIDx4ZW5jOkNpcGhlckRhdGE+DQogIDx4ZW5jOkNpcGhlclZhbHVlPjFxbWZNL3BWOC9HcVkwL3MxVnR4SUx0VEZ2bHZjK0xhUTVKUW9pSmtqZEU0RkUrNmNOT2FacnkwMmFiMHlTUWYNCldySmpMczlGWXBnZjhaU2NFd2N1aTBvbVhVdTBuS1Q0dTlrdFIxQXJKemhnQ2VmSkR1Tnd2akVyUnJKSDJpU2MNCmxZcDIraU9GRytMLzlzcEpqV3VTRVk2U01SS2h3ekRrMnZxOEdPY2dFbTh3VGVhRFlpVEpZVVdoVWJ0UFZ1S1INCjBpUnBBTjhkQzhIakdvL2t2V0xaS2xTeUFDVzFjbktsVGhZWWowdUJMTnppRXVtRFV0UU9keG92dFJZVE40bUwNCjNuTWVjYWlpOWx1TlNPeXROQ2t4V3NMR0JhOGoydEtGS2NOSGVoWVF0T3c2ZXVxeHdZU3ZlT1o0WVlTd2FGL3gNCjJhcWdYMWhXY053SVJBMEcwQkNpTDh2KzIyUVpuenAyd055SVBaYmdRYkVuK0xIMlJxeGUxTlNvMEdEa24vY3gNCkdOckhpZjFqN1krbzRkaHAzN1l1WFBJc0VYQjViWlJCUWtkaHVRTjJ2SWw4YmdLdlJ4WVJDOU9uSXoyb2E1S1YNCkdLcjMrQnE3L3ZuY3FMOWpta1pZZ3VhUm1kQTZaZ3N5elE4Mm42eG5tTkJjRXM5SmIzM1JBaG9yR1pOYWVFRm0NClQraFVxb2xBemxuMW5sQkpCNDNHV1hVRjRKK1FYdXhVUTlVNnVlN3oyU25XL0l4SHRZcDNjSnA3Z3lxbVpkaGQNCjQ3bExJaVhQVnNTZEdKR3BLczQrRWkxWUZHTzRFQWZPRjJlZitXdGpuZ1B5TnFLdkNTdTExMzlUSURmUTZoZWwNCjNIcXphN05vKzdpVGVIb25CQkF2YTYvOU9BT3JtWXVidWZoSjBhRWQ0bGgxVWwvU1BCTjhTeUJxUVQrcEFJRlgNCmVub0pVYUQxUTlZaXZid3FlTjlDM2s5alBGdnBkUkxPNTBNSjF6YVMxc29RcENEck1xb3ZjSjQ5ai91REJ4WFENClkrU2Z1dmxxTW40SzIvL3ViTUx0N1Rra3I1R0hZRy9yaUhjSks2dExDMS9JOTVNSFlMeDlORGpjVzlmNDQreEINCmFicnBaZEkraFBIdFFpdlM3MTRXemZGNTBJSElJT3p4M3RyU1FyV0NVWkJ4MHp5blRXNzYrSVViZXVLKy8xWEYNCkR5RXNTdUZjdUZmWmcvL2E4YldKSGN0RXNUQm5XOU43NFlxUDN4MVNkYmE3VEVJSU9YZkV2dnN4QzZmeHIwMGENCjlYK1VWYk5lZmV2WmxXeGVkUnRFWGRkMEVmUG1OS3dMY2tsSDNwRzZJVkUyZlFqejFXS0xaQWM5NXdNU2FMR0ENClVOU3hJeGlFSmZsZXJsNHVFMWxPWm85Qnlhcm9makRvK3pnUHoremxsYUVJNGQ4MlZwV2hEeG1oVEV1Mi9uSWoNCllvcnhMMFJVcnBBVnlkSVoyV1hmYi83eU1ibEgxR3Z3RGo3WXFTQmJZZHM3YmtqaVdZWWVIdzdqVGdBU1NrWHENClIzRDhNYXEzLythWnZtcnZQWlBQQkdTUWpVSy90elBmN2pSYURkemVRQm9VTmlQS3RTREJ3UmF6SDVTU2E5WUMNCm55amlJd3o0aTFWT1c1eUFjV0prYVNmaldVRXNoajNKaUFVUGxnWUV2UVNHdi9SLzl0WG5uamtmTDdpUGUrMWMNCnM2R0lONEFPSlB1OTgxZ2FmN3FEMG9JdVROVEtxSXBIZmR5SlFsSURpTGszdkszTXN5dE51SEtQSi9vcWF3anMNCmFERGRJT2d1S3E5d0NUck96akJ2cjhvZ3krMTZpNkVyM0V6eU9xemE0M05IQWlHVms1S1dCMWFCbzZYM1BVZnENCmt1am16alNsS2RKZ1A3eitQRFhFTVU3UzZzK2VCcXVTRnI4citia1NTeVd5UE83cjVPbTNtZjVFN00wQmdVTEENCkw0YXBIM3JCd0grb0lmL282MHduMU55RnRaSC9Dd3lsRDdzbXVQN1JxcVJkd2k1V0cyVEdiYkdaUm9mdG9zREYNCjlHUE1VbVBsTXVaV21MdkZ0YSs0ckp6SkpRMVdYTkFYVm5raEZ1MDFsNFR0dHo5ZDM0SklKVXgrckJHNkRaTmENCk8xTWdBeGg3ek0rRGZHdE5SWllXZE1XbTBNcHlVSEt0WDhrWEp0YmtGSjZNb2Q0b1ZjWHJFNU1la0xmTFZMSm0NCk5sZ2JCT2lodkh6dWI4b25RaGZpeEZQc2VmMEdOM0ZlV3c3WW8rOVZUOEtHckFLN1BzNXVlVktUMURqSUxWTG8NCkFUOWREQ1VVL21lQjBkaFIycHVVRmlRVDFIeXNrUnVQK29MNFlCWktVUDJFQmQ1RGV5aUs1TTdVYTVQT1dBdlgNCmh4UUNSMGZGSFlEQXdUWkNqZ2FZeklDVVBvYnFLRHJZOG1xNjNwZnlDQjhBWnJkUVFreU9mb25WTzF3U1NZMnYNCjJHVnBzZ09uZGJSVVhxUVlBempoUU9hRzJ3VFBFWVhkY0dGQUNJTkEreUhrdmNLZFVMMVlXSkU2WUtpZ3U0QzkNCjI0RnpIL0wxL3ZDeTVHSXRMUkJJdGVROHk4RkNZNkNVNGx4dExKbHhDeFB1OUxiVnAwZ3cvd012WHgxMDM3NFgNCkhZdXc2YytjOGZiRXBtTjhHaUMvNk1NNjgwSEdla3FzWDFIakx2Ymt0Z0MrWEs1SmEzeDYwUDh2eHV5NVJRamQNCm1QOVRCU2NrVUtheUJMc2R4clA3STJzWkFIa3p3dTcrbEsxNHovZTRJUFZ5WHExRVZSK1BndWZCSnhGak9QUDcNCmpQWDNFR29maEtNaXVnN0RPOGNObTRLMmVULzF5cWs3dllEM0loSTNZc0QxUkpCeFJscXFhZjIrTGRNTldsdmYNCnMrbWZWSUJUUDh1bFpHV0MyWlE4Yk9yKzlOU3AxNDVmK1FHRnRSSWRMdHRsYU5kUEZpaHd0UlZYTjRmVG4xbGYNCjRmQnpaMURFVzhKUXYvMU81RlZxREdPdVliOHU1UWxrMVhBTktRSHh0ZWRsNzlzNEljRzRhMmNvQm8zcmJYQkINCjNCRWFsZWhTbmlMa0QzUzVEVlBTOFYzSnV6bnBjVmlUb2MrY3NyQ0VTNnJNODRvN2R4MjF3SGNmTU5nTlQzL1ANCjVaQkhOanllemJRVGVEVnFEcUo4VFd1YWc1LytJdlUxVTJCUTVwZmo2eG1OVTRMcXFDZUpsYnBTNS9STUhIVHoNCmpTTHBacC9tYldodWo2alFzekdubWZ2Tjl1OFpMMUlGUDQ1b3B6QnhLMlc2c3hqNThBTmZ5Sk02Rk4vcmlkQTMNCmd5K1piMUlibTluVUszOXhGbnJEemFDUjZyTU40RkpuZVFRSkpIVlQvNll1QlIzUlRZQy9qK3FJZzhiblk2Z0wNCjZsd3lxdkhRWk9saHFvbjJ3SkZLL3JTdWRudHl5d2NIb2dzNjUwV1JmM2xPeEJEVTdaamY4STl0N21rR0M4THcNClQ1Yk5IMGNMUVVXanVFT2MydEpFUy9lVFQzQnpBMFJMRTIxcUJvWmU2UzZUdkJ6aE9LSDZDa2hjNnBQQVN2TmQNCm1vVU1JckdxWmV2dkhTc21KbnRRRzREcE54UUNyMGxQdnVDYzgzK2Fua0dzZXhDUHVjaGNrTnBhcDM5Zk5KRDkNCmNMdFZXclRjYURMdlQxRHBISzkvUXkrMTlXV2ttbzMrMFVNRDk5NkF1bnMzc3hIRk4wb2tpNU5mWEQ0RkJJNVkNCloxYnoySVIxNmFBNHFYNHc5ci80RVZqVnJ2Y3NlcTE2d1JrdXFXejF1T2I5RDJwR3RGeHIzUWREcUhENTV4SE8NClBaRWlhVmV0cWx5WlQyUWFlWENxVHJVN1V4M29zS1VlQ1h1VHBnSU1IcGZodXh4dmt0UE5kemlBMmtzbTVvVWoNClZXN1dVeDA5QVBTMVo5dEN3N3pxMGJDcEg5dXpkdTdHcG9zeGc3akwvYlVOMDJ2K2pnbjJiZkVhaEQxYkRHRFANCmZIVG53aVRvTStDd2I5a3JkbkROWGFXSk8rUXdicnBBWFdIUXpRL0s0WnB2Mnp5bjdMdFA1OVR1QnpwMHVSYUwNClZ0dkgrS3REcVhZYWtlbXhLR3h2cjQ5NDBPN3RNMXFLYTJyUEpwUERObi96cFl1QStmQzN1TTFwOUcweHFvVkwNCmdxTXJRQjZDZlNCODUvVzg3M1h5UjZ0eERQOVN4VVF0N0d4d1gzR2psQ21ZTjBhK0xFLzNETTNEajhwcTcrMkcNCml3VE55NGN2S0NzODdUMlFiQUpGRTl6NDh4UWV4WnpzOGNycTAwQkVKWnZ2Wm82Nm52dE9SVVBwNzJxMkc3a3MNCkxmMUd6TTNsN1FjdjN2TmU5b3N0bUhjSFNCNHpIUmRWenE2Mml0Z21HYWVhSVl3ZDN5ajhXQmxZZlIxQ1VUeFoNCnQ1T1J5OTNOR0pnWmFJdTFibHU4d1JXajhBMmw0L28zdTZSQ0U4S2ZIOEhBWWZOemRpaU1TVnJrNVpWNWo4Q0wNCkdrTm1Ua0lNanUyekl3d3BMTHZadDZQbWMrRVdnMVc2R01TeWJnR0IwZUhkTld2ZmNQS2RwSkxZaGxGUUlUWVgNCmlEOUNjb1RiYmQ1b1l5TU5NOS92THYyRjZlR0hUVFM5SmttU3k0Vy9uUEg0c2NKRnVyYWg3cEZsQWluVktGRy8NCmxrRVFMTWkwbkVGSnpkT0UvblNxRGZVeFFxMFk1d21TV0VDWndHUjQwL0c5NG9wQWlxRXRWM3JwMlVWUXh1Q20NCmZTSGgzaTVKT3A2dS9hR0c0eUMraFVOOUJvMVRMdGdiazJXdURmQU55VVVrWWNWUlllb25xZTFmRmI1Sy9RYTYNCk8zekl3V2RCQjBNY3BocE1iV284Y1JNRWNIUHRINFEwbE1GbWNjTDgrSEJRUDg3d1VpSURydGQ0WkxsWDBlSVINCldDT1VoWUNsazVySWdTeHVTTGk4aWtsL0tYWUFGaFBqczd5U1FOTmg0dklOMlVkSW8xbG1GZ1kwY1B3dlVyQS8NCmN0VDB3ampWcHZsSWx3Z0tXY3MrL0pRR29SRjNmbURXMURJT01Vc0ZwS3B6WWlCZTJNbkZBdTJSZzNNSFFrTjINCkhUM0VpTkZ3NENuRU50dWhZVFJ5dW9paDVFajZxTk1nSFRNLys4dGdFTWR2Wi9VYWJzYU55UjdONi9VVXFIb0gNCmdISG4rZVE4aEI3YUkraCtCY3E1VWwrV2Rzek9vckNZTDY1bWYzQmtTcTJ2WElHMCtTMHoyaFVjalYyY0hROGUNCmNxOHNUdHB6Sjh3ZWZzeGZhYjdrcmUvMVg1dnFraEVTb2huUFhLTHpZSWJ2Zm9BVWhqd0NqbHA5dUlvMTZZbnYNCkVZRkluM2VCdllyVG15bmRJdGZCeUR4WllGY3hqbjVid3NBQjZScW8vekpsS0VYUU4xNS9XUklyeUp6QmpmVnYNCnpTeXdqL0V2cTVtVngyaFhuZjRZVHZ5emNJK0xsbDRqVmhPZ0hUcE1qUXU1OHc5UEFQVjRwcHdIbTFUb0JkY0UNCnZjTGlTbHlWeFlLVVk4cGdocU9Ec2R6dnp1akFOWC9zdzV6amtSTFJXeEViUit4R2VQbnY3aHRseC9mQ2pybk4NCkdaY0RmRTA2b3FWYnlhcENNdWV2OG5JZlQwZUNBUmRvR08zYjRDVmYvL1B5eEoxY2tSYmorcE5UOUxtRkQzcnQNCi95c0E1b1VnL2VvVG93NGFycnlhUi9pcVZMMjZ5NzNEbC85cE9sR0ZtZTJZUXhkMm91ZjRxUGFYRTlGcWlzUjINCkRMck9nL0hQcThQQTAzTlJ5WWRGRm00NGkwWWJwVkU2ZmtTVnN1eXZtYitUME9jdiszUkJuZVc1QWkwOE16MGcNCkduTTBhdlFiK3lTcHlDckZVN0ZCRmVsYkw3a1hyZDNBcnhBejR6enJRcUZYUWlLUGlsSk12QWNYZzVtcEZQcHcNCmNscWs4ajJoMzVVb2NpcEdSUDJpTDJUMi9rZFQrMUp3RHFZVHRFK0hSRkJneTE3UGNHdXVKZTB4b2JGTW42YUENCmkzdDZBcnMvV1Btd0tPTzFHMlo2U2pFcTZXcy90VlhJOTljTG1nQy9PdTZxRk96ajY2bFZLWDAzT1JhWW1LanUNCmJqQXhyRmVMeWpLSDVTVmVRV0FqMGF0clY5UFFpOFQ0VE5Ja2dOcENsM0NCTDREajRZWU5GZ2ZGVmlYOUExdnUNCmlKU2hYR1ZJcU50MnFHcXFoczNYck1WdU5CeDRrMi9LSUduSzVPUU40WWNDVHE2T01yVEVySUxIODQwVzZISFUNCkRzNHIrK3FIeTR1eDVSeGpMdDVoT1doU094RC9mQ2V0dFd0NXg0ajlEUDZWMU4xTXJJQlMxeGszVVNLK08vSjgNCkh0RkF2S0NLUVBqb3NBMlpKcnF6Sy9QOG5QVzRCamR4KzlRRjI0R1lFU2srUjZZRnBzNTVhMVFBZm9BbVFVZ3ANCjVvbVBzQWRQVFVPaGNBVWt5M0NxY1RLQTY1ZjVPRjU5N2ZwQ3RmMDFZaU5XM2F6ekRNTWxsdFNWTW9ZdnQ0K0UNCmk1clA2RkN0Szc1eVorZjVsSkJuVGpiaDgzOXlTUjdBd1lsV3o1TTBaU0JQVDVsQmtkdXdQTkdYeVZJZk5acHANCnp6TFlVRlhyWDc4MW45TXZua0xkc0hHVXZYUGN6QXNjUG1qUTZOR1hUbFdHMEdHdmZMckxWOWg4UmxtS2JONDENCmFBMG1JZ0FsZWwrSXQyVlRqY0tmTm5CQjBiNThpZG9TR2pSMStYTE5EUzRZVlFvSnFTRWppOWZTRGxmWWdhSi8NCndhSmEvZ2pHTEVzalo3a253QjZFc0thY1p0Wks5bXRzakhYUjBCbndNT3JsV2tvYzdNSkVyQVU3S3JwQzhkdnENCkxpUmxZbDlvUzJzMEQ3WUpxVkFxTmhtam9SdkhSWnJGTlBPZzQzZmljcEV4Y0lrY0cya1NZWVRZY3hRYnNqYUENCllsYmkwR3hBT0lQMzdKdnlhelJNcU9XajBxcXZ5b0U3ZVdiVDRoeXY2S05jcWNqTUZOdGVmZ0ZsckZ3YXRrOEUNCk9KRTEvdFdJSUlmLzNpTGtLMVhoK2trUkllSUhZZThGWEVwWkhueHgrVDRzUDEzSE5McFBtZlhNUzRjVEFwS0gNCnFkZUs5dnIyeHJZYk9Tcmpwd3NNbXc9PTwveGVuYzpDaXBoZXJWYWx1ZT4NCiA8L3hlbmM6Q2lwaGVyRGF0YT4NCjwveGVuYzpFbmNyeXB0ZWREYXRhPg0KPC9zYW1sOkVuY3J5cHRlZEFzc2VydGlvbj4NCjwvc2FtbHA6UmVzcG9uc2U+
\ No newline at end of file
diff --git a/test/responses/unsigned_message_encrypted_signed_assertion.xml.base64 b/test/responses/unsigned_message_encrypted_signed_assertion.xml.base64
new file mode 100644
index 000000000..bf127f4d2
--- /dev/null
+++ b/test/responses/unsigned_message_encrypted_signed_assertion.xml.base64
@@ -0,0 +1 @@
+PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfZTU3YTRiZmMxMmMxMjZlNWQxZTE3MjY5MGJiMzNjYTVjZjRlNTQ1YTE3IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNS0wMy0xOVQxNDowMTowOFoiIERlc3RpbmF0aW9uPSJodHRwOi8vcnVieXNhbWwuY29tOjMwMDAvc2FtbC9hY3MiIEluUmVzcG9uc2VUbz0iXzUwZjEzZGUwLWIwNmUtMDEzMi01YzNjLTAwOTBmNWRlZGQ3NyI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwLmV4YW1wbGUuY29tL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPjx4ZW5jOkVuY3J5cHRlZERhdGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTI4LWNiYyIvPjxkc2lnOktleUluZm8geG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PHhlbmM6RW5jcnlwdGVkS2V5Pjx4ZW5jOkVuY3J5cHRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNyc2Etb2FlcC1tZ2YxcCIvPjx4ZW5jOkNpcGhlckRhdGE+PHhlbmM6Q2lwaGVyVmFsdWU+V0J6Nkt3bEtZRzBKcXM4cGwvK1pqeVRCT1lGaFlsRjdDdldqYXdITERqMUU0V0JLVnc1QmM1cVR3MVAvZnlSSU1DQXNpblA5TCtsZTRlR3ZRTEFxbTJXejlBUHZZaFJ5MlY2bFJLU04zY21VUm9QRGtOSFp5b0lYWmQ4TlZ0ei82SEk5akZvaWFYRmRENDhiUTVhNkFZV2lLaUdOZEdpT055WG9tc0dPUzNzPTwveGVuYzpDaXBoZXJWYWx1ZT48L3hlbmM6Q2lwaGVyRGF0YT48L3hlbmM6RW5jcnlwdGVkS2V5PjwvZHNpZzpLZXlJbmZvPgogICA8eGVuYzpDaXBoZXJEYXRhPgogICAgICA8eGVuYzpDaXBoZXJWYWx1ZT4rb2R4dGhoWFM1YzA3RHRIeUFTeEtGUEhmc3M4TE1mWW5vckp1eVdLWHRuLzBKR2prT1dvQzFSK0VQR0o5ZEpZR2IrekZmSzd1akF0Si9BMkwyM3NEMGV3TVh5RHVkQ28zTkplRm5LYUNJaTBVbmdTTDZCMzQ5cUtXVDlHZ0I3b2MzOHFSYzhtSHVsaHpYdnQ0YmFUVjZmZXE4cnlIb0tiVXkxMEVsRXZXZ2t1RjBweWw1R1dLempJSnZzakZZOFJZNHhRRUNmRFkxcGRYQ2ZxR2RhQzd3dGFOdE1DbWFpdzVKM21FZnBXSnpNMlREY3dUUUJDYnJLRDJVNktEZzZNYkdjUzJWeGtoMEJkVWc5eWtaT2NocXVWYmJJd0w1dFdjR2dpWS9zbnBuU2dOWEx0ZjBSSURvdExlendtOG9kL2hmaGwrQVA3eklkVVVVWHNDYXBWUlV6Uk01Y1ZHN0NOaHBlQ25XcTMxem1hckxRblBtbWdqdTI3QlE3aTN2aWRud25hV2s2U2lmL29JUVFPMExWTXBBUXcyUWNpUU9SRk1lWml0TnUvTTljNkFwaXlvalV6a1Q4UjJlSitlcTcydmpQRHpybDJrYWdMVU1zMXJ0dFNmVVFLM0Zac0Z3bVYyKzJIM0FqaWF4bmFMYzVLUE9qMEJGakNyRzNSQy9TTmpEazZpU202L0h5aUh4Qmd2VHJyNEE1Y2tid0ZudEgxb1lKYlltY1JiQUI0cUVqd0IrK0FFZjlPVWVCVmNDVUM0cDluZEdMQzZNTkcrMzIzM1N0Mkc5ZEQ1dk54SUk2WU9MUGhwYlQ0Y1ZpYkZmRVRTdlRDYVNLVDN5THNOTEVlbUZxWUhoR0dNSFFjSFYvRFkvNmxhbFJSRkZVQkVZNWJnNWp5MzF3VGI4bTJMQncwQTN5OCswWHlaUFhCNEdZMlFIVWU5UkdUYVZHVkFoZXlFaTZ4RTI2bks1NU5ocnRnbDl4b0l2aFpMVmEvdjNCQ2ZFbnBZTCtYMVhQdzZwQnoxbEFZWjErN05abGtqcGw0L0FUL3AyMVNkZVVpaDB3OGZsMzNTVEpjWDYxdWNtcW9TS3FOL2tWUllZejY2SHFjTlpNb2dVYmx3bVNnQ3hGYU51THBydy84WlZjSlk4cHkrWkhSZ0JFNFJUclpoNld0TkwyaEg2bzdpUy9XSEgzYlRiYkEweXowMi9idGFZd1JZaGpLOUNTaDRPYjZ2MkZuSU1rMzkvSzV5VmJtZHExMFVFclo4SFllTGl0N2IvT3pmUVJ2Wnp5TnZHaWhoc3FsYlhPNUZSL3ROOG8xZFVuaVkxeURlcHZzS29LNmFUN3FGYjZYazd2RHQzNlR4MkY4NDFobHM3dVh5OVdWWUhKN2lxUnBkRU1taHBOOEFBWG5nZ3RVS1V4QTU2MTkxOGcyNjVtTXZERGgyckVUK2xBVjVIdk1WUXVYR2Zxd29ST0REaU1WRjJTZW83eGd2VWM3bHgzZCtkVU1SNFFKeHROd3hMVTJTWW1xL0thbnlXWTRYVGxZNmJzOE1pRExTdFlhYjFGN3hQK1J5S0JuSTBxdHc3UUJ3YytBNTZOUkxjOVNkaE1vYlRkYnlwMVpRdEpJL2F6dzBsaFB3Q09mZHhFekl3bHJtUVJZRld2dXZqVXpNcE51dkxPTlhvejdkbW9hQUpsZDYyZm0rZHcrUW1lYVRtZjg3K1luMHU1U0FBdW5keGZsOUNwemJLRU9JTFU5NWNRN3BKYkNTcGlkZWRoYm9YWithU1VKdUpub0ZPWHppcStpc3F3Z0M3UkR5bm1pQ0oyalppTDBxVzNJa0Y2Y1lKcHloOWMwMEthSGJTd3NkUTRrMm9Nbk91VHVvbVFHY28zR0NpSzJHMjUvRC8rU0FFTzJIODQ1UncyQ3d4RzdQRDFwRVU1Ylp4Y0VuLzlaVkR3Q1hxaEE5UW15UzZQaGZHWTRvUTYvSEJyVEZsSnN3OWRJbkdFMzhSZlZ2SkVWU0hGcklmVlZ4TVRzbUR5V0hFb0ROeTR0MU1QYkl5VGRuSldqWk1LN0ZZL0k4cndoQ2FHLzFNWG9wWEUza0Fmd1h5bkI0ZEtBUnA3T1lwcFBnS2F0NVV5Y0Via1pBWlpIMmhmMVIveFRBeExidzdKaGRaQytQU2ExWUVNUjYxczB1ZGZsN1BOVHdhUDF2Z0VSY3R3NmdDaTMxM0kxNDkzeUExS1FwMTNaekFQRUk0RkZnTVcvUmdSVEppWVhrZTkzaVNmeUxTTk9GRGNPaGxMaXpSWldqWWoxRm9RbE9vN2IxbGZsZ1pUT05mQzJzbWFtSDFZNGVUUlVaVjdxQXgzSWkxTHh3azFSL1phNm9VNHA0OGdHVUowTENCVE9WOU82Z0JSUzYxdFdSZld1aGhrUWFiTVphS3NxdEx2aW1PSW5NcFl6WGhsSEptN0Z1c0s4ajBsUGpqdjBuZUtDY2t5L0c2Zm5LTERaQzgyVER2UE5vQmVLZkRJWmNvUm9vRDhyejU4bDd3TWFkSzBUZzFqdnZKYmZLU0xrcmpidUpHeGp2L2hmTzd5OWFYNW43U1NhZ2orYkV3OVNIdlpSaWx1Qmtjb0Y1bVFOTGhIcjRtempnNlRRT0VkMmYybXhJNjJkL09mVE94Y2VFQU1Ua1VWWUpQRVUyQ01KWlJka2h5TXFiVGFJZGJVSkRzRmY1SlNBaTNuMVlWbGtWWDEwWkwvVE1TUTBUVjVWdnozOXprS29IcFBQY2ZHY1Y0Q0o1Ym1pYkh2RVdrTnN0ZXovV09QQ2RMLzFLNnhUeFB2NkNWWHNBMHJqQ2RJc0tGd0FsMGFTMmtLQkVKUmdhcXVLL2t5Vk5oR0ZWaHEwUG12RUFZZWwvbklpKzRiejZRQjlyNVI5Z3JNaUQ5dUdGMG5HbHlWRHV5ZHRLSlZYS3VEajVwVHpvSU4vM3FGQWFvY3lkWmJSMHN1RUN4Sloxc3pIUVJVTWNMcFYvdVFmVDRsMkpIajdIeVlqQUc2ZnBFbzdQKy9XelNCSjd1dkdxQXJOeGJHbzljV3JTQ1RpaWw5ampYd3N6eG8zQzlGc1RmUFU4a2FnSHJsalBhWEduMS92SFdYVTlTTVkwVjl4T1p6bUdXUlI2QmNKSW5qNXJaOFBmaHNGVVY3YmY3emFpcDdxZkJJWWRVMlRvekQ2OElnTHQxM1ZFM0ZDT1lHR21mM0hUVDMrSDhCSTBjbGtJMkt0TzZVdWQ2Q2ZVcjVmR0lGWlhLQysyalNyNlBpWG9kSkRBMU92WHM4VlZpOFltSm5QMTMxeHBMU2g5QWRVUGxPR2gxODJ5WENPNlN5Y0hYc1ZuN0IrOVUxU3Y0NXZlSWxhSWFSRVMwU0ZENVpxU215WkgxMWNHSEVwTUtZZWZwMnU1TFFxVVVsTEtReDNsN09WNTlYWG5yUmFnS0tRdGFrT29JSVdwcGFCeUJIdENCWmxGdk5MNTV0NlMvcEdwSUMzMzA1QWdubTRhdlJzMjZ1UlV2ZnhralNRZ3ZSeGltM2pkQTBzbUFVV2FEWk9KekE4STFjaG9CZnBQazF2WHBQWEhQc2hRcGgwdEVXeHpaS3dnTjZBQklZSGM3SXcvUXJMMUFtQ1c3VmpVZXpnQU1hSDNRaGNndE1QdExVbmZCRG1DZWF0ZEdUYjBBMm9iNlZFV3JyY0VnR2FOTlh5M3JrNXFGWXdaTjZieEwxVHVnTDdnRjh1NERLN2U3TTdtUzltU0pFbEI2S2NmZ2lhank4TWFlaVlRSFBWeGI1ZkZhNjhPcU96S0J2MkVKTTNmKy9WQ2xibHE4Q1Y1NUIrckFuQlVYM01Ray9aZEprU2tBWHpHL2hWQXpzb0s4RnNSQmJubWEyaFJYV0lIY0M0eUk2Z0xKV1ZYQzFxZnNXSkZzMmQvSGN0ZEVXQVNkS0d0NnFranVpMitHZFFLbnpjRUpBSkptUXdGVklObUNUc1JJTWxkajNMLy81RkpBL05CN0VpREFZeUJMcmhiblAwUkNLblBJWXVyMEpLR3pzSUwvSFBqRkNtRXA0L0w3eEE0ZFQ1bXRBbUVKeURoUzN5d0hoZ3QzQlV2bmJDa0lxdmhEZ2R2Uk9LZ2Z5RlJkNTlpTFlZQUx2TTlPUnpySzM1Zm9VeEpxMmhwSUlqLzRabyt2blhjaTQxVlZsdUpiM2dqZ1VuMFVSbDZhN1ZBQ2RkQ2UxR1A1ZmI0NE91YlJBbzdHYVpySmFkWnpWN3RQVlhnZ0xFVmZiaVovWGZVMjR6YzR0aFIrV3NtMEJTSmlYOUxFQ1doM1UzWjlidHZQQmx6b1hvSVhxZmhFQ1V6eGIxRUtOQ1dUUjJBNDVyNWJwRzJoVysvTmVNK2dqNUN0bGhubGQ5QXFHZGlXMmQwLzljMFdxNjJSM3RJVklScTZ1WFk0cVBjcUlWcFNaeWtPcHVnM3dkeUJBZFYyUXp0MUVTTVFaenVXWEJTSnBMM0NIQ2YvemNDRnZwWEo3RFM2QzNLeStteEU0L1ZJUlNmYWJYWXFJcWpMQXg2eUNLREdLa1N2c0k2QWFxTTRNN1hVU2tHV2JiVTN1SmlDRm1CMDRKS1U0OGc4VG4yMlh4ZXNNMWpobnY1N2I2Wnl1VVVneDBJTWJacW1iNUtBN3BWcitCdTFhaUR3L2VLU3k4TGplbjRBd0xGS0xiZGRTd2luSFNzWGpIYm03NDV1VEVZSm5NV1NYalRhNG5PMjhmRGZLeVcyM1BwWVNuZmREMjlEN3NMdkt2VFpEVWowdjZmWVhFZTNQeGk0czRQVVJNYVVPSU1jTFNmYkN3ZStHUm5FWXhRRUUrQkF3K25PcHVrNnVjMWUycHZHMWJGRHJ6UWJUQThtTDFmOVVacER1MlpiUDZUREFZdTBWNVVGVFpUWWs4cWNDZFBxcy9PdlZwMy9wTWJ4eWNlQ21UNTdEeWpLNHhnNEdFOERWSk5GRHlxeEw1S0dUeENMeUVpdGtDa3JubVhGdTNKV1NZdVNOa2RhbUxFUitIMVExamQxNE94SWdoYXdKRksvMTJYZElKSjNzUUlxNHdWV1NSV1VEV1h2eHhyRlBOSktuNUdRT0NJUEVRRjYzL0NNaDdlZGU5WnhTTGVQZW5qb0N5VjZIbFFQSUpwOHZXTFFnYjR6dC9EdXNReHh0VmJpR1FNVTdVUVZPTEJFeGRGZUFteDdiTTNuditla280SVVKYWRnYmVFa2txOXhPZW10dEh1RnhmUWFiNWU4WFl4ZG52bDM3NnR6bXB5Tm5jenB0T3ZEdHkxWnJBampubWhlTkYxcHU0d3ZDZElWS1Y1YmZxb1BaWTJVbnhURHlZemR0NmRKNnJEOG1POGNwdGlmRUp2cTRGQXdNWU1kTlVveVNtdGZTWmQ0MFdXNzlBa2dPU1NwMXIyZ2NPN2h2TjF1YTRBU2trVjRPeEltYlRhSllVWTFnZVFScTJTTVp1UlZhU08wNEMrRmg0N01ZblhncGh2bU80RkxYenY1bWVlQUNRWko3bHZldjFIOHZSd2JjTGZxejNtRFl2ZWFoajVlMjkrSGtEVEFDYXI2d2UvaWxrZGttdXhnWmpoQXY0UUlSQ1ROejE5WERzcGdiQ0JHZGZWT2k5ck03aTk4dVpVY1RzcDlPK0doTit5MG5Ca0R6STlxdnRSK1JFSHZVYnhsUEhzNTZyYzNXMFZ0bFNRYkF0SVA3M2t0bkV1azIvVTFNUElTcm1YbWs0WXp5RHNIRTFNUHJaVFZHTzJDQ21BS2NCQm84V21TZm1jd3RHNGVmYzI2Mis3UE41SUtZMmp6eWRNNHRDVk9ObHlFaEJPTUVJNHdNUjFlZGtLZ2tBR25sbHRtMndoUTd3L1lpUkJFNURXN29BOGsra2ZFaTdGbXQzR2Y4Ly9qa3hOUmQ1YzRlZ1JrVWJaVFZDRXRyWDJUQTVzV3FNTXBNSWxha2hYZFdoZ3p0UEtZQ1kybWFrYmwreFkwVkMxSEhpSEdMSFVjeEd3WnJPblRicVJSUkEwYXNjYWkzcDh6VVc1TW1aWGJOaXJUY0tGY2JpcW9KZHc0T05PVGhFV2JCeDc0TVgvQXozZnlpRG5talpSVlZ0RjlWQ09GU0JpK2lWaW5lU0JGMm1HL3d2YzdDdnRITEcydC9BMUNnL2RieklvWnJZVElreWg2LzNBc0RDMS83T3RjZEwxNitNSXM1RXBDbSt3aU9pOEppRlRvejRVc1FRREhNVm9iMndlWnFpR29ITHJLVngyM05zZWd3ZW5hZjZ2cVhESXExa2QwUXNnbTl0YXpNSTNyTVplU1FxU1BIWG5DV1Y0RlRmdDNQNTd4OGNId2ZtUmUwU1RNRUE1QjlFMFZqVDBWVWZtUDloOXBKaDNKb0RaY3gyTmEyTytqRDVUTDF6SnRJcy83TlB3dkl4MDVlWVByelliNWQvOGtGemF4V1ExRzUrb0VLNm1KckdaYkxXZzJaZ0dmNGFXLzRGaXVySTdxNFZzMDc2UDYvTGlsKzlxRFdIWFRJWGZIOExITkRhWTh4eFpoazFhT0hZMzdRQjNQd3dqMTljYkJWMHhRcHIwQzdlb3J1NnZnWmpEZHN4cTRralZQdmFUWWhjM1lPQk9qczhRbC9xaTVxOGNKTlZGSXUvZk4yU0kxb2hWSWU0QXdYT3FmV0kzOHdpY2l3ZVpmaG9EWSsvb0xrM1ZKMGl3aEdnTW43dTQ4VWxhajZwN24rL1BlUEMrcWNhNVR5WUtNTkNxUHUrSXQ1TWxIK1M1S2N1eXU3WHFWeURRdmJPTGZhdE5JWFZ4RVZjQWcvQXpjQnpmUVVVMnU4VElUWUl4TVIyRHBrY1JidG1FMER3enRIRlRPWCt0NGQwem1neFlqR3EvcmYvenZYUnRyM3BsT05ON2RyM1RaTWpTWHB5WUljSHRBSGZsR1FBUlpRdVZDamR5QUc1VmszZ1dkZE9qYXM5Z1V1djRrUnptYjJQNk9sZTJlKy9WRjA0a0tWd0dXNGhtK0s2dlhDV0k1bnArRDNKaDQyUERtL2VjcnowWC92NXgweUFieFQxbWJBMnBoeG1uVUxPS0NuUkhzNHBoMk1iVUhCdTBXNlpqUi9EdVpwYnF0SDBzR1NBRHJDSWVzcDZuQ3VjelpmNE1ISVhCbUQ5azNYdDczSE4rbllCVDBlVG82L2cyZDl3TVNwVTVXU1p2cXVkcVBuM2t5eDZPRURueE1ad0FjTk1YMG95ZEJYY1ZodE9VM2ZYUmp3YlpsUjF3eXFBa0tETk8vRzFONHNQZEJBa3FhR1RHVGR3c3JzNXhqcnB6bWEzd0RycHY3Wm9CMWlkUjNtSGRKdnNtdnY0blZmU2lYaG5wN3ZoakI5L3B5MWdJZ01ScTVIalpmaTl4Yk1XUjJYdllhV2ZlRTJTbkQxRFhoR1pZekh3djREU2w4NU5CRUw5bFlSaTdpbEYwMnpRU2NDcnplRkR0Z3ZtQlVSNzQ5UHA4U0M2am4xVkswSWVLbUpmaHpqWDFNbURzV2duTVJUYVRTbVRzekVqU2RacVFWZVhXTzVjR3RRY3NYV2tZSHNEd09rUEE0U3NrUXAxbmVkam9BUWRhQ2xQcTRIN2Q5LzFEM2JueHEvdm5xb1ExNDBlVTIvV1RLWUplRVo1dlhNREMxUFVyRkdKbVUxeUJCR0VmMnp4ME42NG85YkxCczJORk9rNTQ3aU5CalhDOW1WcnpNaUkwWDZ5WWttczk4b3Z2M2Y5SDlnUGdtbGxEaFJkSzdadUgvWGsvMnVRZXkvclRwYkdKd1lOckpoMXNOb3cwL1dEYU4vNldMV1NvU0F6eEZwZXhKcjV6NEFNS0JBSWFrUHFFdjBTZ1RzOFFvZGtjR2ljSGFNdFg4NWVpUkdLZHlsN0pLV0krYjU5MWZMZlJJMVVsOGxjeVkwRXh6MkxhZTk3VVVwT1FuSHBpSys5dnNqU2prbEFDcndaMHZVRGFoNllHL0Q4OGMwbnZDU3NoKzNNYUJsc25Pc2VyT01aQWF0OTk2emRKRkpYRkhFOWt6dytrekw4N0VJV294Nk1ObXdKWlZ3dUxHRkgzZkY1bU0xRk8rdFdCdDZ3UFh2b0R5dGVnY1BGOCtpZ1pJYzN3VkpDZm1iTWlnaDZRY0E5d0YvU2p3SWYyZ3VpdVNORDUwOUFVN0U1aTZYK0FCSGs0OUdSSEdlQmZLbkMrQzc3T1pVT3JpeFErUk1aekhVdUZ0SmZKWWJJd2VxYkpZdHhoVWREVDNGK2pYV3krcWcwOW9ONldPNmRFYk55MHN0Y3BtSUFHLzFxSmwvd3o3b3R1aDY2bnV0QW9TaHJ3eElyWjVEd0ZOUGdsUnF3bzFTbENMV1EyNGc1QzAzS21Fb29NSHdFTURtYStac1E2aVJlbllFVkVLR09ET1lqbnZyK2psZktLQm1tWVFDSTA5WjNEMzZWWEdkM0JNV1NmZXVlMElLcUtsb2w3bS9YM29wdGlpY2R5Y3hQbmVUZlNxMVdpVzE5NWVscTlPMysxQTFabEZhVmlpdmpjcHovZzQ0ZTJBM0tJKzE0bWMxYzF2ZFM3cDUvUjJ3aEUydVcvSFN2enREdlZqQi9PUUVOdTBia01SZVVwTlNYeE8xNjVyTkViU2p3SjAxQld3QkxXSmZsTGp0ay9UdUVyb3N1cXVScGFHZGI0ZEhrTHZWWDM3Zjk4ZGpqeFdoU0hrb0NlakVaWGtVSmc5a1l5cE1hMnhVd214ZFRGNGMyaVZsREhkNllVcjRGbGRzNHNsTFdOVTNHRWs2RFprSytaaFk3emRCRVloMUFCMThmdVhacU9qWGMrczZrZk9GV1ZzbXQ2aCszNGd0anl4YXB6STJBMUR2TDlnTFV6ekRLR1ZyZ0VJNlA5QkJPVnhLWXdFakNZY0NZT1JJYUdxVTdUZ2Z6bzNtRE4vQTU3MllXSnNxc3VoRDVJRHZiblhVU3RCdHd5TithYjF5dzZjRlBEMzkyZUlFY2t1RklhWnlrQ3NZMlNvbERqWU1HMjRiRFo4bzBOL1Y0N05xancydlNjQlFkQkQzczRCVVp2SGhoa1NNYU1YRjhUY2I1NWMrSGhva05IVUNSOEVDT0lKSUZWSGdoTzVaNzliNDlOQkhrNHRVdXFHMUxBVFJnOVlia0c5dCtnTlUraG9hQm1QRVpPQWtQVkljaFN5RTg2YkZlbkxyb0VSeTM4R3NIM1Z4Y2hOK2F6OEtNMzg0SGFIUHdhQ0NOUDdLZjh6cjBZWkJuWDJtWDlVWkZHSHpYYlBtSUhBVFV1Nmtac0NwY3QyVElOaHdlNDJGWXpsS29LV2RMakFiRlN0K2dsb0JGbS9Dc2RiYm1zNjI5dDE1YTJzbEFnblMySXB0Z0oxQ0lONlo1cDFwcEw1TUl2TUhIbGRLUk4wODMwWlIzMnlZMHEvcWhPdnFzTHhpdTVxczdPUzV2emhVQlVNcURmc0ZWd3grSm5FS1RBOCswV3YvbWZSYnp5UE5EcTBGZW1RUWkrN0lBMFIzNkR5OVlubnVpd2RpM3BvU3VXcW5WajBCMG0zazVHMXRYTDliVUdQMnRjMTlWcSsrYWNyMDFSbytmWkRnSGhOVU9oTi9ZU2F4cWJDVHlGV2ZGcFBHSUEyTk84OXJOYk5adzBxbFB0OS9PR201c3ZOdmJ1V0pTb3ozZzhMVzJxZENYV1FVZDB2M0NjTGhnUmZiWjlPT21BUkJzUDlYejRLZzBUYXFld2tYd3JGQVFLTk5teHYzMnM0eWRyLy82QXRqalBWTzRhV2FEVmVSVzFFSFlsQXVqSkw4WWRBSU8zYTBzcTdGQW93UTFkbkpCK1YvVFl2VmRMRkVpRlJEUVJmcmlHSTZsVUluUHZMUXVLaXk3WUlrOExlUDU2L1VEQ0srRWlJcE5CNnpId3p3bU0vTU53dEtLendrTXorQmRZUFVMbVZ3R0ZoSW94MGJuY0ZXNzFJczhzaWwvYTFiZnEwVkk5TnMwSHpEVVFYamFTaVJxY0hXQlgzQkpDbFU5bXl1Z1dTb2VZeFdTd3ROVTJISzJ6b1JzQUVyMjZDNVVDazBJaXRzT1gwN0doaU5zOU1ZejFBc0ZWUVRLSjBtWDRFR2I3eURXU2czZC9UM3EzK3p1RjNqSVkzNHBqbjl1eWFBSkV6UnRnWmVCOXNZOS9qd2o5ZHhwVDBlb1pqazFFSHBhdkw3cVJkOUx2Y0U2ZllMTysxRWdsZkxFT3lzRm5ONkZjMHQ3UGkxVXdHU01NbXhuTEl2V2pBV0VLcFd1RGUrRUJZWW1CUjJhclhRZ2ZPRU9xbDNEeTR3N2NXbjA1Zz09PC94ZW5jOkNpcGhlclZhbHVlPgogICA8L3hlbmM6Q2lwaGVyRGF0YT4KPC94ZW5jOkVuY3J5cHRlZERhdGE+PC9zYW1sOkVuY3J5cHRlZEFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==
\ No newline at end of file
diff --git a/test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64 b/test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64
new file mode 100644
index 000000000..96b55d787
--- /dev/null
+++ b/test/responses/unsigned_message_encrypted_unsigned_assertion.xml.base64
@@ -0,0 +1 @@
+PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfOTM2NWZhYTNhNmY2YTIzYjVjZDc1YTc0Y2IwNzg2ZGMxOWU4NDUyMDBlIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNS0wMy0xOVQxNDowMDozMVoiIERlc3RpbmF0aW9uPSJodHRwOi8vcnVieXNhbWwuY29tOjMwMDAvc2FtbC9hY3MiIEluUmVzcG9uc2VUbz0iXzNhYjdhZGIwLWIwNmUtMDEzMi01YzNiLTAwOTBmNWRlZGQ3NyI+PHNhbWw6SXNzdWVyPmh0dHBzOi8vaWRwLmV4YW1wbGUuY29tL3NpbXBsZXNhbWwvc2FtbDIvaWRwL21ldGFkYXRhLnBocDwvc2FtbDpJc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6RW5jcnlwdGVkQXNzZXJ0aW9uPjx4ZW5jOkVuY3J5cHRlZERhdGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBUeXBlPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNFbGVtZW50Ij48eGVuYzpFbmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjYWVzMTI4LWNiYyIvPjxkc2lnOktleUluZm8geG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PHhlbmM6RW5jcnlwdGVkS2V5Pjx4ZW5jOkVuY3J5cHRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNyc2Etb2FlcC1tZ2YxcCIvPjx4ZW5jOkNpcGhlckRhdGE+PHhlbmM6Q2lwaGVyVmFsdWU+eGtKbjdMUUhyVFp6TGRyTmVjMzNoTVNDNWRjOEIwdU00Znc4SEtod3BrV0lOd0M5ZGVhajBRVno0Zlo4Mlp2MlFkUDN2NnIwd0ovOFZyVUlGOHB1SlRIU1UwdTJFVVUrWHFCSnh2aXZHcDJVaFVQQ3lXbWlyU2k2ZWZCbldxTUtoT3o1WUpvYUxFdTE3eXcra09uYXZMWlB2MmJCOGI1Ym8ybVpQaWFQRzZzPTwveGVuYzpDaXBoZXJWYWx1ZT48L3hlbmM6Q2lwaGVyRGF0YT48L3hlbmM6RW5jcnlwdGVkS2V5PjwvZHNpZzpLZXlJbmZvPgogICA8eGVuYzpDaXBoZXJEYXRhPgogICAgICA8eGVuYzpDaXBoZXJWYWx1ZT5FUmlUa2RKekpOODQxcUlSd1Q3OStsYVRRWld6ODNvc29Lb2hSQklhQkhOTGFzR3VCQXBSNmlKcXNTclFiMi82d1dkZERhTk9xYm5CRVkrNlplMW1TekRqWW9tcld0VkREMnBzcnprMVQyOUc1Nkx1VFFpT3RUdE9VbE9QT1ZVa1M5VHAxUmdDWG1pN05vNDlsSkpIeE04YjUzWTZoTmpKUWlTd3JFZHhocnY4M01TdXFZYWh1VDVuMnlCOWpHZy9abkY2SVAyWVhMVDdjZDRrWVJqLzBnMG1FQkdBSUhWM1pHUkxWU0tnMENNVlBuUVVDUExYcVZDS29SYkYybnQ1UjhRNmdHbUttLzJ6c3lFZkR3L3ZXMDc2ZlZnNkVvSytYVlovTS9nSEtjY0EraXllSEtNTjJrL3lXZUhuN0ZCMzJqWTlvUjhDdDZtVzlKbGdCYmxpTTFTQ0RNbnNodUpYbEtueVh1dk9mSlFkMTJOVXJ0OWxXQUN3bktRelNaM3kvYjVVdGhhbEFZVGdIUFZ0TDg3MWhYbkM5TVRlVGZBaytIcVY3bmZkUEpUay9qVkRJaTBXc2JxbGYrcHBDMW52UmFiOG92V21mcFVLRlloSGhpUTZLNlhRR283eFQvZEtxVjcrMnd2aEh0dllQdDhpVzc2UmtXdEhWRWpaYUhqZ0NGL1hHcE1yajVDdVg4S01RM2I2N0NJeGIyOFY1TXhuVVhySlYxcTVUbkVGNTZidmxHNE5OcVFUWVdNY3UrYmhjQTV3MUUvckpaeFNLZnBnN1ZkVDRSTUEzczBaQ1hzOURSN1JualFQOXN6cnl0YXJNUndGK0FJMDdBeHQyL3o3MXQ1NTFyTnpDZWROTGRRRm5GYkZoOUlnRFNtWWluN3kxbXhzYTdJaUxVWmNKd3RKVGgzM3RLZjBPYndNZmo2OHZXZ0VKMEFxOFpqbmhWQjdDN3NSSzR2aDdOT2dsZFMvQ1haMkw1RTVrWWgyaFZ6cWgwRUdKcmtPczNSYjMvbmJaQ3dPNHpkQVl2djc0cXJQVWtFVXhHMy9wOXdqY2crYlNGdWxjSkNwazdpMCtObnNvY1EzT3BEUUdVRmh0djZROTI1aDJMREFZUVNrUWdJdlBucWJ0K0E2VlJDbmc2ZyttTXdiYndQNm8vYWdZMkN5ZHVFRDBRSU5Bdlp6ODVDcHRzM3VmNHV4SkVuYXp0REdUMVJCUEZ3aE11SlZ0N1FlNG5xdXJSZnRDaCtUNktpVnZ3RTZDcWZ1UkZRbStTbFdGeVlxNXU3R2RSTkZzdVQzWUtqaTNtRitVZHFnTkphKytSNGJwT3RabTFRUXp2MXFTUzZVQ3RySkhiakJYaFlEaWczZEV6MWVya01XQ3d3amNpY3BlU3JqQkZjMGxjMVZ6WWZtMW1PWVdCSFRFMlJmRG5FVXp0T3pCVW1pQlZEM0dYbVM0eHJVRXJJcXozUkhlMWVyRzhId1NaYmZzWGZPcGZSNUs4UnNxTDVBOGwrdmpTTjZ3ZlFHQjF1SWYwN09QcGx6TEwvVWxaV2NQUXErajBHR1FBZC80S2JsNWdpV1NTYnd1ZWFXOTUvZFVKUUdjT3c3Z0l3OUxJUmFzQVdiNkpRMC9UUmd3VSthN0hvaitjRkFkV3hrZVY2M1Y5ZzRCdndPVzNacjAwcFNvMkc5ZytLVXNBdUZReGs5aDljREVxZEVNMnZQdGZlU2tqcFhPWm5HT3JSTlZVRzIzbGdKSEVRc1ROYitWUWI0Uk9GSkJWampkcEU3akhNVTlZYUs4RWZRb2tVQmZyKzhPdElkcDkrTEFVbmZaM0pLR01LT1JPdVEycnRqYjNOQ1o4c3k1dTZ1c29tMG1iY3hIaVZxQStYYkZZb05mZXI0SnlxSSt2YW5TQytkWG5VRUhuV3hGOXM2T3FtU0xVTkNRMFRsS2hYQS82U0VCVEM1TGIrTnVzdDgwdFlIU2dCbTJTNDlhRkQ1c1Iyc0krOFNDZDNmZnRjeVpFU1pDSDd6SC90MGM2Z3I3QUVJUEhhcm8wam1KUFgvMlN4Ym9mMFREbWQxVkNQMXZFUUlLby9qWGdpUHBsSVBNemsrWlRLTENuNVRHamxCWFFNTGtFZ1hRdUZjeGY2a3duV2d2Vis0d2ZrVjBkU3dlTUY0UklxN29VQk11UmNLTFp6c0kxeEsxK09nMW9yb3Mvb01nbWtmQXZSK0xIbi9xMnZsNzNIZ1RNS3l0aTV0QndXSkJER1ExdUtQNFVEemxPM0wzU1U3MnhUMlNlQWthdlU2V0owZno2WFhSVklZbmZrZnpKNm5VcFhZeEVBN0crOVgyeklCZTZ4OW95RzFyT0I4dE5HM0l5SEpYZlZ1ano1VGFNVnljUDVoRnFCeStFTjJXRjFWdTBxTVVnaTdaWTl1MnhEbnJJOVhrWUQrZDBoWGhDNk93L0V6TWkrVEhWNncyTXNPaHk1RTBGTVFQYmlpcFJTaXJ6eHMwYlFrS0xtZ3hreGF1bGFXUHVDQVRjMmxOWk9iMVhwM3kyNzdUWDVJa0pRZGJvMWg3NzJjVVRmL3RmVzZsYi9teTM0VmJGRUpFdXNNWFNQeHdYYTJMa05vcUR2SUJQanNNWW5vZ2FncmlWV2QrV0RJak0vU3FoK1JoUm8wT3dwL1Y0dzhLaHJDVTB0RkkvZzFwbjU5aTRtcmhuTVV5ZVpkWVNQazBURmROQk1la01CNUtxM0NjOWtIU3BlNFRDQWtXa2tuWjlxS0Ywc0g3a1FuRHpmdldzckxESGR2OWlqWC9LeitKNHd3b3BlU0tjTGJqT09ScG5OZDBzQXVGNEZod3VPaDl0OWJIZ3hJVk5waXBjZmlNVUt6eEkxSWNMUWpGQzdhTnVjL0srU2RXNG13MUw5ckk4SmloTkgyMXZpZDRoOUJaVWFZMThmZWRXdmR0SCswVzJUUHNIZ01LTTVLYkFEUzZpeGN4YUs5cUJBRUxEYVJySXdZMjA5cERnRElqNlRVL0lyaEI1U0tHc3JFb0VudnZ4RFhJZHM3dlpQZmJuNlE1S3BoeGNVNjZ6TGhJMUF0R21Za08xdUlSUnJqWDNBMXpjaGhIcEUyT21URmhDRExZTUl1R1BoWTU1STcxTm56bjZ5c0YySEhueFJCV0VJRVY4YUVGRkE4N1V6cWhkek5XSTNzTWN5N3lWc3lMeFdwZFNCK0dwc0NNOXZVMStCUlpoMTBLZU5ST1NRcnlZM2xVcC91WXBXQ3N1VFBNWHVZdnFTNlJTZWJGZ1Z1MzhiZ0dmYUJ2TElMZmIvWWtjSFdHUC81WW8vbmRFZ3NUSTJwRFRxZHBEQXJOYXhvSEpKK3VDMURoUEtzUWdjMU9MdGRjSVI4MWVIbjlKSGRVS0JSV2NIVSs4R0JFY01tRmpIcmJyN1Y4ZVZQT0V1VG9kTzFnSWpRdVVDME9qUkQ1TzdnYWRQTndNRzVKVjNRODc4VjhzdGtyUUZQeUZkZ3NDU2pyUFBnZVhpZm1zWkRlVnpWdytiam9BQ3FiVEhjWUdZT0VZVWtTZlllNEc0M1lQL3dlMHdyNGVoSlVvOW5qNHRhUDhJTjhubm44WlR2dWFpOExIVmdSWit1WFpJN3FKdk9Ub2oxczhxQmw3S1daVEhSdVZDdkFDdlpwN1Y2bXp6QnhLZFF3QjhBNS9tbnAzam5WaGpGa0RUemN6QkRhUHF5aHVyTjNwWVZkR2hWNjJUVHJFQ2YwNHUwdXZKWS84NHY1NnhIc25ET3cwUHRLWjNLYlJkYVFUNHJJM1lmUzdGbEk0amsvdUljRzVPaWpLeHplSzh2OVVDRG43dEFvREFUa1NRdmk5VG45Y0pmVWRMTVlxS1hOKzNDTEtPc0pIOTc0Yis3OFpoRnBsRDZ2Kys2UEh6WmFlZWxQa1AvOWE5dllVYkRQWDNSeDNieFZmY1ZnTzNNdm0vMW1CL0Q3MXEzM3pFVXJlUzBxQlF6THFXTFNPbUFjYTl1WEFzVE1ydlVCamwySXI1TlhjTHZwbTVrVU11M0IzU2F6SmlEVDIxMmZQdTAzeFQzUElZbEdNWHljMTBLbUZCeVhldktBY1JUc1M4b3Y3SUhuY3R4bzZBczIvVXNpUVUwUzJTYTJmeDB3N1Q5K3lMT1BrVVB0cGxDTEhqcVRxM1pEc21wUnBEVjNYWUZNVmdCTE02THFLakRlcDN1SkIzUTFQWDFwZXdIM0hrbFd5VjdXeUlXc29ENmhGQUQzdFJpbnJJT1oyR1l2VStGZlRmWnVKMkJsNlVHcEpWM3ZZYTRNblZ0UWxweU5Lc09vQ2Z4QU80eGkwY1dvdGxtSnB5T3o3UGxFK21La1lDS0RsN2kzZzFuYnRrMnZDNmwxWjdySmFQa1lMQnNqVzRXdWlmT3M5aC9EeXJtYWVTazJCR2NUMXc4dmdpRzl6c0hzUkVwY083SUhGbVB0VmlOZHd6UlNkKzB1ZnVicDFnNDJ2Ny8vV2dOVS9zd1QreGVVazVFdy9kbm5uVmpXRjdpaEtHK0xqQTZaRzVXdkNZcWV5VDFLZmZDSkMyYXdTTDhtZ0hUcGFCSGZPNkRiQStabmgrNW1OaUhOZEQ0S2RDcVVOdWFDVzNPTDNmdGovZmd5WExtNEpRbDg4czNpeFBrSFdETFFra3ZOSEpmNFpNRDBaZ3p3MEdoWjlkRUVsY3JHclRTcTJLY1gwd21BQzJiTzQxRkVmdklpNFlHVE1pNDRxMVVIN3NLaU9hbTRiRHJuV2Y5citlY1VodXRDaXZxQVk1Zys5T1B0M1ZMZ2RFSHY5SHlVazJQallCQVFKQStuT1NIbkJHeExKUVhEMHVYWW9YM1JyOGM0d0hDeXlDNXBuUnRXWDZmTGlhWHJydG02bWk0Qnh6VUcwRkdCV05qdmFDdmJnT3hGTjdpOHhzb2RlOEZFbERVRllYcDhNRzN5Rmx5RHA3RkhFWnNXd1VYNThFNlpqK0hqQlVFVGNZUVhValgzZ0JDMlJ4alpjejgwWnNTYUZFSWhzcGhJQXpSRXIvSmNmUmdwSkg3YjBGdmJHL0VJUUJHTXdTWjFMSzdaTTBvWEpZK1c2QkdTaEt0cDhlT3I2RWo4ZnhjeFFvRHhJRDFIL2pnS3d6bHRLcTZ2MWZwWVNiQ2pkK2xFdXozT0JSTGErYlZyOHJ6U1JlekoxWGJRQ3ZDRGsvS2VRUzJhdTNGT29HSWhhWVR6RGVjOEd2RXgveGUxZ1FqdXVtQ0tzZkRPQWRUazJSTkN3N3p2c1BHaytJTXRlTVVOSnlhK2JFSzhqMXprYi9FbHhjNnNtd0FTY290WjJtZUtlL2xoaDBUd1g4blZCSGpUUC81Z1BGR2w4ZmwzNmFKMURxUmlqOU82aXYyaDlkY2tUMXhiQ1dZL3BXOGdGNy9UeU9Rb0RqZS9KTFpnOTd4aFowUHhvUXlXSG9wWGxOYUtpdmZEWEY1c1Y3MmxjT3phelNQMzJtU2VsSnVoNGtFUzMzMmRwalFMc2lUMlRHSzd0c04zcjc3Uk0yaUtwQTNIRS9YeWhqeUZxa3dJNGM2RTd0Q1FtWTlDUFhlTldaeUxXWGRMLzRGZ3ZzN2VsbVFqaFZ2aHgrOUs1Q0x2NU8vRFlUZUIzMUw5b0YwekxWNk4vSyt2ekNPRmFGVDZ0STZCK2ljWFV0Y2N1S0djZ2dJREY0Ti96K0FLQ05LMW0yVFgwUDBZN1pQRVNkVnp2U29ZUXFZYkNSeCt5R1RBQ0VIZDZjNzJ5M1VsZ2VjaWZzY2RKOTgzRitRREZqZVpCUmY4QzROaFd4QUx5cndxQWcxdEtKUFg4UlhFcFFmSkRIb0dOZElGRnZlWmhrdS80aFlaRjZCMkdKOGwvZmdJdFFEY3dTbnFjdExOQmx3VkowUDVjZ2JVM1NDQVlRRi8rbGRCME5KaUo4Z3pZT1FDcDJOOGtKRUVsNGNjNWdxMjh2NUJ0bVVHaEE3R2lsUzRaU0hzNnRKSXVxZWdvOFpXS2lyNEtJS1pnNVFpaVRmSy9zTUU0dS9aYWRLSm5KNW1oQ1RFK003SEcrVHlybW42cmtnc0hIbjZzVGM0cHgyM3h4SUgzUElNNVlDUXdLMER4b3BhZmxYRFhVQndZWVVyN21POHp2K05Mekkzby9ua1F6d1gyK1dwM2NiOXFFUy84TjdxNmgzNjUzeThqZ0tZaSsxVHYrT0RMVEZheDlRa0FHQUtOc2JlVzlkT1dDR292RFNsY0Eraml6Qm1PK2FnMkR5MUFvWkVJL2lveTlyZm1OV2U3ck5DdlIvdWxWTnN5ZUM3Vk8wWTNvNmc3SkN0dGpjNStCZWg0L0hDVGcvQ242bDEvL0xodTFqVmVjU0NaUU9UdjV3TFFLcUlURjQvTnRuZUd5dFdrVXNyb0p3TXUxUGpDRkJDcDBJOTM4dEJrOG1DcHpmNTdpM0M1MEkrdklFRk5ETnEzem1vU2tjTWFlOFU2S3ZwMS9lN3A0d3R3andIQXZ5N1B3ZXd0WXpuZGhUNUN3cUVxMXVOL1Nya0RsWGFDQU1aR3Q5akhUek9OdmlYam94N2wwZnIvbDhISjd5L0dMbm83d2RFMDBhMEx4emx4TkdOZGNLdXFyRGpuZEUzUW1MVVhyelRJQ1NINysyUDVicWhvZVNqajQ0SEF1L1FrREhwQnFRbDBrOTJEaUt5NFVTYlVMbnJBbFJuOGl4MHU5dUFaTCthTXdyRVJ5RnRJb2V0TkpNcldwa0VIRUxnMlY3NDRxUjNRWThRbmp2TDlqbUc1SjFyQVhOQ2sycWJGSTRTTFlPK2JMSUFaYXhJY1hyUDVHTWYvb2pZVVpFbkJpbnkyRStKV1I5VEZSamgrOHl4WGs5L1B3SldJM1JESkZkVjZyWThyc0ttMU0yKzAxcU53akFZS2tXVGR5QmVnM0psdmI4NEJvcU93UFBvSkhYS0IwZkpzWTgyUi9Gb1ZRSzI2YUw2YkE1eGNBdmZWc3p3U1lzKzR5VEpBMnJvQT09PC94ZW5jOkNpcGhlclZhbHVlPgogICA8L3hlbmM6Q2lwaGVyRGF0YT4KPC94ZW5jOkVuY3J5cHRlZERhdGE+PC9zYW1sOkVuY3J5cHRlZEFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==
\ No newline at end of file
diff --git a/test/slo_logoutrequest_test.rb b/test/slo_logoutrequest_test.rb
index 3f0406e37..4eab50878 100644
--- a/test/slo_logoutrequest_test.rb
+++ b/test/slo_logoutrequest_test.rb
@@ -35,7 +35,7 @@ class RubySamlTest < Minitest::Test
it "return true when the logout request is initialized with valid data" do
assert logout_request.is_valid?
assert_empty logout_request.errors
- assert_equal 'someone@example.org', logout_request.name_id
+ assert_equal 'someone@example.org', logout_request.nameid
end
it "should be idempotent when the logout request is initialized with invalid data" do
@@ -58,9 +58,9 @@ class RubySamlTest < Minitest::Test
end
end
- describe "#name_id" do
+ describe "#nameid" do
it "extract the value of the name id element" do
- assert_equal "someone@example.org", logout_request.name_id
+ assert_equal "someone@example.org", logout_request.nameid
end
end
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 5c34aab79..0478c1d15 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -94,6 +94,26 @@ def response_document_assertion_wrapped
@response_document_assertion_wrapped ||= read_response("response_assertion_wrapped.xml.base64")
end
+ def response_document_encrypted_nameid
+ @response_document_encrypted_nameid ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'response_encrypted_nameid.xml.base64'))
+ end
+
+ def signed_message_encrypted_unsigned_assertion
+ @signed_message_encrypted_unsigned_assertion ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'signed_message_encrypted_unsigned_assertion.xml.base64'))
+ end
+
+ def signed_message_encrypted_signed_assertion
+ @signed_message_encrypted_signed_assertion ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'signed_message_encrypted_signed_assertion.xml.base64'))
+ end
+
+ def unsigned_message_encrypted_signed_assertion
+ @unsigned_message_encrypted_signed_assertion ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'unsigned_message_encrypted_signed_assertion.xml.base64'))
+ end
+
+ def unsigned_message_encrypted_unsigned_assertion
+ @unsigned_message_encrypted_unsigned_assertion ||= File.read(File.join(File.dirname(__FILE__), 'responses', 'unsigned_message_encrypted_unsigned_assertion.xml.base64'))
+ end
+
def signature_fingerprint_1
@signature_fingerprint1 ||= "C5:19:85:D9:47:F1:BE:57:08:20:25:05:08:46:EB:27:F6:CA:B7:83"
end
diff --git a/test/utils_test.rb b/test/utils_test.rb
index 1f88fd058..f26a34e43 100644
--- a/test/utils_test.rb
+++ b/test/utils_test.rb
@@ -142,4 +142,4 @@ class UtilsTest < Minitest::Test
assert_equal = "The status code of the Logout Response was not Success", status_error_msg3
end
end
-end
+end
\ No newline at end of file