spSingleLogoutPOST.jsp revision 0fdab8904a8fe223f6934b878769fe45e7651c60
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews The contents of this file are subject to the terms
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews of the Common Development and Distribution License
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (the License). You may not use this file except in
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington compliance with the License.
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington You can obtain a copy of the License at
01bf5871f8861eb805dd8ca79bdb9b0b9e4e6a5eMark Andrews https://opensso.dev.java.net/public/CDDLv1.0.html or
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews See the License for the specific language governing
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews permission and limitations under the License.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews When distributing Covered Code, include this CDDL
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Header Notice in each file and include the License file
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews If applicable, add the following below the CDDL Header,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews with the fields enclosed by brackets [] replaced by
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews your own identifying information:
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson "Portions Copyrighted [year] [name of copyright owner]"
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews $Id: spSingleLogoutPOST.jsp,v 1.8 2009/06/24 23:05:31 mrudulahg Exp $
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson Portions Copyrighted 2013 ForgeRock AS
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<%@ page import="com.sun.identity.sae.api.SecureAttrs" %>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews<%@ page import="com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement" %>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
4038ab55037184d76153afd3c469aa8c85adf85dMark Andrews<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews<%@ page import="com.sun.identity.saml2.profile.CacheObject" %>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<%@ page import="com.sun.identity.saml2.profile.SPCache" %>
bac2ed6ec3fbb5420e6ce69dd1218745d4e02b1eMark Andrews<%@ page import="com.sun.identity.saml2.profile.SPSingleLogout" %>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<%@ page import="com.sun.identity.saml2.profile.IDPCache" %>
ede29aeb412c5448ab9a2028763ae08e7887ca74Mark Andrews<%@ page import="com.sun.identity.saml2.protocol.LogoutRequest" %>
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews<%@ page import="com.sun.identity.saml2.profile.IDPProxyUtil" %>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<%@ page import="java.util.HashMap" %>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<%@ page import="java.util.Map" %>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<%@ page import="java.util.Properties" %>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<%@ page import="org.owasp.esapi.ESAPI" %>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews<%@ page import="java.io.PrintWriter" %>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews - receives the LogoutRequest and sends the LogoutResponse to
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington Identity Provider from the Service Provider.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews - receives the LogoutResponse from the Identity Provider.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Required parameters to this jsp are :
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews - RelayState - the target URL on successful Single Logout
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews - SAMLRequest - the LogoutRequest
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews - SAMLResponse - the LogoutResponse
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews Check the SAML2 Documentation for supported parameters.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson // Retrieves the LogoutRequest or LogoutResponse
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson //- RelayState - the target URL on successful Single Logout
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson //- SAMLRequest - the LogoutRequest
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson //- SAMLResponse - the LogoutResponse
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson if (relayState != null) {
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson CacheObject tmpRs=
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson (CacheObject) SPCache.relayStateHash.remove(relayState);
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson if ((tmpRs != null)) {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington relayState = (String) tmpRs.getObject();
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews if (!ESAPI.validator().isValidInput("HTTP Query String: " + relayState, relayState, "HTTPQueryString", 2000, true)) {
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews relayState = null;
c25080dc50542213058c240226c9f342186e6285Mark Andrews String samlResponse = request.getParameter(SAML2Constants.SAML_RESPONSE);
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews if (samlResponse != null) {
c25080dc50542213058c240226c9f342186e6285Mark Andrews * Gets and processes the Single <code>LogoutResponse</code> from IDP,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews * destroys the local session, checks response's issuer
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews * and inResponseTo.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews * @param request the HttpServletRequest.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews * @param response the HttpServletResponse.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews * @param samlResponse <code>LogoutResponse</code> in the
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews * XML string format.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews * @param relayState the target URL on successful
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews * <code>LogoutResponse</code>.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews * @throws SAML2Exception if error processing
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews * <code>LogoutResponse</code>.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews Map infoMap =
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews SPSingleLogout.processLogoutResponse(request,response,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews samlResponse, relayState);
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews String inRes = (String) infoMap.get("inResponseTo");
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews LogoutRequest origLogoutRequest = (LogoutRequest)
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews if (origLogoutRequest != null && !origLogoutRequest.equals("")) {
c25080dc50542213058c240226c9f342186e6285Mark Andrews IDPProxyUtil.sendProxyLogoutResponse(response, request,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews } catch (SAML2Exception sse) {
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews SAML2Utils.debug.error("Error processing LogoutResponse :", sse);
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews "LogoutResponseProcessingError",
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews } catch (Exception e) {
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews SAML2Utils.debug.error("Error processing LogoutResponse ",e);
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews "LogoutResponseProcessingError",
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews if (relayState != null && !relayState.isEmpty() &&
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.SP_ROLE) &&
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews ESAPI.validator().isValidInput("HTTP URL: " + relayState, relayState, "URL", 2000, true)) {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "Exception when redirecting to " +
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews relayState, ioe);
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews <jsp:forward page="/saml2/jsp/default.jsp?message=spSloSuccess" />
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews String samlRequest = request.getParameter(SAML2Constants.SAML_REQUEST);
ca12f7f4cf72e2368ee946f3eb4915ab73576cdcMark Andrews if (samlRequest != null) {
7c40ffd67bd1e73907f83a79a6ff8c635f4a4a74Mark Andrews // Logout SP app via SAE first. App is obligated to redirect back
0756445a735e2df39bf798d8de42ae5dd030aa3bMark Andrews // to complete this SLO request.
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews if (processSAELogout(request, response)) {
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews * Gets and processes the Single <code>LogoutRequest</code> from
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews * @param request the HttpServletRequest.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews * @param response the HttpServletResponse.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews * @param samlRequest <code>LogoutRequest</code> in the
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews * XML string format.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews * @param relayState the target URL on successful
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews * <code>LogoutRequest</code>.
5752b9e296f14034f103149f18188770c2cc5239Mark Andrews * @throws SAML2Exception if error processing
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews * <code>LogoutRequest</code>.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews SPSingleLogout.processLogoutRequest(request,response, new PrintWriter(out, true),
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews samlRequest,relayState);
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews } catch (SAML2Exception sse) {
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews SAML2Utils.debug.error("Error processing LogoutRequest :", sse);
e076d0c88be69de7c190ab924d095e69d2e11f7aAndreas Gustafsson SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews "LogoutRequestProcessingError",
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews SAML2Utils.bundle.getString("LogoutRequestProcessingError")
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson } catch (Exception e) {
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson SAML2Utils.debug.error("Error processing LogoutRequest ",e);
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews "LogoutRequestProcessingError",
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson SAML2Utils.bundle.getString("LogoutRequestProcessingError")
068a66979695c77359e7a9181bb3f831c965b21cMark Andrewsboolean processSAELogout(
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews HttpServletRequest request, HttpServletResponse response)
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews String saeData = request.getParameter(SecureAttrs.SAE_PARAM_APPRETURN);
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews if (saeData != null) { // App returned back.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews return false;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington String metaAlias =
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington SAML2MetaUtils.getMetaAliasByUri(request.getRequestURI()) ;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington SAML2MetaManager mm = SAML2Utils.getSAML2MetaManager();
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington String entityId = mm.getEntityByMetaAlias(metaAlias);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington SPSSOConfigElement spConfig = mm.getSPSSOConfig(realm, entityId);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington String appSLOUrlStr = null;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington if (spConfig != null) {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington appSLOUrlStr = SAML2Utils.getAttributeValueFromSPSSOConfig(
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington spConfig, SAML2Constants.SAE_SP_LOGOUT_URL);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington if (appSLOUrlStr == null) {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "spSLOPOST:SAE:appSLOUrl not configured.");
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington return false;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "spSLOPOST:SAE:processing App SLO"+ appSLOUrlStr);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington StringBuffer appSLOUrl = new StringBuffer(appSLOUrlStr);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington realm, entityId, SAML2Constants.SP_ROLE, appSLOUrlStr);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington if (hp == null) {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "spSLOPOST:SAE:processing App SLO: getSAEAttrs returned null");
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington return false;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington String cryptoType = (String) hp.get(SecureAttrs.SAE_CRYPTO_TYPE);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington String secret = null;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington String encSecret = null;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington String encAlg = (String)hp.get(
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington SecureAttrs.SAE_CONFIG_DATA_ENCRYPTION_ALG);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington String encStrength = (String)hp.get(
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington if (SecureAttrs.SAE_CRYPTO_TYPE_SYM.equals(cryptoType)) {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington // Shared secret between FM-IDP and IDPApp
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington secret = (String) hp.get(SecureAttrs.SAE_CONFIG_SHARED_SECRET );
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington encSecret = secret;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington // IDPApp's public key
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington secret = (String) hp.get(SecureAttrs.SAE_CONFIG_PRIVATE_KEY_ALIAS);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington (String) hp.get(SecureAttrs.SAE_CONFIG_PUBLIC_KEY_ALIAS);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington if (secret == null || secret.length() == 0) {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "spSLOPOST:SAE:processing App SLO:getSAEAttrs no secret/key");
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews return false;
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington if (encAlg == null) {
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington encSecret = null;
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington String returnURL = request.getRequestURL()+
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington HashMap map = new HashMap();
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington map.put(SecureAttrs.SAE_PARAM_CMD, SecureAttrs.SAE_CMD_LOGOUT);
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington map.put(SecureAttrs.SAE_PARAM_APPSLORETURNURL, returnURL);
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington String saInstanceName = cryptoType + "_" + encAlg + "_" + encStrength;
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews SecureAttrs sa = SecureAttrs.getInstance(saInstanceName);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington if (sa == null) {
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews Properties prop = new Properties();
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington prop.setProperty(SecureAttrs.SAE_CONFIG_CERT_CLASS,
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington if (encAlg != null) {
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews SecureAttrs.SAE_CONFIG_DATA_ENCRYPTION_ALG, encAlg);
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews if (encStrength != null) {
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH,encStrength); }
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews SecureAttrs.init(saInstanceName, cryptoType, prop);
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews sa = SecureAttrs.getInstance(saInstanceName);
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews if (sa == null) {
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews "spSLOPOST:SAE:processing App SLO:null SecureAttrs instance");
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews return false;
eaccf5e805405de257b5a4840256c580fefe00e3Mark Andrews String encodedString = sa.getEncodedString(map, secret, encSecret);
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews if (encodedString != null) {
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews appSLOUrl.append("&").append(SecureAttrs.SAE_PARAM_DATA)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington .append("=").append(encodedString);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington appSLOUrl.append("?").append(SecureAttrs.SAE_PARAM_DATA)
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington .append("=").append(encodedString);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington SAML2Utils.debug.message("spSLOPOST:SAE:about to redirect"+
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington response.sendRedirect(appSLOUrl.toString());
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington "spSLOPOST:SAE:SecureAttrs.getEncodedStr failed");
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington } catch (Exception ex) {
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington SAML2Utils.debug.error("spSLOPOST:SAE:SecureAttrs.Fatal:",ex);
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington return false;