spSingleLogoutPOST.jsp revision 0fdab8904a8fe223f6934b878769fe45e7651c60
b0e8629055a766d4555a005a283c2889a5974945Mark Andrews DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The contents of this file are subject to the terms
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of the Common Development and Distribution License
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (the License). You may not use this file except in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein compliance with the License.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein You can obtain a copy of the License at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein https://opensso.dev.java.net/public/CDDLv1.0.html or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein See the License for the specific language governing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein permission and limitations under the License.
323514849331c83ff498a9303be223eb9f48b1a5Mark Andrews When distributing Covered Code, include this CDDL
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Header Notice in each file and include the License file
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein If applicable, add the following below the CDDL Header,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein with the fields enclosed by brackets [] replaced by
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews your own identifying information:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "Portions Copyrighted [year] [name of copyright owner]"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein $Id: spSingleLogoutPOST.jsp,v 1.8 2009/06/24 23:05:31 mrudulahg Exp $
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Portions Copyrighted 2013 ForgeRock AS
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.sae.api.SecureAttrs" %>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.saml2.profile.CacheObject" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.saml2.profile.SPCache" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.saml2.profile.SPSingleLogout" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.saml2.profile.IDPCache" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.saml2.protocol.LogoutRequest" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="com.sun.identity.saml2.profile.IDPProxyUtil" %>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<%@ page import="java.util.HashMap" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="java.util.Map" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="java.util.Properties" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="org.owasp.esapi.ESAPI" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<%@ page import="java.io.PrintWriter" %>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - receives the LogoutRequest and sends the LogoutResponse to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Identity Provider from the Service Provider.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - receives the LogoutResponse from the Identity Provider.
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews Required parameters to this jsp are :
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - RelayState - the target URL on successful Single Logout
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - SAMLRequest - the LogoutRequest
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews - SAMLResponse - the LogoutResponse
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews Check the SAML2 Documentation for supported parameters.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein // Retrieves the LogoutRequest or LogoutResponse
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews //Retrieves :
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews //- RelayState - the target URL on successful Single Logout
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews //- SAMLRequest - the LogoutRequest
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein //- SAMLResponse - the LogoutResponse
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (relayState != null) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein CacheObject tmpRs=
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (CacheObject) SPCache.relayStateHash.remove(relayState);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if ((tmpRs != null)) {
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews relayState = (String) tmpRs.getObject();
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (!ESAPI.validator().isValidInput("HTTP Query String: " + relayState, relayState, "HTTPQueryString", 2000, true)) {
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews relayState = null;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein String samlResponse = request.getParameter(SAML2Constants.SAML_RESPONSE);
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews if (samlResponse != null) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * Gets and processes the Single <code>LogoutResponse</code> from IDP,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * destroys the local session, checks response's issuer
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews * and inResponseTo.
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews * @param request the HttpServletRequest.
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews * @param response the HttpServletResponse.
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews * @param samlResponse <code>LogoutResponse</code> in the
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews * XML string format.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * @param relayState the target URL on successful
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * <code>LogoutResponse</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * @throws SAML2Exception if error processing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * <code>LogoutResponse</code>.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews Map infoMap =
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SPSingleLogout.processLogoutResponse(request,response,
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews samlResponse, relayState);
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews String inRes = (String) infoMap.get("inResponseTo");
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein LogoutRequest origLogoutRequest = (LogoutRequest)
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews if (origLogoutRequest != null && !origLogoutRequest.equals("")) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein IDPProxyUtil.sendProxyLogoutResponse(response, request,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein } catch (SAML2Exception sse) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAML2Utils.debug.error("Error processing LogoutResponse :", sse);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "LogoutResponseProcessingError",
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein } catch (Exception e) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAML2Utils.debug.error("Error processing LogoutResponse ",e);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "LogoutResponseProcessingError",
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (relayState != null && !relayState.isEmpty() &&
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.SP_ROLE) &&
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ESAPI.validator().isValidInput("HTTP URL: " + relayState, relayState, "URL", 2000, true)) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "Exception when redirecting to " +
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein relayState, ioe);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <jsp:forward page="/saml2/jsp/default.jsp?message=spSloSuccess" />
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein String samlRequest = request.getParameter(SAML2Constants.SAML_REQUEST);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (samlRequest != null) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein // Logout SP app via SAE first. App is obligated to redirect back
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein // to complete this SLO request.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (processSAELogout(request, response)) {
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews * Gets and processes the Single <code>LogoutRequest</code> from
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews * @param request the HttpServletRequest.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews * @param response the HttpServletResponse.
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews * @param samlRequest <code>LogoutRequest</code> in the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews * XML string format.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews * @param relayState the target URL on successful
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews * <code>LogoutRequest</code>.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews * @throws SAML2Exception if error processing
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews * <code>LogoutRequest</code>.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews SPSingleLogout.processLogoutRequest(request,response, new PrintWriter(out, true),
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein samlRequest,relayState);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein } catch (SAML2Exception sse) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAML2Utils.debug.error("Error processing LogoutRequest :", sse);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "LogoutRequestProcessingError",
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAML2Utils.bundle.getString("LogoutRequestProcessingError")
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein } catch (Exception e) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAML2Utils.debug.error("Error processing LogoutRequest ",e);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "LogoutRequestProcessingError",
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAML2Utils.bundle.getString("LogoutRequestProcessingError")
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinboolean processSAELogout(
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein HttpServletRequest request, HttpServletResponse response)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein String saeData = request.getParameter(SecureAttrs.SAE_PARAM_APPRETURN);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (saeData != null) { // App returned back.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein return false;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein String metaAlias =
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAML2MetaUtils.getMetaAliasByUri(request.getRequestURI()) ;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAML2MetaManager mm = SAML2Utils.getSAML2MetaManager();
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein String entityId = mm.getEntityByMetaAlias(metaAlias);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SPSSOConfigElement spConfig = mm.getSPSSOConfig(realm, entityId);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein String appSLOUrlStr = null;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (spConfig != null) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein appSLOUrlStr = SAML2Utils.getAttributeValueFromSPSSOConfig(
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (appSLOUrlStr == null) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "spSLOPOST:SAE:appSLOUrl not configured.");
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein return false;
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews "spSLOPOST:SAE:processing App SLO"+ appSLOUrlStr);
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews StringBuffer appSLOUrl = new StringBuffer(appSLOUrlStr);
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews realm, entityId, SAML2Constants.SP_ROLE, appSLOUrlStr);
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews if (hp == null) {
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews "spSLOPOST:SAE:processing App SLO: getSAEAttrs returned null");
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews return false;
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews String cryptoType = (String) hp.get(SecureAttrs.SAE_CRYPTO_TYPE);
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews String secret = null;
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews String encSecret = null;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein String encAlg = (String)hp.get(
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews String encStrength = (String)hp.get(
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (SecureAttrs.SAE_CRYPTO_TYPE_SYM.equals(cryptoType)) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein // Shared secret between FM-IDP and IDPApp
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein secret = (String) hp.get(SecureAttrs.SAE_CONFIG_SHARED_SECRET );
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein encSecret = secret;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein // IDPApp's public key
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein secret = (String) hp.get(SecureAttrs.SAE_CONFIG_PRIVATE_KEY_ALIAS);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (String) hp.get(SecureAttrs.SAE_CONFIG_PUBLIC_KEY_ALIAS);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (secret == null || secret.length() == 0) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "spSLOPOST:SAE:processing App SLO:getSAEAttrs no secret/key");
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein return false;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (encAlg == null) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein encSecret = null;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein String returnURL = request.getRequestURL()+
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein HashMap map = new HashMap();
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein map.put(SecureAttrs.SAE_PARAM_CMD, SecureAttrs.SAE_CMD_LOGOUT);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein map.put(SecureAttrs.SAE_PARAM_APPSLORETURNURL, returnURL);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein String saInstanceName = cryptoType + "_" + encAlg + "_" + encStrength;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SecureAttrs sa = SecureAttrs.getInstance(saInstanceName);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (sa == null) {
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews Properties prop = new Properties();
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein prop.setProperty(SecureAttrs.SAE_CONFIG_CERT_CLASS,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (encAlg != null) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SecureAttrs.SAE_CONFIG_DATA_ENCRYPTION_ALG, encAlg);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (encStrength != null) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH,encStrength); }
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SecureAttrs.init(saInstanceName, cryptoType, prop);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein sa = SecureAttrs.getInstance(saInstanceName);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (sa == null) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "spSLOPOST:SAE:processing App SLO:null SecureAttrs instance");
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein return false;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein String encodedString = sa.getEncodedString(map, secret, encSecret);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (encodedString != null) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if (appSLOUrl.indexOf("?") > 0) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein appSLOUrl.append("&").append(SecureAttrs.SAE_PARAM_DATA)
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews .append("=").append(encodedString);
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews appSLOUrl.append("?").append(SecureAttrs.SAE_PARAM_DATA)
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews .append("=").append(encodedString);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAML2Utils.debug.message("spSLOPOST:SAE:about to redirect"+
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein return true;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "spSLOPOST:SAE:SecureAttrs.getEncodedStr failed");
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein } catch (Exception ex) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein SAML2Utils.debug.error("spSLOPOST:SAE:SecureAttrs.Fatal:",ex);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein return false;