spSingleLogoutPOST.jsp revision 881ea1b9f1a22a7d7bf65c6c2bf46ca282641f82
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe The contents of this file are subject to the terms
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe of the Common Development and Distribution License
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe (the License). You may not use this file except in
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe compliance with the License.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe You can obtain a copy of the License at
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov https://opensso.dev.java.net/public/CDDLv1.0.html or
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov See the License for the specific language governing
5dbfd19ad5fcc2b779f40f80fa05c1bd28fd0b4eTheo Schlossnagle permission and limitations under the License.
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov When distributing Covered Code, include this CDDL
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Header Notice in each file and include the License file
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe If applicable, add the following below the CDDL Header,
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov with the fields enclosed by brackets [] replaced by
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe your own identifying information:
a9478106a12424322498e53cf7cd75bd8a4d6004Yuri Pankov "Portions Copyrighted [year] [name of copyright owner]"
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe $Id: spSingleLogoutPOST.jsp,v 1.8 2009/06/24 23:05:31 mrudulahg Exp $
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Portions Copyrighted 2013 ForgeRock AS
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.sae.api.SecureAttrs" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml2.profile.CacheObject" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml2.profile.SPCache" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml2.profile.SPSingleLogout" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml2.profile.IDPCache" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml2.protocol.LogoutRequest" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="com.sun.identity.saml2.profile.IDPProxyUtil" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="java.util.HashMap" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="java.util.Map" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="java.util.Properties" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe<%@ page import="org.owasp.esapi.ESAPI" %>
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - receives the LogoutRequest and sends the LogoutResponse to
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Identity Provider from the Service Provider.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - receives the LogoutResponse from the Identity Provider.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Required parameters to this jsp are :
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - RelayState - the target URL on successful Single Logout
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - SAMLRequest - the LogoutRequest
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe - SAMLResponse - the LogoutResponse
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Check the SAML2 Documentation for supported parameters.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe // Retrieves the LogoutRequest or LogoutResponse
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe //Retrieves :
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe //- RelayState - the target URL on successful Single Logout
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe //- SAMLRequest - the LogoutRequest
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe //- SAMLResponse - the LogoutResponse
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (relayState != null) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe CacheObject tmpRs=
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe (CacheObject) SPCache.relayStateHash.remove(relayState);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if ((tmpRs != null)) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe relayState = (String) tmpRs.getObject();
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (!ESAPI.validator().isValidInput("HTTP Query String: " + relayState, relayState, "HTTPQueryString", 2000, true)) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe relayState = null;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String samlResponse = request.getParameter(SAML2Constants.SAML_RESPONSE);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (samlResponse != null) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * Gets and processes the Single <code>LogoutResponse</code> from IDP,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * destroys the local session, checks response's issuer
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * and inResponseTo.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * @param request the HttpServletRequest.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * @param response the HttpServletResponse.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * @param samlResponse <code>LogoutResponse</code> in the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * XML string format.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * @param relayState the target URL on successful
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * <code>LogoutResponse</code>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * @throws SAML2Exception if error processing
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * <code>LogoutResponse</code>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Map infoMap =
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SPSingleLogout.processLogoutResponse(request,response,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe samlResponse, relayState);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String inRes = (String) infoMap.get("inResponseTo");
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe LogoutRequest origLogoutRequest = (LogoutRequest)
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (origLogoutRequest != null && !origLogoutRequest.equals("")) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe } catch (SAML2Exception sse) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2Utils.debug.error("Error processing LogoutResponse :", sse);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe "LogoutResponseProcessingError",
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe } catch (Exception e) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2Utils.debug.error("Error processing LogoutResponse ",e);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe "LogoutResponseProcessingError",
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (relayState != null && !relayState.isEmpty() &&
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.SP_ROLE) &&
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe ESAPI.validator().isValidInput("HTTP URL: " + relayState, relayState, "URL", 2000, true)) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe "Exception when redirecting to " +
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe relayState, ioe);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe <jsp:forward page="/saml2/jsp/default.jsp?message=spSloSuccess" />
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String samlRequest = request.getParameter(SAML2Constants.SAML_REQUEST);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (samlRequest != null) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe // Logout SP app via SAE first. App is obligated to redirect back
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe // to complete this SLO request.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (processSAELogout(request, response)) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * Gets and processes the Single <code>LogoutRequest</code> from
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * @param request the HttpServletRequest.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * @param response the HttpServletResponse.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * @param samlRequest <code>LogoutRequest</code> in the
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * XML string format.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * @param relayState the target URL on successful
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * <code>LogoutRequest</code>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * @throws SAML2Exception if error processing
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe * <code>LogoutRequest</code>.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SPSingleLogout.processLogoutRequest(request,response,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe samlRequest,relayState);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe } catch (SAML2Exception sse) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2Utils.debug.error("Error processing LogoutRequest :", sse);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe "LogoutRequestProcessingError",
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2Utils.bundle.getString("LogoutRequestProcessingError")
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe } catch (Exception e) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2Utils.debug.error("Error processing LogoutRequest ",e);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe "LogoutRequestProcessingError",
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2Utils.bundle.getString("LogoutRequestProcessingError")
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Loweboolean processSAELogout(
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe HttpServletRequest request, HttpServletResponse response)
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String saeData = request.getParameter(SecureAttrs.SAE_PARAM_APPRETURN);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (saeData != null) { // App returned back.
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe return false;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String metaAlias =
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2MetaUtils.getMetaAliasByUri(request.getRequestURI()) ;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2MetaManager mm = SAML2Utils.getSAML2MetaManager();
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String entityId = mm.getEntityByMetaAlias(metaAlias);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SPSSOConfigElement spConfig = mm.getSPSSOConfig(realm, entityId);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String appSLOUrlStr = null;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (spConfig != null) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe appSLOUrlStr = SAML2Utils.getAttributeValueFromSPSSOConfig(
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (appSLOUrlStr == null) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe "spSLOPOST:SAE:appSLOUrl not configured.");
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe return false;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe "spSLOPOST:SAE:processing App SLO"+ appSLOUrlStr);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe StringBuffer appSLOUrl = new StringBuffer(appSLOUrlStr);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe realm, entityId, SAML2Constants.SP_ROLE, appSLOUrlStr);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (hp == null) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe "spSLOPOST:SAE:processing App SLO: getSAEAttrs returned null");
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe return false;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String cryptoType = (String) hp.get(SecureAttrs.SAE_CRYPTO_TYPE);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String secret = null;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String encSecret = null;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String encAlg = (String)hp.get(
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String encStrength = (String)hp.get(
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (SecureAttrs.SAE_CRYPTO_TYPE_SYM.equals(cryptoType)) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe // Shared secret between FM-IDP and IDPApp
2d08521bd15501c8370ba2153b9cca4f094979d0Garrett D'Amore secret = (String) hp.get(SecureAttrs.SAE_CONFIG_SHARED_SECRET );
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe encSecret = secret;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe // IDPApp's public key
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe secret = (String) hp.get(SecureAttrs.SAE_CONFIG_PRIVATE_KEY_ALIAS);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe (String) hp.get(SecureAttrs.SAE_CONFIG_PUBLIC_KEY_ALIAS);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (secret == null || secret.length() == 0) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe "spSLOPOST:SAE:processing App SLO:getSAEAttrs no secret/key");
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe return false;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (encAlg == null) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe encSecret = null;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String returnURL = request.getRequestURL()+
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe HashMap map = new HashMap();
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe map.put(SecureAttrs.SAE_PARAM_CMD, SecureAttrs.SAE_CMD_LOGOUT);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe map.put(SecureAttrs.SAE_PARAM_APPSLORETURNURL, returnURL);
462453d2d0c563559a4caf186db76954e563bd1aMatthew Ahrens String saInstanceName = cryptoType + "_" + encAlg + "_" + encStrength;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SecureAttrs sa = SecureAttrs.getInstance(saInstanceName);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (sa == null) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe Properties prop = new Properties();
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe prop.setProperty(SecureAttrs.SAE_CONFIG_CERT_CLASS,
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (encAlg != null) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SecureAttrs.SAE_CONFIG_DATA_ENCRYPTION_ALG, encAlg);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (encStrength != null) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH,encStrength); }
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SecureAttrs.init(saInstanceName, cryptoType, prop);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe sa = SecureAttrs.getInstance(saInstanceName);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (sa == null) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe "spSLOPOST:SAE:processing App SLO:null SecureAttrs instance");
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe return false;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe String encodedString = sa.getEncodedString(map, secret, encSecret);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe if (encodedString != null) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe appSLOUrl.append("&").append(SecureAttrs.SAE_PARAM_DATA)
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe .append("=").append(encodedString);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe appSLOUrl.append("?").append(SecureAttrs.SAE_PARAM_DATA)
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe .append("=").append(encodedString);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2Utils.debug.message("spSLOPOST:SAE:about to redirect"+
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe return true;
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe "spSLOPOST:SAE:SecureAttrs.getEncodedStr failed");
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe } catch (Exception ex) {
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe SAML2Utils.debug.error("spSLOPOST:SAE:SecureAttrs.Fatal:",ex);
c10c16dec587a0662068f6e2991c29ed3a9db943Richard Lowe return false;