spSingleLogoutPOST.jsp revision 94b12520da26b40ef162d1c6ad4232eb5084f9e1
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt The contents of this file are subject to the terms
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt of the Common Development and Distribution License
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt (the License). You may not use this file except in
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt compliance with the License.
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt You can obtain a copy of the License at
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt https://opensso.dev.java.net/public/CDDLv1.0.html or
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt See the License for the specific language governing
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt permission and limitations under the License.
bbedadf76ab670b01887fb9b41097120ea4fdf14Evan Hunt When distributing Covered Code, include this CDDL
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt Header Notice in each file and include the License file
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt If applicable, add the following below the CDDL Header,
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt with the fields enclosed by brackets [] replaced by
bbedadf76ab670b01887fb9b41097120ea4fdf14Evan Hunt your own identifying information:
bbedadf76ab670b01887fb9b41097120ea4fdf14Evan Hunt "Portions Copyrighted [year] [name of copyright owner]"
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt $Id: spSingleLogoutPOST.jsp,v 1.8 2009/06/24 23:05:31 mrudulahg Exp $
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews Portions Copyrighted 2013-2014 ForgeRock AS
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.sae.api.SecureAttrs" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml2.profile.CacheObject" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml2.profile.SPCache" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml2.profile.SPSingleLogout" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml2.profile.IDPCache" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml2.protocol.LogoutRequest" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="com.sun.identity.saml2.profile.IDPProxyUtil" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="java.util.HashMap" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="java.util.List" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="java.util.Map" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="java.util.Properties" %>
e24ccb512c110d181e01f977196e518b0e72e451Mark Andrews<%@ page import="org.owasp.esapi.ESAPI" %>
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt - receives the LogoutRequest and sends the LogoutResponse to
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt Identity Provider from the Service Provider.
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt - receives the LogoutResponse from the Identity Provider.
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt Required parameters to this jsp are :
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt - RelayState - the target URL on successful Single Logout
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt - SAMLRequest - the LogoutRequest
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt - SAMLResponse - the LogoutResponse
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt Check the SAML2 Documentation for supported parameters.
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt // Retrieves the LogoutRequest or LogoutResponse
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt //Retrieves :
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt //- RelayState - the target URL on successful Single Logout
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt //- SAMLRequest - the LogoutRequest
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt //- SAMLResponse - the LogoutResponse
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (relayState != null) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt CacheObject tmpRs=
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt (CacheObject) SPCache.relayStateHash.remove(relayState);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if ((tmpRs != null)) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt relayState = (String) tmpRs.getObject();
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (!ESAPI.validator().isValidInput("HTTP Query String: " + relayState, relayState, "HTTPQueryString", 2000, true)) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt relayState = null;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String samlResponse = request.getParameter(SAML2Constants.SAML_RESPONSE);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (samlResponse != null) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * Gets and processes the Single <code>LogoutResponse</code> from IDP,
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * destroys the local session, checks response's issuer
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * and inResponseTo.
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * @param request the HttpServletRequest.
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt * @param response the HttpServletResponse.
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt * @param samlResponse <code>LogoutResponse</code> in the
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt * XML string format.
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt * @param relayState the target URL on successful
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt * <code>LogoutResponse</code>.
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt * @throws SAML2Exception if error processing
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt * <code>LogoutResponse</code>.
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt Map infoMap =
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt SPSingleLogout.processLogoutResponse(request,response,
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt samlResponse, relayState);
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt String inRes = (String) infoMap.get("inResponseTo");
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt LogoutRequest origLogoutRequest = (LogoutRequest)
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt if (origLogoutRequest != null && !origLogoutRequest.equals("")) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt } catch (SAML2Exception sse) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAML2Utils.debug.error("Error processing LogoutResponse :", sse);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt "LogoutResponseProcessingError",
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt } catch (Exception e) {
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt SAML2Utils.debug.error("Error processing LogoutResponse ",e);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt "LogoutResponseProcessingError",
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt boolean isRelayStateURLValid = false;
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt isRelayStateURLValid = relayState != null && !relayState.isEmpty()
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt && SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.SP_ROLE)
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt && ESAPI.validator().isValidInput("RelayState", relayState, "URL", 2000, true);
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt SAML2MetaManager manager = new SAML2MetaManager();
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt String metaAlias = null;
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt List<String> spMetaAliases = manager.getAllHostedServiceProviderMetaAliases("/");
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt if (spMetaAliases != null && !spMetaAliases.isEmpty()) {
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt // get first one
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt metaAlias = spMetaAliases.get(0);
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt isRelayStateURLValid = relayState != null && !relayState.isEmpty()
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt && SAML2Utils.isRelayStateURLValid(metaAlias, relayState, SAML2Constants.SP_ROLE)
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt && ESAPI.validator().isValidInput("RelayState", relayState, "URL", 2000, true);
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt if (isRelayStateURLValid) {
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt } catch (java.io.IOException ioe) {
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt "Exception when redirecting to " +
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt relayState, ioe);
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt <jsp:forward page="/saml2/jsp/default.jsp?message=spSloSuccess" />
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String samlRequest = request.getParameter(SAML2Constants.SAML_REQUEST);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (samlRequest != null) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt // Logout SP app via SAE first. App is obligated to redirect back
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt // to complete this SLO request.
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (processSAELogout(request, response)) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * Gets and processes the Single <code>LogoutRequest</code> from
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * @param request the HttpServletRequest.
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * @param response the HttpServletResponse.
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * @param samlRequest <code>LogoutRequest</code> in the
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * XML string format.
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * @param relayState the target URL on successful
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * <code>LogoutRequest</code>.
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * @throws SAML2Exception if error processing
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt * <code>LogoutRequest</code>.
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SPSingleLogout.processLogoutRequest(request,response,
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt samlRequest,relayState);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt } catch (SAML2Exception sse) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAML2Utils.debug.error("Error processing LogoutRequest :", sse);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt "LogoutRequestProcessingError",
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAML2Utils.bundle.getString("LogoutRequestProcessingError")
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt } catch (Exception e) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAML2Utils.debug.error("Error processing LogoutRequest ",e);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt "LogoutRequestProcessingError",
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAML2Utils.bundle.getString("LogoutRequestProcessingError")
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntboolean processSAELogout(
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt HttpServletRequest request, HttpServletResponse response)
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String saeData = request.getParameter(SecureAttrs.SAE_PARAM_APPRETURN);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (saeData != null) { // App returned back.
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt return false;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String metaAlias =
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAML2MetaUtils.getMetaAliasByUri(request.getRequestURI()) ;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAML2MetaManager mm = SAML2Utils.getSAML2MetaManager();
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String entityId = mm.getEntityByMetaAlias(metaAlias);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SPSSOConfigElement spConfig = mm.getSPSSOConfig(realm, entityId);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String appSLOUrlStr = null;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (spConfig != null) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt appSLOUrlStr = SAML2Utils.getAttributeValueFromSPSSOConfig(
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (appSLOUrlStr == null) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt "spSLOPOST:SAE:appSLOUrl not configured.");
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt return false;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt "spSLOPOST:SAE:processing App SLO"+ appSLOUrlStr);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt StringBuffer appSLOUrl = new StringBuffer(appSLOUrlStr);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt realm, entityId, SAML2Constants.SP_ROLE, appSLOUrlStr);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (hp == null) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt "spSLOPOST:SAE:processing App SLO: getSAEAttrs returned null");
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt return false;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String cryptoType = (String) hp.get(SecureAttrs.SAE_CRYPTO_TYPE);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String secret = null;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String encSecret = null;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String encAlg = (String)hp.get(
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String encStrength = (String)hp.get(
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (SecureAttrs.SAE_CRYPTO_TYPE_SYM.equals(cryptoType)) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt // Shared secret between FM-IDP and IDPApp
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt secret = (String) hp.get(SecureAttrs.SAE_CONFIG_SHARED_SECRET );
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt encSecret = secret;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt // IDPApp's public key
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt secret = (String) hp.get(SecureAttrs.SAE_CONFIG_PRIVATE_KEY_ALIAS);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt (String) hp.get(SecureAttrs.SAE_CONFIG_PUBLIC_KEY_ALIAS);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (secret == null || secret.length() == 0) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt "spSLOPOST:SAE:processing App SLO:getSAEAttrs no secret/key");
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt return false;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (encAlg == null) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt encSecret = null;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String returnURL = request.getRequestURL()+
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt HashMap map = new HashMap();
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt map.put(SecureAttrs.SAE_PARAM_CMD, SecureAttrs.SAE_CMD_LOGOUT);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt map.put(SecureAttrs.SAE_PARAM_APPSLORETURNURL, returnURL);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String saInstanceName = cryptoType + "_" + encAlg + "_" + encStrength;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SecureAttrs sa = SecureAttrs.getInstance(saInstanceName);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (sa == null) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt Properties prop = new Properties();
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt prop.setProperty(SecureAttrs.SAE_CONFIG_CERT_CLASS,
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (encAlg != null) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SecureAttrs.SAE_CONFIG_DATA_ENCRYPTION_ALG, encAlg);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (encStrength != null) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH,encStrength); }
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SecureAttrs.init(saInstanceName, cryptoType, prop);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt sa = SecureAttrs.getInstance(saInstanceName);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (sa == null) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt "spSLOPOST:SAE:processing App SLO:null SecureAttrs instance");
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt return false;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt String encodedString = sa.getEncodedString(map, secret, encSecret);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (encodedString != null) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt if (appSLOUrl.indexOf("?") > 0) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt appSLOUrl.append("&").append(SecureAttrs.SAE_PARAM_DATA)
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt .append("=").append(encodedString);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt appSLOUrl.append("?").append(SecureAttrs.SAE_PARAM_DATA)
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt .append("=").append(encodedString);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAML2Utils.debug.message("spSLOPOST:SAE:about to redirect"+
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt return true;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt "spSLOPOST:SAE:SecureAttrs.getEncodedStr failed");
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt } catch (Exception ex) {
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt SAML2Utils.debug.error("spSLOPOST:SAE:SecureAttrs.Fatal:",ex);
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt return false;