@Override public void onAuthenticationFailure( HttpServletRequest request, HttpServletResponse response, AuthenticationException authenticationException) throws IOException, ServletException { logger.debug( "commencing RealAuthenticationFailureHandler because of {}", authenticationException.getClass()); AuthnRequestInfo authnRequestInfo = (AuthnRequestInfo) request.getSession().getAttribute(AuthnRequestInfo.class.getName()); if (authnRequestInfo == null) { logger.warn( "Could not find AuthnRequestInfo on the request. Delegating to nonSSOAuthnFailureHandler."); nonSSOAuthnFailureHandler.onAuthenticationFailure(request, response, authenticationException); return; } logger.debug("AuthnRequestInfo is {}", authnRequestInfo); request .getSession() .setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, authenticationException); CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new EntityIDCriteria(idpConfiguration.getEntityID())); criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); Credential signingCredential = null; try { signingCredential = credentialResolver.resolveSingle(criteriaSet); } catch (org.opensaml.xml.security.SecurityException e) { logger.warn("Unable to resolve signing credential for entityId", e); return; } Validate.notNull(signingCredential); AuthnResponseGenerator authnResponseGenerator = new AuthnResponseGenerator( signingCredential, idpConfiguration.getEntityID(), timeService, idService, idpConfiguration); EndpointGenerator endpointGenerator = new EndpointGenerator(); Response authResponse = authnResponseGenerator.generateAuthnResponseFailure( authnRequestInfo.getAssertionConsumerURL(), authnRequestInfo.getAuthnRequestID(), authenticationException); Endpoint endpoint = endpointGenerator.generateEndpoint( AssertionConsumerService.DEFAULT_ELEMENT_NAME, authnRequestInfo.getAssertionConsumerURL(), null); request.getSession().removeAttribute(AuthnRequestInfo.class.getName()); String relayState = request.getParameter("RelayState"); try { bindingAdapter.sendSAMLMessage( authResponse, endpoint, response, relayState, signingCredential); } catch (MessageEncodingException mee) { logger.error("Exception encoding SAML message", mee); response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE); } }