private boolean handleSAML2Response(HttpServletRequest request, HttpServletResponse response) throws IOException { HttpSession session = request.getSession(true); String samlResponse = request.getParameter(GeneralConstants.SAML_RESPONSE_KEY); HTTPContext httpContext = new HTTPContext(request, response, this.servletContext); Set<SAML2Handler> handlers = chain.handlers(); Principal principal = request.getUserPrincipal(); boolean willSendRequest; // deal with SAML response from IDP try { ServiceProviderSAMLResponseProcessor responseProcessor = new ServiceProviderSAMLResponseProcessor( request.getMethod().equals("POST"), serviceURL, this.picketLinkConfiguration, this.idpMetadata); if (auditHelper != null) { responseProcessor.setAuditHelper(auditHelper); } responseProcessor.setTrustKeyManager(keyManager); SAML2HandlerResponse saml2HandlerResponse = responseProcessor.process(samlResponse, httpContext, handlers, chainLock); Document samlResponseDocument = saml2HandlerResponse.getResultingDocument(); String relayState = saml2HandlerResponse.getRelayState(); String destination = saml2HandlerResponse.getDestination(); willSendRequest = saml2HandlerResponse.getSendRequest(); String destinationQueryStringWithSignature = saml2HandlerResponse.getDestinationQueryStringWithSignature(); if (destination != null && samlResponseDocument != null) { sendRequestToIDP( destination, samlResponseDocument, relayState, request, response, willSendRequest, destinationQueryStringWithSignature); } else { // See if the session has been invalidated boolean sessionValidity = request.getUserPrincipal() != null; if (!sessionValidity) { sendToLogoutPage(request, response, session); return false; } // We got a response with the principal List<String> roles = saml2HandlerResponse.getRoles(); if (principal == null) { principal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID); } if (principal == null) { throw new RuntimeException(ErrorCodes.NULL_VALUE + " principal"); } if (isEnableAudit()) { PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO); auditEvent.setType(PicketLinkAuditEventType.RESPONSE_FROM_IDP); auditEvent.setSubjectName(principal.getName()); auditEvent.setWhoIsAuditing(getContextPath()); auditHelper.audit(auditEvent); } return true; } } catch (ProcessingException pe) { Throwable t = pe.getCause(); if (t != null && t instanceof AssertionExpiredException) { logger.error("Assertion has expired. Asking IDP for reissue"); if (isEnableAudit()) { PicketLinkAuditEvent auditEvent = new PicketLinkAuditEvent(AuditLevel.INFO); auditEvent.setType(PicketLinkAuditEventType.EXPIRED_ASSERTION); auditEvent.setAssertionID(((AssertionExpiredException) t).getId()); auditHelper.audit(auditEvent); } // Just issue a fresh request back to IDP return generalUserRequest(request, response); } logger.samlSPHandleRequestError(pe); throw logger.samlSPProcessingExceptionError(pe); } catch (Exception e) { logger.samlSPHandleRequestError(e); throw logger.samlSPProcessingExceptionError(e); } return localAuthentication(request, response); }