private void handleLogoutResponseFromFramework( HttpServletRequest request, HttpServletResponse response, SAMLSSOSessionDTO sessionDTO) throws ServletException, IOException, IdentityException { SAMLSSOReqValidationResponseDTO validationResponseDTO = sessionDTO.getValidationRespDTO(); if (validationResponseDTO != null) { // sending LogoutRequests to other session participants LogoutRequestSender.getInstance() .sendLogoutRequests(validationResponseDTO.getLogoutRespDTO()); SAMLSSOUtil.removeSession(sessionDTO.getSessionId(), validationResponseDTO.getIssuer()); removeSessionDataFromCache( CharacterEncoder.getSafeText(request.getParameter("sessionDataKey"))); if (validationResponseDTO.isIdPInitSLO()) { // redirecting to the return URL or IS logout page response.sendRedirect(validationResponseDTO.getReturnToURL()); } else { // sending LogoutResponse back to the initiator sendResponse( request, response, sessionDTO.getRelayState(), validationResponseDTO.getLogoutResponse(), validationResponseDTO.getAssertionConsumerURL(), validationResponseDTO.getSubject(), null, sessionDTO.getTenantDomain()); } } else { try { samlSsoService.doSingleLogout(request.getSession().getId()); } catch (IdentityException e) { log.error("Error when processing the logout request!", e); } String errorResp = SAMLSSOUtil.buildErrorResponse( SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "Invalid request", sessionDTO.getAssertionConsumerURL()); sendNotification( errorResp, SAMLSSOConstants.Notification.INVALID_MESSAGE_STATUS, SAMLSSOConstants.Notification.INVALID_MESSAGE_MESSAGE, sessionDTO.getAssertionConsumerURL(), request, response); } }