@Override
  public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean mandatory)
      throws ServerAuthException {
    if (log.isTraceEnabled()) {
      log.trace("*** authenticate");
    }
    Request request = resolveRequest(req);
    JettyHttpFacade facade = new JettyHttpFacade(request, (HttpServletResponse) res);
    SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
    if (deployment == null || !deployment.isConfigured()) {
      log.debug("*** deployment isn't configured return false");
      return Authentication.UNAUTHENTICATED;
    }
    boolean isEndpoint =
        request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml");
    if (!mandatory && !isEndpoint) return new DeferredAuthentication(this);
    JettySamlSessionStore tokenStore = getTokenStore(request, facade, deployment);

    SamlAuthenticator authenticator = null;
    if (isEndpoint) {
      authenticator =
          new SamlAuthenticator(facade, deployment, tokenStore) {
            @Override
            protected void completeAuthentication(SamlSession account) {}

            @Override
            protected SamlAuthenticationHandler createBrowserHandler(
                HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
              return new SamlEndpoint(facade, deployment, sessionStore);
            }
          };

    } else {
      authenticator =
          new SamlAuthenticator(facade, deployment, tokenStore) {
            @Override
            protected void completeAuthentication(SamlSession account) {}

            @Override
            protected SamlAuthenticationHandler createBrowserHandler(
                HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
              return new BrowserHandler(facade, deployment, sessionStore);
            }
          };
    }
    AuthOutcome outcome = authenticator.authenticate();
    if (outcome == AuthOutcome.AUTHENTICATED) {
      if (facade.isEnded()) {
        return Authentication.SEND_SUCCESS;
      }
      SamlSession samlSession = tokenStore.getAccount();
      Authentication authentication = register(request, samlSession);
      return authentication;
    }
    if (outcome == AuthOutcome.LOGGED_OUT) {
      logoutCurrent(request);
      if (deployment.getLogoutPage() != null) {
        forwardToLogoutPage(request, (HttpServletResponse) res, deployment);
      }
      return Authentication.SEND_CONTINUE;
    }

    AuthChallenge challenge = authenticator.getChallenge();
    if (challenge != null) {
      challenge.challenge(facade);
    }
    return Authentication.SEND_CONTINUE;
  }
 public void logoutCurrent(Request request) {
   JettyHttpFacade facade = new JettyHttpFacade(request, null);
   SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
   JettySamlSessionStore tokenStore = getTokenStore(request, facade, deployment);
   tokenStore.logoutAccount();
 }