SAML2Object samlObject = null;
String destination = null;
Document samlResponse = null;
if (samlResponseMessage != null) {
StatusResponseType statusResponseType = null;
try {
samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlResponseMessage);
samlObject = samlDocumentHolder.getSamlObject();
boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
boolean isValid = validate(request.getRemoteAddr(), request.getQueryString(), new SessionHolder(
samlResponseMessage, null), isPost);
if (!isValid)
throw new GeneralSecurityException("Validation check failed");
String issuer = null;
IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
ProtocolContext protocolContext = new HTTPContext(request, response, context);
// Create the request/response
SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);
saml2HandlerRequest.setRelayState(relayState);
SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
Set<SAML2Handler> handlers = chain.handlers();
if (samlObject instanceof StatusResponseType) {
statusResponseType = (StatusResponseType) samlObject;
issuer = statusResponseType.getIssuer().getValue();
webRequestUtil.isTrusted(issuer);
if (handlers != null) {
for (SAML2Handler handler : handlers) {
handler.reset();