/**
* @param Request $request
* @return AuthnRequest
*/
public function processSignedRequest(Request $request)
{
if (!$this->entityRepository) {
throw new LogicException('RedirectBinding::processRequest requires a ServiceProviderRepository to be configured');
}
$rawSamlRequest = $request->get(AuthnRequest::PARAMETER_REQUEST);
if (!$rawSamlRequest) {
throw new BadRequestHttpException(sprintf('Required GET parameter "%s" is missing', AuthnRequest::PARAMETER_REQUEST));
}
if ($request->get(AuthnRequest::PARAMETER_SIGNATURE) && !$request->get(AuthnRequest::PARAMETER_SIGNATURE_ALGORITHM)) {
throw new BadRequestHttpException(sprintf('The request includes a signature "%s", but does not include the signature algorithm (SigAlg) parameter', $request->get('Signature')));
}
$authnRequest = AuthnRequestFactory::createSignedFromHttpRequest($request);
$currentUri = $this->getFullRequestUri($request);
if (!$authnRequest->getDestination() === $currentUri) {
throw new BadRequestHttpException(sprintf('Actual Destination "%s" does no match the AuthnRequest Destination "%s"', $currentUri, $authnRequest->getDestination()));
}
if (!$this->entityRepository->hasServiceProvider($authnRequest->getServiceProvider())) {
throw new UnknownServiceProviderException($authnRequest->getServiceProvider());
}
$this->verifySignature($authnRequest);
return $authnRequest;
}
