/** * Detect Implicit VOs and annotate the Authn Request if they are detected * * Heinous abuse of the filter functionality. * * @param array $entities * @throws EngineBlock_Exception */ protected function _annotateRequestWithImplicitVo(array $entities) { $request = $this->_getRequestInstance(); $spEntityId = $request['saml:Issuer']['__v']; if (!isset($entities[$spEntityId]['VoContext']) || !$entities[$spEntityId]['VoContext']) { return $entities; } $implicitVo = $entities[$spEntityId]['VoContext']; // If we ALSO have an explicit VO if (isset($request[Corto_XmlToArray::PRIVATE_PFX][EngineBlock_Corto_CoreProxy::VO_CONTEXT_PFX])) { $explicitVo = $request[Corto_XmlToArray::PRIVATE_PFX][EngineBlock_Corto_CoreProxy::VO_CONTEXT_PFX]; // Check if they are unequal (no explicit VO or the same VO is okay) if (!$implicitVo !== $explicitVo) { throw new EngineBlock_Exception('Explicit VO does not match implicit VO!'); } } // Annotate and store the request $request[Corto_XmlToArray::PRIVATE_PFX]['VoContextImplicit'] = $implicitVo; $this->_proxyServer->getBindingsModule()->registerInternalBindingMessage('SAMLRequest', $request); return $entities; }