/** * @return EngineBlock_Saml2_AuthnRequestAnnotationDecorator * @throws EngineBlock_Corto_Module_Bindings_UnsupportedBindingException * @throws EngineBlock_Corto_Module_Bindings_VerificationException * @throws EngineBlock_Corto_Module_Bindings_Exception */ public function receiveRequest() { // Detect the current binding from the super globals $sspBinding = SAML2_Binding::getCurrentBinding(); // Receive the request. $sspRequest = $sspBinding->receive(); if (!$sspRequest instanceof SAML2_AuthnRequest) { throw new EngineBlock_Corto_Module_Bindings_UnsupportedBindingException('Unsupported Binding used', EngineBlock_Exception::CODE_NOTICE); } $ebRequest = new EngineBlock_Saml2_AuthnRequestAnnotationDecorator($sspRequest); // Make sure the request from the sp has an Issuer $spEntityId = $ebRequest->getIssuer(); if (!$spEntityId) { throw new EngineBlock_Corto_Module_Bindings_Exception('Missing <saml:Issuer> in message delivered to AssertionConsumerService.'); } // Remember sp for debugging $_SESSION['currentServiceProvider'] = $ebRequest->getIssuer(); // Verify that we know this SP and have metadata for it. $serviceProvider = $this->_verifyKnownMessageIssuer($spEntityId, $ebRequest->getDestination()); if (!$serviceProvider instanceof ServiceProvider) { throw new EngineBlock_Corto_Module_Bindings_Exception("Requesting entity '{$spEntityId}' is not a Service Provider"); } // Load the metadata for this IdP in SimpleSAMLphp style $sspSpMetadata = SimpleSAML_Configuration::loadFromArray($this->mapCortoEntityMetadataToSspEntityMetadata($serviceProvider)); // Determine if we should check the signature of the message $wantRequestsSigned = $serviceProvider->requestsMustBeSigned || $this->_server->getConfig('WantsAuthnRequestsSigned'); // If we should, then check it. if ($wantRequestsSigned) { // Check the Signature on the Request, if there is no signature, or verification fails // throw an exception. $className = $this->_sspmodSamlMessageClassName; if (!$className::checkSign($sspSpMetadata, $ebRequest->getSspMessage())) { throw new EngineBlock_Corto_Module_Bindings_VerificationException('Validation of received messages enabled, but no signature found on message.'); } /** @var EngineBlock_Saml2_AuthnRequestAnnotationDecorator $ebRequest */ $ebRequest->setWasSigned(); } $this->_annotateRequestWithVoContext($ebRequest, $serviceProvider); $this->_annotateRequestWithKeyId($ebRequest); return $ebRequest; }