/** * Given a list of (SAML2) entities, filter out the idps that are not allowed * for the given Service Provider. * * @param array $entities * @param string $spEntityId * @return array Filtered entities */ public function filterEntitiesBySp(array $entities, $spEntityId) { $allowedEntities = $this->_serviceRegistry->getAllowedIdps($spEntityId); foreach ($entities as $entityId => $entityData) { if (isset($entityData['SingleSignOnService'])) { // entity is an idp if (!in_array($entityId, $allowedEntities)) { unset($entities[$entityId]); } } } return $entities; }