/**
* Get the metadata for a requester, if allowed by the configuration.
*
* @param ServiceProvider $serviceProvider
* @param EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request
* @param MetadataRepositoryInterface $repository
* @return null|ServiceProvider
*/
public static function findRequesterServiceProvider(ServiceProvider $serviceProvider, EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request, MetadataRepositoryInterface $repository)
{
if (!$serviceProvider->isTrustedProxy) {
return null;
}
if (!$request->wasSigned()) {
return null;
}
// Requester IDs are appended to as they pass through a proxy, so we always want the last RequesterID
// Note that this is not specified in the spec, but this is what we do and what SSP does.
$requesterIds = $request->getRequesterIds();
$lastRequesterEntityId = end($requesterIds);
if (!$lastRequesterEntityId) {
return null;
}
$lastRequesterEntity = $repository->findServiceProviderByEntityId($lastRequesterEntityId);
if (!$lastRequesterEntity) {
throw new EngineBlock_Exception_DissimilarServiceProviderWorkflowStates($serviceProvider, $lastRequesterEntityId);
}
return $lastRequesterEntity;
}
