/**
* @param Request $httpRequest
* @return AuthnRequest
*/
public static function createFromHttpRequest(Request $httpRequest)
{
// the GET parameter is already urldecoded by Symfony, so we should not do it again.
$samlRequest = gzinflate(base64_decode($httpRequest->get(AuthnRequest::PARAMETER_REQUEST)));
// additional security against XXE Processing vulnerability
$previous = libxml_disable_entity_loader(true);
$document = SAML2_DOMDocumentFactory::fromString($samlRequest);
libxml_disable_entity_loader($previous);
$request = SAML2_Message::fromXML($document->firstChild);
if (!$request instanceof SAML2_AuthnRequest) {
throw new RuntimeException(sprintf('The received request is not an AuthnRequest, "%s" received instead', substr(get_class($request), strrpos($request, '_') + 1)));
}
return AuthnRequest::create($request, $httpRequest->get(AuthnRequest::PARAMETER_REQUEST), $httpRequest->get(AuthnRequest::PARAMETER_RELAY_STATE), $httpRequest->get(AuthnRequest::PARAMETER_SIGNATURE), $httpRequest->get(AuthnRequest::PARAMETER_SIGNATURE_ALGORITHM));
}
