/** * Get the metadata for a requester, if allowed by the configuration. * * @param ServiceProvider $serviceProvider * @param EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request * @param MetadataRepositoryInterface $repository * @return null|ServiceProvider */ public static function findRequesterServiceProvider(ServiceProvider $serviceProvider, EngineBlock_Saml2_AuthnRequestAnnotationDecorator $request, MetadataRepositoryInterface $repository) { if (!$serviceProvider->isTrustedProxy) { return null; } if (!$request->wasSigned()) { return null; } // Requester IDs are appended to as they pass through a proxy, so we always want the last RequesterID // Note that this is not specified in the spec, but this is what we do and what SSP does. $requesterIds = $request->getRequesterIds(); $lastRequesterEntityId = end($requesterIds); if (!$lastRequesterEntityId) { return null; } $lastRequesterEntity = $repository->findServiceProviderByEntityId($lastRequesterEntityId); if (!$lastRequesterEntity) { throw new EngineBlock_Exception_DissimilarServiceProviderWorkflowStates($serviceProvider, $lastRequesterEntityId); } return $lastRequesterEntity; }