@@ -172,7 +172,7 @@ class Disco extends PowerIdPDisco
172172
173173 private $ proxyIdpEntityId
174174
175- private $ authId
175+ private $ state
176176
177177 public function __construct (array $ metadataSets$ instance
178178 {
@@ -213,6 +213,7 @@ public function __construct(array $metadataSets, $instance)
213213 $ newReturnURL$ e'= ' . urlencode ($ id
214214 $ _GET self ::RETURN ] = $ newReturnURL
215215 }
216+ $ this state = $ state
216217 }
217218
218219 parent ::__construct ($ metadataSets$ instance
@@ -273,29 +274,23 @@ public function handleRequest()
273274 );
274275 HTTP ::redirectTrustedURL ($ url
275276 }
276- $ acrStartSubstrsubstr ($ value0 , strlen (self ::URN_CESNET_PROXYIDP_LSIDPENTITYID ));
277- if (self ::URN_CESNET_PROXYIDP_LSIDPENTITYID === $ acrStartSubstr
278- $ hintIdpEntityIdsubstr (
279- $ value
280- strlen (self ::URN_CESNET_PROXYIDP_LSIDPENTITYID ),
281- strlen ($ value
282- );
283- $ stateloadState ($ this authId , self ::SAML_SP_SSO , true );
284- $ state'aarc_idp_hint ' ] = $ hintIdpEntityId
285- $ idsaveState ($ stateself ::SAML_SP_SSO );
286-
287- Logger::info ('Redirecting to LS AAI with hint to: ' . $ hintIdpEntityId
288- $ urlself ::buildContinueUrl (
289- $ this spEntityId ,
290- $ this returnURL ,
291- $ this returnIdParam ,
292- 'https://proxy.aai.lifescience-ri.eu/proxy '
293- );
294- HTTP ::redirectTrustedURL ($ url
295- }
296277 }
297278 }
298279 }
280+ if (!empty ($ state'aarc_idp_hint ' ])) {
281+ $ hintedIdp$ state'aarc_idp_hint ' ];
282+ if (! array_key_exists ($ hintedIdp$ idpList
283+ throw new Exception ("Invalid request - IDP is not allowed to be used for this SP " );
284+ }
285+ Logger::info ('Redirecting to hinted IdP using AARC_IDP_HINT. Redirecting to: ' . $ hintedIdp
286+ $ urlself ::buildContinueUrl (
287+ $ this spEntityId ,
288+ $ this returnURL ,
289+ $ this returnIdParam ,
290+ $ hintedIdp
291+ );
292+ HTTP ::redirectTrustedURL ($ url
293+ }
299294
300295 $ warningAttributesnull ;
301296 try {
0 commit comments