Ensure message is of type AttributeQuery

Author: tvdijen

src/Controller/AttributeServer.php

@@ -27,6 +27,7 @@
 };
 use SimpleSAML\SAML2\XML\samlp\{AttributeQuery, Response, Status, StatusCode};
 use SimpleSAML\Utils;
+use SimpleSAML\XML\Exception\InvalidDOMElementException;
 use SimpleSAML\XML\Utils\Random;
 use SimpleSAML\XMLSecurity\Alg\Signature\SignatureAlgorithmFactory;
 use SimpleSAML\XMLSecurity\Key\PrivateKey;
@@ -83,6 +84,8 @@ public function setMetadataStorageHandler(MetaDataStorageHandler $handler): void
     public function main(/** @scrutinizer ignore-unused */ SOAP $soap, ServerRequest $request): RunnableResponse
     {
         $message = $soap->receive($request);
+        Assert::isInstanceOf($message, AttributeQuery::class, InvalidDOMElement::class);
+
         $idpEntityId = $this->metadataHandler->getMetaDataCurrentEntityID('saml20-idp-hosted');
 
         $issuer = $message->getIssuer();