public static function askForIdPChange(array &$state)
{
assert('array_key_exists("saml:sp:IdPMetadata", $state)');
assert('array_key_exists("saml:sp:AuthId", $state)');
assert('array_key_exists("core:IdP", $state)');
assert('array_key_exists("SPMetadata", $state)');
if (isset($state['isPassive']) && (bool) $state['isPassive']) {
// passive request, we cannot authenticate the user
throw new SimpleSAML_Error_NoPassive('Reauthentication required');
}
// save the state WITHOUT a restart URL, so that we don't try an IdP-initiated login if something goes wrong
$id = SimpleSAML_Auth_State::saveState($state, 'saml:proxy:invalid_idp', true);
$url = SimpleSAML\Module::getModuleURL('saml/proxy/invalid_session.php');
SimpleSAML\Utils\HTTP::redirectTrustedURL($url, array('AuthState' => $id));
assert('false');
}