ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
shib_logout.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4// Just for debugging the WSDL part
5ini_set("soap.wsdl_cache_enabled", "0"); // disabling WSDL cache
6
16// Requirements:
17// PHP 5 with SOAP support (should be available in default deployment)
18
19// Front channel logout
20
21// Note: Generally the back-channel logout should be used once the Shibboleth
22// Identity Provider supports Single Log Out!
23// Front-channel logout is not of much use.
24
25if (isset($_GET['return']) && isset($_GET['action']) && $_GET['action'] == 'logout') {
26
27 // Load all the IILIAS stuff
28 require_once "include/inc.header.php";
29
30 // Logout out user from application
31 // Destroy application session/cookie etc
32 $GLOBALS['ilAuth']->logout();
33
34 // Finally, send user to the return URL
35 ilUtil::redirect($_GET['return']);
36}
37
38// Back channel logout //
39
40// Note: This is the preferred logout channel because it also allows
41// administrative logout. However, it requires your application to be
42// adapated in the sense that the user's Shibboleth session ID must be
43// stored in the application's session data.
44// See function LogoutNotification below
45
46elseif (!empty($HTTP_RAW_POST_DATA)) {
47
48 include_once "Services/Context/classes/class.ilContext.php";
50
51 // Load ILIAS libraries and initialise ILIAS in non-web context
52 require_once("Services/Init/classes/class.ilInitialisation.php");
54
55 // Set SOAP header
56 $server = new SoapServer('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '/LogoutNotification.wsdl');
57 $server->addFunction("LogoutNotification");
58 $server->handle();
59}
60
61// Return WSDL
62
63// Note: This is needed for the PHP SoapServer class.
64// Since I'm not a web service guru it might be that the code below is not
65// absolutely correct but at least it seems to to its job properly when it
66// comes to Shibboleth logout
67
68else {
69
70 header('Content-Type: text/xml');
71
72 $url = filter_var("https://{$_SERVER['HTTP_HOST']}/shib_logout.php", FILTER_SANITIZE_URL);
73
74 echo <<<WSDL
75<?xml version ="1.0" encoding ="UTF-8" ?>
76<definitions name="LogoutNotification"
77 targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
78 xmlns:notify="urn:mace:shibboleth:2.0:sp:notify"
79 xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
80 xmlns="http://schemas.xmlsoap.org/wsdl/">
81
82 <types>
83 <schema targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
84 xmlns="http://www.w3.org/2000/10/XMLSchema"
85 xmlns:notify="urn:mace:shibboleth:2.0:sp:notify">
86
87 <simpleType name="string">
88 <restriction base="string">
89 <minLength value="1"/>
90 </restriction>
91 </simpleType>
92
93 <element name="OK" type="notify:OKType"/>
94 <complexType name="OKType">
95 <sequence/>
96 </complexType>
97
98 </schema>
99 </types>
100
101 <message name="getLogoutNotificationRequest">
102 <part name="SessionID" type="notify:string" />
103 </message>
104
105 <message name="getLogoutNotificationResponse" >
106 <part name="OK"/>
107 </message>
108
109 <portType name="LogoutNotificationPortType">
110 <operation name="LogoutNotification">
111 <input message="getLogoutNotificationRequest"/>
112 <output message="getLogoutNotificationResponse"/>
113 </operation>
114 </portType>
115
116 <binding name="LogoutNotificationBinding" type="notify:LogoutNotificationPortType">
117 <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
118 <operation name="LogoutNotification">
119 <soap:operation soapAction="urn:xmethods-logout-notification#LogoutNotification"/>
120 </operation>
121 </binding>
122
123 <service name="LogoutNotificationService">
124 <port name="LogoutNotificationPort" binding="notify:LogoutNotificationBinding">
125 <soap:address location="{$url}"/>
126 </port>
127 </service>
128</definitions>
129WSDL;
130 exit;
131}
132
133/******************************************************************************/
135function LogoutNotification($SessionID) {
136
137 // Delete session of user using $SessionID to locate the user's session file
138 // on the file system or in the database
139 // Then delete this entry or record to clear the session
140 // However, for that to work it is essential that the user's Shibboleth
141 // SessionID is stored in the user session data!
142
143 global $ilDB;
144
145 $q = "SELECT session_id, data FROM usr_session WHERE expires > 'NOW()'";
146 $r = $ilDB->query($q);
147
148 while ($session_entry = $r->fetchRow(DB_FETCHMODE_ASSOC)) {
149
150 $user_session = unserializesession($session_entry['data']);
151
152 // Look for session with matching Shibboleth session id
153 // and then delete this ilias session
154 foreach ($user_session as $user_session_entry) {
155 if (is_array($user_session_entry)
156 && array_key_exists('shibboleth_session_id', $user_session_entry)
157 && $user_session_entry['shibboleth_session_id'] == $SessionID
158 ) {
159
160 // Delete this session entry
161 if (ilSession::_destroy($session_entry['session_id']) !== true) {
162 return new SoapFault('LogoutError', 'Could not delete session entry in database.');
163 }
164 }
165 }
166 }
167 // If no SoapFault is returned, all is fine
168}
169
170/******************************************************************************/
171// Deserializes session data and returns it in a hash array of arrays
172function unserializesession($serialized_string) {
173 $variables = array();
174 $a = preg_split("/(\w+)\|/", $serialized_string, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
175 for ($i = 0; $i < count($a); $i = $i + 2) {
176 $variables[$a[$i]] = unserialize($a[$i + 1]);
177 }
178
179 return ($variables);
180}
181
182?>
$_GET["client_id"]
const DB_FETCHMODE_ASSOC
Definition: class.ilDB.php:10
static init($a_type)
Init context by type.
const CONTEXT_SOAP
static initILIAS()
ilias initialisation
static _destroy($a_session_id, $a_closing_context=null, $a_expired_at=null)
Destroy session.
static redirect($a_script)
http redirect to other script
$server
global $HTTP_RAW_POST_DATA
$r
Definition: example_031.php:79
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
exit
Definition: login.php:54
echo;exit;}function LogoutNotification($SessionID) { global $ilDB; $q="SELECT session_id, data FROM usr_session WHERE expires > (\w+)\|/" $serialized_string
echo;exit;}function LogoutNotification($SessionID) { global $ilDB; $q="SELECT session_id, data FROM usr_session WHERE expires > (\w+)\|/" PREG_SPLIT_NO_EMPTY PREG_SPLIT_DELIM_CAPTURE
$url
Definition: shib_logout.php:72
global $ilDB
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']