ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
shib_logout.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 // Just for debugging the WSDL part
5 ini_set("soap.wsdl_cache_enabled", "0"); // disabling WSDL cache
6 
16 // Requirements:
17 // PHP 5 with SOAP support (should be available in default deployment)
18 
19 // Front channel logout
20 
21 // Note: Generally the back-channel logout should be used once the Shibboleth
22 // Identity Provider supports Single Log Out!
23 // Front-channel logout is not of much use.
24 
25 if (isset($_GET['return']) && isset($_GET['action']) && $_GET['action'] == 'logout') {
26 
27  // Load all the IILIAS stuff
28  require_once "include/inc.header.php";
29 
30  // Logout out user from application
31  // Destroy application session/cookie etc
32  $GLOBALS['ilAuth']->logout();
33 
34  // Finally, send user to the return URL
35  ilUtil::redirect($_GET['return']);
36 }
37 
38 // Back channel logout //
39 
40 // Note: This is the preferred logout channel because it also allows
41 // administrative logout. However, it requires your application to be
42 // adapated in the sense that the user's Shibboleth session ID must be
43 // stored in the application's session data.
44 // See function LogoutNotification below
45 
46 elseif (!empty($HTTP_RAW_POST_DATA)) {
47 
48  include_once "Services/Context/classes/class.ilContext.php";
49  ilContext::init(ilContext::CONTEXT_SOAP);
50 
51  // Load ILIAS libraries and initialise ILIAS in non-web context
52  require_once("Services/Init/classes/class.ilInitialisation.php");
53  ilInitialisation::initILIAS();
54 
55  // Set SOAP header
56  $server = new SoapServer('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '/LogoutNotification.wsdl');
57  $server->addFunction("LogoutNotification");
58  $server->handle();
59 }
60 
61 // Return WSDL
62 
63 // Note: This is needed for the PHP SoapServer class.
64 // Since I'm not a web service guru it might be that the code below is not
65 // absolutely correct but at least it seems to to its job properly when it
66 // comes to Shibboleth logout
67 
68 else {
69 
70  header('Content-Type: text/xml');
71 
72  $url = filter_var("https://{$_SERVER['HTTP_HOST']}/shib_logout.php", FILTER_SANITIZE_URL);
73 
74  echo <<<WSDL
75 <?xml version ="1.0" encoding ="UTF-8" ?>
76 <definitions name="LogoutNotification"
77  targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
78  xmlns:notify="urn:mace:shibboleth:2.0:sp:notify"
79  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
80  xmlns="http://schemas.xmlsoap.org/wsdl/">
81 
82  <types>
83  <schema targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
84  xmlns="http://www.w3.org/2000/10/XMLSchema"
85  xmlns:notify="urn:mace:shibboleth:2.0:sp:notify">
86 
87  <simpleType name="string">
88  <restriction base="string">
89  <minLength value="1"/>
90  </restriction>
91  </simpleType>
92 
93  <element name="OK" type="notify:OKType"/>
94  <complexType name="OKType">
95  <sequence/>
96  </complexType>
97 
98  </schema>
99  </types>
100 
101  <message name="getLogoutNotificationRequest">
102  <part name="SessionID" type="notify:string" />
103  </message>
104 
105  <message name="getLogoutNotificationResponse" >
106  <part name="OK"/>
107  </message>
108 
109  <portType name="LogoutNotificationPortType">
110  <operation name="LogoutNotification">
111  <input message="getLogoutNotificationRequest"/>
112  <output message="getLogoutNotificationResponse"/>
113  </operation>
114  </portType>
115 
116  <binding name="LogoutNotificationBinding" type="notify:LogoutNotificationPortType">
117  <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
118  <operation name="LogoutNotification">
119  <soap:operation soapAction="urn:xmethods-logout-notification#LogoutNotification"/>
120  </operation>
121  </binding>
122 
123  <service name="LogoutNotificationService">
124  <port name="LogoutNotificationPort" binding="notify:LogoutNotificationBinding">
125  <soap:address location="{$url}"/>
126  </port>
127  </service>
128 </definitions>
129 WSDL;
130  exit;
131 }
132 
133 /******************************************************************************/
135 function LogoutNotification($SessionID) {
136 
137  // Delete session of user using $SessionID to locate the user's session file
138  // on the file system or in the database
139  // Then delete this entry or record to clear the session
140  // However, for that to work it is essential that the user's Shibboleth
141  // SessionID is stored in the user session data!
142 
143  global $ilDB;
144 
145  $q = "SELECT session_id, data FROM usr_session WHERE expires > 'NOW()'";
146  $r = $ilDB->query($q);
147 
148  while ($session_entry = $r->fetchRow(DB_FETCHMODE_ASSOC)) {
149 
150  $user_session = unserializesession($session_entry['data']);
151 
152  // Look for session with matching Shibboleth session id
153  // and then delete this ilias session
154  foreach ($user_session as $user_session_entry) {
155  if (is_array($user_session_entry)
156  && array_key_exists('shibboleth_session_id', $user_session_entry)
157  && $user_session_entry['shibboleth_session_id'] == $SessionID
158  ) {
159 
160  // Delete this session entry
161  if (ilSession::_destroy($session_entry['session_id']) !== true) {
162  return new SoapFault('LogoutError', 'Could not delete session entry in database.');
163  }
164  }
165  }
166  }
167  // If no SoapFault is returned, all is fine
168 }
169 
170 /******************************************************************************/
171 // Deserializes session data and returns it in a hash array of arrays
172 function unserializesession($serialized_string) {
173  $variables = array();
174  $a = preg_split("/(\w+)\|/", $serialized_string, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
175  for ($i = 0; $i < count($a); $i = $i + 2) {
176  $variables[$a[$i]] = unserialize($a[$i + 1]);
177  }
178 
179  return ($variables);
180 }
181 
182 ?>
ilSession\_destroy
static _destroy($a_session_id, $a_closing_context=null, $a_expired_at=null)
Destroy session.
Definition: class.ilSession.php:174
exit
exit
Definition: login.php:54
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
style
"color:#CC0000 style
Definition: example_001.php:92
$HTTP_RAW_POST_DATA
global $HTTP_RAW_POST_DATA
Definition: dummy_server.php:35
$url
$url
Definition: shib_logout.php:72
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:860
DB_FETCHMODE_ASSOC
const DB_FETCHMODE_ASSOC
Definition: class.ilDB.php:10
ilContext\init
static init($a_type)
Init context by type.
Definition: class.ilContext.php:39
$server
$server
Definition: dummy_client.php:12
unserializesession
while($session_entry=$r->fetchRow(DB_FETCHMODE_ASSOC)) unserializesession($serialized_string)
Definition: shib_logout.php:172
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
ilContext\CONTEXT_SOAP
const CONTEXT_SOAP
Definition: class.ilContext.php:22
ilUtil\redirect
static redirect($a_script)
http redirect to other script
Definition: class.ilUtil.php:3635
$r
$r
Definition: shib_logout.php:146