ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
shib_logout.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4// Just for debugging the WSDL part
5ini_set("soap.wsdl_cache_enabled", "0"); // disabling WSDL cache
6
16// Requirements:
17// PHP 5 with SOAP support (should be available in default deployment)
18
19// Front channel logout
20
21// Note: Generally the back-channel logout should be used once the Shibboleth
22// Identity Provider supports Single Log Out!
23// Front-channel logout is not of much use.
24
25if (isset($_GET['return']) && isset($_GET['action']) && $_GET['action'] == 'logout') {
26
27 // Load all the IILIAS stuff
28 require_once "include/inc.header.php";
29
30 // Logout out user from application
31 // Destroy application session/cookie etc
32 $GLOBALS['DIC']['ilAuthSession']->logout();
33
34 // Finally, send user to the return URL
35 ilUtil::redirect($_GET['return']);
36}
37
38// Back channel logout //
39
40// Note: This is the preferred logout channel because it also allows
41// administrative logout. However, it requires your application to be
42// adapated in the sense that the user's Shibboleth session ID must be
43// stored in the application's session data.
44// See function LogoutNotification below
45
46elseif (!empty($HTTP_RAW_POST_DATA)) {
47 include_once "Services/Context/classes/class.ilContext.php";
48 ilContext::init(ilContext::CONTEXT_SOAP);
49
50 // Load ILIAS libraries and initialise ILIAS in non-web context
51 require_once("Services/Init/classes/class.ilInitialisation.php");
52 ilInitialisation::initILIAS();
53
54 // Set SOAP header
55 $server = new SoapServer('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '/LogoutNotification.wsdl');
56 $server->addFunction("LogoutNotification");
57 $server->handle();
58}
59
60// Return WSDL
61
62// Note: This is needed for the PHP SoapServer class.
63// Since I'm not a web service guru it might be that the code below is not
64// absolutely correct but at least it seems to to its job properly when it
65// comes to Shibboleth logout
66
67else {
68 header('Content-Type: text/xml');
69
70 $url = filter_var("https://{$_SERVER['HTTP_HOST']}/shib_logout.php", FILTER_SANITIZE_URL);
71
72 echo <<<WSDL
73<?xml version ="1.0" encoding ="UTF-8" ?>
74<definitions name="LogoutNotification"
75 targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
76 xmlns:notify="urn:mace:shibboleth:2.0:sp:notify"
77 xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
78 xmlns="http://schemas.xmlsoap.org/wsdl/">
79
80 <types>
81 <schema targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
82 xmlns="http://www.w3.org/2000/10/XMLSchema"
83 xmlns:notify="urn:mace:shibboleth:2.0:sp:notify">
84
85 <simpleType name="string">
86 <restriction base="string">
87 <minLength value="1"/>
88 </restriction>
89 </simpleType>
90
91 <element name="OK" type="notify:OKType"/>
92 <complexType name="OKType">
93 <sequence/>
94 </complexType>
95
96 </schema>
97 </types>
98
99 <message name="getLogoutNotificationRequest">
100 <part name="SessionID" type="notify:string" />
101 </message>
102
103 <message name="getLogoutNotificationResponse" >
104 <part name="OK"/>
105 </message>
106
107 <portType name="LogoutNotificationPortType">
108 <operation name="LogoutNotification">
109 <input message="getLogoutNotificationRequest"/>
110 <output message="getLogoutNotificationResponse"/>
111 </operation>
112 </portType>
113
114 <binding name="LogoutNotificationBinding" type="notify:LogoutNotificationPortType">
115 <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
116 <operation name="LogoutNotification">
117 <soap:operation soapAction="urn:xmethods-logout-notification#LogoutNotification"/>
118 </operation>
119 </binding>
120
121 <service name="LogoutNotificationService">
122 <port name="LogoutNotificationPort" binding="notify:LogoutNotificationBinding">
123 <soap:address location="{$url}"/>
124 </port>
125 </service>
126</definitions>
127WSDL;
128 exit;
129}
130
131/******************************************************************************/
133function LogoutNotification($SessionID)
134{
135
136 // Delete session of user using $SessionID to locate the user's session file
137 // on the file system or in the database
138 // Then delete this entry or record to clear the session
139 // However, for that to work it is essential that the user's Shibboleth
140 // SessionID is stored in the user session data!
141
142 global $ilDB;
143
144 $q = "SELECT session_id, data FROM usr_session WHERE expires > 'NOW()'";
145 $r = $ilDB->query($q);
146
147 while ($session_entry = $r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
148 $user_session = unserializesession($session_entry['data']);
149
150 // Look for session with matching Shibboleth session id
151 // and then delete this ilias session
152 foreach ($user_session as $user_session_entry) {
153 if (is_array($user_session_entry)
154 && array_key_exists('shibboleth_session_id', $user_session_entry)
155 && $user_session_entry['shibboleth_session_id'] == $SessionID
156 ) {
157
158 // Delete this session entry
159 if (ilSession::_destroy($session_entry['session_id']) !== true) {
160 return new SoapFault('LogoutError', 'Could not delete session entry in database.');
161 }
162 }
163 }
164 }
165 // If no SoapFault is returned, all is fine
166}
167
168/******************************************************************************/
169// Deserializes session data and returns it in a hash array of arrays
170function unserializesession($serialized_string)
171{
172 $variables = array();
173 $a = preg_split("/(\w+)\|/", $serialized_string, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
174 for ($i = 0; $i < count($a); $i = $i + 2) {
175 $variables[$a[$i]] = unserialize($a[$i + 1]);
176 }
177
178 return ($variables);
179}
base
base()
Definition: base.php:2
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
php
An exception for terminatinating execution or to throw for unit testing.
ilContext\init
static init($a_type)
Init context by type.
Definition: class.ilContext.php:45
ilContext\CONTEXT_SOAP
const CONTEXT_SOAP
Definition: class.ilContext.php:23
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:949
ilSession\_destroy
static _destroy($a_session_id, $a_closing_context=null, $a_expired_at=null)
Destroy session.
Definition: class.ilSession.php:218
ilUtil\redirect
static redirect($a_script)
Definition: class.ilUtil.php:3353
$i
$i
Definition: disco.tpl.php:19
$HTTP_RAW_POST_DATA
global $HTTP_RAW_POST_DATA
Definition: dummy_server.php:35
$r
$r
Definition: example_031.php:79
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$server
$server
Definition: getUserInfo.php:12
PREG_SPLIT_DELIM_CAPTURE
echo;exit;}function LogoutNotification($SessionID){ global $ilDB;$q="SELECT session_id, data FROM usr_session WHERE expires > (\w+)\|/" PREG_SPLIT_NO_EMPTY PREG_SPLIT_DELIM_CAPTURE
Definition: shib_logout.php:173
$url
$url
Definition: shib_logout.php:70
$serialized_string
echo;exit;}function LogoutNotification($SessionID){ global $ilDB;$q="SELECT session_id, data FROM usr_session WHERE expires > (\w+)\|/" $serialized_string
Definition: shib_logout.php:173
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54