ILIAS  release_9 Revision v9.13-25-g2c18ec4c24f
shib_logout.php
Go to the documentation of this file.
1 <?php
2 /******************************************************************************
3  *
4  * This file is part of ILIAS, a powerful learning management system.
5  *
6  * ILIAS is licensed with the GPL-3.0, you should have received a copy
7  * of said license along with the source code.
8  *
9  * If this is not the case or you just want to try ILIAS, you'll find
10  * us at:
11  * https://www.ilias.de
12  * https://github.com/ILIAS-eLearning
13  *
14  *****************************************************************************/
16 require_once("libs/composer/vendor/autoload.php");
17 ilContext::init(ilContext::CONTEXT_SHIBBOLETH);
18 ilInitialisation::initILIAS();
19 global $DIC;
20 
21 $q = $DIC->http()->wrapper()->query();
22 if (
23  $q->has('return')
24  && $q->has('action')
25  && $q->retrieve('action', $DIC->refinery()->to()->string()) === 'logout'
26 ) {
27  ilInitialisation::initILIAS();
28  // Logout out user from application
29  // Destroy application session/cookie etc
30  $GLOBALS['DIC']['ilAuthSession']->logout();
31 
32  // Finally, send user to the return URL
33  ilUtil::redirect($q->retrieve('action', $DIC->refinery()->kindlyTo()->string()));
34 }
35 
36 // Back channel logout //
37 
38 // Note: This is the preferred logout channel because it also allows
39 // administrative logout. However, it requires your application to be
40 // adapated in the sense that the user's Shibboleth session ID must be
41 // stored in the application's session data.
42 // See function LogoutNotification below
43 
44 elseif (!empty($HTTP_RAW_POST_DATA)) {
45  ilContext::init(ilContext::CONTEXT_SOAP);
46 
47  // Load ILIAS libraries and initialise ILIAS in non-web context
48  ilInitialisation::initILIAS();
49 
50  // Set SOAP header
51  $server = new SoapServer('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '/LogoutNotification.wsdl');
52  $server->addFunction("LogoutNotification");
53  $server->handle();
54 }
55 
56 // Return WSDL
57 
58 // Note: This is needed for the PHP SoapServer class.
59 // Since I'm not a web service guru it might be that the code below is not
60 // absolutely correct but at least it seems to to its job properly when it
61 // comes to Shibboleth logout
62 
63 else {
64  header('Content-Type: text/xml');
65 
66  $url = filter_var("https://{$_SERVER['HTTP_HOST']}/shib_logout.php", FILTER_SANITIZE_URL);
67 
68  echo <<<WSDL
69 <?xml version ="1.0" encoding ="UTF-8" ?>
70 <definitions name="LogoutNotification"
71  targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
72  xmlns:notify="urn:mace:shibboleth:2.0:sp:notify"
73  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
74  xmlns="http://schemas.xmlsoap.org/wsdl/">
75 
76  <types>
77  <schema targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
78  xmlns="http://www.w3.org/2000/10/XMLSchema"
79  xmlns:notify="urn:mace:shibboleth:2.0:sp:notify">
80 
81  <simpleType name="string">
82  <restriction base="string">
83  <minLength value="1"/>
84  </restriction>
85  </simpleType>
86 
87  <element name="OK" type="notify:OKType"/>
88  <complexType name="OKType">
89  <sequence/>
90  </complexType>
91 
92  </schema>
93  </types>
94 
95  <message name="getLogoutNotificationRequest">
96  <part name="SessionID" type="notify:string" />
97  </message>
98 
99  <message name="getLogoutNotificationResponse" >
100  <part name="OK"/>
101  </message>
102 
103  <portType name="LogoutNotificationPortType">
104  <operation name="LogoutNotification">
105  <input message="getLogoutNotificationRequest"/>
106  <output message="getLogoutNotificationResponse"/>
107  </operation>
108  </portType>
109 
110  <binding name="LogoutNotificationBinding" type="notify:LogoutNotificationPortType">
111  <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
112  <operation name="LogoutNotification">
113  <soap:operation soapAction="urn:xmethods-logout-notification#LogoutNotification"/>
114  </operation>
115  </binding>
116 
117  <service name="LogoutNotificationService">
118  <port name="LogoutNotificationPort" binding="notify:LogoutNotificationBinding">
119  <soap:address location="{$url}"/>
120  </port>
121  </service>
122 </definitions>
123 WSDL;
124  exit;
125 }
126 
127 /******************************************************************************/
129 function LogoutNotification($SessionID)
130 {
131  // Delete session of user using $SessionID to locate the user's session file
132  // on the file system or in the database
133  // Then delete this entry or record to clear the session
134  // However, for that to work it is essential that the user's Shibboleth
135  // SessionID is stored in the user session data!
136 
137  global $ilDB;
138 
139  $q = "SELECT session_id, data FROM usr_session WHERE expires > 'NOW()'";
140  $r = $ilDB->query($q);
141 
142  while ($session_entry = $r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
143  $user_session = unserializesession($session_entry['data']);
144 
145  // Look for session with matching Shibboleth session id
146  // and then delete this ilias session
147  foreach ($user_session as $user_session_entry) {
148  if (is_array($user_session_entry)
149  && array_key_exists('shibboleth_session_id', $user_session_entry)
150  && $user_session_entry['shibboleth_session_id'] == $SessionID
151  ) {
152  // Delete this session entry
153  if (ilSession::_destroy($session_entry['session_id']) !== true) {
154  return new SoapFault('LogoutError', 'Could not delete session entry in database.');
155  }
156  }
157  }
158  }
159  // If no SoapFault is returned, all is fine
160 }
161 
162 /******************************************************************************/
163 // Deserializes session data and returns it in a hash array of arrays
164 function unserializesession($serialized_string)
165 {
166  $variables = array();
167  $a = preg_split("/(\w+)\|/", $serialized_string, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
168  for ($i = 0; $i < count($a); $i = $i + 2) {
169  $variables[$a[$i]] = unserialize($a[$i + 1]);
170  }
171 
172  return ($variables);
173 }
exit
exit
Definition: login.php:29
ilContext\CONTEXT_SHIBBOLETH
const CONTEXT_SHIBBOLETH
Definition: class.ilContext.php:45
$HTTP_RAW_POST_DATA
global $HTTP_RAW_POST_DATA
Definition: dummy_server.php:28
$url
$url
Definition: shib_logout.php:66
$DIC
global $DIC
Definition: shib_logout.php:19
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:1209
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:31
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:943
ilSession\_destroy
static _destroy($a_session_id, ?int $a_closing_context=null, $a_expired_at=null)
Destroy session.
Definition: class.ilSession.php:262
$server
$server
Definition: dummy_client.php:22
unserializesession
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) unserializesession($serialized_string)
Definition: shib_logout.php:164
ilContext\init
static init(string $a_type)
Init context by type.
Definition: class.ilContext.php:52
$q
$q
Definition: shib_logout.php:21
Vendor\Package\$a
$a
thx to https://mlocati.github.io/php-cs-fixer-configurator for the examples
Definition: example_cleaned.php:49
ilContext\CONTEXT_SOAP
const CONTEXT_SOAP
Definition: class.ilContext.php:34
$r
$r
Definition: shib_logout.php:140