* * * So we do this and implement on front channel only the destruction for the application cookies an * on back channel the destruction for the application session an the removal of database / memcached - entries * from the shibshecker RewriteMap in our apache configuration. * * The connection parameters to the shibcheckerdb / memcached are set in function LogoutNotification. */ ////////////////////////// // Front channel logout // ////////////////////////// // Note: Generally the back-channel logout should be used once the Shibboleth // Identity Provider supports Single Log Out! // Front-channel logout is not of much use. if ( isset($_GET['return']) && isset($_GET['action']) && $_GET['action'] == 'logout' ){ //Only destroy application cookie via front channel and destroy the application session via back channel // Destroy PHP-session-cookie cookie if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } // Finally, send user to the return URL header('Location: '.$_GET['return']); exit; } ///////////////////////// // Back channel logout // ///////////////////////// // Note: This is the preferred logout channel because it also allows // administrative logout. However, it requires your application to be // adapated in the sense that the user's Shibboleth session ID must be // stored in the application's session data. // See function LogoutNotification below elseif (!empty(file_get_contents("php://input"))) { // Set SOAP header $server = new SoapServer('https://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'/LogoutNotification.wsdl'); $server->addFunction("LogoutNotification"); $server->handle(); } ///////////////// // Return WSDL // ///////////////// // Note: This is needed for the PHP SoapServer class. // Since I'm not a web service guru it might be that the code below is not // absolutely correct but at least it seems to to its job properly when it // comes to Shibboleth logout else { header('Content-Type: text/xml'); echo <<

WSDL; exit; } /******************************************************************************/ /// This function does the actual logout function LogoutNotification($SessionID){ // Delete session of user using $SessionID to locate the user's session file // on the file system or in the database // Then delete this entry or record to clear the session // However, for that to work it is essential that the user's Shibboleth // SessionID is stored in the user session data! //connection parameters to memcached $mcsrv="127.0.0.1"; $mcport="11211"; $mc=new Memcache; $mc->connect($mcsrv,$mcport); //get the application session id $appsessionid = $mc->get($SessionID); //remove $ret = $mc-> delete($SessionID); $ret = $mc-> delete($appsessionid); if ($appsessionid == false) { $appsessionid = ""; } //Connect to the application session (PHP Session) session_id($appsessionid); session_start(); //and destroy $_SESSION = array(); session_destroy(); } ?>