====== Hilfsskripte ======
Alle hier aufgeführten Skripte sind beispielhaft und müssen ggf. angepasst werden.
===== checker.php =====
Sorgt für den notwendigen zusätzlichen Request beim SessionHook.
===== initsess.php =====
===== logoutnotify.php =====
Dieses Skript [[de:shibslohttpd:removallogout|entfernt die Anwendungs-Session]] via Back-Channel und die Cookies via Front-Channel.
*
*
* So we do this and implement on front channel only the destruction for the application cookies an
* on back channel the destruction for the application session an the removal of database / memcached - entries
* from the shibshecker RewriteMap in our apache configuration.
*
* The connection parameters to the shibcheckerdb / memcached are set in function LogoutNotification.
*/
//////////////////////////
// Front channel logout //
//////////////////////////
// Note: Generally the back-channel logout should be used once the Shibboleth
// Identity Provider supports Single Log Out!
// Front-channel logout is not of much use.
if (
isset($_GET['return'])
&& isset($_GET['action'])
&& $_GET['action'] == 'logout'
){
//Only destroy application cookie via front channel and destroy the application session via back channel
// Destroy PHP-session-cookie cookie
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
// Finally, send user to the return URL
header('Location: '.$_GET['return']);
exit;
}
/////////////////////////
// Back channel logout //
/////////////////////////
// Note: This is the preferred logout channel because it also allows
// administrative logout. However, it requires your application to be
// adapated in the sense that the user's Shibboleth session ID must be
// stored in the application's session data.
// See function LogoutNotification below
elseif (!empty(file_get_contents("php://input"))) {
// Set SOAP header
$server = new SoapServer('https://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'/LogoutNotification.wsdl');
$server->addFunction("LogoutNotification");
$server->handle();
}
/////////////////
// Return WSDL //
/////////////////
// Note: This is needed for the PHP SoapServer class.
// Since I'm not a web service guru it might be that the code below is not
// absolutely correct but at least it seems to to its job properly when it
// comes to Shibboleth logout
else {
header('Content-Type: text/xml');
echo <<
WSDL;
exit;
}
/******************************************************************************/
/// This function does the actual logout
function LogoutNotification($SessionID){
// Delete session of user using $SessionID to locate the user's session file
// on the file system or in the database
// Then delete this entry or record to clear the session
// However, for that to work it is essential that the user's Shibboleth
// SessionID is stored in the user session data!
//connection parameters to memcached
$mcsrv="127.0.0.1";
$mcport="11211";
$mc=new Memcache;
$mc->connect($mcsrv,$mcport);
//get the application session id
$appsessionid = $mc->get($SessionID);
//remove
$ret = $mc-> delete($SessionID);
$ret = $mc-> delete($appsessionid);
if ($appsessionid == false) {
$appsessionid = "";
}
//Connect to the application session (PHP Session)
session_id($appsessionid);
session_start();
//and destroy
$_SESSION = array();
session_destroy();
}
?>
===== remsess.php =====
.
Copyright 2015 Frank Schreiterer, University of Bamberg, Computing Centre
*/
function removeMemcached($destid) {
$mcsrv="127.0.0.1";
$mcport="11211";
$mc=new Memcache;
$mc->connect($mcsrv,$mcport);
$stats = $mc->getExtendedStats();
$list = array();
#memcached auslesen und bei passendem Wert den Key entfernen
$allSlabs = $mc->getExtendedStats('slabs');
$items = $mc->getExtendedStats('items');
foreach($allSlabs as $server => $slabs) {
foreach($slabs AS $slabId => $slabMeta) {
if (is_numeric($slabId)) {
$cdump = $mc->getExtendedStats('cachedump',(int)$slabId);
foreach($cdump AS $keys => $arrVal) {
if (!is_array($arrVal)) continue;
foreach($arrVal AS $k => $v) {
$get = $mc->get($k);
if ($get == $destid) {
$ret = $mc->delete($k);
}
}
}
}
}
}
#und bei mixedLazy den Sicherungseintrag zur destid
$ret = $mc->delete($destid);
$mc->close();
}
#eine böse Anwendungs-Session-ID zerstören
if (isset($_REQUEST['appsid'])) {
$destid = $_REQUEST['appsid'];
if ($destid != "") {
session_id($destid);
removeMemcached($destid);
session_start();
session_destroy();
}
}
session_start();
$serverurl="https://".$_SERVER['SERVER_NAME'];
if (isset($_REQUEST['shibloggedoff'])) {
$shiblogoff = $_REQUEST['shibloggedoff'];
if ($shiblogoff == "true") {
echo "Sie wurden abgemeldet.