====== Hilfsskripte ====== Alle hier aufgeführten Skripte sind beispielhaft und müssen ggf. angepasst werden. ===== checker.php ===== Sorgt für den notwendigen zusätzlichen Request beim SessionHook. ===== initsess.php ===== ===== logoutnotify.php ===== Dieses Skript [[de:shibslohttpd:removallogout|entfernt die Anwendungs-Session]] via Back-Channel und die Cookies via Front-Channel. * * * So we do this and implement on front channel only the destruction for the application cookies an * on back channel the destruction for the application session an the removal of database / memcached - entries * from the shibshecker RewriteMap in our apache configuration. * * The connection parameters to the shibcheckerdb / memcached are set in function LogoutNotification. */ ////////////////////////// // Front channel logout // ////////////////////////// // Note: Generally the back-channel logout should be used once the Shibboleth // Identity Provider supports Single Log Out! // Front-channel logout is not of much use. if ( isset($_GET['return']) && isset($_GET['action']) && $_GET['action'] == 'logout' ){ //Only destroy application cookie via front channel and destroy the application session via back channel // Destroy PHP-session-cookie cookie if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } // Finally, send user to the return URL header('Location: '.$_GET['return']); exit; } ///////////////////////// // Back channel logout // ///////////////////////// // Note: This is the preferred logout channel because it also allows // administrative logout. However, it requires your application to be // adapated in the sense that the user's Shibboleth session ID must be // stored in the application's session data. // See function LogoutNotification below elseif (!empty(file_get_contents("php://input"))) { // Set SOAP header $server = new SoapServer('https://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'/LogoutNotification.wsdl'); $server->addFunction("LogoutNotification"); $server->handle(); } ///////////////// // Return WSDL // ///////////////// // Note: This is needed for the PHP SoapServer class. // Since I'm not a web service guru it might be that the code below is not // absolutely correct but at least it seems to to its job properly when it // comes to Shibboleth logout else { header('Content-Type: text/xml'); echo << WSDL; exit; } /******************************************************************************/ /// This function does the actual logout function LogoutNotification($SessionID){ // Delete session of user using $SessionID to locate the user's session file // on the file system or in the database // Then delete this entry or record to clear the session // However, for that to work it is essential that the user's Shibboleth // SessionID is stored in the user session data! //connection parameters to memcached $mcsrv="127.0.0.1"; $mcport="11211"; $mc=new Memcache; $mc->connect($mcsrv,$mcport); //get the application session id $appsessionid = $mc->get($SessionID); //remove $ret = $mc-> delete($SessionID); $ret = $mc-> delete($appsessionid); if ($appsessionid == false) { $appsessionid = ""; } //Connect to the application session (PHP Session) session_id($appsessionid); session_start(); //and destroy $_SESSION = array(); session_destroy(); } ?> ===== remsess.php ===== . Copyright 2015 Frank Schreiterer, University of Bamberg, Computing Centre */ function removeMemcached($destid) { $mcsrv="127.0.0.1"; $mcport="11211"; $mc=new Memcache; $mc->connect($mcsrv,$mcport); $stats = $mc->getExtendedStats(); $list = array(); #memcached auslesen und bei passendem Wert den Key entfernen $allSlabs = $mc->getExtendedStats('slabs'); $items = $mc->getExtendedStats('items'); foreach($allSlabs as $server => $slabs) { foreach($slabs AS $slabId => $slabMeta) { if (is_numeric($slabId)) { $cdump = $mc->getExtendedStats('cachedump',(int)$slabId); foreach($cdump AS $keys => $arrVal) { if (!is_array($arrVal)) continue; foreach($arrVal AS $k => $v) { $get = $mc->get($k); if ($get == $destid) { $ret = $mc->delete($k); } } } } } } #und bei mixedLazy den Sicherungseintrag zur destid $ret = $mc->delete($destid); $mc->close(); } #eine böse Anwendungs-Session-ID zerstören if (isset($_REQUEST['appsid'])) { $destid = $_REQUEST['appsid']; if ($destid != "") { session_id($destid); removeMemcached($destid); session_start(); session_destroy(); } } session_start(); $serverurl="https://".$_SERVER['SERVER_NAME']; if (isset($_REQUEST['shibloggedoff'])) { $shiblogoff = $_REQUEST['shibloggedoff']; if ($shiblogoff == "true") { echo "Sie wurden abgemeldet.

Erneut anmelden
"; } } else { $destid = session_id(); removeMemcached($destid); $url="$serverurl/Shibboleth.sso/Logout?return=$serverurl/PATH/TO/remsess.php?shibloggedoff=true"; header('Location: '.$url); } session_destroy(); #SessionCookie löschen setcookie(session_name(),"",time() -3600,"/"); ?>