Skip to content
Permalink
Browse files Browse the repository at this point in the history
[FIX] 22982: target url
  • Loading branch information
chfsx committed Apr 27, 2018
1 parent 3fe6aa7 commit c9c9211
Showing 1 changed file with 38 additions and 41 deletions.
79 changes: 38 additions & 41 deletions shib_logout.php
Expand Up @@ -5,36 +5,32 @@
ini_set("soap.wsdl_cache_enabled", "0"); // disabling WSDL cache

/**
* Shibboleth login script for ilias
*
* $Id: shib_login.php 15434 2007-11-27 09:02:01Z smeyer $
* @author Lukas Haemmerle <haemmerle@switch.ch>
* @package ilias-layout
*/
* Shibboleth login script for ilias
*
* $Id: shib_login.php 15434 2007-11-27 09:02:01Z smeyer $
*
* @author Lukas Haemmerle <haemmerle@switch.ch>
* @package ilias-layout
*/

// Requirements:
// PHP 5 with SOAP support (should be available in default deployment)


// Front channel logout

// Note: Generally the back-channel logout should be used once the Shibboleth
// Identity Provider supports Single Log Out!
// Front-channel logout is not of much use.

if (
isset($_GET['return'])
&& isset($_GET['action'])
&& $_GET['action'] == 'logout'
){

if (isset($_GET['return']) && isset($_GET['action']) && $_GET['action'] == 'logout') {

// Load all the IILIAS stuff
require_once "include/inc.header.php";

// Logout out user from application
// Destroy application session/cookie etc
$GLOBALS['DIC']['ilAuthSession']->logout();

// Finally, send user to the return URL
ilUtil::redirect($_GET['return']);
}
Expand All @@ -48,16 +44,16 @@
// See function LogoutNotification below

elseif (!empty($HTTP_RAW_POST_DATA)) {

include_once "Services/Context/classes/class.ilContext.php";
ilContext::init(ilContext::CONTEXT_SOAP);

// Load ILIAS libraries and initialise ILIAS in non-web context
require_once("Services/Init/classes/class.ilInitialisation.php");
ilInitialisation::initILIAS();

// Set SOAP header
$server = new SoapServer('https://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'/LogoutNotification.wsdl');
$server = new SoapServer('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '/LogoutNotification.wsdl');
$server->addFunction("LogoutNotification");
$server->handle();
}
Expand All @@ -73,6 +69,8 @@

header('Content-Type: text/xml');

$url = filter_var("https://{$_SERVER['HTTP_HOST']}/shib_logout.php", FILTER_SANITIZE_URL);

echo <<<WSDL
<?xml version ="1.0" encoding ="UTF-8" ?>
<definitions name="LogoutNotification"
Expand Down Expand Up @@ -124,62 +122,61 @@
<service name="LogoutNotificationService">
<port name="LogoutNotificationPort" binding="notify:LogoutNotificationBinding">
<soap:address location="https://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}"/>
<soap:address location="{$url}"/>
</port>
</service>
</definitions>
WSDL;
exit;

}

/******************************************************************************/
/// This function does the actual logout
function LogoutNotification($SessionID){
function LogoutNotification($SessionID) {

// Delete session of user using $SessionID to locate the user's session file
// on the file system or in the database
// Then delete this entry or record to clear the session
// However, for that to work it is essential that the user's Shibboleth
// SessionID is stored in the user session data!

global $ilDB;

$q = "SELECT session_id, data FROM usr_session WHERE expires > 'NOW()'";
$r = $ilDB->query($q);
while($session_entry = $r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)){

while ($session_entry = $r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {

$user_session = unserializesession($session_entry['data']);

// Look for session with matching Shibboleth session id
// and then delete this ilias session
foreach($user_session as $user_session_entry){
if (
is_array($user_session_entry)
foreach ($user_session as $user_session_entry) {
if (is_array($user_session_entry)
&& array_key_exists('shibboleth_session_id', $user_session_entry)
&& $user_session_entry['shibboleth_session_id'] == $SessionID){

&& $user_session_entry['shibboleth_session_id'] == $SessionID
) {

// Delete this session entry
if (ilSession::_destroy($session_entry['session_id']) !== true){
if (ilSession::_destroy($session_entry['session_id']) !== true) {
return new SoapFault('LogoutError', 'Could not delete session entry in database.');
}
}
}
}

// If no SoapFault is returned, all is fine
}

/******************************************************************************/
// Deserializes session data and returns it in a hash array of arrays
function unserializesession( $serialized_string ){
$variables = array( );
$a = preg_split( "/(\w+)\|/", $serialized_string, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE );
for( $i = 0; $i < count( $a ); $i = $i+2 ) {
$variables[$a[$i]] = unserialize( $a[$i+1] );
function unserializesession($serialized_string) {
$variables = array();
$a = preg_split("/(\w+)\|/", $serialized_string, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);
for ($i = 0; $i < count($a); $i = $i + 2) {
$variables[$a[$i]] = unserialize($a[$i + 1]);
}
return( $variables );

return ($variables);
}

?>

0 comments on commit c9c9211

Please sign in to comment.