app/config/security.yml

@@ -4,7 +4,7 @@ security:
             pattern:   ^/api/doc
             anonymous: ~
         anonymous_auth:
-            pattern:    ^/auth/(login|config)
+            pattern:    ^/auth/(login|config|logout)
             anonymous: ~
         authenticated_auth:
             pattern:    ^/auth

src/Ilios/AuthenticationBundle/Controller/AuthenticationController.php

@@ -70,4 +70,21 @@ public function tokenAction(Request $request)
 
         return new JsonResponse(array('jwt' => null), JsonResponse::HTTP_OK);
     }
+
+    /**
+     * Logout
+     * Passes off the task of logout to the service selected by the config
+     * option authentication_type.
+     *
+     * @param Request $request
+     *
+     * @return JsonResponse
+     */
+    public function logoutAction(Request $request)
+    {
+        $authenticator = $this->container->get('ilios_authentication.authenticator');
+
+        return $authenticator->logout($request);
+
+    }
 }

src/Ilios/AuthenticationBundle/Resources/config/routing.yml

@@ -4,6 +4,9 @@ ilios_authentication.config:
 ilios_authentication.login:
     path:     /login
     defaults: { _controller: IliosAuthenticationBundle:Authentication:login }
+ilios_authentication.logout:
+    path:     /logout
+    defaults: { _controller: IliosAuthenticationBundle:Authentication:logout }
 ilios_authentication.whoami:
     path:     /whoami
     defaults: { _controller: IliosAuthenticationBundle:Authentication:whoami }

src/Ilios/AuthenticationBundle/Service/AuthenticationInterface.php

@@ -14,4 +14,12 @@ interface AuthenticationInterface
      * @return JsonResponse
      */
     public function login(Request $request);
+
+    /**
+     * Logout a user based on a Request and return some status
+     * @param Request $request
+     *
+     * @return JsonResponse
+     */
+    public function logout(Request $request);
 }

src/Ilios/AuthenticationBundle/Service/FormAuthentication.php

@@ -96,6 +96,19 @@ public function login(Request $request)
             'jwt' => null,
         ), JsonResponse::HTTP_BAD_REQUEST);
     }
+
+    /**
+     * Logout a user
+     * @param Request $request
+     *
+     * @return JsonResponse
+     */
+    public function logout(Request $request)
+    {
+        return new JsonResponse(array(
+            'status' => 'success'
+        ), JsonResponse::HTTP_OK);
+    }
 
     /**
      * Update users to the new password encoding when they login

src/Ilios/AuthenticationBundle/Service/LdapAuthentication.php

@@ -100,6 +100,19 @@ public function login(Request $request)
             'jwt' => null,
         ), JsonResponse::HTTP_BAD_REQUEST);
     }
+
+    /**
+     * Logout a user
+     * @param Request $request
+     *
+     * @return JsonResponse
+     */
+    public function logout(Request $request)
+    {
+        return new JsonResponse(array(
+            'status' => 'success'
+        ), JsonResponse::HTTP_OK);
+    }
 
     /**
      * Check against ldap to see if the user is valid

src/Ilios/AuthenticationBundle/Service/ShibbolethAuthentication.php

@@ -86,4 +86,21 @@ public function login(Request $request)
 
         return $this->createSuccessResponseFromJWT($jwt);
     }
+
+    /**
+     * Logout a user
+     * @param Request $request
+     *
+     * @return JsonResponse
+     */
+    public function logout(Request $request)
+    {
+        $url = $request->getSchemeAndHttpHost();
+        $logoutUrl = $url . '/Shibboleth.sso/Logout';
+        return new JsonResponse(array(
+            'status' => 'redirect',
+            'logoutUrl' => $logoutUrl
+
+        ), JsonResponse::HTTP_OK);
+    }
 }