Closed MartinPhoenix closed 1 year ago
The isAuthenticated method of SimpleSAMLphp allows to check if there is an active session on the simpleSAMLphp SP side.
This toolkit does not has a state/session. After validate the SAMLResponse you extract the user data and you decide what to do with it, you can open a session on PHP and then all you need to do to check if the user is authenticated is to check for such active session.
Is there any way that if I log out from an external SP, when I log in to this SP with OneLogin I can check if there is a session in the SSO and thus clear all session variables?
Why dont you implement Single Logout at your PHP app so if the user close the session at the IdP or at another SP with SLO, the session is also removed from the PHP app?
Understood @pitbulk, thank you very much!
I would like to know if, somehow, it is possible to check the user's auth directly from a method and without making a POST request. Like SimpleSAMLphp isAuthenticated without such a request.
As of today a query to $_SESSION would not work for me as I am trying to make a query when loggingout from another SP.
Best regards,