search

deanbowles / drupalauth

Automatically exported from code.google.com/p/drupalauth
0 stars 0 forks source link

Redirect after logout #17

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
The issue is that when passing a return to param to the logout() method, the 
param is not used.

Here is working code to make that work, the code usses snippets from the drupal 
redirect logout module.

drupalauth4ssp.module
// implements hook_user_logout()
function drupalauth4ssp_user_logout($account) {
  // Get the configuration information from SimpleSAMLphp
  $sspConfig = _drupalauth4ssp_get_simplesamlphp_config();

  // If we don't have configuration, exit without doing anything
  if (!is_array($sspConfig)) {
    // The least we can do is write something to the watchdog so someone will know what's happening.
    watchdog('drupalauth4ssp', 'Could not use drupalauth for %name, could not get the SimpleSAMLphp configuration.', array('%name' => $user->name));
    return;
  }

  // Delete the cookie
  setcookie($sspConfig['cookie_name'], "", time() - 3600 , $sspConfig['baseurlpath']);

  // if the ReturnTo URL is present, send the user to the URL
  if (isset($_GET['ReturnTo']) && $_GET['ReturnTo']) {
    $destination = &drupal_static(__FUNCTION__);
    $destination = $_GET['ReturnTo'];
  }
}

/**
 * Implements hook_drupal_goto_alter().
 */
function drupalauth4ssp_drupal_goto_alter(&$path, &$options, 
&$http_response_code) {
  $destination = &drupal_static('drupalauth4ssp_user_logout');
  if (!$path && $destination) {
    drupal_goto($destination);
  }
}

And here is the code change for External.php
    /**
     * This function is called when the user start a logout operation, for example
     * by logging out of a SP that supports single logout.
     *
     * @param array &$state  The logout state array.
     */
    public function logout(&$state) {
    assert('is_array($state)');

    if (!session_id()) {
      /* session_start not called before. Do it here. */
      session_start();
    }

    /*
     * In this example we simply remove the 'uid' from the session.
     */
    unset($_SESSION['uid']);

    // Added armor plating, just in case
    if (isset($_COOKIE[$this->cookie_name])) {
      setcookie($this->cookie_name, "", time() - 3600, $this->cookie_path);

    }

    if (isset($state['ReturnTo'])) {
      SimpleSAML_Utilities::redirect($this->drupal_logout_url, array(
        'ReturnTo' => $state['ReturnTo'],
      ));
    }
    else {
      /*
        * Redirect the user to the Drupal logout page
        */
      header('Location: ' . $this->drupal_logout_url);
    }
    die;
  }

Original issue reported on code.google.com by skrzype...@gmail.com on 16 May 2014 at 5:34

GoogleCodeExporter commented 9 years ago 
This code is golden. Now I have managed to successfully do a SLO initiated from 
the SP, logging out from all SPs and IdP and returning to SP where it was 
initiated. This should be included in the project.

Original comment by joonas.m...@wunderkraut.com on 19 Aug 2014 at 7:36

GoogleCodeExporter commented 9 years ago 
With these changes, it logs out from the SP but not from the IdP site, while 
the browser remains on the SP (what I want). Without these changes, it logs out 
from both but the browser goes to the IdP (what I do not want). Both sites are 
Drupal 7 sites. Is there a way to get logged out from both with the browser 
remaining on the SP?

Original comment by peter.ha...@gmail.com on 21 Feb 2015 at 10:44

GoogleCodeExporter commented 9 years ago 
"unset($_SESSION['uid']);" often causes a warning: "Undefined variable: 
_SESSION in sspmod_drupalauth_Auth_Source_External->logout() ...". Check if set:

if (isset($_SESSION['uid'])) {
   unset($_SESSION['uid']);
}

Original comment by peter.ha...@gmail.com on 21 Feb 2015 at 10:50

GoogleCodeExporter commented 9 years ago 
Yesterday, I wrote (in #2): "With these changes, it logs out from the SP but 
not from the IdP site, while the browser remains on the SP." Having considered 
it, I think this is the required behaviour as more SPs can be linked to the 
same IdP, therefore it would be bad to log out from the IdP too.

Original comment by peter.ha...@gmail.com on 22 Feb 2015 at 8:43

GoogleCodeExporter commented 9 years ago 
For me it logs out from the IdP also and sends the logout request to all active 
SPs. I think that's how it's supposed to work, if user would logout only from 
one SP, it would be easy to forget another SP active. If the user doesn't want 
to logout from IdP he can just close the browser window of the SP, leaving the 
IdP and all other SPs active.

Original comment by joonas.m...@wunderkraut.com on 23 Feb 2015 at 8:08

GoogleCodeExporter commented 9 years ago 
Re #5: How do you reach that? Did you change the code further?

Original comment by peter.ha...@gmail.com on 23 Feb 2015 at 9:22

GoogleCodeExporter commented 9 years ago 
The above code worked for us.  After applying the code, when I logout from an 
SP, I get logged out from Drupal and all the other SPs. Thanks a lot for the 
code.

We also needed IDP initated logout support; i.e. whenever I logout from Drupal, 
I should get logged out from all the other SPs.  I have extended the above code 
to add support for IDP initiated logout.  I have attached a patch that contains 
the changes for drupalauth SimpleSAMLPHP module.

Instead of changing the drupalauth4ssp Drupal module, I have added the 
necessary Drupal code in a custom module.  This code is inside the second 
attachment.

Thanks,
Adnan

Original comment by work.ad...@gmail.com on 8 Apr 2015 at 12:18

Attachments: