This function logs the user out. It will never return. By default, it will cause a redirect to the current page
after logging the user out, but a different URL can be given with the $params parameter.
Generic parameters are:
- 'ReturnTo': The URL the user should be returned to after logout.
- 'ReturnCallback': The function that should be called after logout.
- 'ReturnStateParam': The parameter we should return the state in when redirecting.
- 'ReturnStateStage': The stage the state array should be saved with.
function procesarFormulario() { $saml_lib_path = '/var/simplesamlphp/lib/_autoload.php'; require_once $saml_lib_path; // $aplication_base_url = 'http://10.20.0.38/splocal/'; $aplication_base_url = $this->host . $this->site . '/'; $source = 'SPcrono'; // Fuente de autenticación definida en el authsources del SP $auth = new SimpleSAML_Auth_Simple($source); // Se pasa como parametro la fuente de autenticación $auth->logout($aplication_base_url . 'index.php'); return true; }
public function logout() { //check for application session and invalidate if (Auth::check()) { Auth::logout(); } //check for sso session and invalidate $as = new \SimpleSAML_Auth_Simple('default-sp'); if ($as->isAuthenticated()) { $as->logout(); } //redirect to home return Redirect::Action('mainController@index'); }
/** * Hook on the forward function to make sure we can logout on SimpleSAML * * @param string $hook the name of the hook * @param string $type the tpe of the hook * @param bool $return_value the current url to forward to * @param array $params supplied params * * @return void */ public static function forward($hook, $type, $return_value, $params) { global $SIMPLESAML_SOURCE; if (elgg_is_logged_in() || empty($SIMPLESAML_SOURCE)) { return; } // do we have a logout source try { $source = new \SimpleSAML_Auth_Simple($SIMPLESAML_SOURCE); // logout of the external source $source->logout(elgg_get_site_url()); } catch (Exception $e) { // do nothing } }
/** * Process a logout request. * * This function will never return. * * @param array &$state The logout request state. * @param string|NULL $assocId The association we received the logout request from, or NULL if there was no association. */ public function handleLogoutRequest(array &$state, $assocId) { assert('isset($state["Responder"])'); assert('is_string($assocId) || is_null($assocId)'); $state['core:IdP'] = $this->id; $state['core:TerminatedAssocId'] = $assocId; if ($assocId !== NULL) { $this->terminateAssociation($assocId); } /* Terminate the local session. */ $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout:afterbridge'); $returnTo = SimpleSAML_Module::getModuleURL('core/idp/resumelogout.php', array('id' => $id)); $this->authSource->logout($returnTo); $handler = $this->getLogoutHandler(); $handler->startLogout($state, $assocId); assert('FALSE'); }
/** * Process a logout request. * * This function will never return. * * @param array &$state The logout request state. * @param string|null $assocId The association we received the logout request from, or null if there was no * association. */ public function handleLogoutRequest(array &$state, $assocId) { assert('isset($state["Responder"])'); assert('is_string($assocId) || is_null($assocId)'); $state['core:IdP'] = $this->id; $state['core:TerminatedAssocId'] = $assocId; if ($assocId !== null) { $this->terminateAssociation($assocId); $session = SimpleSAML_Session::getSessionFromRequest(); $session->deleteData('core:idp-ssotime', $this->id . ':' . $state['saml:SPEntityId']); } // terminate the local session $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout:afterbridge'); $returnTo = SimpleSAML\Module::getModuleURL('core/idp/resumelogout.php', array('id' => $id)); $this->authSource->logout($returnTo); $handler = $this->getLogoutHandler(); $handler->startLogout($state, $assocId); assert('false'); }
} include_once $saml_param->samllib . '/_autoload.php'; $as = new SimpleSAML_Auth_Simple($saml_param->sp_source); if (isset($_GET["logout"])) { if (isset($_SERVER['SCRIPT_URI'])) { $urltogo = $_SERVER['SCRIPT_URI']; $urltogo = str_replace('auth/saml/index.php', '', $urltogo); } else { if (isset($_SERVER['HTTP_REFERER'])) { $urltogo = $_SERVER['HTTP_REFERER']; } else { $urltogo = '/'; } } if ($saml_param->dosinglelogout) { $as->logout($urltogo); assert("FALSE"); // The previous line issues a redirect } else { header('Location: ' . $urltogo); exit; } } $as->requireAuth(); $valid_saml_session = $as->isAuthenticated(); $saml_attributes = $as->getAttributes(); } catch (Exception $e) { session_write_close(); require_once '../../config.php'; require_once 'error.php'; global $CFG, $err, $PAGE, $OUTPUT;
<?php /** * Endpoint for logging out in with an authentication source. * * @package simpleSAMLphp * @version $Id$ */ if (!isset($_REQUEST['ReturnTo']) || !is_string($_REQUEST['ReturnTo'])) { throw new SimpleSAML_Error_BadRequest('Missing ReturnTo parameter.'); } if (!isset($_REQUEST['AuthId']) || !is_string($_REQUEST['AuthId'])) { throw new SimpleSAML_Error_BadRequest('Missing AuthId parameter.'); } $as = new SimpleSAML_Auth_Simple($_REQUEST['AuthId']); $as->logout(SimpleSAML_Utilities::checkURLAllowed($_REQUEST['ReturnTo']));
<?php $config = SimpleSAML_Configuration::getInstance(); if (!array_key_exists('as', $_REQUEST)) { $t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php'); $t->data['sources'] = SimpleSAML_Auth_Source::getSources(); $t->show(); exit; } $asId = (string) $_REQUEST['as']; $as = new SimpleSAML_Auth_Simple($asId); if (array_key_exists('logout', $_REQUEST)) { $as->logout('/' . $config->getBaseURL() . 'logout.php'); } if (array_key_exists(SimpleSAML_Auth_State::EXCEPTION_PARAM, $_REQUEST)) { // This is just a simple example of an error $state = SimpleSAML_Auth_State::loadExceptionState(); assert('array_key_exists(SimpleSAML_Auth_State::EXCEPTION_DATA, $state)'); $e = $state[SimpleSAML_Auth_State::EXCEPTION_DATA]; header('Content-Type: text/plain'); echo "Exception during login:\n"; foreach ($e->format() as $line) { echo $line . "\n"; } exit(0); } if (!$as->isAuthenticated()) { $url = SimpleSAML_Module::getModuleURL('core/authenticate.php', array('as' => $asId)); $params = array('ErrorURL' => $url, 'ReturnTo' => $url); $as->login($params); }
/** * Hook on the forward function to make sure we can logout on SimpleSAML * * @param string $hook 'forward' * @param string $type 'system' * @param bool $return_value the current url to forward to * @param array $params supplied params * * @return void */ function simplesaml_forward_hook($hook, $type, $return_value, $params) { global $SIMPLESAML_SESSION_BACKUP; global $SIMPLESAML_SOURCE; if (!elgg_is_logged_in()) { if (!empty($SIMPLESAML_SESSION_BACKUP) && !empty($SIMPLESAML_SOURCE)) { $_SESSION["SimpleSAMLphp_SESSION"] = $SIMPLESAML_SESSION_BACKUP; // do we have a logout source try { $source = new SimpleSAML_Auth_Simple($SIMPLESAML_SOURCE); // logout of the external source $source->logout(elgg_get_site_url()); } catch (Exception $e) { // do nothing } } } }
<?php $config = SimpleSAML_Configuration::getInstance(); if (!array_key_exists('as', $_REQUEST)) { $t = new SimpleSAML_XHTML_Template($config, 'core:authsource_list.tpl.php'); $t->data['sources'] = SimpleSAML_Auth_Source::getSources(); $t->show(); exit; } $asId = (string) $_REQUEST['as']; $as = new SimpleSAML_Auth_Simple($asId); if (array_key_exists('logout', $_REQUEST)) { $as->logout($config->getBasePath() . 'logout.php'); } if (array_key_exists(SimpleSAML_Auth_State::EXCEPTION_PARAM, $_REQUEST)) { // This is just a simple example of an error $state = SimpleSAML_Auth_State::loadExceptionState(); assert('array_key_exists(SimpleSAML_Auth_State::EXCEPTION_DATA, $state)'); $e = $state[SimpleSAML_Auth_State::EXCEPTION_DATA]; throw $e; } if (!$as->isAuthenticated()) { $url = SimpleSAML\Module::getModuleURL('core/authenticate.php', array('as' => $asId)); $params = array('ErrorURL' => $url, 'ReturnTo' => $url); $as->login($params); } $attributes = $as->getAttributes(); $t = new SimpleSAML_XHTML_Template($config, 'status.php', 'attributes'); $t->data['header'] = '{status:header_saml20_sp}'; $t->data['attributes'] = $attributes; $t->data['nameid'] = !is_null($as->getAuthData('saml:sp:NameID')) ? $as->getAuthData('saml:sp:NameID') : false;
* limitations under the License. */ require '../simplesamlphp/lib/_autoload.php'; session_start(); $bootstrap_cdn_css_url = '//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.2/css/bootstrap.min.css'; $bootstrap_cdn_js_url = '//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.2/js/bootstrap.min.js'; $jquery_cdn_url = '//cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js'; $title = 'SimpleSAMLphp Example SAML SP'; $user_session_key = 'user_session'; $saml_sso = 'saml_sso'; // If the user is logged in and requesting a logout. if (isset($_SESSION[$user_session_key]) && isset($_REQUEST['logout'])) { $sp = $_SESSION[$user_session_key]['sp']; unset($_SESSION[$user_session_key]); $as = new SimpleSAML_Auth_Simple($sp); $as->logout(["ReturnTo" => $_SERVER['PHP_SELF']]); } // If the user is logging in. if (isset($_REQUEST[$saml_sso])) { $sp = $_REQUEST[$saml_sso]; $as = new SimpleSAML_Auth_Simple($sp); $as->requireAuth(); $user = array('sp' => $sp, 'authed' => $as->isAuthenticated(), 'idp' => $as->getAuthData('saml:sp:IdP'), 'nameId' => $as->getAuthData('saml:sp:NameID')['Value'], 'attributes' => $as->getAttributes()); $_SESSION[$user_session_key] = $user; } ?> <!DOCTYPE html> <html> <head> <title><?php
} $skipLogoutPage = $casconfig->getValue('skip_logout_page', false); if ($skipLogoutPage && !array_key_exists('url', $_GET)) { $message = 'Required URL query parameter [url] not provided. (CAS Server)'; SimpleSAML_Logger::debug('casserver:' . $message); throw new Exception($message); } /* Load simpleSAMLphp metadata */ $as = new SimpleSAML_Auth_Simple($casconfig->getValue('authsource')); $session = SimpleSAML_Session::getSession(); if (!is_null($session)) { $ticketStoreConfig = $casconfig->getValue('ticketstore', array('class' => 'casserver:FileSystemTicketStore')); $ticketStoreClass = SimpleSAML_Module::resolveClass($ticketStoreConfig['class'], 'Cas_Ticket'); $ticketStore = new $ticketStoreClass($casconfig); $ticketStore->deleteTicket($session->getSessionId()); } if ($as->isAuthenticated()) { SimpleSAML_Logger::debug('casserver: performing a real logout'); if ($casconfig->getValue('skip_logout_page', false)) { $as->logout($_GET['url']); } else { $as->logout(SimpleSAML\Utils\HTTP::addURLParameters(SimpleSAML_Module::getModuleURL('casserver/loggedOut.php'), array_key_exists('url', $_GET) ? array('url' => $_GET['url']) : array())); } } else { SimpleSAML_Logger::debug('casserver: no session to log out of, performing redirect'); if ($casconfig->getValue('skip_logout_page', false)) { SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML\Utils\HTTP::addURLParameters($_GET['url'], array())); } else { SimpleSAML\Utils\HTTP::redirectTrustedURL(SimpleSAML\Utils\HTTP::addURLParameters(SimpleSAML_Module::getModuleURL('casserver/loggedOut.php'), array_key_exists('url', $_GET) ? array('url' => $_GET['url']) : array())); } }
$attribute_hash = sspmod_consent_Auth_Process_Consent::getAttributeHash($attributes, $hashAttributes); SimpleSAML_Logger::info('consentAdmin: user: '******'consentAdmin: target: ' . $targeted_id); SimpleSAML_Logger::info('consentAdmin: attribute: ' . $attribute_hash); /* Return values */ return array($targeted_id, $attribute_hash, $attributes); } // Get config object $config = SimpleSAML_Configuration::getInstance(); $cA_config = SimpleSAML_Configuration::getConfig('module_consentAdmin.php'); $authority = $cA_config->getValue('authority'); $as = new SimpleSAML_Auth_Simple($authority); // If request is a logout request if (array_key_exists('logout', $_REQUEST)) { $returnURL = $cA_config->getValue('returnURL'); $as->logout($returnURL); } $hashAttributes = $cA_config->getValue('attributes.hash'); /* Check if valid local session exists */ $as->requireAuth(); // Get released attributes $attributes = $as->getAttributes(); // Get metadata storage handler $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); /* * Get IdP id and metadata */ if ($as->getAuthData('saml:sp:IdP') !== NULL) { /* * From a remote idp (as bridge) */
/** * SSO logout and destruction of the SAML session */ public function ssoLogout() { if ($this->_sso_settings['saml_integration_type'] == self::SSO_TYPE_SAML && trim($this->_sso_settings['saml_sign_out']) == '') { $session = \SimpleSAML_Session::getInstance(); $session->doLogout($this->_domain); } elseif ($this->_sso_settings['saml_integration_type'] == self::SSO_TYPE_SAML || $this->_sso_settings['saml_integration_type'] == self::SSO_TYPE_LDAP) { $as = new \SimpleSAML_Auth_Simple($this->_domain); $as->logout('index.php'); } return $this; }
$showFields[] = $name; } } $readOnlyFields = $showFields; $formGen = new sspmod_selfregister_XHTML_Form($formFields, 'delUser.php'); $formGen->fieldsToShow($showFields); $formGen->setReadOnly($readOnlyFields); $html = new SimpleSAML_XHTML_Template($config, 'selfregister:deluser.tpl.php', 'selfregister:selfregister'); if (array_key_exists('sender', $_POST)) { try { // Delete user object $store->delUser($attributes[$store->userIdAttr][0]); // Now when a User delete himself sucesfully, System log out him. // In the future when admin delete a user a msg will be showed // $html->data['userMessage'] = 'message_userdel'; $as->logout(SimpleSAML_Module::getModuleURL('selfregister/index.php?status=deleted')); } catch (sspmod_selfregister_Error_UserException $e) { // Some user error detected $error = $html->t($e->getMesgId(), $e->getTrVars()); $html->data['error'] = htmlspecialchars($error); } } elseif (array_key_exists('logout', $_GET)) { $as->logout(SimpleSAML_Module::getModuleURL('selfregister/index.php')); } else { // The GET access this endpoint $values = sspmod_selfregister_Util::filterAsAttributes($attributes, $reviewAttr); } $formGen->setValues($values); $formGen->setSubmitter('submit_delete'); $formHtml = $formGen->genFormHtml(); $html->data['formHtml'] = $formHtml;
public function processLogout() { require_once COPIX_UTILS_PATH . '../../simplesamlphp/lib/_autoload.php'; $asId = 'iconito-sql'; if (CopixConfig::exists('default|conf_Saml_authSource') && CopixConfig::get('default|conf_Saml_authSource')) { $asId = CopixConfig::get('default|conf_Saml_authSource'); } $as = new SimpleSAML_Auth_Simple($asId); $ppo = new CopixPPO(); $ppo->user = _currentUser(); if ($ppo->user->isConnected()) { CopixAuth::getCurrentUser()->logout(array()); CopixEventNotifier::notify('logout', array('login' => CopixAuth::getCurrentUser()->getLogin())); CopixAuth::destroyCurrentUser(); CopixSession::destroyNamespace('default'); } $as->logout(_url() . 'simplesaml/saml2/idp/initSLO.php?RelayState=' . urlencode(_url('auth|saml|logout_cas'))); // $as->logout(_url ().'simplesaml/saml2/idp/initSLO.php?RelayState='.urlencode(_url() . 'logout.php')); }
<?php /** * Endpoint for logging out in with an authentication source. * * @package simpleSAMLphp * @version $Id$ */ if (!isset($_REQUEST['ReturnTo']) || !is_string($_REQUEST['ReturnTo'])) { throw new SimpleSAML_Error_BadRequest('Missing ReturnTo parameter.'); } if (!isset($_REQUEST['AuthId']) || !is_string($_REQUEST['AuthId'])) { throw new SimpleSAML_Error_BadRequest('Missing AuthId parameter.'); } $as = new SimpleSAML_Auth_Simple($_REQUEST['AuthId']); $as->logout($_REQUEST['ReturnTo']);
$sp = "SPpruebas"; // Name of SP defined in config/authsources.php } elseif ($_SERVER['SERVER_NAME'] == '10.20.0.19' || $_SERVER['SERVER_NAME'] == 'oas.udistrital.edu.co') { $sp = "SPoas"; // Name of SP defined in config/authsources.php } try { // Autoload simplesamlphp classes. if (!file_exists("{$lib}/_autoload.php")) { throw new Exception("simpleSAMLphp lib loader file does not exist: " . "{$lib}/_autoload.php"); } include_once "{$lib}/_autoload.php"; $as = new SimpleSAML_Auth_Simple($sp); // Take the user to IdP and authenticate. $valid_saml_session = $as->isAuthenticated(); } catch (Exception $e) { // SimpleSAMLphp is not configured correctly. throw new Exception("SSO authentication failed: " . $e->getMessage()); return; } if ($valid_saml_session) { // Not valid session. Redirect a user to Identity Provider try { //$as = new SimpleSAML_Auth_Simple($sp); $as->logout(); } catch (Exception $e) { // SimpleSAMLphp is not configured correctly. throw new Exception("SSO authentication failed: " . $e->getMessage()); return; } }
<?php require_once '/usr/share/simplesamlphp/lib/_autoload.php'; $as = new SimpleSAML_Auth_Simple('default-sp'); $as->requireAuth(); $as->logout('https://brain.lab.vvc.niif.hu');
/** * Log the user out. * Ajout : Efface la variable de la source d'authentification de la session * Ajout : ne fait pas le logout de la source si c'est précisé dans la configuration. La fonction retourne dans ce cas là * * This function logs the user out. It will never return. By default, * it will cause a redirect to the current page after logging the user * out, but a different URL can be given with the $params parameter. * * Generic parameters are: * - 'ReturnTo': The URL the user should be returned to after logout. * - 'ReturnCallback': The function that should be called after logout. * - 'ReturnStateParam': The parameter we should return the state in when redirecting. * - 'ReturnStateStage': The stage the state array should be saved with. * * @param string|array|NULL $params Either the url the user should be redirected to after logging out, * or an array with parameters for the logout. If this parameter is * NULL, we will return to the current page. */ public function logout($params = NULL) { unset($_SESSION['utilisateur_saml_source']); if ($this->getDoSourceLogout()) { parent::logout($params); } else { assert('is_array($params) || is_string($params) || is_null($params)'); if ($params === NULL) { $params = SimpleSAML_Utilities::selfURL(); } if (is_string($params)) { $params = array( 'ReturnTo' => $params, ); } assert('is_array($params)'); assert('isset($params["ReturnTo"]) || isset($params["ReturnCallback"])'); if (isset($params['ReturnStateParam']) || isset($params['ReturnStateStage'])) { assert('isset($params["ReturnStateParam"]) && isset($params["ReturnStateStage"])'); } $session = SimpleSAML_Session::getInstance(); if ($session->isValid($this->authSource)) { $state = $session->getAuthData($this->authSource, 'LogoutState'); if ($state !== NULL) { $params = array_merge($state, $params); } $session->doLogout($this->authSource); $params['LogoutCompletedHandler'] = array(get_class(), 'logoutCompleted'); } //on rajoute dans la requet le portal_return_url, ça sera utilisé dans un refresh ultérieur (logout.php ou Session.class.php) if (isset($params["ReturnTo"])) { $portal_return_url = $this->getPortalReturnUrl(); //echo $portal_return_url;die; if ($portal_return_url != null) { if (strpos($params["ReturnTo"],'?') === false) { $portal_parameter = '?portal_return_url='.$portal_return_url; } else { $portal_parameter = '&portal_return_url='.$portal_return_url; } $params["ReturnTo"] .= $portal_parameter; } } self::logoutCompleted($params); } }
* We need access to the various simpleSAMLphp classes. These are loaded * by the simpleSAMLphp autoloader. */ require_once '../../lib/_autoload.php'; /* * We use the default-sp authentication source. */ $as = new SimpleSAML_Auth_Simple('default-sp'); /* This handles logout requests. */ if (array_key_exists('logout', $_REQUEST)) { /* * We redirect to the current URL _without_ the query parameter. This * avoids a redirect loop, since otherwise it will access the logout * endpoint again. */ $as->logout(SimpleSAML_Utilities::selfURLNoQuery()); /* The previous function will never return. */ } if (array_key_exists('login', $_REQUEST)) { /* * If the login parameter is requested, it means that we should log * the user in. We do that by requiring the user to be authenticated. * * Note that the requireAuth-function will preserve all GET-parameters * and POST-parameters by default. */ $as->requireAuth(); /* The previous function will only return if the user is authenticated. */ } if (array_key_exists('message', $_POST)) { /*
// Always prevent changes on User identification param in DataSource and Session. unset($userInfo[$store->userIdAttr]); $store->updateUser($attributes[$store->userIdAttr][0], $userInfo); // I must override the values with the userInfo values due in processInput i can change the values. // But now atributes from the logged user is obsolete, So I can actualize it and get values from session // but maybe we could have security problem if IdP isnt configured correctly. foreach ($userInfo as $name => $value) { $attributes[$name][0] = $value; } $session->setData('selfregister:updated', 'attributes', $attributes, SimpleSAML_Session::DATA_TIMEOUT_SESSION_END); $values = sspmod_selfregister_Util::filterAsAttributes($attributes, $reviewAttr); $html->data['userMessage'] = 'message_chuinfo'; } catch (sspmod_selfregister_Error_UserException $e) { // Some user error detected $values = $validator->getRawInput(); $values['mail'] = $attributes['mail'][0]; $error = $html->t($e->getMesgId(), $e->getTrVars()); $html->data['error'] = htmlspecialchars($error); } } elseif (array_key_exists('logout', $_GET)) { $as->logout(SimpleSAML_Module::getModuleURL('selfregister/index.php')); } else { // The GET access this endpoint $values = sspmod_selfregister_Util::filterAsAttributes($attributes, $reviewAttr); } $formGen->setValues($values); $formGen->setSubmitter('submit_change'); $formHtml = $formGen->genFormHtml(); $html->data['formHtml'] = $formHtml; $html->data['uid'] = $attributes[$store->userIdAttr][0]; $html->show();
<?php include dirname(__FILE__) . "/bootstrap.php"; $returnTo = isset($_REQUEST["returnTo"]) ? $_REQUEST["returnTo"] : HOME_URL; if (defined("ENV") && ENV !== "dev") { $sp = defined("SIMPLE_SAML_SP") ? SIMPLE_SAML_SP : 'default-sp'; $saml = new SimpleSAML_Auth_Simple($sp); $saml->logout($returnTo); } else { header("Location: " . $returnTo); setcookie("beta_dev_loggedin", false); die; }
<?php /** * Endpoint for logging out in with an authentication source. * * @package simpleSAMLphp */ if (!isset($_REQUEST['ReturnTo']) || !is_string($_REQUEST['ReturnTo'])) { throw new SimpleSAML_Error_BadRequest('Missing ReturnTo parameter.'); } if (!isset($_REQUEST['AuthId']) || !is_string($_REQUEST['AuthId'])) { throw new SimpleSAML_Error_BadRequest('Missing AuthId parameter.'); } $as = new SimpleSAML_Auth_Simple($_REQUEST['AuthId']); $as->logout(\SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['ReturnTo']));
require_once $samllib . '/lib/_autoload.php'; // point at the configured config directory $samlconfig = get_config_plugin('auth', 'saml', 'simplesamlphpconfig'); // get all the things that we will need from the SAML authentication // and then shutdown the session control SimpleSAML_Configuration::init($samlconfig); $saml_session = SimpleSAML_Session::getInstance(); // do we have a logout request? if (param_variable("logout", false)) { // logout the saml session $sp = $saml_session->getAuthority(); if (!$sp) { $sp = 'default-sp'; } $as = new SimpleSAML_Auth_Simple($sp); $as->logout($CFG->wwwroot); } $sp = param_alphanumext('as', 'default-sp'); if (!in_array($sp, SimpleSAML_Auth_Source::getSources())) { $sp = 'default-sp'; } $as = new SimpleSAML_Auth_Simple($sp); // Check the SimpleSAMLphp config is compatible $saml_config = SimpleSAML_Configuration::getInstance(); $session_handler = $saml_config->getString('session.handler', false); $store_type = $saml_config->getString('store.type', false); if ($store_type == 'phpsession' || $session_handler == 'phpsession' || empty($store_type) && empty($session_handler)) { throw new AuthInstanceException(get_string('errorbadssphp', 'auth.saml')); } // what is the session like? $valid_saml_session = $saml_session->isValid($sp);
public function postconnectedAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); $source = $this->session->connectdaccountsource; $referer = trim($this->session->connectreferer); $connectedsource = str_replace("-sp", "-connect", strtolower(trim($source))); if (trim($referer) === "") { $referer = $_SERVER["HTTP_REFERER"]; $this->session->connectreferer = $referer; } if (trim($referer) === "") { $referer = "https://" . $_SERVER["HTTP_HOST"]; } unset($this->session->connectreferer); unset($this->session->connectdaccountsource); require_once SamlAuth::LIB_AUTOLOAD; //Get SAML Authentication new user account for connection (-connect) and perform logout $as = new SimpleSAML_Auth_Simple($connectedsource); $as->logout($referer); }
qui ensuite demande à l'IdP de tuer la session en cours. */ // Redirection mise en dure ici pour l'instant, tant que ça ne concerne que Bordeaux... // Remarque : le code 307 peut causer des soucis ; le code 302 semble mieux. http://fr.wikipedia.org/wiki/Liste_des_codes_HTTP header('Status: 302 Found', TRUE, 302); header('Location: https://ent2d.ac-bordeaux.fr/Shibboleth.sso/Logout'); exit; } // //////////////////////////////////////////////////////////////////////////////////////////////////// // Déconnexion de GEPI avec le protocole SAML // //////////////////////////////////////////////////////////////////////////////////////////////////// if ($connexion_mode == 'gepi') { // Charger l'autoload de la librairie SimpleSAMLphp (qui ne peut être intégré de façon simple dans le _loader par un unique appel de classe (comme phpCAS). require CHEMIN_DOSSIER_SACOCHE . '_lib' . DS . 'SimpleSAMLphp' . DS . 'lib' . DS . '_autoload.php'; // Mise en session d'informations dont SimpleSAMLphp a besoin ; utiliser des constantes ne va pas car Gepi fait un appel à SimpleSAMLphp en court-circuitant SACoche pour vérifier la légitimité de l'appel. $_SESSION['SACoche-SimpleSAMLphp'] = array('GEPI_URL' => $gepi_url, 'GEPI_RNE' => $gepi_rne, 'GEPI_CERTIFICAT_EMPREINTE' => $gepi_certificat_empreinte, 'SIMPLESAMLPHP_BASEURLPATH' => substr($_SERVER['SCRIPT_NAME'], 1, -9) . '_lib/SimpleSAMLphp/www/', 'WEBMESTRE_NOM' => WEBMESTRE_NOM, 'WEBMESTRE_PRENOM' => WEBMESTRE_PRENOM, 'WEBMESTRE_COURRIEL' => WEBMESTRE_COURRIEL); // Initialiser la classe $auth = new SimpleSAML_Auth_Simple('distant-gepi-saml'); // Déconnexion de GEPI if ($auth->isAuthenticated()) { $auth->logout(); exit; } elseif (isset($_SESSION['SimpleSAMLphp_SESSION'])) { // On revient très probablement de la déconnexion de GEPI (en effet, au contraire de CAS, la page de déconnexion distante renvoie vers l'application au lieu de marquer un arrêt). unset($_SESSION['SimpleSAMLphp_SESSION']); exit_error('Deconnexion de Gepi', 'Déconnexion du service d\'authentification Gepi effectuée.<br />Fermez votre navigateur par sécurité.'); } else { // Bizarre... a priori on n'était pas connecté à GEPI... appel direct ? exit_error('Deconnexion de Gepi', 'Votre authentification sur Gepi n\'a pas été retrouvée.<br />Fermez votre navigateur par sécurité pour être certain d\'en être déconnecté.'); } }
public static function post_login($parameters) { // Do nothing if we're sharding and not on the master if (OCP\App::isEnabled('files_sharding') && !OCA\FilesSharding\Lib::isMaster()) { return true; } $uid = ''; $userid = $parameters['uid']; $samlBackend = new OC_USER_SAML(); $ocUserDatabase = new OC_User_Database(); // Redirect regardless of whether the user has authenticated with SAML or not. // Since this is a post_login hook, he will have authenticated in some way and have a valid session. if ($ocUserDatabase->userExists($userid)) { // Set user attributes for sharding $display_name = \OCP\User::getDisplayName($userid); $email = \OCP\Config::getUserValue($userid, 'settings', 'email'); $groups = \OC_Group::getUserGroups($userid); $quota = \OC_Preferences::getValue($userid, 'files', 'quota'); OC_Util::teardownFS($userid); OC_Util::setupFS($userid); OC_Log::write('saml', 'Setting user attributes: ' . $userid . ":" . $display_name . ":" . $email . ":" . join($groups) . ":" . $quota, OC_Log::INFO); self::setAttributes($userid, $display_name, $email, $groups, $quota); self::user_redirect($userid); } if (!$samlBackend->auth->isAuthenticated()) { return false; } $attributes = $samlBackend->auth->getAttributes(); //$email = "<pre>" . print_r($attributes, 1) . "</pre>"; //$headers = 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; //error_log($email, 1, '*****@*****.**', $headers); $usernameFound = false; foreach ($samlBackend->usernameMapping as $usernameMapping) { if (array_key_exists($usernameMapping, $attributes) && !empty($attributes[$usernameMapping][0])) { $usernameFound = true; $uid = $attributes[$usernameMapping][0]; OC_Log::write('saml', 'Authenticated user ' . $uid, OC_Log::INFO); break; } } if (!$usernameFound || $uid !== $userid) { return false; } $attrs = self::get_user_attributes($uid, $samlBackend); if (!$ocUserDatabase->userExists($uid)) { // If autocreate is not enabled - back off if (!$samlBackend->autocreate) { return false; } // Apparently it is necessary to clear the uid first, to be able to create the user in the DB $userManager = \OC_User::getManager(); $userManager->delete($uid); // Reject invalid user names if (preg_match('/[^a-zA-Z0-9 _\\.@\\-]/', $uid)) { OC_Log::write('saml', 'Invalid username "' . $uid . '", allowed chars "a-zA-Z0-9" and "_.@-" ', OC_Log::DEBUG); return false; } $cookiedomain = OCP\App::isEnabled('files_sharding') ? OCA\FilesSharding\Lib::getCookieDomain() : null; // Reject users we don't allow to autocreate an account if (isset($uid) && trim($uid) != '' && !OC_User::userExists($uid) && !self::check_user_attributes($attributes)) { $failCookieName = 'saml_auth_fail'; $userCookieName = 'saml_auth_fail_user'; $expire = 0; //time()+60*60*24*30; $expired = time() - 3600; $path = '/'; setcookie($failCookieName, "notallowed:" . $uid, $expire, $path, $cookiedomain, false, false); setcookie($userCookieName, $uid, $expire, $path, $cookiedomain, false, false); $spSource = 'default-sp'; $auth = new SimpleSAML_Auth_Simple($spSource); OC_Log::write('saml', 'Rejected user "' . $uid, OC_Log::ERROR); if (OCP\App::isEnabled('files_sharding') && !OCA\FilesSharding\Lib::isMaster()) { $auth->logout(!OCA\FilesSharding\Lib::getMasterURL()); } else { $auth->logout(); } return false; } // Create new user $random_password = OC_Util::generateRandomBytes(20); OC_Log::write('saml', 'Creating new user: '******'/' . $uid . '/files'; \OC\Files\Filesystem::init($uid, $userDir); if ($samlBackend->updateUserData) { self::update_user_data($uid, $samlBackend, $attrs, true); if (OCP\App::isEnabled('files_sharding') && OCA\FilesSharding\Lib::isMaster()) { $master_site = OCA\FilesSharding\Lib::dbGetSite(null); $server_id = OCA\FilesSharding\Lib::dbChooseServerForUser($uid, $master_site, 0, null); OC_Log::write('saml', 'Setting server for new user: '******'display_name'], $attrs['email'], $attrs['groups'], $attrs['quota']); } } else { if ($samlBackend->updateUserData) { self::update_user_data($uid, $samlBackend, $attrs, false); } } self::user_redirect($userid); return true; }
public function executeSignout($request) { $this->getUser()->signOut(); $signoutUrl = sfConfig::get('app_sf_guard_plugin_success_signout_url'); $simpleSAMLAuth = new SimpleSAML_Auth_Simple('default-sp'); //var_dump($signoutUrl,$this->generateUrl("default_loggedout"));exit; $simpleSAMLAuth->logout($this->generateUrl('' != $signoutUrl ? $signoutUrl : 'homepage'), array(), true); // Nothing happen after there $this->redirect('' != $signoutUrl ? $signoutUrl : 'homepage'); }
public function actionSlo() { $returnUrl = $this->_request->getParam('return'); \utilities\Registry::clearRegistry(); $auth = new \SimpleSAML_Auth_Simple('authinstance'); $auth->logout($returnUrl); assert('FALSE'); }