MDL-61351 auth_shibboleth: removed redundant session handler class check
[moodle.git] / auth / shibboleth / logout.php
CommitLineData
5117d598 1<?php
2db6ec19 2
3// Implements logout for Shibboleth authenticated users according to:
9318de17
DR
4// - https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLogoutInitiator
5// - https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPNotify
2db6ec19 6
7require_once("../../config.php");
8
9require_once($CFG->dirroot."/auth/shibboleth/auth.php");
10
fb60e23a
SL
11$action = optional_param('action', '', PARAM_ALPHA);
12$redirect = optional_param('return', '', PARAM_URL);
2db6ec19 13
ad9f023c 14// Find out whether host supports https
15$protocol = 'http://';
1e31f118 16if (is_https()) {
80c12897 17 $protocol = 'https://';
5117d598 18}
ad9f023c 19
fb60e23a
SL
20// If the shibboleth plugin is not enable, throw an exception.
21if (!is_enabled_auth('shibboleth')) {
22 throw new moodle_exception(get_string('pluginnotenabled', 'auth', 'shibboleth'));
2db6ec19 23}
24
fb60e23a 25// Front channel logout.
3032b16b 26$inputstream = file_get_contents("php://input");
fb60e23a 27if ($action == 'logout' && !empty($redirect)) {
5117d598 28
8abec10d
MG
29 if (isloggedin($USER) && $USER->auth == 'shibboleth') {
30 // Logout user from application.
fb60e23a 31 require_logout();
fb60e23a 32 }
5117d598 33
8abec10d
MG
34 // Finally, send user to the return URL.
35 redirect($redirect);
36
3032b16b 37} else if (!empty($inputstream)) {
5117d598 38
fb60e23a
SL
39 // Back channel logout.
40 // Set SOAP header.
ad9f023c 41 $server = new SoapServer($protocol.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'/LogoutNotification.wsdl');
ad9f023c 42 $server->addFunction("LogoutNotification");
43 $server->handle();
2db6ec19 44
fb60e23a 45} else {
5117d598 46
fb60e23a 47 // Return WSDL.
ad9f023c 48 header('Content-Type: text/xml');
5117d598 49
ad9f023c 50 echo <<<WSDL
2db6ec19 51<?xml version ="1.0" encoding ="UTF-8" ?>
52<definitions name="LogoutNotification"
53 targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
54 xmlns:notify="urn:mace:shibboleth:2.0:sp:notify"
55 xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
56 xmlns="http://schemas.xmlsoap.org/wsdl/">
57
58<!--
59This page either has to be called with the GET arguments 'action' and 'return' via
5117d598
PS
60a redirect from the Shibboleth Service Provider logout handler (front-channel
61logout) or via a SOAP request by a Shibboleth Service Provider (back-channel
2db6ec19 62logout).
5117d598 63Because neither of these two variants seems to be the case, the WSDL file for
2db6ec19 64the web service is returned.
65
66For more information see:
9318de17
DR
67- https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLogoutInitiator
68- https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPNotify
2db6ec19 69-->
70
ad9f023c 71 <types>
72 <schema targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
73 xmlns="http://www.w3.org/2000/10/XMLSchema"
74 xmlns:notify="urn:mace:shibboleth:2.0:sp:notify">
5117d598 75
ad9f023c 76 <simpleType name="string">
77 <restriction base="string">
78 <minLength value="1"/>
79 </restriction>
80 </simpleType>
5117d598 81
ad9f023c 82 <element name="OK" type="notify:OKType"/>
83 <complexType name="OKType">
84 <sequence/>
85 </complexType>
5117d598 86
ad9f023c 87 </schema>
88 </types>
5117d598 89
ad9f023c 90 <message name="getLogoutNotificationRequest">
91 <part name="SessionID" type="notify:string" />
92 </message>
5117d598 93
ad9f023c 94 <message name="getLogoutNotificationResponse" >
95 <part name="OK"/>
96 </message>
5117d598 97
ad9f023c 98 <portType name="LogoutNotificationPortType">
99 <operation name="LogoutNotification">
100 <input message="getLogoutNotificationRequest"/>
101 <output message="getLogoutNotificationResponse"/>
102 </operation>
103 </portType>
5117d598 104
ad9f023c 105 <binding name="LogoutNotificationBinding" type="notify:LogoutNotificationPortType">
106 <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
107 <operation name="LogoutNotification">
108 <soap:operation soapAction="urn:xmethods-logout-notification#LogoutNotification"/>
109 </operation>
110 </binding>
5117d598 111
ad9f023c 112 <service name="LogoutNotificationService">
113 <port name="LogoutNotificationPort" binding="notify:LogoutNotificationBinding">
114 <soap:address location="{$protocol}{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}"/>
115 </port>
116 </service>
2db6ec19 117</definitions>
118WSDL;
ad9f023c 119 exit;
2db6ec19 120}
2db6ec19 121/******************************************************************************/
122
90ae1b90
DOR
123/**
124 * Handles SOAP Back-channel logout notification
125 *
126 * @param string $spsessionid SP-provided Shibboleth Session ID
127 * @return SoapFault or void if everything was fine
128 */
129function LogoutNotification($spsessionid) {
0f1dffe6
TS
130 $sessionclass = \core\session\manager::get_handler_class();
131 switch ($sessionclass) {
132 case '\core\session\file':
4beca90f 133 return \auth_shibboleth\helper::logout_file_session($spsessionid);
0f1dffe6 134 case '\core\session\database':
4beca90f 135 return \auth_shibboleth\helper::logout_db_session($spsessionid);
0f1dffe6
TS
136 default:
137 throw new moodle_exception("Shibboleth logout not implemented for '$sessionclass'");
1e737e38
TS
138 }
139 // If no SoapFault was thrown, the function will return OK as the SP assumes.
140}