You are here

Home » API reference » OpenID Connect Microsoft Azure Active Directory client 8 » WindowsAadSSOController.php » WindowsAadSSOController

public function WindowsAadSSOController::logout in OpenID Connect Microsoft Azure Active Directory client 8

Same name and namespace in other branches
  1. 2.0.x src/Controller/WindowsAadSSOController.php \Drupal\openid_connect_windows_aad\Controller\WindowsAadSSOController::logout()

Logs the current user out. Overrides UserController::logout().

If Single Sign out has been enabled in OpenID Connect Windows AAD config then redirect the user when they try to log out of the app to the Windows single sign out endpoint. They will be logged out of their other SSO apps.

Return value

\Symfony\Component\HttpFoundation\RedirectResponse A redirection to either the home page or to Azure AD Single Sign out.

File

src/Controller/WindowsAadSSOController.php, line 99

Class

WindowsAadSSOController
Controller routines for Azure AD single sign out user routes.

Namespace

Drupal\openid_connect_windows_aad\Controller

Code

public function logout() {
  $connected = FALSE;
  $configuration = $this
    ->config('openid_connect.settings.windows_aad');
  $settings = $configuration
    ->get('settings');

  // Check that the windows_aad client is enabled and so is SSOut.
  $enabled = $configuration
    ->get('enabled') && isset($settings['enable_single_sign_out']) && $settings['enable_single_sign_out'];

  // Check for a connected account before we log the Drupal user out.
  if ($enabled) {

    // Ensure the user has a connected account.
    $user = \Drupal::currentUser();
    $connected_accounts = $this->authmap
      ->getConnectedAccounts($user);
    $connected = $connected_accounts && isset($connected_accounts['windows_aad']);
  }
  user_logout();
  if ($connected) {

    // Redirect back to the home page once signed out.
    $redirect_uri = Url::fromRoute('<front>', [], [
      'absolute' => TRUE,
    ])
      ->toString(TRUE)
      ->getGeneratedUrl();
    $query_parameters = [
      'post_logout_redirect_uri' => $redirect_uri,
    ];
    $query = UrlHelper::buildQuery($query_parameters);
    $response = new TrustedRedirectResponse('https://login.microsoftonline.com/common/oauth2/v2.0/logout?' . $query);

    // We can't cache the response, since we need the user to get logged out
    // prior to being redirected. The kill switch will prevent the page
    // getting cached when page cache is active.
    \Drupal::service('page_cache_kill_switch')
      ->trigger();
    return $response;
  }

  // No SSOut so do the usual thing and redirect to the front page.
  return $this
    ->redirect('<front>');
}