You are here

Home » API reference » SAML Service Provider 7.8 » saml_sp_drupal_login.module

function saml_sp_user_logout in SAML Service Provider 7.8

Same name and namespace in other branches
  1. 8.3 modules/saml_sp_drupal_login/saml_sp_drupal_login.module \saml_sp_user_logout()
  2. 8.2 modules/saml_sp_drupal_login/saml_sp_drupal_login.module \saml_sp_user_logout()
  3. 7.2 modules/saml_sp_drupal_login/saml_sp_drupal_login.module \saml_sp_user_logout()
  4. 7.3 modules/saml_sp_drupal_login/saml_sp_drupal_login.module \saml_sp_user_logout()
  5. 4.x modules/saml_sp_drupal_login/saml_sp_drupal_login.module \saml_sp_user_logout()
  6. 3.x modules/saml_sp_drupal_login/saml_sp_drupal_login.module \saml_sp_user_logout()

Implements hook_user_logout

File

modules/saml_sp_drupal_login/saml_sp_drupal_login.module, line 325
SAML Drupal Login

Code

function saml_sp_user_logout($account) {

  // Load the IDP to authenticate against.
  $idp = saml_sp_drupal_login__get_idp('authn_context_class_ref');

  // what is the authentication method?
  switch ($idp->authn_context_class_ref) {
    case 'urn:federation:authentication:windows':

      // the user is logged in through their Windows account
      // it is impractical to log out of the IdP system as well
      return;
      break;
  }
  if (!variable_get('saml_sp_drupal_login__logout', TRUE)) {

    // the site doesn't want the IdP to be signed out of,
    // so just log out of Drupal
    return;
  }
  global $language;
  global $base_url;

  // Settings is an array
  $settings = saml_sp__get_settings($idp);

  // Creating Saml2 Settings object from array
  $saml_settings = new OneLogin_Saml2_Settings($settings);
  $idp_data = $saml_settings
    ->getIdPData();

  // Checking if logout url is configured
  if (isset($idp_data['singleLogoutService']) && isset($idp_data['singleLogoutService']['url'])) {
    $slo_url = $idp_data['singleLogoutService']['url'];
  }
  else {
    throw new Exception("The IdP does not support Single Log Out");
  }

  // Creating a logout request to be passed to IdP
  if (isset($_SESSION['IdPSessionIndex']) && !empty($_SESSION['IdPSessionIndex'])) {
    $logout_request = new OneLogin_Saml2_LogoutRequest($saml_settings, NULL, NULL, $_SESSION['IdPSessionIndex']);
  }
  else {
    $logout_request = new OneLogin_Saml2_LogoutRequest($saml_settings);
  }
  $saml_request = $logout_request
    ->getRequest();
  $parameters = array(
    'SAMLRequest' => $saml_request,
  );

  // Checking current language, so that user can be redirected to front page
  // in same language
  $parameters['RelayState'] = $base_url . '/' . $language->prefix;
  $url = OneLogin_Saml2_Utils::redirect($slo_url, $parameters, TRUE);
  watchdog('saml_sp', 'Session closed for %name (%uid) and starting SAML SLO.', array(
    '%name' => $account->name,
    '%uid' => $account->uid,
  ));

  // Force redirection in drupal_goto().
  unset($_GET['destination']);
  if (!empty($saml_request)) {
    drupal_goto($url);
  }
}