You are here

Home » API reference » SAML Authentication 4.x » SamlService.php » SamlService

protected function SamlService::drupalLogoutHelper in SAML Authentication 4.x

Same name and namespace in other branches
  1. 8.3 src/SamlService.php \Drupal\samlauth\SamlService::drupalLogoutHelper()

Ensures the user is logged out from Drupal; returns SAML session data.

Parameters

bool $delete_saml_session_data: (optional) whether to delete the SAML session data. This depends on:

  • how bad (privacy sensitive) it is to keep around? Answer: not.
  • whether we expect the data to ever be reused. That is: could a SAML logout attempt be done for the same SAML session multiple times? Answer: we don't know. Unlikely, because it is not accessible anymore after logout, so the user would need to log in to Drupal locally again before anything could be done with it.

Return value

array Array of data about the 'SAML session' that we stored at login. (The SAML toolkit itself does not store any data / implement the concept of a session.)

3 calls to SamlService::drupalLogoutHelper()
SamlService::acs in src/SamlService.php
Processes a SAML response (Assertion Consumer Service).
SamlService::logout in src/SamlService.php
Initiates a SAML2 logout flow and redirects to the IdP.
SamlService::sls in src/SamlService.php
Does processing for the Single Logout Service.

File

src/SamlService.php, line 849

Class

SamlService
Governs communication between the SAML toolkit and the IdP / login behavior.

Namespace

Drupal\samlauth

Code

protected function drupalLogoutHelper($delete_saml_session_data = TRUE) {
  $data = [];
  if ($this->currentUser
    ->isAuthenticated()) {

    // Get data from our temp store which is not accessible after logout.
    // DEVELOPER NOTE: It depends on our session storage, whether we want to
    // try this for unauthenticated users too. At the moment, we are sure
    // only authenticated users have any SAML session data - and trying to
    // get() a value from our privateTempStore can unnecessarily start a new
    // PHP session for unauthenticated users.
    $keys = [
      'session_index',
      'session_expiration',
      'name_id',
      'name_id_format',
    ];
    foreach ($keys as $key) {
      $data[$key] = $this->privateTempStore
        ->get($key);
      if ($delete_saml_session_data) {
        $this->privateTempStore
          ->delete($key);
      }
    }

    // @todo properly inject this... after #2012976 lands.
    user_logout();
  }
  return $data;
}