dirroot."/auth/shibboleth/auth.php"); $action = optional_param('action', '', PARAM_ALPHA); $redirect = optional_param('return', '', PARAM_URL); // Find out whether host supports https $protocol = 'http://'; if (is_https()) { $protocol = 'https://'; } // If the shibboleth plugin is not enable, throw an exception. if (!is_enabled_auth('shibboleth')) { throw new moodle_exception(get_string('pluginnotenabled', 'auth', 'shibboleth')); } // Front channel logout. $inputstream = file_get_contents("php://input"); if ($action == 'logout' && !empty($redirect)) { if (isloggedin($USER) && $USER->auth == 'shibboleth') { // Logout user from application. require_logout(); } // Finally, send user to the return URL. redirect($redirect); } else if (!empty($inputstream)) { // Back channel logout. // Set SOAP header. $server = new SoapServer($protocol.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'/LogoutNotification.wsdl'); $server->addFunction("LogoutNotification"); $server->handle(); } else { // Return WSDL. header('Content-Type: text/xml'); echo << WSDL; exit; } /******************************************************************************/ /** * Handles SOAP Back-channel logout notification * * @param string $spsessionid SP-provided Shibboleth Session ID * @return SoapFault or void if everything was fine */ function LogoutNotification($spsessionid) { $sessionclass = \core\session\manager::get_handler_class(); switch ($sessionclass) { case '\core\session\file': return \auth_shibboleth\helper::logout_file_session($spsessionid); case '\core\session\database': return \auth_shibboleth\helper::logout_db_session($spsessionid); default: throw new moodle_exception("Shibboleth logout not implemented for '$sessionclass'"); } // If no SoapFault was thrown, the function will return OK as the SP assumes. }