问题
This is in continuation with my previous question
Central login with SAML and making site to work as identity provider
Now I have sessions at cauth.com and also a.com (or b.com).What can be the best way to logout the sessions on both the site on click of "Logout" button.?
This is the code I have witten for logout in cauth.com
public function actionSlo(){
$metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
\sspmod_saml_IdP_SAML2::receiveLogoutMessage($idp);
assert('FALSE');
//destroy session
session_destroy();
//redirect to the spentity
$spId = $_GET['spentityid'];
header("location:".$spId);
}
It seems to me that logout will take 3 http redirects
1 . When user click on "logout" requested page is cauth.com/slo.
Then from this user will be taken to the logout of the main site (a.com or b.com).
User will be redirected to the index page of the main site.
I want to know is there any way by which I can handle the saml logout internally reducing the number of the http redirects keeping in mind that I have to clear out the session variables on both sites ?
回答1:
Try to clear the user session in
cauth.com( (cauth.com/logout))
clear user session need to start your user session before and destroy current user session by
session_start();
session_unset();
session_destroy();
来源:https://stackoverflow.com/questions/30816127/implement-single-logout-in-simplesamlphp