Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#105: Destroy local session during SLO flow #106

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

#105: Destroy local session during SLO flow #106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ff657ea
#105: Destroy local session during SLO flow
RoSk0 Nov 27, 2024
f62ad78
#105: Fix SLO flow docs
RoSk0 Nov 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 6 additions & 13 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,22 +163,15 @@ protected $middlewareGroups = [

There are two ways the user can logout:
- By logging out in your app. In this case you SHOULD notify the IdP first so it'll close the global session.
- By logging out of the global SSO Session. In this case the IdP will notify you on `/saml2/{uuid}/slo` endpoint (already provided).
- By logging out of the global SSO Session. In this case the IdP will notify you on `/saml2/{uuid}/sls` endpoint (already provided).

For the first case, call `Saml2Auth::logout();` or redirect the user to the route `saml.logout` which does just that.
Do not close the session immediately as you need to receive a response confirmation from the IdP (redirection).
That response will be handled by the library at `/saml2/sls` and will fire an event for you to complete the operation.
This do not close the session immediately as you need to receive a response confirmation from the IdP (redirection).
That response will be handled by the library at `/saml2/{uuid}/sls` where session will be destroyed and an event
will fire for you to react.

For the second case you will only receive the event. Both cases receive the same event.

Note that for the second case, you may have to manually save your session to make the logout stick (as the session is saved by middleware, but the OneLogin library will redirect back to your IdP before that happens):

```php
Event::listen('Slides\Saml2\Events\SignedOut', function (SignedOut $event) {
Auth::logout();
Session::save();
});
```
For the second case you will only receive the event after the global and local session are destroyed.
Both cases receive the same event.

### SSO-friendly links

Expand Down
2 changes: 2 additions & 0 deletions src/Auth.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

use OneLogin\Saml2\Auth as OneLoginAuth;
use OneLogin\Saml2\Error as OneLoginError;
use OneLogin\Saml2\Utils as OneLoginUtils;
use Slides\Saml2\Events\SignedOut;
use Slides\Saml2\Models\Tenant;

Expand Down Expand Up @@ -167,6 +168,7 @@ public function acs()
public function sls($retrieveParametersFromServer = false)
{
$this->base->processSLO(false, null, $retrieveParametersFromServer, function () {
OneLoginUtils::deleteLocalSession();
event(new SignedOut());
});

Expand Down