diff --git a/config/config_defaults.inc.php b/config/config_defaults.inc.php
index ce484922be68a8c0f91bd0647d23aff04640d9e1..e4aed075eb6463f193c4c8a9feb8d49f694b059d 100644
--- a/config/config_defaults.inc.php
+++ b/config/config_defaults.inc.php
@@ -368,15 +368,19 @@ $STUDIP_AUTH_CONFIG_LTI = [
]
];
-$STUDIP_AUTH_CONFIG_SHIB = array("session_initiator" => "https://sp.studip.de/Shibboleth.sso/WAYF/DEMO",
- "validate_url" => "https://sp.studip.de/auth/studip-sp.php",
- "local_domain" => "studip.de",
- "user_data_mapping" =>
- array( "auth_user_md5.username" => array("callback" => "dummy", "map_args" => ""),
- "auth_user_md5.password" => array("callback" => "dummy", "map_args" => ""),
- "auth_user_md5.Vorname" => array("callback" => "getUserData", "map_args" => "givenname"),
- "auth_user_md5.Nachname" => array("callback" => "getUserData", "map_args" => "surname"),
- "auth_user_md5.Email" => array("callback" => "getUserData", "map_args" => "email")));
+$STUDIP_AUTH_CONFIG_SHIB = [
+ 'session_initiator' => 'https://sp.studip.de/Shibboleth.sso/WAYF/DEMO',
+ 'validate_url' => 'https://sp.studip.de/auth/studip-sp.php',
+ 'logout_url' => 'https://sp.studip.de/Shibboleth.sso/Logout',
+ 'local_domain' => 'studip.de',
+ 'user_data_mapping' => [
+ 'auth_user_md5.username' => ['callback' => 'dummy', 'map_args' => ''],
+ 'auth_user_md5.password' => ['callback' => 'dummy', 'map_args' => ''],
+ 'auth_user_md5.Vorname' => ['callback' => 'getUserData', 'map_args' => 'givenname'],
+ 'auth_user_md5.Nachname' => ['callback' => 'getUserData', 'map_args' => 'surname'],
+ 'auth_user_md5.Email' => ['callback' => 'getUserData', 'map_args' => 'email']
+ ],
+];
$STUDIP_AUTH_CONFIG_IP = array('allowed_users' =>
array ('root' => array('127.0.0.1', '::1')));
diff --git a/lib/classes/auth_plugins/StudipAuthCAS.php b/lib/classes/auth_plugins/StudipAuthCAS.php
index 29deb75bfc7d8a3eca93285d774bbb6edeee5fcd..129cbd5aa81f730d4b7e274961c442e8d7d5396c 100644
--- a/lib/classes/auth_plugins/StudipAuthCAS.php
+++ b/lib/classes/auth_plugins/StudipAuthCAS.php
@@ -80,7 +80,7 @@ class StudipAuthCAS extends StudipAuthSSO
return $this->userdata->getUserData($key, phpCAS::getUser());
}
- function logout()
+ public function logout(): void
{
// do a global cas logout
phpCAS::client(CAS_VERSION_2_0, $this->host, $this->port, $this->uri, false);
diff --git a/lib/classes/auth_plugins/StudipAuthOIDC.php b/lib/classes/auth_plugins/StudipAuthOIDC.php
index b26c17b0f941f101a08d198e65ea0922cbae6055..1c77cb4791fabec28359b7548c26d0a540e44b98 100644
--- a/lib/classes/auth_plugins/StudipAuthOIDC.php
+++ b/lib/classes/auth_plugins/StudipAuthOIDC.php
@@ -68,7 +68,6 @@ class StudipAuthOIDC extends StudipAuthSSO
*/
public function verifyUsername($username)
{
-
$this->oidc->authenticate();
$this->userdata = (array)$this->oidc->requestUserInfo();
if (isset($this->userdata['sub'])) {
@@ -109,4 +108,9 @@ class StudipAuthOIDC extends StudipAuthSSO
{
return $this->userdata[$key];
}
+
+ public function logout(): void
+ {
+ $this->oidc->signOut($this->oidc->getIdToken(), null);
+ }
}
diff --git a/lib/classes/auth_plugins/StudipAuthSSO.php b/lib/classes/auth_plugins/StudipAuthSSO.php
index dd6af11387bb4b3c54ed44effa44b72cc72c07d1..2cb0e146ae91000244b1ceabcc42a6607686721e 100644
--- a/lib/classes/auth_plugins/StudipAuthSSO.php
+++ b/lib/classes/auth_plugins/StudipAuthSSO.php
@@ -36,7 +36,7 @@ abstract class StudipAuthSSO extends StudipAuthAbstract
* Check whether this user can be authenticated. The default
* implementation just checks whether $username is not empty.
*/
- function isAuthenticated ($username, $password)
+ public function isAuthenticated ($username, $password)
{
return !empty($username);
}
@@ -44,8 +44,15 @@ abstract class StudipAuthSSO extends StudipAuthAbstract
/**
* SSO auth plugins cannot determine if a username is used.
*/
- function isUsedUsername ($username)
+ public function isUsedUsername ($username)
{
return false;
}
+
+ /**
+ * Use this to log out the user
+ */
+ public function logout(): void
+ {
+ }
}
diff --git a/lib/classes/auth_plugins/StudipAuthShib.php b/lib/classes/auth_plugins/StudipAuthShib.php
index 135b3f6f878aca7285f72df6c4805e998ed84eaf..5548e92c14debed7f9c22c29fedf5d8aa1b2a61c 100644
--- a/lib/classes/auth_plugins/StudipAuthShib.php
+++ b/lib/classes/auth_plugins/StudipAuthShib.php
@@ -18,6 +18,7 @@ class StudipAuthShib extends StudipAuthSSO
public $local_domain;
public $session_initiator;
public $validate_url;
+ public ?string $logout_url = null;
public $userdata;
public $username_attribute = 'username';
@@ -136,4 +137,12 @@ class StudipAuthShib extends StudipAuthSSO
return $data[0];
}
+
+ public function logout(): void
+ {
+ if (!empty($this->logout_url)) {
+ header('Location: ' . URLHelper::getURL($this->logout_url, ['return' => Request::url()]));
+ exit();
+ }
+ }
}
diff --git a/public/logout.php b/public/logout.php
index 2f8fcd8c58eaca7526caf21dfdaaac902e94bb75..c2722a24fcf8165df4356f28b6f32446f8e770ee 100644
--- a/public/logout.php
+++ b/public/logout.php
@@ -42,12 +42,10 @@ if ($auth->auth['uid'] !== 'nobody') {
$_language = $_SESSION['_language'];
$contrast = UserConfig::get($GLOBALS['user']->id)->USER_HIGH_CONTRAST;
- // TODO this needs to be generalized or removed
- //erweiterung cas
- if ($auth->auth['auth_plugin'] === 'cas') {
- $casauth = StudipAuthAbstract::GetInstance('cas');
- $docaslogout = true;
- }
+ // Get auth plugin of user before logging out since the $auth object will
+ // be modified by the logout
+ $auth_plugin = StudipAuthAbstract::getInstance($auth->auth['auth_plugin']);
+
//Logout aus dem Sessionmanagement
$auth->logout();
$sess->delete();
@@ -58,10 +56,11 @@ if ($auth->auth['uid'] !== 'nobody') {
$timeout=(time()-(15 * 60));
$user->set_last_action($timeout);
- //der logout() Aufruf fuer CAS (dadurch wird das Cookie (Ticket) im Browser zerstoert)
- if (!empty($docaslogout)) {
- $casauth->logout();
+ // Perform logout from auth plugin (if possible)
+ if ($auth_plugin instanceof StudipAuthSSO) {
+ $auth_plugin->logout();
}
+
$sess->start();
$_SESSION['_language'] = $_language;
if ($contrast) {