在 simplesamlphp 中实现单点注销 [英] Implement single logout in simplesamlphp

问题描述

这是我上一个问题的延续

This is in continuation with my previous question

使用 SAML 和使网站成为身份提供者

现在我在 cauth.com 和 a.com(或 b.com)上都有会话.单击注销"按钮在这两个站点上注销会话的最佳方法是什么?

Now I have sessions at cauth.com and also a.com (or b.com).What can be the best way to logout the sessions on both the site on click of "Logout" button.?

这是我在 cauth.com

   public function actionSlo(){
      $metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
      $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
     $idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
      \sspmod_saml_IdP_SAML2::receiveLogoutMessage($idp);
      assert('FALSE');

      //destroy session 
      session_destroy();

      //redirect to the spentity
      $spId = $_GET['spentityid'];
      header("location:".$spId);

   }

在我看来，注销需要 3 个 http 重定向

It seems to me that logout will take 3 http redirects

1.当用户点击注销"时请求的页面是 cauth.com/slo.

1 . When user click on "logout" requested page is cauth.com/slo.

1. 然后，该用户将被带到主站点(a.com 或 b.com)的注销.

1. Then from this user will be taken to the logout of the main site (a.com or b.com).

用户将被重定向到主站点的索引页面.

User will be redirected to the index page of the main site.

我想知道有什么方法可以在内部处理 saml 注销以减少 http 重定向的数量，记住我必须清除两个站点上的会话变量?

I want to know is there any way by which I can handle the saml logout internally reducing the number of the http redirects keeping in mind that I have to clear out the session variables on both sites ?

推荐答案

尝试清除

cauth.com( (cauth.com/logout))

清除用户会话需要在之前启动您的用户会话并通过

clear user session need to start your user session before and destroy current user session by

session_start();    
session_unset();
session_destroy();

这篇关于在 simplesamlphp 中实现单点注销的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！