SAML Logout

Updated on 28 Dec 2018

authentication

Logout

Logging out follows a similar process as the login. It will call the Identity Provider, which in turn will POST the logout respone to your logout URL.

Unfortunately we can not over-ride the logout url; even in the settings.php file. There is a setting there, but it doesn’t work. The process flow is the same as the login flow.

test2-logout.php

    session_start();

    //-----
    //--load some files that I need, especially the settings.php file...
    //-----
    define("TOOLKIT_PATH", '/var/www/html/saml/php-saml/');
    require_once(TOOLKIT_PATH . '_toolkit_loader.php');   // We load the SAML2 lib
    require_once('settings2.php'); 
    //-----

    $auth = new OneLogin_Saml2_Auth($settingsInfo); // Constructor of the SP, loads settings.php   
    $auth->logout('http://localhost/saml/mamamia.php');

The main part of logging out is here:

$auth = new OneLogin_Saml2_Auth($settingsInfo); // Constructor of the SP, loads settings.php   
$auth->logout('http://localhost/saml/mamamia.php');

Now don’t be fooled, the url provided in the logout function is not a url that will be redirected automatically. We can’t even use the settings.php file for that. But the value will be part of the response sent back to us.

test2-logout-final.php

This file is where the Identity Provider will send the logout response to. It will also contain the url we specified earlier in the logout function which we can use to redirect if we want (but I’ve skipped this for later)…

    //-----
    //--load some files that I need, especially the settings.php file...
    //-----
    define("TOOLKIT_PATH", '/var/www/html/saml/php-saml/');
    require_once(TOOLKIT_PATH . '_toolkit_loader.php');   // We load the SAML2 lib
    require_once('settings2.php'); 
    //-----

    $settings = new OneLogin_Saml2_Settings($settingsInfo, true);
    $logoutResponse = new OneLogin_Saml2_LogoutResponse($settings, $_GET['SAMLResponse']);
    
    ...

    print_r($_GET);
    echo "<p>Hello, logout</p>";

Notice the RelayState. This contains our url we specified with the logout method. We can now use that with a header redirect header('Location: ...') to go to our final-final logout page (mamamia.php).