Fix #19 SP-Intiated SLO - need to destroy session before requesting SLO

onelogin · May 27, 2015 · 3ceaef5 · 3ceaef5
1 parent 74f6de1
commit 3ceaef5
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/onelogin_saml/functions.php b/onelogin_saml/functions.php
@@ -18,7 +18,7 @@ function onelogin_saml_sso() {
 function onelogin_saml_slo() {
   global $cookie_domain, $user;
 
-  setcookie('drupal_saml_login', 0, time() + 360000);
+  session_destroy();
   $auth = initialize_saml();
   $auth->logout();
   exit();
@@ -57,9 +57,16 @@ function onelogin_saml_acs() {
 
 function onelogin_saml_sls() {
   $auth = initialize_saml();
-  $auth->processSLO();  
+  $auth->processSLO();
+  if (empty($auth->getErrors())) {
+      session_destroy();
+  }
+  else {
+    drupal_set_message("SLS endpoint found an error.".$auth->getLastErrorReason(), 'error', FALSE);
+  }
   drupal_goto('');
 }
+
 function onelogin_saml_metadata() {
   $auth = initialize_saml();
   $auth = new Onelogin_Saml2_Auth($settings);

diff --git a/onelogin_saml/version.json b/onelogin_saml/version.json
@@ -6,7 +6,7 @@
     "plugin": {
         "app": "drupal",
         "name": "onelogin-saml",
-        "version": "2.2.1",
+        "version": "2.2.2",
         "released": "26/05/2015"
     }
 }