Implement single logout in simplesamlphp

Question

This is in continuation with my previous question

Central login with SAML and making site to work as identity provider

Now I have sessions at cauth.com and also a.com (or b.com).What can be the best way to logout the sessions on both the site on click of "Logout" button.?

This is the code I have witten for logout in cauth.com

   public function actionSlo(){
      $metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
      $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
     $idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
      \sspmod_saml_IdP_SAML2::receiveLogoutMessage($idp);
      assert('FALSE');

      //destroy session 
      session_destroy();

      //redirect to the spentity
      $spId = $_GET['spentityid'];
      header("location:".$spId);

   }

It seems to me that logout will take 3 http redirects

1 . When user click on "logout" requested page is cauth.com/slo.

2. Then from this user will be taken to the logout of the main site (a.com or b.com).

3. User will be redirected to the index page of the main site.

I want to know is there any way by which I can handle the saml logout internally reducing the number of the http redirects keeping in mind that I have to clear out the session variables on both sites ?

Answer 1

Try to clear the user session in

cauth.com( (cauth.com/logout))

clear user session need to start your user session before and destroy current user session by

session_start();    
session_unset();
session_destroy();