For some reason, which remains a mystery to me, the function getUser() of the class External never is able to determine the user ( if (!$user->isAnonymous()) is FALSE). This prevents the user from being logged out from the IdP.
A work-around that I use is to destroy the session in the function logout():
public function logout(&$state) {
assert('is_array($state)');
if ($this->bootstrap()->getUser()) {
// We may not have a session started, but SessionManager will throw
// an error if it tries to destroy an uninitialized session.
$this->container->get('session_manager')->start();
user_logout();
}
else {
$request = \Drupal::request();
$request->getSession()->clear();
}
}
In the request the proper SESSION cookie for the logged in user was available, but still the user could not be found. Clearing the session in that case does the job.
drupal/core 8.4.2
drupal/saml_idp 1.x-dev
simplesamlphp/saml2 v1.9.1
simplesamlphp/simplesamlphp v1.14.17
For some reason, which remains a mystery to me, the function getUser() of the class External never is able to determine the user ( if (!$user->isAnonymous()) is FALSE). This prevents the user from being logged out from the IdP.
A work-around that I use is to destroy the session in the function logout():
In the request the proper SESSION cookie for the logged in user was available, but still the user could not be found. Clearing the session in that case does the job.
drupal/core 8.4.2
drupal/saml_idp 1.x-dev
simplesamlphp/saml2 v1.9.1
simplesamlphp/simplesamlphp v1.14.17