Affects Version/s: 1.9.5
Fix Version/s: None
- Added a new setting logout_handler to the Shibboleth authentication settings
- Removed hard-coded strings in the configuration settings and replaced them with proper print_string expressions
- Added a logoutpage_hook function that (optinally) sends a user who clicks on the logout button to the Shibboleth logout handler after Moodle logout
- Updated README
How to test:
If the logout_handler URL is set (e.g. with the default Shibboleth logout handler /Shibboleth.sso/Logout), an (Shibboleth) authenticated Moodle user can click on the Moodle Logout link. Moodle then first deletes the user's session and then should sent the user to /Shibboleth.sso/Logout?return=$redirect where $redirect is the URL that Moodle would redirect the user. In this case, the Shibboleth Service Provider eventually will sent the user to this URL after Shibboleth logout.
The result should be that after clicking on Logout, the user should not only be logged out from Moodle but also from Shibboleth. This means, that there should not be any shib_session cookie anymore.
If no logout_handler URL is set, there should be no change in Moodle's logout procedure.