How can I write my own logout page?

Hi,

I enabled user_saml app in nextcloud and using an environment variable and mod_auth_cas i managed to make it authenticate users with CAS (SSO service), but the problem is that the logout doesn’t work, the page just reloads (to be more detailed it goes to logout page, doesn’t logout successfully, redirects to login page and since i was not successfully logged out, it redirects to the page with my files).

I saw some people write their own logout pages and i found an example. Does anyone know where to find the file for the logout page or how can i replace it?

Hi,

we are facing the same problem.

You can change the Logout Page by editing the file lib/private/NavigationManager.php and replacing (put in comment)

/*'href' => $this->urlGenerator->linkToRouteAbsolute(
    'core.login.logout',
    ['requesttoken' => \OCP\Util::callRegister()]
),*/

And add this right after:

'href' => 'https://nextcloud.domain.com/logout.php',

Thus a new created logout.php file inside your nextcloud web root is called instead.

But the tricky part comes now: What does this file have to contain?

We tried this:

<?php
require_once __DIR__ . '/lib/base.php';
session_unset();
session_destroy();
\OC::$server->getUserSession()->logout();
header('Location: https://cas.example.org/logout');

?>

But we still can login after this. I would appreciative any helpful tip.

Kind Regards

Eventually I discovered that myself. The code we are using right now for logout.php is this:

<?php
unset($_SESSION['MOD_AUTH_CAS_S']);
setcookie('MOD_AUTH_CAS_S', null, -1, '/index.php/');
 
unset($_SESSION['MOD_AUTH_CAS']);
setcookie('MOD_AUTH_CAS', null, -1, '/index.php/');
 
unset($_SESSION['oc_sessionPassphrase']);
setcookie('oc_sessionPassphrase', null, -1, '/');
 
unset($_SESSION['<instanceid>']);   ###instanceid can be found in NextcloudDir/config/config.php
setcookie('<instanceid>', null, -1, '/');
 
header('Location: https://cas.domain.com/cas/logout');
?>

Not sure if this is the best implementation but it works. If you have a better idea feel free to share :slight_smile:

Note well, if you are going to upgrade Nextcloud, changes made to lib/private/NavigationManager.php and any other files will be lost.

Also, you might want to keep an eye on this github issue: https://github.com/nextcloud/user_saml/issues/114

Thanks for your reply.

I also discoverd this code, but it doesn´t work for me.

In addtition, if i print out all _SESSION elements like this:

echo "<pre>"; print_r($_SESSION); echo "</pre>"; 

there are no values such as MOD_AUTH_CAS and so forth, only a value named encrypted_session_data.

I wonder why this works for you.

The way i found those $_SESSION values is: while logged into Nextcloud, right-click on page -> inspect -> application -> expand “Cookies” -> https://nextcloud.domain.com
This should show you the values you need to unset for the logout. Hope this helps.

PS: I had one Nextcloud server where I had MOD_AUTH_CAS_S and other server where I had MOD_AUTH_CAS. That’s why i put both values.

Ok, you´re right, the _SESSION values are set, perhaps included in this encrypted_session_data variable.

Anyway, with your code, i get logged out as far as the cas is concerned, but not Nextcloud. I can say that the CAS is working as intended, but somehow Nextcloud still reads the enviroment variable.

Do you use “REMOTE_USER” or “HTTP_CAS_USER” as your environment variable for mod_auth_cas? Not sure why a lot of examples for this topic use “HTTP_CAS_USER” instead of the default.

I use HTTP_CAS_USER

And is this set somewhere in your web vhost configuration or only in the Nextcloud “SSO&SAML” Settings?

I use this CAS config:

    CASVersion 2
    CASLoginURL https://cas.domain.com/cas/login
    CASValidateURL https://cas.domain.com/cas/serviceValidate
    CASDebug On

    <Location "/nextcloud/index.php/login">
            AuthType CAS
            AuthName "CAS"
            Require valid-user
            CASAuthNHeader HTTP_CAS_USER
    </Location>


    <Location "/nextcloud/index.php/apps/user_saml/saml/login">
            AuthType CAS
            AuthName "CAS"
            Require valid-user
            CASAuthNHeader HTTP_CAS_USER
    </Location>

Only in the Nextcloud “SSO&SAML” Settings. Here are some notes I wrote about how i configured CAS Auth for Nextcloud: https://docswiki.newro.co/index.php/Nextcloud_external_auth#CAS_Auth

Ok, i found the problem.

For the environment variable to set correctly, this is the right config:

       CASAuthNHeader CAS-User

Thus, the server variable HTTP_CAS_USER is set with the user id. Then your logout code works fine.

Thanks for your help.