From 19a60176013e71a219adc09f4b6be90106aece6e Mon Sep 17 00:00:00 2001
From: Thomas Hufschmidt <hufschmidt@hrz.uni-marburg.de>
Date: Mon, 15 Dec 2025 16:34:08 +0100
Subject: [PATCH 1/5] Add missing ilInitialisation::initILIAS() to shib_logout
 (simiar to shib_login)

---
 components/ILIAS/AuthShibboleth/resources/shib_logout.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/components/ILIAS/AuthShibboleth/resources/shib_logout.php b/components/ILIAS/AuthShibboleth/resources/shib_logout.php
index ca4e08403df2..8ddc0723135b 100644
--- a/components/ILIAS/AuthShibboleth/resources/shib_logout.php
+++ b/components/ILIAS/AuthShibboleth/resources/shib_logout.php
@@ -14,7 +14,10 @@
  *****************************************************************************/
 /** @noRector */
 require_once("../vendor/composer/vendor/autoload.php");
+ilContext::init(ilContext::CONTEXT_SHIBBOLETH);
+ilInitialisation::initILIAS();
 global $DIC;
+
 $q = $DIC->http()->wrapper()->query();
 if (
     $q->has('return')

From 1d09f8ec1c944ae3d92ae67dbe99c4cf95ec28d6 Mon Sep 17 00:00:00 2001
From: Thomas Hufschmidt <hufschmidt@hrz.uni-marburg.de>
Date: Mon, 15 Dec 2025 16:34:47 +0100
Subject: [PATCH 2/5] Replace deprecated $HTTP_RAW_POST_DATA in shib_logout.php

---
 components/ILIAS/AuthShibboleth/resources/shib_logout.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/ILIAS/AuthShibboleth/resources/shib_logout.php b/components/ILIAS/AuthShibboleth/resources/shib_logout.php
index 8ddc0723135b..fa4ea183207f 100644
--- a/components/ILIAS/AuthShibboleth/resources/shib_logout.php
+++ b/components/ILIAS/AuthShibboleth/resources/shib_logout.php
@@ -41,7 +41,7 @@
 //       stored in the application's session data.
 //       See function LogoutNotification below
 
-elseif (!empty($HTTP_RAW_POST_DATA)) {
+elseif (!empty(file_get_contents('php://input'))) {
     ilContext::init(ilContext::CONTEXT_SOAP);
 
     // Load ILIAS libraries and initialise ILIAS in non-web context

From 21d5d95a2cf3a0ff01666e30a767990f295bc012 Mon Sep 17 00:00:00 2001
From: Thomas Hufschmidt <hufschmidt@hrz.uni-marburg.de>
Date: Mon, 15 Dec 2025 16:35:20 +0100
Subject: [PATCH 3/5] Improve formating of fallback shib_logout SOAP response

---
 .../AuthShibboleth/resources/shib_logout.php  | 21 +++++++++----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/components/ILIAS/AuthShibboleth/resources/shib_logout.php b/components/ILIAS/AuthShibboleth/resources/shib_logout.php
index fa4ea183207f..61bf586cd634 100644
--- a/components/ILIAS/AuthShibboleth/resources/shib_logout.php
+++ b/components/ILIAS/AuthShibboleth/resources/shib_logout.php
@@ -67,16 +67,15 @@
 
     echo <<<WSDL
 <?xml version ="1.0" encoding ="UTF-8" ?>
-<definitions name="LogoutNotification"
-  targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
-  xmlns:notify="urn:mace:shibboleth:2.0:sp:notify"
-  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
-  xmlns="http://schemas.xmlsoap.org/wsdl/">
+<definitions name="LogoutNotification" targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
+	xmlns:notify="urn:mace:shibboleth:2.0:sp:notify"
+	xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+	xmlns="http://schemas.xmlsoap.org/wsdl/">
 
 	<types>
-	   <schema targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
-		   xmlns="http://www.w3.org/2000/10/XMLSchema"
-		   xmlns:notify="urn:mace:shibboleth:2.0:sp:notify">
+		<schema targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
+			xmlns="http://www.w3.org/2000/10/XMLSchema"
+			xmlns:notify="urn:mace:shibboleth:2.0:sp:notify">
 
 			<simpleType name="string">
 				<restriction base="string">
@@ -96,7 +95,7 @@
 		<part name="SessionID" type="notify:string" />
 	</message>
 
-	<message name="getLogoutNotificationResponse" >
+	<message name="getLogoutNotificationResponse">
 		<part name="OK"/>
 	</message>
 
@@ -115,9 +114,9 @@
 	</binding>
 
 	<service name="LogoutNotificationService">
-		  <port name="LogoutNotificationPort" binding="notify:LogoutNotificationBinding">
+		<port name="LogoutNotificationPort" binding="notify:LogoutNotificationBinding">
 			<soap:address location="{$url}"/>
-		  </port>
+		</port>
 	</service>
 </definitions>
 WSDL;

From e818a5daad78858b3d0f0ebdd76c7a7a6004b353 Mon Sep 17 00:00:00 2001
From: Thomas Hufschmidt <hufschmidt@hrz.uni-marburg.de>
Date: Mon, 15 Dec 2025 16:35:58 +0100
Subject: [PATCH 4/5] Add missing shibboleth_session_id information to stored
 session data (used by shib_logout.php)

---
 .../AuthShibboleth/classes/class.ilAuthProviderShibboleth.php    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/ILIAS/AuthShibboleth/classes/class.ilAuthProviderShibboleth.php b/components/ILIAS/AuthShibboleth/classes/class.ilAuthProviderShibboleth.php
index c949f6f38cb3..bfedfa663057 100755
--- a/components/ILIAS/AuthShibboleth/classes/class.ilAuthProviderShibboleth.php
+++ b/components/ILIAS/AuthShibboleth/classes/class.ilAuthProviderShibboleth.php
@@ -107,6 +107,7 @@ public function doAuthentication(ilAuthStatus $status): bool
             return false;
         }
 
+        ilSession::set('shibboleth_session_id', $_SERVER['Shib-Session-ID']);
         return true;
     }
 }

From 77326baa2bf8e7270ac4fa58f3acc1586dc2121d Mon Sep 17 00:00:00 2001
From: Thomas Hufschmidt <hufschmidt@hrz.uni-marburg.de>
Date: Mon, 15 Dec 2025 16:38:46 +0100
Subject: [PATCH 5/5] Stored session data is not a nested array (anymore) fix
 for shib_logout.php

Note: This also renames some variables for improved clarity.
- $session_entry > $session
- Drops $user_session loop
---
 .../AuthShibboleth/resources/shib_logout.php  | 25 ++++++++-----------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/components/ILIAS/AuthShibboleth/resources/shib_logout.php b/components/ILIAS/AuthShibboleth/resources/shib_logout.php
index 61bf586cd634..c7a92f590e57 100644
--- a/components/ILIAS/AuthShibboleth/resources/shib_logout.php
+++ b/components/ILIAS/AuthShibboleth/resources/shib_logout.php
@@ -138,20 +138,15 @@ function LogoutNotification($SessionID)
     $q = "SELECT session_id, data FROM usr_session WHERE expires > 'NOW()'";
     $r = $ilDB->query($q);
 
-    while ($session_entry = $r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
-        $user_session = unserializesession($session_entry['data']);
-
-        // Look for session with matching Shibboleth session id
-        // and then delete this ilias session
-        foreach ($user_session as $user_session_entry) {
-            if (is_array($user_session_entry)
-                && array_key_exists('shibboleth_session_id', $user_session_entry)
-                && $user_session_entry['shibboleth_session_id'] == $SessionID
-            ) {
-                // Delete this session entry
-                if (ilSession::_destroy($session_entry['session_id']) !== true) {
-                    return new SoapFault('LogoutError', 'Could not delete session entry in database.');
-                }
+    while ($session = $r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
+        $session_data = unserializesession($session['data']);
+        if (is_array($session_data)
+            && array_key_exists('shibboleth_session_id', $session_data)
+            && $session_data['shibboleth_session_id'] == $SessionID
+        ) {
+            // Delete this session entry
+            if (ilSession::_destroy($session['session_id']) !== true) {
+                return new SoapFault('LogoutError', 'Could not delete session entry in database.');
             }
         }
     }
@@ -169,4 +164,4 @@ function unserializesession($serialized_string)
     }
 
     return ($variables);
-}
\ No newline at end of file
+}