- Issue created by @kc2bj
When a SAML-authenticated user (via SimpleSAMLphp Auth) uses the Masquerade module and logs out, the site throws a PHP fatal error:
Error: Call to undefined method Drupal\user\Entity\User::setAccount() in simplesamlphp_auth_user_logout()
This happens because the module incorrectly tries to call `$account->setAccount(new AnonymousUserSession());` where `$account` is a User entity, which does not have a `setAccount()` method.
This causes a full site crash when masquerading users under SAML authentication.
---
1. Login as a user authenticated via SimpleSAMLphp (using simplesamlphp_auth).
2. Masquerade as another user (using Masquerade module).
3. Logout.
4. Observe the fatal error: Call to undefined method `User::setAccount()`.
---
Replace the invalid method call in `simplesamlphp_auth_user_logout()`.
From:
```php
$account->setAccount(new AnonymousUserSession());
To:
\Drupal::currentUser()->setAccount(new AnonymousUserSession());
Or, optionally use the more standard service:
\Drupal::service('account_switcher')->switchTo(new AnonymousUserSession());
This properly resets the session user without directly manipulating User entities.
β’ Apply the code fix replacing setAccount() call.
β’ Optionally submit a patch for the fix.
β’ Review if further logout flows (e.g., SLO integration) should use account_switcher for consistency.
None.
None.
None.
Active
4.0
Code