EDIT LocalSetting enable pluggableauth fast logout

Without fast logout, the user clicks logout and then has to click an additional form submit button to send the actual logout request to the IDP. With fast logout, this form submit is sent with a background post request. The docs note that fast logout might not with some SLO implementations, but it doesn't seem to have an issue with our staging CWL, so I'm enabling it. Increased the key size for the openssl generation command in README.md to 4096 for a bit more future proofing.
ubc · Jul 30, 2024 · c3860a6 · c3860a6
1 parent 448c6ae
commit c3860a6
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/LocalSettings.php b/LocalSettings.php
@@ -628,6 +628,10 @@ function loadenv($envName, $default = "") {
     wfLoadExtension( 'SimpleSAMLphp' );
     $wgSimpleSAMLphp_InstallDir = '/var/www/simplesamlphp';
     $wgPluggableAuth_EnableLocalLogin = false;
+    # allow background post request logout instead of requiring an additional
+    # user form post submit click. Seems to work despite possible
+    # incompatibility with SLO noted in docs.
+    $wgPluggableAuth_EnableFastLogout = true;
 
     $wgPluggableAuth_Config['CWL Log In'] = [
         'plugin' => 'SimpleSAMLphp',

diff --git a/README.md b/README.md
@@ -134,7 +134,7 @@ the docker compose dev environment.
 To generate your own cert and key:
 
 ```bash
-openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out wiki-sp.crt -keyout wiki-sp.pem
+openssl req -newkey rsa:4096 -new -x509 -days 3652 -nodes -out wiki-sp.crt -keyout wiki-sp.pem
 ```
 
 The key and cert can replace the ones in `docker/simplesamlphp/sp/cert/` which