From c3860a69e615c15766558a62268b452378413e9d Mon Sep 17 00:00:00 2001 From: John Hsu Date: Tue, 30 Jul 2024 14:45:20 -0700 Subject: [PATCH] EDIT LocalSetting enable pluggableauth fast logout Without fast logout, the user clicks logout and then has to click an additional form submit button to send the actual logout request to the IDP. With fast logout, this form submit is sent with a background post request. The docs note that fast logout might not with some SLO implementations, but it doesn't seem to have an issue with our staging CWL, so I'm enabling it. Increased the key size for the openssl generation command in README.md to 4096 for a bit more future proofing. --- LocalSettings.php | 4 ++++ README.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/LocalSettings.php b/LocalSettings.php index 241683b..1ca91f2 100644 --- a/LocalSettings.php +++ b/LocalSettings.php @@ -628,6 +628,10 @@ function loadenv($envName, $default = "") { wfLoadExtension( 'SimpleSAMLphp' ); $wgSimpleSAMLphp_InstallDir = '/var/www/simplesamlphp'; $wgPluggableAuth_EnableLocalLogin = false; + # allow background post request logout instead of requiring an additional + # user form post submit click. Seems to work despite possible + # incompatibility with SLO noted in docs. + $wgPluggableAuth_EnableFastLogout = true; $wgPluggableAuth_Config['CWL Log In'] = [ 'plugin' => 'SimpleSAMLphp', diff --git a/README.md b/README.md index e4e57bb..2e42337 100644 --- a/README.md +++ b/README.md @@ -134,7 +134,7 @@ the docker compose dev environment. To generate your own cert and key: ```bash -openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out wiki-sp.crt -keyout wiki-sp.pem +openssl req -newkey rsa:4096 -new -x509 -days 3652 -nodes -out wiki-sp.crt -keyout wiki-sp.pem ``` The key and cert can replace the ones in `docker/simplesamlphp/sp/cert/` which