Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to "disable the cache for this SAML plugin" #122

Open
andrew-alloy opened this issue Sep 1, 2021 · 3 comments
Open

How to "disable the cache for this SAML plugin" #122

andrew-alloy opened this issue Sep 1, 2021 · 3 comments

Comments

@andrew-alloy
Copy link

The instructions say:

Using the SAML Plugin in WPengine or similar
This kind of WP hosting used to cache plugins and protect the wp-login.php view. You will need to contact them in order to disable the cache for this SAML plugin and also allow external HTTP POST to wp-login.php

I contacted WP Engine and they understood the part about allowing external HTTP POST to wp-login.php however they do not understand what is meant by disabling the cache for the SAML plugin.

Here is the relevant excerpt from my online chat with them:

AGENT (Jon K.): I believe the wp-login.php protection refers to our default login protection that we have enabled on sites and I can disable that, but I’m not seeing specifics listed anywhere for the cache exclusions. We can add cache exclusions for pages, cookies, or URL arguments, but we need to know which ones to exclude – we wouldn’t know off the top what should be excluded to make that particular plugin work with our caching, so it would be best if they could provide you with a list of pages or URLS that should be uncached.

USER: It seems they think you cache plugins themselves?

AGENT (Jon K.): That’s the phrasing they use but that’s not really how our caching works – we cache pages in our varnish cache but not things like plugin files, unless they’re static assets like CSS or JS.

USER: that makes sense.
USER: The plugin is “OneLogin SAML SSO”
USER: I wonder if it operates within it’s own folder

AGENT (Jon K.): yep, it looks like wp-content/onelogin-saml-sso for that one, but excluding files or ‘pages’ within that directory wouldn’t be likely to have the desired effect. For instance, /wp-content/plugins/onelogin-saml-sso/onelogin_saml.php is the URL for what looks to be the main PHP file for the plugin, but nobody would be accessing that page directly – it’s more likely there are pages with a certain cookie present or URL structure that the plugin uses that should be excluded from caching, we’d just need to know exactly what those are.
AGENT (Jon K.): As far as the login protection goes, I’ve disabled that setting on the site from here so that shouldn’t be causing any conflicts.

Can you please explain further what they need to change?

@pitbulk
Copy link
Contributor

pitbulk commented Nov 2, 2021

Is not the cache assocaited with this specific plugin, is the WP cache in general.

https://wpengine.com/support/cache/#WP_Engine_Cache

@andrew-alloy
Copy link
Author

Thank you. So we must disable WP Engine's entire caching system to use this plugin?

Is not the cache assocaited with this specific plugin, is the WP cache in general.

https://wpengine.com/support/cache/#WP_Engine_Cache

@pitbulk
Copy link
Contributor

pitbulk commented Nov 2, 2021

Only if you experience issues with it enabled and you are not able to configure it to ignore the SAML endpoints to be cached.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants