You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the SAML Plugin in WPengine or similar
This kind of WP hosting used to cache plugins and protect the wp-login.php view. You will need to contact them in order to disable the cache for this SAML plugin and also allow external HTTP POST to wp-login.php
I contacted WP Engine and they understood the part about allowing external HTTP POST to wp-login.php however they do not understand what is meant by disabling the cache for the SAML plugin.
Here is the relevant excerpt from my online chat with them:
AGENT (Jon K.): I believe the wp-login.php protection refers to our default login protection that we have enabled on sites and I can disable that, but I’m not seeing specifics listed anywhere for the cache exclusions. We can add cache exclusions for pages, cookies, or URL arguments, but we need to know which ones to exclude – we wouldn’t know off the top what should be excluded to make that particular plugin work with our caching, so it would be best if they could provide you with a list of pages or URLS that should be uncached.
USER: It seems they think you cache plugins themselves?
AGENT (Jon K.): That’s the phrasing they use but that’s not really how our caching works – we cache pages in our varnish cache but not things like plugin files, unless they’re static assets like CSS or JS.
USER: that makes sense.
USER: The plugin is “OneLogin SAML SSO”
USER: I wonder if it operates within it’s own folder
AGENT (Jon K.): yep, it looks like wp-content/onelogin-saml-sso for that one, but excluding files or ‘pages’ within that directory wouldn’t be likely to have the desired effect. For instance, /wp-content/plugins/onelogin-saml-sso/onelogin_saml.php is the URL for what looks to be the main PHP file for the plugin, but nobody would be accessing that page directly – it’s more likely there are pages with a certain cookie present or URL structure that the plugin uses that should be excluded from caching, we’d just need to know exactly what those are.
AGENT (Jon K.): As far as the login protection goes, I’ve disabled that setting on the site from here so that shouldn’t be causing any conflicts.
Can you please explain further what they need to change?
The text was updated successfully, but these errors were encountered:
The instructions say:
I contacted WP Engine and they understood the part about allowing external HTTP POST to wp-login.php however they do not understand what is meant by disabling the cache for the SAML plugin.
Here is the relevant excerpt from my online chat with them:
Can you please explain further what they need to change?
The text was updated successfully, but these errors were encountered: