Thanks again Stan. It turns out there's a much easier way to accomplish this. I'm not sure if this is available pre-Hawthorne. When configuring the OAuth2 provider, you can check "Skip hinted login dialog." If you then append ?tpa_hint=<oauth2_provider> to any URL for a protected resource, the EdX login page is skipped and you're brought directly to the SSO login page.
I'm not sure why I didn't notice this earlier. Brian On Monday, December 10, 2018 at 2:49:11 AM UTC-5, Stan V wrote: > > Brian, > > > > Sure, glad to help. The platform changes seem to be concentrated in 3-4 > files, aside from the Theme that was fully custom, but I think the logic is > actually driven by the platform code. I’ll email the zipped extract to your > gmail, see what you can do with it. If you get stuck, let me know, I’ll > look at the Theme code again. > > > > > > > > Stan Varlamov > > CTO > > EXL Inc. | EXLskills.com <https://exlskills.com/> > > > > Phone (USA): (734) 230-2825 > > Phone (HK): +852 5506 5715 > > LinkedIn: https://www.linkedin.com/in/stanvarlamov > > Skype: stanvarlamov > > Whatsapp: +852 5506 5715 > > WeChat: stanvarlamov > > > > On Monday, December 10, 2018 at 10:38:31 AM UTC+8, Brian Levine wrote: >> >> Thank Stan, >> >> If you wouldn't mind sharing the code (or pointers to what you changed), >> I'd certainly appreciate it. We can figure out how to "translate" it into >> Hawthorne. >> >> >> >> On Sunday, December 9, 2018 at 7:38:41 PM UTC-5, Stan V wrote: >>> >>> We hardcoded a redirect in EDX to the Keycloak own login, which then >>> redirects you back into EDX, sending the User ID that seamlessly flows into >>> the EDX login logic in the background. As I recall, there've been a few >>> places to change, but not a big deal. I have the code from that POC >>> somewhere - in Ginkgo, though >>> >>> On Sunday, December 9, 2018 at 11:50:45 AM UTC+8, Brian Levine wrote: >>>> >>>> Hello, >>>> >>>> We're integrating OpenEdX with a number of other services all of which >>>> are secured using SSO via Keycloak. Keycloak will be the only auth >>>> provider available. We've successfully integrated Keycloak as an EdX >>>> 3rd-party OAuth provider. Since this is the only auth provider, we'd >>>> prefer that the user not have to click the 3rd-party provider button on >>>> the >>>> EdX login page. In fact, we'd prefer not to show the EdX login page at >>>> all. However, we'd still need some way for EdX to create its own session. >>>> >>>> Is it possible to somehow disable the EdX login page, but still provide >>>> a URL (to Keycloak) such that when the user is redirected to that URL, an >>>> EdX session is created? We thought of creating a page that simulates the >>>> user clicking the 3rd-party provider button by programmatically doing the >>>> POST that that button would have done on load. But we're looking for >>>> something a bit less hack-y if possible. >>>> >>>> Thanks! >>>> >>>> >>>> -- You received this message because you are subscribed to the Google Groups "General Open edX discussion" group. To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/7488b3eb-af44-4aa0-ba3a-98edfb44da49%40googlegroups.com.
