Hello everyone,
I'm trying to follow the docs to integrate edx with Okta as a SAML service
Provider. (edx.readthedocs
<https://edx.readthedocs.io/projects/edx-installing-configuring-and-running/en/latest/configuration/tpa/tpa_integrate_open/tpa_SAML_IdP.html>
)
I'm working with edx latest release Hawthorn in the devstack environment.
The site is configured with HTTPS & SSL Let's encrypt using a traefik
container.
The issue is when I try to connect via Okta my third party auth, I get an
http 403 error.as below when redirected to edx.
Forbidden (403)
CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a 'Referer
header' to be sent by your Web browser, but none was sent. This header is
required for security reasons, to ensure that your browser is not being
hijacked by third parties.
If you have configured your browser to disable 'Referer' headers, please
re-enable them, at least for this site, or for HTTPS connections, or for
'same-origin' requests.
Help
Reason given for failure:
Referer checking failed - no Referer.
I've looked for similar issue but could't quite understand how people solve
this issue.My question is how to workaround this issue ? I'm not sure if I
have to modify edx default forms with crsf tags and which oneto modify the
form to include in the POST the right parameters. or else is there another
way to solve this.
Thanks in advance for your help,
Lucas
--
You received this message because you are subscribed to the Google Groups
"General Open edX discussion" group.
To view this discussion on the web visit
https://groups.google.com/d/msgid/edx-code/bb57d55a-9bff-4bd5-8785-79b00340653a%40googlegroups.com.
