Part 3 of the investigation.
We now have configured properly the Idp provider Okta with the right
entityId & location URL found in the edx metadata.xml (in {LMS_ROOT}/
/auth/saml/metadata.xml
The 403 error is now gone since we redirect the post request to the right &
expected URL.
Yet when we try to login we get a new error : "Authentication failed: SAML
login failed: ['invalid_response'] (There is no AttributeStatement on the
Response)".
There is already a post
(https://groups.google.com/forum/#!topic/openedx-ops/d-rmACND180) for this
with a solution that unfortunately did not work.
Again if anyone has face this error message it would be great to have some
help, I guess I need to edit the attributes to make it correspond with the
Idp format ?
In parrallel we opened an issue on the Idp provider side.
Thanks in advance your help
Stay tuned for more !
Le mardi 26 mars 2019 14:19:41 UTC+1, Lucas Rittié a écrit :
>
> Hello again,
>
> After further investigation it looks like the issue is with the SAML
> endpoint. When I click on the IdP login button, I'm well redirected to the
> IdP login portal. I enter my login and the identity provider logs shows
> that the user is logged in but when I get redirected to edx I get the error
> 403.
>
> It looks that I'm not redirecting to the right edx Url once logged in.
> Right now the IdP is configured to redirect to the LMS dashboard.
>
> My question is the next : To what end URL should the IdP redirect the user
> to ? I tried the LMS BASE and LMS/dashboard.
>
> I can't really find this information in edx.readthedocs unfortunately.
>
> Has someone encountered the same the issue ? Or can someone share to what
> URL he redirect the IdP requests to maybe ?
>
> Thanks in advance for your help
>
> Best Regards,
> Lucas
>
> Le mardi 12 mars 2019 12:01:02 UTC+1, Lucas Rittié a écrit :
>>
>> Hello everyone,
>>
>> I'm trying to follow the docs to integrate edx with Okta as a SAML
>> service Provider. (edx.readthedocs
>> <https://edx.readthedocs.io/projects/edx-installing-configuring-and-running/en/latest/configuration/tpa/tpa_integrate_open/tpa_SAML_IdP.html>
>> )
>>
>> I'm working with edx latest release Hawthorn in the devstack environment.
>>
>> The site is configured with HTTPS & SSL Let's encrypt using a traefik
>> container.
>>
>> The issue is when I try to connect via Okta my third party auth, I get an
>> http 403 error.as below when redirected to edx.
>>
>> Forbidden (403)
>>
>> CSRF verification failed. Request aborted.
>>
>> You are seeing this message because this HTTPS site requires a 'Referer
>> header' to be sent by your Web browser, but none was sent. This header is
>> required for security reasons, to ensure that your browser is not being
>> hijacked by third parties.
>>
>> If you have configured your browser to disable 'Referer' headers, please
>> re-enable them, at least for this site, or for HTTPS connections, or for
>> 'same-origin' requests.
>> Help
>>
>> Reason given for failure:
>>
>> Referer checking failed - no Referer.
>>
>>
>>
>>
>> I've looked for similar issue but could't quite understand how people
>> solve this issue.My question is how to workaround this issue ? I'm not sure
>> if I have to modify edx default forms with crsf tags and which oneto modify
>> the form to include in the POST the right parameters. or else is there
>> another way to solve this.
>>
>>
>> Thanks in advance for your help,
>> Lucas
>>
>
--
You received this message because you are subscribed to the Google Groups
"General Open edX discussion" group.
To view this discussion on the web visit
https://groups.google.com/d/msgid/edx-code/9027b6bb-fffd-40e0-9765-108785797d0f%40googlegroups.com.
