Part 3 of the investigation. We now have configured properly the Idp provider Okta with the right entityId & location URL found in the edx metadata.xml (in {LMS_ROOT}/ /auth/saml/metadata.xml
The 403 error is now gone since we redirect the post request to the right & expected URL. Yet when we try to login we get a new error : "Authentication failed: SAML login failed: ['invalid_response'] (There is no AttributeStatement on the Response)". There is already a post (https://groups.google.com/forum/#!topic/openedx-ops/d-rmACND180) for this with a solution that unfortunately did not work. Again if anyone has face this error message it would be great to have some help, I guess I need to edit the attributes to make it correspond with the Idp format ? In parrallel we opened an issue on the Idp provider side. Thanks in advance your help Stay tuned for more ! Le mardi 26 mars 2019 14:19:41 UTC+1, Lucas Rittié a écrit : > > Hello again, > > After further investigation it looks like the issue is with the SAML > endpoint. When I click on the IdP login button, I'm well redirected to the > IdP login portal. I enter my login and the identity provider logs shows > that the user is logged in but when I get redirected to edx I get the error > 403. > > It looks that I'm not redirecting to the right edx Url once logged in. > Right now the IdP is configured to redirect to the LMS dashboard. > > My question is the next : To what end URL should the IdP redirect the user > to ? I tried the LMS BASE and LMS/dashboard. > > I can't really find this information in edx.readthedocs unfortunately. > > Has someone encountered the same the issue ? Or can someone share to what > URL he redirect the IdP requests to maybe ? > > Thanks in advance for your help > > Best Regards, > Lucas > > Le mardi 12 mars 2019 12:01:02 UTC+1, Lucas Rittié a écrit : >> >> Hello everyone, >> >> I'm trying to follow the docs to integrate edx with Okta as a SAML >> service Provider. (edx.readthedocs >> <https://edx.readthedocs.io/projects/edx-installing-configuring-and-running/en/latest/configuration/tpa/tpa_integrate_open/tpa_SAML_IdP.html> >> ) >> >> I'm working with edx latest release Hawthorn in the devstack environment. >> >> The site is configured with HTTPS & SSL Let's encrypt using a traefik >> container. >> >> The issue is when I try to connect via Okta my third party auth, I get an >> http 403 error.as below when redirected to edx. >> >> Forbidden (403) >> >> CSRF verification failed. Request aborted. >> >> You are seeing this message because this HTTPS site requires a 'Referer >> header' to be sent by your Web browser, but none was sent. This header is >> required for security reasons, to ensure that your browser is not being >> hijacked by third parties. >> >> If you have configured your browser to disable 'Referer' headers, please >> re-enable them, at least for this site, or for HTTPS connections, or for >> 'same-origin' requests. >> Help >> >> Reason given for failure: >> >> Referer checking failed - no Referer. >> >> >> >> >> I've looked for similar issue but could't quite understand how people >> solve this issue.My question is how to workaround this issue ? I'm not sure >> if I have to modify edx default forms with crsf tags and which oneto modify >> the form to include in the POST the right parameters. or else is there >> another way to solve this. >> >> >> Thanks in advance for your help, >> Lucas >> > -- You received this message because you are subscribed to the Google Groups "General Open edX discussion" group. To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/9027b6bb-fffd-40e0-9765-108785797d0f%40googlegroups.com.