End of investigation !
Finally we managed to make the third party auth features works.
All it took was to read the SAML sent by the Identity Provider check the
user id tag and add it in the in the SAML(Idps) configuration in django
admin
So edx can parse and read the values from the SAML response.
Thanks !
Lucas
Le mercredi 27 mars 2019 16:52:49 UTC+1, Lucas Rittié a écrit :
>
> Part 3 of the investigation.
>
> We now have configured properly the Idp provider Okta with the right
> entityId & location URL found in the edx metadata.xml (in {LMS_ROOT}/
> /auth/saml/metadata.xml
>
> The 403 error is now gone since we redirect the post request to the right
> & expected URL.
>
> Yet when we try to login we get a new error : "Authentication failed: SAML
> login failed: ['invalid_response'] (There is no AttributeStatement on the
> Response)".
>
> There is already a post (
> https://groups.google.com/forum/#!topic/openedx-ops/d-rmACND180) for this
> with a solution that unfortunately did not work.
>
> Again if anyone has face this error message it would be great to have some
> help, I guess I need to edit the attributes to make it correspond with the
> Idp format ?
>
> In parrallel we opened an issue on the Idp provider side.
>
> Thanks in advance your help
> Stay tuned for more !
> Le mardi 26 mars 2019 14:19:41 UTC+1, Lucas Rittié a écrit :
>>
>> Hello again,
>>
>> After further investigation it looks like the issue is with the SAML
>> endpoint. When I click on the IdP login button, I'm well redirected to the
>> IdP login portal. I enter my login and the identity provider logs shows
>> that the user is logged in but when I get redirected to edx I get the error
>> 403.
>>
>> It looks that I'm not redirecting to the right edx Url once logged in.
>> Right now the IdP is configured to redirect to the LMS dashboard.
>>
>> My question is the next : To what end URL should the IdP redirect the
>> user to ? I tried the LMS BASE and LMS/dashboard.
>>
>> I can't really find this information in edx.readthedocs unfortunately.
>>
>> Has someone encountered the same the issue ? Or can someone share to what
>> URL he redirect the IdP requests to maybe ?
>>
>> Thanks in advance for your help
>>
>> Best Regards,
>> Lucas
>>
>> Le mardi 12 mars 2019 12:01:02 UTC+1, Lucas Rittié a écrit :
>>>
>>> Hello everyone,
>>>
>>> I'm trying to follow the docs to integrate edx with Okta as a SAML
>>> service Provider. (edx.readthedocs
>>> <https://edx.readthedocs.io/projects/edx-installing-configuring-and-running/en/latest/configuration/tpa/tpa_integrate_open/tpa_SAML_IdP.html>
>>> )
>>>
>>> I'm working with edx latest release Hawthorn in the devstack environment.
>>>
>>> The site is configured with HTTPS & SSL Let's encrypt using a traefik
>>> container.
>>>
>>> The issue is when I try to connect via Okta my third party auth, I get
>>> an http 403 error.as below when redirected to edx.
>>>
>>> Forbidden (403)
>>>
>>> CSRF verification failed. Request aborted.
>>>
>>> You are seeing this message because this HTTPS site requires a 'Referer
>>> header' to be sent by your Web browser, but none was sent. This header is
>>> required for security reasons, to ensure that your browser is not being
>>> hijacked by third parties.
>>>
>>> If you have configured your browser to disable 'Referer' headers, please
>>> re-enable them, at least for this site, or for HTTPS connections, or for
>>> 'same-origin' requests.
>>> Help
>>>
>>> Reason given for failure:
>>>
>>> Referer checking failed - no Referer.
>>>
>>>
>>>
>>>
>>> I've looked for similar issue but could't quite understand how people
>>> solve this issue.My question is how to workaround this issue ? I'm not sure
>>> if I have to modify edx default forms with crsf tags and which oneto modify
>>> the form to include in the POST the right parameters. or else is there
>>> another way to solve this.
>>>
>>>
>>> Thanks in advance for your help,
>>> Lucas
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"General Open edX discussion" group.
To view this discussion on the web visit
https://groups.google.com/d/msgid/edx-code/7d2c7316-10fd-490c-a1cf-294cc305322c%40googlegroups.com.
