hi Lucas, can you share us how you did the config?
El miércoles, 10 de abril de 2019, 7:48:18 (UTC-5), Lucas Rittié escribió:
>
> End of investigation !
>
> Finally we managed to make the third party auth features works.
>
> All it took was to read the SAML sent by the Identity Provider check the
> user id tag and add it in the in the SAML(Idps) configuration in django
> admin
>
> So edx can parse and read the values from the SAML response.
>
>
> Thanks !
> Lucas
>
> Le mercredi 27 mars 2019 16:52:49 UTC+1, Lucas Rittié a écrit :
>>
>> Part 3 of the investigation.
>>
>> We now have configured properly the Idp provider Okta with the right
>> entityId & location URL found in the edx metadata.xml (in {LMS_ROOT}/
>> /auth/saml/metadata.xml
>>
>> The 403 error is now gone since we redirect the post request to the right
>> & expected URL.
>>
>> Yet when we try to login we get a new error : "Authentication failed:
>> SAML login failed: ['invalid_response'] (There is no AttributeStatement on
>> the Response)".
>>
>> There is already a post (
>> https://groups.google.com/forum/#!topic/openedx-ops/d-rmACND180) for
>> this with a solution that unfortunately did not work.
>>
>> Again if anyone has face this error message it would be great to have
>> some help, I guess I need to edit the attributes to make it correspond with
>> the Idp format ?
>>
>> In parrallel we opened an issue on the Idp provider side.
>>
>> Thanks in advance your help
>> Stay tuned for more !
>> Le mardi 26 mars 2019 14:19:41 UTC+1, Lucas Rittié a écrit :
>>>
>>> Hello again,
>>>
>>> After further investigation it looks like the issue is with the SAML
>>> endpoint. When I click on the IdP login button, I'm well redirected to the
>>> IdP login portal. I enter my login and the identity provider logs shows
>>> that the user is logged in but when I get redirected to edx I get the error
>>> 403.
>>>
>>> It looks that I'm not redirecting to the right edx Url once logged in.
>>> Right now the IdP is configured to redirect to the LMS dashboard.
>>>
>>> My question is the next : To what end URL should the IdP redirect the
>>> user to ? I tried the LMS BASE and LMS/dashboard.
>>>
>>> I can't really find this information in edx.readthedocs unfortunately.
>>>
>>> Has someone encountered the same the issue ? Or can someone share to
>>> what URL he redirect the IdP requests to maybe ?
>>>
>>> Thanks in advance for your help
>>>
>>> Best Regards,
>>> Lucas
>>>
>>> Le mardi 12 mars 2019 12:01:02 UTC+1, Lucas Rittié a écrit :
>>>>
>>>> Hello everyone,
>>>>
>>>> I'm trying to follow the docs to integrate edx with Okta as a SAML
>>>> service Provider. (edx.readthedocs
>>>> <https://edx.readthedocs.io/projects/edx-installing-configuring-and-running/en/latest/configuration/tpa/tpa_integrate_open/tpa_SAML_IdP.html>
>>>> )
>>>>
>>>> I'm working with edx latest release Hawthorn in the devstack
>>>> environment.
>>>>
>>>> The site is configured with HTTPS & SSL Let's encrypt using a traefik
>>>> container.
>>>>
>>>> The issue is when I try to connect via Okta my third party auth, I get
>>>> an http 403 error.as below when redirected to edx.
>>>>
>>>> Forbidden (403)
>>>>
>>>> CSRF verification failed. Request aborted.
>>>>
>>>> You are seeing this message because this HTTPS site requires a 'Referer
>>>> header' to be sent by your Web browser, but none was sent. This header is
>>>> required for security reasons, to ensure that your browser is not being
>>>> hijacked by third parties.
>>>>
>>>> If you have configured your browser to disable 'Referer' headers,
>>>> please re-enable them, at least for this site, or for HTTPS connections,
>>>> or
>>>> for 'same-origin' requests.
>>>> Help
>>>>
>>>> Reason given for failure:
>>>>
>>>> Referer checking failed - no Referer.
>>>>
>>>>
>>>>
>>>>
>>>> I've looked for similar issue but could't quite understand how people
>>>> solve this issue.My question is how to workaround this issue ? I'm not
>>>> sure
>>>> if I have to modify edx default forms with crsf tags and which oneto
>>>> modify
>>>> the form to include in the POST the right parameters. or else is there
>>>> another way to solve this.
>>>>
>>>>
>>>> Thanks in advance for your help,
>>>> Lucas
>>>>
>>>
--
You received this message because you are subscribed to the Google Groups
"General Open edX discussion" group.
To view this discussion on the web visit
https://groups.google.com/d/msgid/edx-code/b2d15952-362d-4fa6-99c8-017376c9513a%40googlegroups.com.
