Third-Party Authentication on production

[Дмитрий Утробин]

Hello! 

How to set up 3d-party Authentication on production stack?

In lms.env.json I set:

"FEATURES": {
        ..............
        "ENABLE_THIRD_PARTY_AUTH": true,
        ...............
    },  

In lms.auth.json

"THIRD_PARTY_AUTH": {
        "Vk": {
            "SOCIAL_AUTH_VK_OAUTH2_KEY": "vk_key",
            "SOCIAL_AUTH_VK_OAUTH2_SECRET": "vk_secret"
        }
    },

But vk button is not rendering.

[Braden MacDonald]

Hi!

The configuration for Third Party Auth has changed in newer versions of edX.

First, you enable it the same way. But then, to add specific OAuth2 providers, you do so using the Django admin at /admin/third_party_auth/oauth2providerconfig/

Hope this helps!

--

Braden

@OpenCraft

--
You received this message because you are subscribed to the Google Groups "General Open edX discussion" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/e0f49d9a-e496-4ae9-b764-54258bc528ea%40googlegroups.com.

[Дмитрий Утробин]

Thank you for answer. I started to do like in tutorial.

But I am not sure how to add keys to the LMS configuration file correctly.

This is a fragment of my lms.auth.json file

{
    .......

    "YOUTUBE_API_KEY": "PUT_YOUR_API_KEY_HERE",
    "ZENDESK_API_KEY": "",
    "ZENDESK_USER": "",

    "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT" : |
    -----BEGIN CERTIFICATE-----
    vffdbda...
    -----END CERTIFICATE-----
   
    "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY" : |
    -----BEGIN PRIVATE KEY-----
    sfsdfs...
    -----END PRIVATE KEY-----
}

Is it correct ?

четверг, 24 марта 2016 г., 23:57:47 UTC+6 пользователь Braden MacDonald написал:

[Braden MacDonald]

From a quick glance, that looks correct to me. You can also put the key files into the SAML Configuration page of the django admin, rather than the lms.auth.json file, if you prefer.

--

Braden

@OpenCraft

To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/8ba4e47c-5963-4454-b858-ac6dd5edd5e0%40googlegroups.com.

[Дмитрий Утробин]

"Optionally, you can save your public and private keys in the Django administration console. Because this procedure saves your credentials in the database, edX recommends that you use the lms.auth.json file instead." This is written in tutotial. Is it ok if I put key files in django admin.

I added keys into lms.auth.json like I discribed above. But I get error - ValueError: No JSON object could be decoded

вторник, 29 марта 2016 г., 22:36:29 UTC+6 пользователь Braden MacDonald написал:

[Braden MacDonald]

Yes, it's more secure to put the secrets into the lms.auth.json file.

I see now what the problem is: You are using YAML syntax in a JSON file. The ability to start a multi-line string with "|" is only valid in YAML, and those examples are for when you are adding the keys to a vars file, which ansible will use to update lms.auth.json.

If you are not using ansible and wish to update lms.auth.json directly, use this syntax:

"SOCIAL_AUTH_SAML_SP_PUBLIC_CERT" : "vffdbda...",

(Leave out the "-----BEGIN CERTIFICATE-----" end "-----END CERTIFICATE-----" parts, and put the whole contents of the key on one line, within quotes.)

--

Braden

@OpenCraft

To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/3d977718-760d-4264-80d8-e3034c1bb888%40googlegroups.com.

[Дмитрий Утробин]

thank you! I got it.

I have one more question. How to understand this part --> 4.16.3.4. Ensure that the SAML Authentication Backend is Loaded

How to verify that the third_party_auth.saml.SAMLAuthBackend python-social-auth backend class is specified for it?

четверг, 31 марта 2016 г., 22:45:01 UTC+6 пользователь Braden MacDonald написал:

[Braden MacDonald]

If you have not customized that setting to override the default values, then no action is necessary.

--

Braden

@OpenCraft

To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/4f252776-d35b-49e5-ba20-ca8446f72a0a%40googlegroups.com.

[Дмитрий Утробин]

And what about OAuth? Is there any tutorials how to set up authorization with OAuth?

Thanks

понедельник, 4 апреля 2016 г., 20:32:26 UTC+6 пользователь Braden MacDonald написал:

[Trinh Nguyen]

Which OAuth provider are you using? Google / LinkedIn?

Nguyễn Trọng Đăng Trình

dangtrinh.com

[Дмитрий Утробин]

I am going to use seceral providers: Google,Facebook and Vk.

--
You received this message because you are subscribed to a topic in the Google Groups "General Open edX discussion" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/CADJ6S4FXr-OKxzwUFMtvZL%2BU%3D6f2EEUFfdPS87Ux80f5D39gUw%40mail.gmail.com.

[Дмитрий Утробин]

What the redirect URI should I set in Google Console?

понедельник, 11 апреля 2016 г., 14:34:15 UTC+6 пользователь Trinh Nguyen написал:

[Дмитрий Утробин]

I did it! I set up google and facebook authorization! Thanks everyone for helping!

вторник, 12 апреля 2016 г., 12:48:27 UTC+6 пользователь Дмитрий Утробин написал:

[Raul Tuozzo]

Hey! im having some troubles with the third party auth. in the django configuration of "Provider Configuration (SAML IdPs) what did you put in the entity id and the metadata source? 

Thanks in advance

[Braden MacDonald]

Hi Raul,

Those values should be provided by the Shibboleth IdP that you are trying to add. Both are usually URLs; the metadata value must be a valid public URL that provides the IdP's XML. The entity ID is just a unique string, which is usually a URL. It can be found in the metadata, so if you don't know it, just open the metadata URL in your browser and check the entityID attribute.

--

Braden

@OpenCraft

On Wed, Jul 27, 2016 at 5:10 PM, Raul Tuozzo <ratu...@gmail.com> wrote:

Hey! im having some troubles with the third party auth. in the django configuration of "Provider Configuration (SAML IdPs) what did you put in the entity id and the metadata source? 

Thanks in advance

--

You received this message because you are subscribed to the Google Groups "General Open edX discussion" group.

To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/03c0a80c-f4ab-4c5d-be3c-510d6f2e1383%40googlegroups.com.