Ironwood Release studio SSO features.

[Lucas Rittié]

Hello everyone,

For those of you who have installed edx lastest release IronWood, are you using the studio sso feature ? (Studio login via the LMS described here : ironwood-releasenotes)

Because I'm using the docker devstack environment and have the following issue.

I click on the studio homepage sign in button, I am well redirected to my LMS instance but the LMS is not redirecting me to studio instead I land on my LMS dashboard.

I'm not sure where to configure this setting and haven't found much posts about it in the google groups since it's a new feature.

If someone has managed to configure it can you share on this post how to do it ? (if I somehow manage to do it I'll share it on this post)

Thanks in advanced for your help,

Best regards,

Lucas

[Régis Behmo]

I'm not too familiar with the devstack, but in Tutor I had to tinker with the following settings:

cms.env.json (https://github.com/regisb/tutor/blob/master/tutor/templates/apps/openedx/config/cms.env.json):

- DISABLE_STUDIO_SSO_OVER_LMS: this is a feature flags that disables the whole redirect-to-lms thing.

lms.env.json (https://github.com/regisb/tutor/blob/master/tutor/templates/apps/openedx/config/lms.env.json):

- SESSION_COOKIE_DOMAIN: if SSO is enabled, then cookies are dropped in this domain name. Since cookies need to be read both by the LMS and the CMS, you need to place a domain name that is common to both. For instance, if the lms and the cms live at www.myopenedx.com and studio.myopenedx.com, respectively, then the session cookie domain needs to be set to myopenedx.com.

- LOGIN_REDIRECT_WHITELIST: if SSO is enabled, the CMS domain name must be added to this whitelist. AFAIU this setting also needs to be present in cms.env.json (https://github.com/regisb/tutor/blob/master/tutor/templates/apps/openedx/config/cms.env.json).

Régis

[Lucas Rittié]

Hello Régis,

Thanks for your quick reply, indeed I needed to make change to the settings you described so now the redirection is almost ok but I have an error when trying to access studio webpages. Below is the scenario and the error

Now I go to studio.myopenedx.com and click on connect --> I'm redirected to the lms and enter my credentials to login --> I get redirect to the studio but I can't open any pages, I get the following error from my web browser and not from django server

The page isn’t redirecting properly
An error occurred during a connection to studio.mydomain.com
    This problem can sometimes be caused by disabling or refusing to accept cookies.

I did clear cookies, history, cache on my web browsers but I still have this issue.

I believe this maybe has to do with the setting SESSION_COOKIE_DOMAIN

In my case I have my lms hosted on mydomain.com and studio on studio.mydomain.com so I have set SESSION_COOKIE_DOMAIN to mydomain.com

Should I host the lms under a subdomain as well as for studio ? Or is there something else I'm missing ?

Thanks in advance for your help,

It's much appreciated

Best regards,

Lucas

[Régis Behmo]

> I believe this maybe has to do with the setting SESSION_COOKIE_DOMAIN

> In my case I have my lms hosted on MYDOMAIN.COM and studio on
> STUDIO.MYDOMAIN.COM so I have set SESSION_COOKIE_DOMAIN to
> MYDOMAIN.COM

You were almost there :) The SESSION_COOKIE_DOMAIN should be
".mydomain.com" (mind the starting dot).

---
Régis

On 2019-05-20 11:54, Lucas Rittié wrote:
> Hello Régis,
>
> Thanks for your quick reply, indeed I needed to make change to the
> settings you described so now the redirection is almost ok but I have
> an error when trying to access studio webpages. Below is the scenario
> and the error
>
> Now I go to studio.myopenedx.com and click on connect --> I'm
> redirected to the lms and enter my credentials to login --> I get
> redirect to the studio but I can't open any pages, I get the following
> error from my web browser and not from django server
>
> The page isn’t redirecting properly
> An error occurred during a connection to studio.mydomain.com
> This problem can sometimes be caused by disabling or refusing to
> accept cookies.
>
> I did clear cookies, history, cache on my web browsers but I still
> have this issue.
>
> I believe this maybe has to do with the setting SESSION_COOKIE_DOMAIN

> In my case I have my lms hosted on MYDOMAIN.COM and studio on
> STUDIO.MYDOMAIN.COM so I have set SESSION_COOKIE_DOMAIN to
> MYDOMAIN.COM

[Lucas Rittié]

Hello Régis,

Thanks again for your answer, I tried with .mydomain.com and several other config. Yet I still have this error message. Somehow I'm getting in a redirection loop between the lms and studio.

I see 5 tries to redirect from the lms to the studio then the server stopped trying and I get the error (seen in previous post) from the browser

In the lms logs I see that my user is well authenticated ( Login success - staff (st...@example.com)) and then the server loops with HTTP GET method on the path "GET /login?next=https%3A%2F%2Fstudio.mydomain%2Fcourse%2F HTTP/1.1" 302 0

I'll try to re-check my redirect urls settings in lms.env & cms.env json. But if you have some insights on this issue it would again greatly appreciated ^^

Thank you !

Lucas

[Lucas Rittié]

Hello,

I realize I never properly 'closed' this case so if anyone has this issue I managed to solve it with Régis advice. You can find below the way to manage SSO with docker devstack installation.

To resolve this Regis explained in his post, that two settings needs to be set.

LOGIN_REDIRECT_WHITELIST & SESSION_COOKIE_DOMAIN

Please refer to his post to understand how to set them.

The only thing is that for the docker devstack installation the setting SESSION_COOKIE_DOMAIN has to be set in the file lms/envs/devstack_docker.py. It was not taken in account inside the lms.env.json or cms.env.json.

I hope it can help some of you with the same issue.

Again thank you very much Régis for taking to the time to answer me.

Best regards,

Lucas