problem configure saml in openedx Cypress

[Docente Edoc]

Hello everyone,

I am configuring the module django of open edx version Cypress third_party_auth/samlconfiguration. I have three problems

1) I do not know what to put in the items organization info: config and other str:

2) I do not know how to change once saved the configuration. Saved module configuration salconfiguration, django does not allow to edit. I tried to reset the contents of the table third_party_auth_ samlconfiguration in edxapp mysql db, but not working.

3) In the field entity id: I put in the link to open am exporting the metadata of idp, it is correct

all aid is appreciated

thank you

[Колпаков Евгений]

Hi Docente!

There's a guide on setting up third party auth on edX docs - you might want to check with it.

Answering your specific questions:

1. Organization info is, basically, the setting that govern how other parties will see your instance. Technically, the values here are included in your instance metadata Organization description, how other parties use it is up to them. The values you put there is irrelevant for authentication process (as far as I can tell), but you should provide them for other parties that actually use them for something.

Other config str. - this values are passed to Python SAML toolkit as SAML configuration. If you don't know what is this, use the defaults provided in edX docs article.

2. This puzzled me for some time as well. Actually, the configuration model is built in a way that there's only one active configuration at a time, but entire history of changes is retained + rollbacks are allowed. If you need to change something - just add new one - it will automatically pick values of last active configuration and replace it when saved, essentially "updating" effective configuration.

3. Not sure what are you asking here. If we're still talking about SAML Configuration, Entity Id is an arbitrary string that uniquely identifies your instance. It might be anything you want, but a best practice is to put your instance URL there, to ensure it's unique. SAML Identity Providers identify requests by this entity ids, so you want it to be unique, but not secret. I'm not an expert, but with my current understanding if there're two instances with same entity id registered with the same Identity Provider, one (maybe random one) of the instances will get incorrect SAML assertions and fail authentication - so it's not a security risk.

4. Not explicitly asked, but mentioned: you add IdP metadata in admin/third_party_auth/samlproviderconfig/, not admin/third_party_auth/samlconfiguration. SAML Configuration is for configuring your instance. SAML Provider Configuration is for configuring IdPs you want to use (one per IdP).

Regards,

Eugeny

@Opencraft

понедельник, 21 сентября 2015 г., 17:43:59 UTC+3 пользователь Docente Edoc написал:

[Docente Edoc]

Thanks, I have configured third_party_auth following the guide  guide on setting up third party auth.

When trying to log on I am prompted to sign in with my identity provider ( EdocLogin).

 

 

 

 

 

I was wondering if there was a way to be prompted to logon only through my identity provided ( Edoc Login) without being shown the upper part of the screen ( see below)

 

 

 

Hope my question is clear. 

[Docente Edoc]

sorry I forgot the pictures

..............

Thanks, I have configured third_party_auth following the guide  guide on setting up third party auth.

When trying to log on I am prompted to sign in with my identity provider ( EdocLogin). 

I was wondering if there was a way to be prompted to logon only through my identity provided ( Edoc Login) without being shown the upper part of the screen ( see below)

Hope my question is clear. 

Il giorno lunedì 21 settembre 2015 16:43:59 UTC+2, Docente Edoc ha scritto: