Problem with edx insight authentication from lms

[Sukla Nag]

I have installed edx insight as stand alone using  the wiki entry 'Running the analytics backend locally by Dylan Rhodes' of https://github.com/edx/edx-analytics-pipeline & had successfully installed.

Now instead of using AUTO_AUTH , i wanted to use LMS  authentication and authorization & created trusted client in LMS & pasted the client Id & client secret in insight settings file & followed the instruction of wiki article 'WIP: OpenID Connect' of dashboard github.

But now when I try to login from insight ( or run any valid url of dashboard) it goes to LMS but does not get authenticated. The url shown on LMS sight after trying to log in in insight is

http://10.105.25.75/oauth2/authorize/?nonce=v90XVlt6oQF6mx8AqHkkQVYt5xCIcZMDgfk5KViFXrGnET4ql2Ky9mfQFxiBPG8C&state=jxEHeug3vUsQTH11iKCe7MyZ7jEQUTQt&redirect_uri=http://10.105.25.75:9000/complete/edx-oidc/&response_type=code&client_id=7768d986c55fa923370d&scope=openid+profile+email+permissions+course_staff

and I get

Page not found

The page that you were looking for was not found. Go back to the homepage or let us know about any pages that may have been moved at tech...@example.com.

Error in LMS.

I am not sure what is the problem. Is the OAuth2/Open ID Connect provider (contained within the LMS) is not installed ? But I could see under lms directory of edx installation ( /edx/app/edxapp/edx-platform/lms/djangoapps/) a  oauth2_handler directory with 3 files handlers.py  __init__.py  tests.py. Is that the edx OAuth2/Open ID Connect provider  is not properly installed ? If not, then how to install it & if it is installed what will be the correct settings in LMS to make it work ?

I would be very grateful if any one can help.
.
 

[Clinton Blackburn]

You may need to enable the provider. See the settings at https://github.com/edx/edx-platform/blob/master/lms/envs/aws.py#L539.

[Nacho Diaz Asenjo]

Hi!
  Could you give us more information about how enable the provider, please. Sometimes is quite difficult for a begginner understand what have to do. It'd be a good thing write some examples ... look i put something like this in this file or only you have to modify that lines ..

  Insights is a very powerful tools but it's a pitty that there is not a good documentation to install it locally. This https://github.com/edx/edx-analytics-pipeline/wiki/Running-the-analytics-backend-locally is a good document but it's not enough ... at least for me

Thanks

[Clinton Blackburn]

Set FEATURES['ENABLE_OAUTH2_PROVIDER'] to True to enable the provider. OAUTH_ENFORCE_SECURE and OAUTH_ENFORCE_CLIENT_SECURE should always be True unless you are developing in an environment without SSL. Please do not release with these values set to False as you will create a vector for a data breach.

OAUTH_OIDC_ISSUER should be set to a value unique to your OpenID Connect issuing server. I prefer the path to the OAuth2 endpoint, http://127.0.0.1:8000/oauth2.

That's pretty much all the settings you need to activate OAuth. Be very careful.

Clinton Blackburn

--
You received this message because you are subscribed to a topic in the Google Groups "General Open edX discussion" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/fedd7100-2ea0-406c-870d-957c8b056478%40googlegroups.com.

[Sukla Nag]

I am sorry that I did not reply the post. Since I solved the problem, I did not look into the reply.

I was getting the problem since I was using the same PC for both open Edx lms & insight, the cookies were overwritten. I solved the problem by taking state value from requset instead of from cookie

[Clinton Blackburn]

You also have two other options:

1. Use a different cookie name: https://github.com/edx/ecommerce/pull/93/files.
2. Use different hostnames (e.g. 127.0.0.1 vs localhost) for each service. I prefer to modify my /etc/hosts file to create pseudo hostnames (lms.local, insights.local, ecommerce.local) so that I am always certain of which service I am using. Note that you will still need port numbers.

Clinton Blackburn

To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/4d06c4fb-6bbe-4c06-9525-f6cb433475cb%40googlegroups.com.

[Sukla Nag]

thanks. I will try the solutions.

I have another proble. I will be thankful if you can help me.

I recompiled lms using

sudo -u www-data /edx/bin/python.edxapp ./manage.py lms runserver 8000 --settings aws
Now I am not able to access courses & getting following error in lms log 

Traceback (most recent call last):
  File "/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 109, in get_response
    response = callback(request, *callback_args, **callback_kwargs)
  File "/edx/app/edxapp/venvs/edxapp/local/lib/python2.7/site-packages/django/utils/decorators.py", line 91, in _wrapped_view
    response = view_func(request, *args, **kwargs)
  File "/edx/app/edxapp/edx-platform/common/djangoapps/util/cache.py", line 70, in wrapper
    response = view_func(request, *args, **kwargs)
  File "/edx/app/edxapp/edx-platform/lms/djangoapps/branding/views.py", line 80, in index
    return student.views.index(request, user=request.user)
  File "/edx/app/edxapp/edx-platform/common/djangoapps/student/views.py", line 257, in index
    courses = get_courses(user, domain=domain)
  File "/edx/app/edxapp/edx-platform/lms/djangoapps/courseware/courses.py", line 349, in get_courses
    courses = branding.get_visible_courses()
  File "/edx/app/edxapp/edx-platform/lms/djangoapps/branding/__init__.py", line 13, in get_visible_courses
    _courses = modulestore().get_courses()
  File "/edx/app/edxapp/edx-platform/common/lib/xmodule/xmodule/modulestore/mixed.py", line 89, in inner
    retval = func(field_decorator=strip_key_collection, *args, **kwargs)
  File "/edx/app/edxapp/edx-platform/common/lib/xmodule/xmodule/modulestore/mixed.py", line 258, in get_courses
    course_id = self._clean_course_id_for_mapping(course.id)
AttributeError: 'HiddenDescriptorWithMixins' object has no attribute 'id'

I am not getting definition of 'HiddenDescriptorWithMixins anywhere in the code & so unable to figure out what is the problem.

[Clinton Blackburn]

I can't help with that one. Try opening a new thread/topic with that specific question. Others may be able to help.

Clinton Blackburn

To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/eeeb27fd-50f0-49ec-af4c-73f10fa0b3a0%40googlegroups.com.

[Rajesh]

Hi Sukia

I am also facing similar problem.

How do we configure to take state value instead of cookies?

regards

Rajesh

[Clinton Blackburn]

You don't need to switch to using cookies. A simpler solution is to use specific URLs for each service locally. For example, you might use 127.0.0.1 solely for LMS and localhost solely for Insights. Alternatively, you can edit your /etc/hosts file and create hosts (e.g. lms.local and insights.local) that point to your local IP (127.0.0.1).

An even simpler solution is to ensure the cookies for different services do not overlap. See https://github.com/edx/ecommerce/blob/master/ecommerce/settings/base.py#L415-L422 for an example. I'd be happy to review a PR if someone wants to add these cookie settings to the edx-analytics-dashboard repo.

Clinton Blackburn

[bindu rajesh]

Thank you Clinton

Regards

--
You received this message because you are subscribed to the Google Groups "General Open edX discussion" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/CAJ%3D5OMUFsp9KvMj146f6qv4pSj_qtJirqCLp07mdvfM_%2B2iVxA%40mail.gmail.com.