I’m trying to setup third party login on our Ironwood installation of Open edX with our ADFS system.
On the LMS, after I click the sign in button and select our school, I am taken to our ADFS login page. I authenticate to the ADFS system and am returned to our Open edX platform with an error at the top of the page reading:
In the LMS system logs I can see the SAML request and response. After reading the error message, I used https://www.samltool.com/validate_response.php to validate the response. SAMLTool indicated that it was a valid response.
Any ideas where I could go next or why Open edX would feel that this is an invalid response?
Thanks @deep06. I had read those and nothing changed.
I was able to integrate the OneLogin test SAML connector on my installation of Open edX without any issues. I’m thinking this may be an issue with the ADFS setup.
Hi @twlichty, I ran into a problem with the same error message a while back. What I found was, roughly, that the IdP’s metadata included multiple different certificates. You could see in the metadata file one was for “encryption” and one was for “signing”, and I think there may have been a couple more. The EdX process that pulls in the cert was pulling the wrong one. It was pulling encryption when we needed signing.
The fix I did was I unchecked the “Enable automatic metadata refresh” box and manually populated their cert data, which fixed the issue.
FYI, we ended up not doing the integration. So I can’t speak to the long-term maintenance issue this creates. I think you’d have to find out what schedule they update their certs, and manually make the change on the Open EdX side at the same time. or find a way to fix the cert that gets automatically pulled in
