Help needed SAML authentification setup on tutor 18.1

Hello everyone,

I’m integrating SWITCH eduID as a SAML 2FA provider on my Tutor-hosted Open edX instance (openedx.example.com). Despite following the docs and enabling the SAML backend, I still get a 404 when browsing: https://openedx.example.com/auth/saml/metadata.xml

What I’ve done:

• Generated key/cert pair

• Wrote a small Tutor plugin to enable ENABLE_THIRD_PARTY_AUTHm add common.djangoapps.third_party_auth.saml.SAMLAuthBackend and the key/cert pair

In Django admin:

• SAML Configuration: Entity ID https://openedx.example.com/saml/metadata, key/cert pasted, site set.

• Provider Configuration (SAML IdPs): Metadata source https://login.eduid.ch/idp/shibboleth, matching Entity ID, enabled for my site.

Yet the metadata endpoint never appears. I’ve confirmed inside the LMS container that the key/cert are in /tutor/config/, the SAML backend is in AUTHENTICATION_BACKENDS, and the feature flag is true.

My questions:

What am I missing to activate /auth/saml/metadata.xml on Redwood?
Are there any extra flags, migrations or URL patterns that need enabling?
Has anyone done this successfully with SWITCH eduID on Tutor 18?
Any tips or example snippets would be greatly appreciated. Thanks!

Hi @vandri and welcome to the community!

@tutor-maintainers any advice here?

I think this might be a question that would be better directed to people who have a deep understanding of the SSO flow in edx-platform.

Unfortunately I don’t know who to tag for that