How to implement keycloak SAML authentication?

I have been following 4.22. Enabling Third Party Authentication — Installing, Configuring, and Running the Open edX Platform documentation

But while creating Provider Configuration (SAML IdPs) in Django Admin Panel I do not see any option in Backend name.

Probably you are missing to install the backend.

I have already installed the backend.

Things which I did to setup:

  • configured keycloak SAML client
  • Installed SAML backend using tutor
  • Enabled ENABLE_THIRD_PARTY_AUTH
  • Added IdP Third-party authentication › Provider Configuration (SAML IdPs) › Add Provider Configuration (SAML IdP)

I did this via a plugin

name: keycloak
version: 0.1.0
patches :
        common-env-features: |
                "ENABLE_THIRD_PARTY_AUTH" : true

        lms-env: |
                "THIRD_PARTY_AUTH_BACKENDS" : ["social_core.backends.keycloak.KeycloakOAuth2"]

        openedx-lms-common-settings: |
                SOCIAL_AUTH_KEYCLOAK_KEY= "xxx"
                SOCIAL_AUTH_KEYCLOAK_SECRET= "yyy"
                SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY= "zzz"
                SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL= "https://keycloak.url/realms/RealmName/protocol/openid-connect/auth"
                SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL= "https://keycloak.url/realms/RealmName/protocol/openid-connect/token"
                SOCIAL_AUTH_KEYCLOAK_ID_KEY= "email"
                SOCIAL_AUTH_OAUTH_SECRETS={ "keycloak": "yyy" }

# tutor plugins install keycloak.yml
# tutor plugins enable keycloak
# tutor config save
# tutor local reboot -d

xxx = realm → clients → (ClientName)
yyy = client secret
zzz = realm settings → keys → RS256 → Public key

And then followed this from step 7 for django.

Plucked some info from here and here for reference

1 Like