Ok, I think I have it almost working. Apparently the slug for the profile has to be “default”.
I found this post (Missing metadata.xml while configuring SAML third party auth on Ironwood edx - #4 by braden) that talks about it.
I am now able to access the metadata but the ACS url being generated is http instead of https. Any idea on how I can change this?
Looks like I am getting a little closer, but this is partially due to the ACS being http.
Error Details:
Authentication failed: SAML login failed: [‘invalid_response’] (The response was received at http://online.example.org:8000/auth/complete/tpa-saml/ instead of http://online.example.org/auth/complete/tpa-saml/)
Studio/LMS are both running on port 443 through nginx, so not sure where the 8000 is coming from.
Added later
Just putting these here. I had to enable the following:
I set these values and it works now with any mixed content errors.
NGINX_REDIRECT_TO_HTTPS: True
NGINX_HTTPS_REDIRECT_STRATEGY: "scheme"
NGINX_SET_X_FORWARDED_HEADERS: True
Once I did this, the urls were generated with https.
Tom