Open edX and OpenSAML vulnerability

Alexandre-DSL · March 18, 2025, 8:12am

Hello,

I wanted to confirm with the community if Open edX is using OpenSAML and therefore, would be impacted by the recently discovered Shibboleth vulnerability: https://shibboleth.net/community/advisories/secadv_20250313.txt

Thanks in advance for any feedback and/or confirmation!

sarina · March 18, 2025, 8:23pm

@feanil could we get your perspective here?

braden · April 2, 2025, 6:31pm

No, the SAML support in Open edX uses python3-saml via python-social-auth. It is a python implementation and doesn’t use OpenSAML.

Topic		Replies	Views
Open edX SSO SMAL 2 IdP Development how-to	3	968	December 15, 2021
Missing metadata.xml while configuring SAML third party auth on Ironwood edx Site Operators	4	1149	August 14, 2020
Open Edx SAML User Attribute Error Site Operations Help	1	1025	October 21, 2019
Configure Open edX as a SAML Service Provider Site Operations Help	2	877	May 14, 2020
SSO and SSL: tpa-saml Site Operations Help	7	1226	February 19, 2022