SAML Configuration Issues

Hi,

I’m trying to configure my Open edX instance as a Service Provider so that I can SSO from an Identity Provider. I’ve followed these doc:

But when I test the connection I get the following error:
Error Details:
Authentication failed: SAML login failed: [‘invalid_response’] (No Signature found. SAML Response rejected)

And if I go to the Open edX metadata path at {your LMS URL}/auth/saml/metadata.xml I get a 500 error and the response “Invalid_xml”. So something is not right with the metadata.

Anyone have any idea of what’s going on?

1 Like

@huzell hi I have the same issue, Did you find the solution? thank you

  1. The item inside the “Provider Configuration (SAML IdPs)” section needs to be configured to item from the “SAML Configuration” section using the “Saml configuration” field.

  2. Try to check the “SAML Configuration” section. The “Organization Info” field can contain the next configuration.

{
    "en-US": {
        "url": "http://some.example.com",
        "displayname": "CompanyNameIsHere",
        "name": "NameIsHere"
    }
}

The “Other config str” field can contain the next configuration.

{
    "TECHNICAL_CONTACT": {
        "givenName": "developers",
        "emailAddress": "support@domain.com"
    },
    "SUPPORT_CONTACT": {
        "givenName": "support",
        "emailAddress": "support@domain.com"
    },
    "SECURITY_CONFIG": {
        "signMetadata": true,
        "metadataCacheDuration": 604800,
        "requestedAuthnContext": true,
        "wantAssertionsSigned": true,
        "authnRequestsSigned": false,
        "wantNameIdEncrypted": true
    },
    "SP_EXTRA": {
        "NameIDFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
        "singleLogoutService": {
            "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect",
            "url": "https://some.example.com/logout"
        }
    }
}