SAML Provider Configuration – idp_sso_url_invalid

I’m attempting to configure a SAML Identity Provider (IdP) integration in Open edX. The setup was completed through the Django Admin interface under Third Party Auth → Provider Configuration (SAML IdPs). The following has been verified:

• The provider entry exists.
• The Metadata Ready column is marked as true.
• The SAML login option correctly appears on the login page.

However, upon selecting the newly added IdP, the following exception raises with status code 500:
OneLogin_Saml2_Error: Invalid dict settings: idp_sso_url_invalid

Confirmed Points:

• The metadata file is reachable from the container (tested using curl)
• The <md:SingleSignOnService> elements are properly formed on the metadata and use supported SAML bindings.

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://my-local-sso-url/protocol/saml"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://my-local-sso-url/protocol/saml"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://my-local-sso-url/saml"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://my-local-sso-url/protocol/saml"/>

I want to know why does it still have an error saying sso url is invalid even when it is there on my metadata. Does this have to do with my use of http on development?

I checked the python-saml documentation and discovered this was because of an attribute “allowSingleLabelDomains” that is set to false by default. It needs to be true in my case so the “idp_sso_url_invalid” error doesn’t show.
I tried to set the attribute to true with tutor setting the attribute “SOCIAL_AUTH_SAML_SECURITY_CONFIG” with allowSingleLabelDomains in true but still no changes.
If someone knows how to set the security config of saml i’m all ears