Hi @braden
Thank you so much. appreciate that.
I have a question, for fetching the metadata from Open edX? you mean run this link https://lmsdomian/auth/saml/metadata.xml, right? if is it, yes I used HTTPS
but still, contain HTTP this
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://lmsdomian/auth/complete/tpa-saml/" index="1"/>
I followed these steps:
1- Generate key and cert
2- Add key and cert at the LMS configuration file auth.env
SOCIAL_AUTH_SAML_SP_PRIVATE_KEY
SOCIAL_AUTH_SAML_SP_PUBLIC_CERT
3- and update these at the LMS configuration file lms.env
"FEATURES": {
...
"ENABLE_THIRD_PARTY_AUTH": true,
....
},
"THIRD_PARTY_AUTH_BACKENDS": [
"third_party_auth.saml.SAMLAuthBackend"
],
4- add configration on admin/third_party_auth/samlconfiguration/
5- Run restart lms command
6- The metatda enabled https://lmsdomian/auth/saml/metadata.xml
resource: 4.24.4. Configuring your Open edX Site as a SAML Service Provider — Installing, Configuring, and Running the Open edX Platform documentation
Are there any other configurations that I missed?
And for SECURE_PROXY_SSL_HEADER
This is the default value at LMS
path: edx-platform/lms/envs/aws.py
# IMPORTANT: With this enabled, the server must always be behind a proxy that
# strips the header HTTP_X_FORWARDED_PROTO from client requests. Otherwise,
# a user can fool our server into thinking it was an https connection.
# See
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header
# for other warnings.
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')