A single sign-on solution is the holy grail of security for any enterprise, allowing users to log in once and then access multiple systems with a minimum amount of hassle.
In this article we will learn how to integrate Open edX with Auth0 in order to provide single-sign on.
There are many different advantages for using the system including passwordless sign up and logins, as well as easy management of user accounts.
Visit Auth0 Signup page and pick your preferred method to create an account there.
After creating your account in Auth0 they automatically create a tenant for you. For this article we use the default tenant but if you need to change tenant name or region for your production site feel free to do it.
dev-jjap4v9q is my default tenant name in
Allowed Callback URLs: [LMS-URL]/auth/complete/tpa-saml/
Allowed Logout URLs: [LMS-URL]/logout
Allowed Web Origins: [LMS-URL]/auth/complete/tpa-saml/, [LMS-URL]
- Allowed Origins (CORS): [LMS-URL]/auth/complete/tpa-saml/, [LMS-URL]
In the addons choose SAML2 and in settings tab click on enable button.
Identity Provider Metadataand upload it to your S3 or somewhere else to get publicly accessible link
openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.key in command line.
[LMS-URL]/admin/third_party_auth/samlconfiguration/add/ and create new configuration like following
slugshould be set as
Private key:should be content of the saml.key file
Public key:should be content of saml.crt file
- It's recommended to set the entity id as the Auth0 issuer id you have in auth0 addons for SAML
slugshould be set as
User ID Attribute:as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
Full Name Attribute:as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Username Hint Attribute:as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
Email Attribute:as http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Metadata source:should be the link to the
Identity Provider Metadatathat you uploaded earlier.
Entity ID:should be
Issuername that Auth0 addons saml generated
Saml configurationShould point to the configuration you created previously
Now go to
[LMS-URL]/admin/third_party_auth/samlproviderdata/add/ and make sure the provider data for Auth0 got created automatically. If not give it around 5 minutes and if it's still not there make sure public key and private key you set earlier is correct and the link to metadata is accesible.
We are preparing an article about how to add extra registration field to the Auth0 and also customizing login/registration flow. Stay tuned!
Meanwhile you can read this article about how we decoupled open edx frontend and how we improved the UI.
CubiteThe #monolithic system is a relic of the past with all its pain and drawbacks. Luckily, modern frameworks like #Nextjs and @strapijs can bring the joy back to your developers and users. Read this post on how we did just that for #openedx!
strapi.io/blog/decouple-…17:36 PM - 15 Jul 2021
If you need any help contact us at firstname.lastname@example.org