Open edx SSO - Auth0

Open edx SSO - Auth0

auth0_login

A single sign-on solution is the holy grail of security for any enterprise, allowing users to log in once and then access multiple systems with a minimum amount of hassle. In this article we will learn how to integrate Open edX with Auth0 in order to provide single-sign on. There are many different advantages for using the system including passwordless sign up and logins, as well as easy management of user accounts.

Create an Auth0 account

Visit Auth0 Signup page and pick your preferred method to create an account there.

Default Tenant

After creating your account in Auth0 they automatically create a tenant for you. For this article we use the default tenant but if you need to change tenant name or region for your production site feel free to do it. Screen Shot 2021-08-16 at 14.18.24 dev-jjap4v9q is my default tenant name in US region.

Create an application

{% youtube hx-0Fv5qVUM %}

  • Allowed Callback URLs : [LMS-URL]/auth/complete/tpa-saml/
  • Allowed Logout URLs: [LMS-URL]/logout
  • Allowed Web Origins: [LMS-URL]/auth/complete/tpa-saml/, [LMS-URL]
  • Allowed Origins (CORS): [LMS-URL]/auth/complete/tpa-saml/, [LMS-URL]

Screen Shot 2021-08-16 at 16.21.07

Enable SAML Addon

In the addons choose SAML2 and in settings tab click on enable button. {% youtube RisLIMFpMVY %}

Download the Identity Provider Metadata and upload it to your S3 or somewhere else to get publicly accessible link

Open edX Setup

Add SAML Configuration

First run openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.key in command line. Go to [LMS-URL]/admin/third_party_auth/samlconfiguration/add/ and create new configuration like following Screen Shot 2021-08-17 at 12.19.01

Screen Shot 2021-08-16 at 16.57.43

  • The slug should be set as default
  • The Private key: should be content of the saml.key file
  • The Public key: should be content of saml.crt file
  • It's recommended to set the entity id as the Auth0 issuer id you have in auth0 addons for SAML Screen Shot 2021-08-16 at 17.00.52

Add SAML IDP

Go to [LMS-URL]/admin/third_party_auth/samlproviderconfig/add/ and create a new IDP as following Screen Shot 2021-08-17 at 12.21.02

  • slug should be set as default

Screen Shot 2021-08-16 at 17.08.37

  • Metadata source: should be the link to the Identity Provider Metadata that you uploaded earlier.
  • Entity ID: should be Issuer name that Auth0 addons saml generated
  • Saml configuration Should point to the configuration you created previously

Check the SAML provider data

Now go to [LMS-URL]/admin/third_party_auth/samlproviderdata/add/ and make sure the provider data for Auth0 got created automatically. If not give it around 5 minutes and if it's still not there make sure public key and private key you set earlier is correct and the link to metadata is accesible.

Screen Shot 2021-08-16 at 17.14.20

What is Next

We are preparing an article about how to add extra registration field to the Auth0 and also customizing login/registration flow. Stay tuned!