A single sign-on solution is the holy grail of security for any enterprise, allowing users to log in once and then access multiple systems with a minimum amount of hassle. In this article we will learn how to integrate Open edX with Auth0 in order to provide single-sign on. There are many different advantages for using the system including passwordless sign up and logins, as well as easy management of user accounts.
Create an Auth0 account
Visit Auth0 Signup page and pick your preferred method to create an account there.
Default Tenant
After creating your account in Auth0 they automatically create a tenant for you. For this article we use the default tenant but if you need to change tenant name or region for your production site feel free to do it.
dev-jjap4v9q
is my default tenant name in US
region.
Create an application
{% youtube hx-0Fv5qVUM %}
Allowed Callback URLs
: [LMS-URL]/auth/complete/tpa-saml/Allowed Logout URLs
: [LMS-URL]/logoutAllowed Web Origins
: [LMS-URL]/auth/complete/tpa-saml/, [LMS-URL]- Allowed Origins (CORS): [LMS-URL]/auth/complete/tpa-saml/, [LMS-URL]
Enable SAML Addon
In the addons choose SAML2 and in settings tab click on enable button. {% youtube RisLIMFpMVY %}
Download the
Identity Provider Metadata
and upload it to your S3 or somewhere else to get publicly accessible link
Open edX Setup
Add SAML Configuration
First run openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.key
in command line.
Go to [LMS-URL]/admin/third_party_auth/samlconfiguration/add/
and create new configuration like following
- The
slug
should be set asdefault
- The
Private key:
should be content of the saml.key file - The
Public key:
should be content of saml.crt file - It's recommended to set the entity id as the Auth0 issuer id you have in auth0 addons for SAML
Add SAML IDP
Go to [LMS-URL]/admin/third_party_auth/samlproviderconfig/add/
and create a new IDP as following
slug
should be set asdefault
User ID Attribute:
as schemas.xmlsoap.org/ws/2005/05/identity/cla..Full Name Attribute:
as schemas.xmlsoap.org/ws/2005/05/identity/cla..Username Hint Attribute:
as schemas.xmlsoap.org/ws/2005/05/identity/cla..Email Attribute:
as schemas.xmlsoap.org/ws/2005/05/identity/cla..
Metadata source:
should be the link to theIdentity Provider Metadata
that you uploaded earlier.Entity ID:
should beIssuer
name that Auth0 addons saml generatedSaml configuration
Should point to the configuration you created previously
Check the SAML provider data
Now go to [LMS-URL]/admin/third_party_auth/samlproviderdata/add/
and make sure the provider data for Auth0 got created automatically. If not give it around 5 minutes and if it's still not there make sure public key and private key you set earlier is correct and the link to metadata is accesible.
What is Next
We are preparing an article about how to add extra registration field to the Auth0 and also customizing login/registration flow. Stay tuned!