Feature: Shibboleth/SAML SSO #8140
Conversation
Thanks for the pull request, @bradenmacdonald! It looks like you're a member of a company that does contract work for edX. If you're doing this work as part of a paid contract with edX, you should talk to edX about who will review this pull request. If this work is not part of a paid contract with edX, then you should ensure that there is an OSPR issue to track this work in JIRA, so that we don't lose track of your pull request. To automatically create an OSPR issue for this pull request, just visit this link: http://openedx-webhooks.herokuapp.com/github/process_pr?repo=edx%2Fedx-platform&number=8140 |
3bccf35
to
c6cf374
@cpennington I need to make sure this feature branch makes the Cypress cut off. Will it need a separate review, or can we just merge it later this week (whether or not all the remaining subtasks listed above have been incorporated yet)? CC @antoviaque |
I don't think it needs a separate review, given that all of the constituent PRs have had two thumbs. |
@bradenmacdonald The latest version of Python Social Auth is required for this change to subsume the functionality in the old PR from Vin Bhalerao. Please make sure #8599 is included.
|
@sarina Do you have any recommendations about the documentation part, for the changes to SSO? Will we add instructions in http://edx.readthedocs.org/projects/edx-installing-configuring-and-running/en/latest/ ? I'm not sure if we have any documentation currently about it, besides John Cox' blog post - @bradenmacdonald do you confirm? If we do want to add a section to that page, how would it work? Should we submit something, or would someone from the documentation team write it? |
@antoviaque that's a good question. My understanding is that @mhoeber is going to document this, but after it merges. You should sync up with him and see if there's a way your team can provide assistance. |
@sarina, @antoviaque, @mhoeber My team and I would be interested in helping with docs here if help is needed. |
@mhoeber Please let us know how you'd like to go about getting this documented. The old instructions for setting up third_party_auth (e.g. Jon Cox's series of blog posts) will no longer work at all and the new approach, though simpler in many respects, is currently undocumented. |
@bradenmacdonald - @lamagnifica will be working on this, mostly after 7/1. At a really high level we will need info on any config steps for Cypress release; and any information Cypress and Edg learners need to know. We can use notes and links here, and anything you can contribute in a PR here would be great: https://github.com/edx/edx-documentation/tree/master/en_us/install_operations/source |
@mhoeber Great! Colleagues and I will work on a PR at the link you provided; and looking forward to working with @lamagnifica after 7/1. @bradenmacdonald - Is it OK if we take some screenshots of your sandbox for illustrating the showing the UI? |
@RobDolinMS Yes feel free to take screenshots, but please use http://sandbox4.opencraft.com/login rather than sandbox 5, since it is more representative of the production UI. It's best to wait until this has merged, since the UI may change. |
Alright, I think this feature branch is ready to land! I've squashed it down to one commit per PR and rebased it. I will merge it once the tests pass and I've manually verified the rebase didn't introduce any obvious regressions (there were no conflicts though). |
Feature: Shibboleth/SAML SSO
|
@bradenmacdonald This is great! BIG KUDOS on your good work! |
@fredsmith FYI, this PR has migrations. Configuration of third_party_auth is moved from django settings to ConfigurationModels. The migrations include a data migration that will copy any existing Google/Facebook third party provider settings to the new config table, so no special actions should be necessary. |
Hello Guys, can you please explain me how to configure openedx with office 365 single sign on? I havent found any documentation about it. |
We have used these instructions for adding Office 365 SSO to Open edX. Hope they help you.
|
sorry for the noob question, as I am not a linux expert, how do I start lms? also, which one is the default admin pass? I am using WIndows Azure Image with Ubuntu and Open EDX Cypress (from Bitnami) |
@levalencia Pull requests like this are meant to be for technical discussions of code, not support requests. Please join us on slack or one of the mailing lists to get support from the community. To answer your question though: I would suggest you read https://openedx.atlassian.net/wiki/display/OpenOPS/Managing+OpenEdX+Tips+and+Tricks . If you find the production install on a remote VM is not convenient, you can also start with https://github.com/edx/edx-platform/wiki/Developing-on-the-edX-Developer-Stack which runs on your computer and has a lot more things that work "out of the box". |
Description
This is the new Shibboleth/SAML SSO support integrated into third_party_auth (TPA). See the technical spec for a lot more background and discussion.
Dependencies
Constituent PRs
Sandbox
Upgrade Issues
The following are actually caused by #8262 which was merged separately from this feature branch, but I'm leaving them here as a reminder:
python-social-auth
at one point converted fromsyncdb
to south/django migrations, and bumping the version ofpython-social-auth
that we use will result in this error next timepaver update_db
is run:To fix this (on devstack), the user must manually run this command:
Unfortunately, I'm not aware of any way to avoid this issue other than this manual fix. New installs are not affected.
2. The new version of python-social-auth uses the Google+ API for obtaining user details. Any instance administrator with Google third party authentication enabled will need to go to https://console.developers.google.com/ and make sure that the "Google+ API" is enabled for their account.