SAML - first login to studio problem

In our organistaion we are now using login via our identity provider (SAML) on our new instance of tutor edX. Everything works fine for https://bootcamp.nc3.cz, but if the not logged users tries to login using https://studio.bootcamp.nc3.cz, they get the message “Page not found The page that you were looking for was not found. Go back to the homepage.” If the user re-enters “https://studio.bootcamp.nc3.cz” in the web browser, it is shown that he is already logged in and all is correct. Here is the log of this action: bootcamp SAML logs - Pastebin.com

I noticed that the message about CORS_ORIGIN_WHITELIST appears multiple times in the log (line 15, 18, 22, 26, 41, 46). Is there any way to solve this problem?

I want mention that the identity provider has set “HTTP-POST: https://bootcamp.nc3.cz/auth/complete/tpa-saml/” and “Login URL: Missing cookie | MUNI Unified Login

That stacktrace line from the logs is the actual problem:

cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/social_core/utils.py", line 248, in wrapper
cms_1                        |     return func(*args, **kwargs)
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/social_core/backends/oauth.py", line 375, in auth_complete
cms_1                        |     state = self.validate_state()
cms_1                        |   File "/openedx/venv/lib/python3.8/site-packages/social_core/backends/oauth.py", line 87, in validate_state
cms_1                        |     raise AuthStateMissing(self, 'state')
cms_1                        | social_core.exceptions.AuthStateMissing: Session value state missing.

This is a real problem that I already reported here and that @sambapete also observed here. You should follow the GitHub issue to keep track of the resolution.

2 Likes