SAML Integration Option does not appear on Login screen

I have been trying to integrate my institute’s SAML IdP with my Tutor installation. However, I have not been able to make the Login option appear on the Login page. I have followed the official Edx page for integration along with this discussion.
Following are the steps I did:

  1. Configure my site as a SAML provider.
  2. Configure SAML Provider using the following settings:
    backend: tpa-saml
    Enabled: true
    Visible: true
  3. I can see that the ‘Metadata Ready’ flag is green and I can see the data in the Provider Data section. So apparently this part is working.
  4. I did/verified the following settings:
    “THIRD_PARTY_AUTH_BACKENDS”: [“third_party_auth.saml.SAMLAuthBackend”],
    Features {
  5. I stepped into the lms container and verified these settings.
  6. In the lms
    THIRD_PARTY_AUTH_BACKENDS = “third_party_auth.saml.SAMLAuthBackend”
  7. Afterwards I restarted the service multiple times but the login screen does not show the option for my IdP. In fact it only shows the username/password option.
  8. I have built the distribution from sources.
  9. I am running Edx behind a Reverse Proxy so the Edx system is running without SSL/HTTPS. The SSL connection is terminated at the Reverse Proxy and after that it’s http upto the Edx server. I have a wildcard SSL certificate for my domain, which is served from the Reverse Proxy.

My only guess is that there is probably a dependency that I have to install before it can work, however, I have not been able to find any such mention anywhere.

I have tried most documentation and resources on the Internet. Could someone please let me know what I may be missing?
Also, is there a way to set log level as debug on a Production build?
Any help is greatly appreciated.

1 Like

After some effort, I was able to resolve the issue. Following is what happened:
When we create a SAML Configuration at <BASE_URL>/admin/third_party_auth/samlconfiguration/, the slug has to be specified as ‘default’. In the Registry, the function that returns enabled backends only considers SAML backends where there is a SAML configuration named as ‘default’. As I had named my slug differently, the SAML option for login was not even considered and subsequently no SAML login option was provided on the Login screen.
Following is the code responsible for this behaviour:

1 Like