Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSO with LMS not working #90

Open
angonz opened this issue Oct 31, 2024 · 4 comments
Open

SSO with LMS not working #90

angonz opened this issue Oct 31, 2024 · 4 comments

Comments

@angonz
Copy link
Contributor

angonz commented Oct 31, 2024
edited
Loading

As per instructions, it should be possible to log in using an existing LMS user. However this is not working. This screenshot was taken using the admin user of the Sumac sandbox. I have noticed the same in Quince.

image

Looks like the user is created, but the staff and superuser status is not set.
@DawoudSheraz
Copy link
Contributor

@angonz Hi, what steps did you take? I was checking discovery locally. I hit courses endpoint, it redirected to auth page, and when I logged in using admin, I was able to access discovery API because admin user was logged in there. As for staff/superuser setting, the auth_backend does not seem to set this, it only creates the user https://github.com/openedx/auth-backends/blob/master/auth_backends/strategies.py#L29. However, anyone else with more context on this can better comment. This does not seem to be an issue with tutor-discovery.

@DawoudSheraz
Copy link
Contributor

@angonz Hi, following up on this issue. Thanks

@angonz
Copy link
Contributor Author

angonz commented Dec 30, 2024

Hi @DawoudSheraz,
When you install from scratch and try to log into Discovery admin, the user is created by SSO. However, the user is not granted superuser permissions, so it will not be able to access the admin site of discovery. The workaround is to create the user with --staff --superuser options using Tutor command into the discovery plugin before attempting to login. I don't know if there will be a better solution for this.

@DawoudSheraz
Copy link
Contributor

Hi @DawoudSheraz, When you install from scratch and try to log into Discovery admin, the user is created by SSO. However, the user is not granted superuser permissions, so it will not be able to access the admin site of discovery. The workaround is to create the user with --staff --superuser options using Tutor command into the discovery plugin before attempting to login. I don't know if there will be a better solution for this.

Currently, I am not sure if we can plugin tutor in Open edX SSO flow. SSO flow is independent of Tutor workflow. We can use tutor-discovery to create a new user with default email and it can have staff/superuser permissions that one can use to login. I don't think the plugin can add anything to SSO as it lies outside the domain of Tutor and is much in-grained in Open edX flow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Tutor project management
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@angonz @DawoudSheraz