I've spent the last week trying to integrate our Open edX instance with the university's ADFS provider. The initial setup was quick and easy. During the first login attempt, I had hopes that this would be a swift process, only to be presented by an error message:

Initially, this seemed like a pretty straightforward error. Three days later, I was no further to solving this problem. I first took the reply from the server and validated that it was correctly signed by using the tools over at SamlTools. Everything seemed to work fine.

After posting to the Open edX Discourse forum and not receiving any assistance, I made a list of possible causes on the whiteboard in my office:

  1. Debug flag was set to allow logging of the SAML request and response. Maybe this was causing an issue?
  2. Perhaps there was a time difference between the Open edX docker image and the ADFS server.
  3. Open edX was not using the proper public key from the server.
  4. Caching issue of some kind?
  5. Wrong cipher was being used?

After crossing 1, 2, 4 and 5 off my list, I was left with testing #3. All the settings and config values pointed to the fact that the public key reported by the server and the public key used by Open edX to validate the response were identical.

In the next post, I want to document my process for integrating Open edX with OneLogin SAML Test Connector.