cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
chaneym
Community Member

SAML for students, Canvas authentication for parents not working

Jump to solution

Is anyone successfully using Google apps authentication for students with parents self-creating observer accounts via Canvas login? SAML works great for our domain users most of the time, but we're having several problems with parent accounts now.

In the Canvas Parent app, a parent would enter their information to create an account and then be taken to a Google authentication page (as expected) for their student. Entering the student’s information normally returns an "Error 403: app_not_configured_for_this_user" (which is incorrect, assuming Canvas is passing the proper user credentials to Google). However in my testing of the issue now for these case notes, I get a message “Unable to Create Account - There was an error while communicating with the server” when I hit the Create Account button.

If I choose “Log in with Canvas” from the parent app, I would expect to see Canvas authentication, but I’m instead directed to Google/SAML. This is incorrect for parents.

Via the web on multiple browsers, when a parent creates an account and is prompted for the Google login for their child, it either shows the Error 403, or just signs them in to Google apps and never comes back to Canvas to complete the account creation.

Specifically, the problem is when a self-signup user with Canvas authentication tries to create a parent account as an observer of a SAML-authenticated user.

If there is a fix for this, great - but it sounds like the problem is rooted in how Canvas prioritizes authentication. Instead of or in addition to primary/secondary authentication, I suggest they specify Staff/Student vs. Parent authentication. That way the Canvas app and our student login URL can all look to SAML and the Parent app and parent URL can use Canvas authentication exclusively. Even if that means I have to have parents use a separate SIS-upload username and password for their student (ie - not the SAML credentials), it would be better than the mess we’re in now where no parent can successfully create an account linked to a student.

4 Solutions

Accepted Solutions
rseilham
Community Coach
Community Coach

Canvas Admins‌ might also be a good place to ask this question. It's definitely a mobile question, but there is more expertise in this group related to authentication that might be able to help you out. I also suggest that you report this to Canvas support so they can document this issue. 

View solution in original post

Robbie_Grant
Community Coach
Community Coach

chaneyml,

Were you able to find an answer to your question? I am going to go ahead and mark this question as answered because there hasn't been any more activity in a while so I assume that you have the information that you need. If you still have a question about this or if you have information that you would like to share with the community, by all means, please do come back and leave a comment.  Also, if this question has been answered by one of the previous replies, please feel free to mark that answer as correct.

 

Robbie

View solution in original post

eperezcastro
Community Member

We are having exactly the same problem. Did you solve it? Or did you choose the SIS created accounts for parents? 

View solution in original post

There were several parts to this problem, but here's what I learned:

The problem of parents creating an account in the app and adding their student's information is a bug that support engineers said is a problem specifically with Google authentication coming back to Canvas, and also causes problems in the web. 

In the Parent app, the button to "Log in with Canvas" doesn't actually direct to the "domain/login/canvas" Canvas login page, but rather to the Discovery URL. So parents signing up with their existing Canvas credentials have this workflow to configure the app: [Log in with Canvas] - [Find organization] - [Click "parent" at our Discovery URL] - [choose "add student"] - [Find organization] - [Click "student" at our Discovery URL] - [Sign in wth student Google credentials].

 

To avoid troubleshooting every single parent issue, my ultimate workaround was to create the parent accounts via SIS upload already linked to their student. I used their email address as the login, email address, and SIS ID for the user. The password for each parent was their student's ID number, and I gave them instructions on how to change it in the User settings menu since the reset password emails seemed to not work. 

Hope this helps.

View solution in original post

6 Replies
chofer
Community Coach
Community Coach

Hello chaneym‌...

While I do not have an answer for you myself, I wanted to let you know that I am going to share your question with both the https://community.canvaslms.com/groups/canvas-developers?sr=search&searchId=6d73f3bb-d59d-47d8-900d-...‌ an the https://community.canvaslms.com/groups/cmug?sr=search&searchId=fcc73020-fcde-4c49-a4d1-9c80e5e3dd0f&...‌ groups here in the Canvas Community in hopes that your question will get some additional exposure.  If you are not yet following either of these groups, use the links I've provided, and then click on the "Follow" button at the top right corner of each page.  I hope this will be helpful to you, Marshall.  Good luck in finding an answer!

rseilham
Community Coach
Community Coach

Canvas Admins‌ might also be a good place to ask this question. It's definitely a mobile question, but there is more expertise in this group related to authentication that might be able to help you out. I also suggest that you report this to Canvas support so they can document this issue. 

View solution in original post

Robbie_Grant
Community Coach
Community Coach

chaneyml,

Were you able to find an answer to your question? I am going to go ahead and mark this question as answered because there hasn't been any more activity in a while so I assume that you have the information that you need. If you still have a question about this or if you have information that you would like to share with the community, by all means, please do come back and leave a comment.  Also, if this question has been answered by one of the previous replies, please feel free to mark that answer as correct.

 

Robbie

View solution in original post

eperezcastro
Community Member

We are having exactly the same problem. Did you solve it? Or did you choose the SIS created accounts for parents? 

View solution in original post

There were several parts to this problem, but here's what I learned:

The problem of parents creating an account in the app and adding their student's information is a bug that support engineers said is a problem specifically with Google authentication coming back to Canvas, and also causes problems in the web. 

In the Parent app, the button to "Log in with Canvas" doesn't actually direct to the "domain/login/canvas" Canvas login page, but rather to the Discovery URL. So parents signing up with their existing Canvas credentials have this workflow to configure the app: [Log in with Canvas] - [Find organization] - [Click "parent" at our Discovery URL] - [choose "add student"] - [Find organization] - [Click "student" at our Discovery URL] - [Sign in wth student Google credentials].

 

To avoid troubleshooting every single parent issue, my ultimate workaround was to create the parent accounts via SIS upload already linked to their student. I used their email address as the login, email address, and SIS ID for the user. The password for each parent was their student's ID number, and I gave them instructions on how to change it in the User settings menu since the reset password emails seemed to not work. 

Hope this helps.

View solution in original post

liz_laverty
Community Participant

I *think* this solves my question, but if I create accounts with SIS import, they don't have the ability to change their password in the settings.  Any ideas?