Feature Wiki

Information about planned and released features

Tabs

LTI Authentication

Page Overview

1 Initial Problem
2 Conceptual Summary
- 2.1 LTI Launch
3 User Interface Modifications
- 3.1 List of Affected Views
- 3.2 User Interface Details
- 3.3 New User Interface Concepts
4 Technical Information
5 Contact
6 Funding
7 Discussion
8 Implementation

1 Initial Problem

ILIAS does not provide libraries for implementing an Oauth-based authentication which is required for the LTI authentication and launch process.

2 Conceptual Summary

2.1 LTI Launch

The LTI launch link can look similar to the permanent link of a repository object. The script name for all LTI requests is lti.php. The client_id and ref_id are included in the launch link and provided as GET variables. All other parameters are provided by the Tool Consumer as OAuth signed POST variables.

ILIAS checks the OAuth signature by looking up the consumer key in the target object or in the global credentials table. It checks the related user account (see user management) and permissions on the target object.

An error may occur in the following cases:

The LTI request can’t be authentified by key and secret oImportant LTI parameters are missing
The user account exists and is deactivated (e.g. to block users)
The target object is not found, is deleted or offline
LTI is not activated for the target object
The permissions of the LTI roles are not sufficient for viewing the target object

If a return URL is provided with the LTI launch then ILIAS redirects to this URL and adds the error message as a parameter. If no return URL is provided, then ILIAS shows its standard error page.

If everything is ok, then ILIAS:

Creates or updates the LTI user account (see below) and automatically logs it in
Saves the launch parameters that are needed for a further processing (outcome service)
Activates the LTI Kiosk Mode (see below)
Calls the _goto() function of the target object

3 User Interface Modifications

3.1 List of Affected Views

no view affected

3.2 User Interface Details

no view affected

3.3 New User Interface Concepts

none

4 Technical Information

A library for providing an interface for the authentication and launch process is published on github IMSGlobal - ToolProvider PHP.

The installation of this library is composer-based.

5 Contact

Author of the Request: Meyer, Stefan [smeyer]
Maintainer: Meyer, Stefan [smeyer] for Authentication, Kohnle, Uwe [ukohnle] for LTI
Implementation of the feature is done by: Meyer, Stefan [smeyer]

6 Funding

If you are interest in funding this feature, please add your name and institution to this list.

7 Discussion

JourFixe, ILIAS [jourfixe], July 24, 2017: We highly appreciate this suggestion and schedule it for 5.3 (assumed ILIAS as LTI tool provider is accepted in general). We would like to have the following change:

The authentication should not be done by IMS tool provider library but by SimpleSAML. Stefan can check if he is able to extract the rest of the missing library parts needed to launch the LTI object.

JourFixe, ILIAS [jourfixe], July 31, 2017: Stefan checked if it is possible to use SimpleSAML instead of the IMS tool provider library. But unfortunately, this library cannot be substituted as it uses OAuth1 whil SimpleSAML is using OAuth2 and there is no compatibility between them. We follow the suggestion of Uwe Kohnle and create a fork of IMS tool provider library in the ILIAS GitHub repository and use this library for LTI support. Based on this decision we schedule this feature for 5.3.

8 Implementation

There are no screens in ILIAS to screenshot.

Test Cases

Test cases completed on 2017-08-26 by Tödt, Alexandra [atoedt]

18753: Benutzer wird für LTI authentifiziert

Approval

Approved at August 28, 2017 by Kunkel, Matthias [mkunkel]

Last edited: 4. May 2018, 13:31, Tödt, Alexandra [atoedt]