Installation

D2L Brightspace LTI issue

D2L Brightspace LTI issue

by Tim Alderson -
Number of replies: 17
Tried to set up LTI (for the first time) today after upgrading to WW2.13.

I believe all steps were followed, but I keep getting the following error when attempting to open the WW page from within D2L.

Any help welcome.

WeBWorK Warnings

WeBWorK has encountered warnings while processing your request. If this occured when viewing a problem, it was likely caused by an error or ambiguity in that problem. Otherwise, it may indicate a problem with the WeBWorK system itself. If you are a student, report these warnings to your professor to have them corrected. If you are a professor, please consult the warning output below for more information.

Warning messages

  • ===== parameters received =======
  • oauth_timestamp => 1503682521
  • oauth_consumer_key => learning.unb.ca
  • lis_person_contact_email_primary => TIM@UNB.CA
  • ext_d2l_token_id => 15652986
  • ext_d2l_link_id => 768
  • resource_link_title =>
  • oauth_signature => FgtFBNZWBfrmzddBW5NJffL1exw=
  • oauth_callback => about:blank
  • oauth_nonce => 17cd278d-4c73-4fb4-984a-9fc42409afcd
  • lti_message_type => basic-lti-launch-request
  • oauth_version => 1.0
  • ext_d2l_role => Student
  • oauth_signature_method => HMAC-SHA1
  • launch_presentation_locale => EN-CA
  • resource_link_description =>
  • lis_outcome_service_url => https://lms.unb.ca/d2l/le/lti/Outcome
  • ext_completion_url =>
  • ext_tc_profile_url => https://lms.unb.ca/d2l/api/ext/1.0/lti/tcservices
  • ext_d2l_token_digest => qNl7GK91n3V6CrHSxj+yyA2Y4LY=
  • lis_result_sourcedid => a038a8d9-a6ee-4c1a-bb46-24a143250505
  • ext_d2l_username => tim
  • ext_d2l_tenantid => 4cf94592-d715-448e-9ad0-1cc42cb0b315
  • lti_version => LTI-1p0
  • ext_basiclti_submit => Launch Endpoint with BasicLTI Data
  • resource_link_id => 1244757160

Request information

Time Fri Aug 25 14:35:23 2017
Method POST
URI /webwork2/Math1003_CEL/

In reply to Tim Alderson

Re: D2L Brightspace LTI issue

by Michael Gage -
Hi Tim,

This looks like standard debug information.
It helps diagnose problems with the connection.

Are the connections working ok? if so you can now turn debug off.
webwork2/conf/authen_LTI.conf:
# set this to 1 to have LTI calling parameters printed to HTML page for
# debugging. This is useful when setting things up for the first time because
# different LMS systems have different parameters
$debug_lti_parameters = 1; 

set the value of debug_lti_parameters to 0;


This value can be overridden in localOverrides.conf and also in

course.conf if it was set there at some point.



In reply to Tim Alderson

Re: D2L Brightspace LTI issue

by Danny Glin -
Is this all you get?

This output is expected if you have set "$debug_lti_parameters = 1;" in authen_LTI.conf, but I would expect this to be in addition to the WeBWorK page itself. Do you get any other error messages, or does it give you access to your WeBWorK course?
In reply to Danny Glin

Re: D2L Brightspace LTI issue

by Tim Alderson -
I do not gain access to the course.

The (entire) feedback I get is:

Math3733

 
 
Warning -- There may be something wrong with this question. Please inform your instructor including the warning messages below.

Math3733 uses an external authentication system (e.g., Oncourse, CAS, Blackboard, Moodle, Canvas, etc.). Please return to system you used and try again.

Site Information

This file is at htdocs/site_info.txt. Use it to display information for the entire WeBWorK site which will be viewed at login time.

WeBWorK Warnings

WeBWorK has encountered warnings while processing your request. If this occured when viewing a problem, it was likely caused by an error or ambiguity in that problem. Otherwise, it may indicate a problem with the WeBWorK system itself. If you are a student, report these warnings to your professor to have them corrected. If you are a professor, please consult the warning output below for more information.

Warning messages

  • ===== parameters received =======
  • oauth_consumer_key => learning.unb.ca
  • lis_person_contact_email_primary => TIM@UNB.CA
  • tool_consumer_info_product_family_code => desire2learn
  • oauth_signature => 48jte+93Y9JNi3XK5XOY0Sk4tQQ=
  • tool_consumer_instance_description => University of New Brunswick LMS
  • tool_consumer_instance_name => Webwork Exercises for M3733
  • oauth_callback => about:blank
  • context_id => 136105
  • oauth_version => 1.0
  • oauth_signature_method => HMAC-SHA1
  • resource_link_description => Second try
  • lis_outcome_service_url => https://lms.unb.ca/d2l/le/lti/Outcome
  • lis_person_name_full => Timothy Alderson
  • ext_completion_url =>
  • tool_consumer_instance_guid => learning.unb.ca
  • context_label => D2L_2017FA_UG_MATH_3733_SJ01A_304739
  • ext_d2l_token_digest => QkhowQzVUfTEz9bIk34T5lLPHBc=
  • lis_result_sourcedid => 3ebd3050-e067-45e0-9f07-e4f6668a5e5a
  • lti_version => LTI-1p0
  • ext_d2l_tenantid => 4cf94592-d715-448e-9ad0-1cc42cb0b315
  • ext_basiclti_submit => Launch Endpoint with BasicLTI Data
  • oauth_timestamp => 1503692616
  • ext_d2l_token_id => 15653539
  • context_title => 2017FA_MATH_3733_SJ01A
  • ext_d2l_link_id => 769
  • resource_link_title => Webwork second try
  • oauth_nonce => 4781ff7c-0722-4f48-801d-fc2dee10985f
  • tool_consumer_instance_contact_email => tim@unb.ca
  • ext_d2l_orgdefinedid => 3086934
  • lti_message_type => basic-lti-launch-request
  • tool_consumer_info_version => 10.7.4.0
  • ext_d2l_role => Student
  • launch_presentation_locale => EN-CA
  • lis_person_name_family => Alderson
  • lis_person_name_given => Timothy
  • ext_tc_profile_url => https://lms.unb.ca/d2l/api/ext/1.0/lti/tcservices
  • ext_d2l_username => tim
  • context_type => CourseOffering
  • resource_link_id => 1245071488

Request information

Time Fri Aug 25 17:23:37 2017
Method POST
URI /webwork2/Math3733/


In reply to Tim Alderson

Re: D2L Brightspace LTI issue

by Michael Gage -
The line
"

Math3733 uses an external authentication system (e.g., Oncourse, CAS, Blackboard, Moodle, Canvas, etc.). Please return to system you used and try again.


"
indicates that you have
$external_auth=1;
in authen_LTI.conf.
Try setting that to 0. This is probably what you want in any case if you want to allow TA's and professors to enter webwork directly.

It also seems possible that the url that you are using from D2L is not exactly right and it is trying to access WeBWorK at an incorrect page, one with no content.
In reply to Michael Gage

Re: D2L Brightspace LTI issue

by Tim Alderson -
Thank you for the ideas.

Tried setting $external_auth=0, but I am still getting the same error.

Incidentally I had commented out the line
$external_auth=1 (since this made it impossible to enter Webwork directly), so it had defaulted to 0 already.

I have checked the URL in D2L, and it points to the correct page. Reloading the landing page after clicking the
Webwork link in D2L (i.e. the page with the error above) gives the conventional direct login page for the course).

I'm not sure what else to try here. At least the instructors can still populate their courses the old way for this term.

In reply to Tim Alderson

Re: D2L Brightspace LTI issue

by Michael Gage -
If you have really set $external_auth=0 then I would expect the message:

about using external authorization to go away. The other error messages would stay.

I would check very closely the url that you are entering into brightspace (perhaps check with Alex Jordan who also uses brightspace) -- it appears that you are not accessing a course homepage but the top level of webwork (which prints the site_info file message) or the login_page for the course.

You can check the error log for webwork and see if it reports the path.
In reply to Michael Gage

Re: D2L Brightspace LTI issue

by Danny Glin -
A couple of things to check:

Look at the course login log (/opt/webwork/courses/[coursename]/logs/login.log). It may give you more info regarding what's going on.

In authen_LTI.conf, what do you have as $preferred_source_of_username? With Brightspace this will only work when set to "lis_person_contact_email_primary". Brightspace does not send the "lis_person_sourcedid" value, and the WeBWorK code is currently only written to recognize those two choices. On my server I have modified the WeBWorK code to allow the passing of the Brightspace username to WeBWorK. I can send you that file if you would like.
In reply to Danny Glin

Re: D2L Brightspace LTI issue

by Tim Alderson -
Thank you for the ideas.

Single quotes were used already.

Could the fact that our server is not employing https be the issue?

If you would be willing to share your file I would certainly appreciate it.

BTW here is what we have:


$debug_lti_parameters = 1;
$authen{user_module} = [
{ "*" => "WeBWorK::Authen::LTIAdvanced", }, #preferred authorization method
{ "*" => "WeBWorK::Authen::Basic_TheLastOption",} #fallback authorization method
];
$external_auth=0;
$preferred_source_of_username = "lis_person_contact_email_primary";
$strip_address_from_email = 1;
$LTIBasicConsumerSecret = "somethingelse.unbsj"; #This must be set
$NonceLifeTime=60; # in seconds
$LMSManageUserData=1;
$LTIGradeOnSubmit = 1;
$LTIMassUpdateInterval = 86400; #in seconds
%LMSrolesToWeBWorKroles = (
"librarian" => "guest",
"observer" => "guest",
"visitor" => "guest",
"Guest" => "guest",
"Designer" => "professor",
"instructor" => "professor",
"Instructor" => "professor",
"Teacher" => "professor",
"Student" => "student",
"Learner" => "student",
"student" => "student",
"AI/TA" => "ta",
"TA" => "ta",
"Teaching Assistant" => "ta",
"Teaching Assistant (TA)" => "ta",
"Non-editing teacher" => "ta",
"Grader" => "ta",
);
$LTIAccountCreationCutoff = "ta";


1; #final line of the file to reassure perl that it was read properly.


In reply to Tim Alderson

Re: D2L Brightspace LTI issue

by Danny Glin -
Weird. When I paste your settings into my test system, it works for me with our Brightspace instance.


Have you entered something in the "Key" field on the Brightspace side? WeBWorK can't handle this being left blank.

Is anything recorded in the course login.log file?
In reply to Danny Glin

Re: D2L Brightspace LTI issue

by Tim Alderson -
Thank you Danny.

I see from the log that you were able to at least attempt login. None of my attempts from within D2L are in the log.

So, I suppose this means it is an issue specific to the D2L here at UNB. I will contact the D2L team here to see if they have any suggestions.


[Mon Aug 28 13:15:33 2017] LOGIN OK user_id=tim login_type=normal credential_source=params host=142.167.18.231 port=53156 UA=Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
[Mon Aug 28 18:39:46 2017] LOGIN FAILED OAuth verification failed. Check the Consumer Secret and that the URL in the LMS exactly matches the WeBWorK URL.dlglin - authentication failed: 0 user_id=dlglin login_type=normal credential_source=LTIAdvanced host=136.159.160.200 port=51958 UA=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
[Mon Aug 28 18:41:11 2017] LOGIN FAILED OAuth verification failed. Check the Consumer Secret and that the URL in the LMS exactly matches the WeBWorK URL.dlglin - authentication failed: 0 user_id=dlglin login_type=normal credential_source=LTIAdvanced host=136.159.160.200 port=51975 UA=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
[Mon Aug 28 18:42:44 2017] AUTH WWDB: password rejected user_id=admin login_type=normal credential_source=params host=136.159.160.200 port=52001 UA=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
[Mon Aug 28 18:42:44 2017] LOGIN FAILED authentication failed user_id=admin login_type=normal credential_source=params host=136.159.160.200 port=52001 UA=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
[Mon Aug 28 18:42:47 2017] LOGIN FAILED user unknown user_id=prof login_type=normal credential_source=params host=136.159.160.200 port=52001 UA=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8
[Mon Aug 28 19:34:32 2017] AUTH WWDB: password accepted user_id=tim login_type=normal credential_source=params host=142.167.18.231 port=55014 UA=Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
In reply to Tim Alderson

Re: D2L Brightspace LTI issue

by Danny Glin -
I've attached a screenshot of the settings I used for that connection. I'm assuming that you didn't include your actual shared secret in your previous post, which should be why I wasn't able to successfully authenticate.
Attachment Screen_Shot_2017-08-29_at_10.42.08_AM.png
In reply to Danny Glin

Re: D2L Brightspace LTI issue

by Tim Alderson -
At least I got something different this time. I had been using the Tool Provider settings.

Now, using the setup you used I get the following error:


WeBWorK error

An error occured while processing your request. For help, please send mail to this site's webmaster (webmaster@localhost), including all of the following information as well as what what you were doing when the error occured.

Tue Aug 29 14:29:18 2017

Warning messages

  • ===== parameters received ======= oauth_consumer_key => webworkunbSJ lis_person_contact_email_primary => TIM@UNB.CA tool_consumer_info_product_family_code => desire2learn oauth_signature => +9cjs6OjizGzVnFmCogmwTnHtG8= tool_consumer_instance_description => Webwork For Math 1003 Online tool_consumer_instance_name => Webwork Exercises For Math 1003 Online oauth_callback => about:blank context_id => 134068 oauth_version => 1.0 oauth_signature_method => HMAC-SHA1 resource_link_description => roles => urn:lti:instrole:ims/lis/Faculty,Faculty,urn:lti:instrole:ims/lis/Member,Member,urn:lti:instrole:ims/lis/Instructor,Instructor,urn:lti:instrole:ims/lis/Mentor,Mentor,urn:lti:instrole:ims/lis/Staff,Staff,urn:lti:instrole:ims/lis/Alumni,Alumni,urn:lti:instrole:ims/lis/Observer,Observer lis_outcome_service_url => https://lms.unb.ca/d2l/le/lti/Outcome lis_person_name_full => Timothy Alderson ext_completion_url => tool_consumer_instance_guid => UNB context_label => MATH 1003 DEVELOPMENT ext_d2l_token_digest => 8NQgSJwG6jEHCqqWwGwaFPeoUR0= lis_result_sourcedid => da11e582-449e-44c4-983f-1dd0615e9905 lti_version => LTI-1p0 ext_d2l_tenantid => 4cf94592-d715-448e-9ad0-1cc42cb0b315 user_id => UNB_1164 ext_basiclti_submit => Launch Endpoint with BasicLTI Data oauth_timestamp => 1504027758 ext_d2l_token_id => 15662350 context_title => MATH 1003 DEVELOPMENT 2017 ext_d2l_link_id => 791 resource_link_title => Webwork Assignments second try oauth_nonce => a8c127dc-b68f-4421-a13a-3b6ece4dd1b7 tool_consumer_instance_contact_email => tim@unb.ca lti_message_type => basic-lti-launch-request ext_d2l_orgdefinedid => 3086934 tool_consumer_info_version => 10.7.4.0 ext_d2l_role => Student launch_presentation_locale => EN-CA lis_person_name_family => Alderson lis_person_name_given => Timothy ext_tc_profile_url => https://lms.unb.ca/d2l/api/ext/1.0/lti/tcservices ext_d2l_username => tim context_type => CourseOffering resource_link_id => 177311953 =========== summary ============ at /opt/webwork/webwork2/lib/WeBWorK/Authen/LTIAdvanced.pm line 206. User id is |TIM| User mail address is |TIM@UNB.CA| preferred_source_of_username is |lis_person_contact_email_primary| ================================ The following path was reconstructed by WeBWorK. It should match the path in the LMS: at /opt/webwork/webwork2/lib/WeBWorK/Authen/LTIAdvanced.pm line 371. http://webwork.unbsj.ca/webwork2/Math1003_CEL/ at /opt/webwork/webwork2/lib/WeBWorK/Authen/LTIAdvanced.pm line 372. The adjusted LTI roles defined for this user are: --Faculty --Faculty --Member --Member --Instructor --Instructor --Mentor --Mentor --Staff --Staff --Alumni --Alumni --Observer --Observer Any initial ^urn:lti:.*:ims/lis/ segments have been stripped off. The user will be assigned the highest role defined for them ======================== Use of uninitialized value in hash element at /opt/webwork/webwork2/lib/WeBWorK/Authen/LTIAdvanced.pm line 480.

Error messages

Cannot find a WeBWorK role that corresponds to the LMS role of Faculty. at /opt/webwork/webwork2/lib/WeBWorK.pm line 321.

Call stack

The information below can help locate the source of the problem.

  • in Carp::croak called at line 480 of /opt/webwork/webwork2/lib/WeBWorK/Authen/LTIAdvanced.pm
  • in WeBWorK::Authen::LTIAdvanced::create_user called at line 417 of /opt/webwork/webwork2/lib/WeBWorK/Authen/LTIAdvanced.pm
  • in WeBWorK::Authen::LTIAdvanced::authenticate called at line 301 of /opt/webwork/webwork2/lib/WeBWorK/Authen/LTIAdvanced.pm
  • in WeBWorK::Authen::LTIAdvanced::verify_normal_user called at line 306 of /opt/webwork/webwork2/lib/WeBWorK/Authen.pm
  • in WeBWorK::Authen::do_verify called at line 216 of /opt/webwork/webwork2/lib/WeBWorK/Authen.pm
  • in WeBWorK::Authen::verify called at line 321 of /opt/webwork/webwork2/lib/WeBWorK.pm

Request information

Method POST
URI /webwork2/Math1003_CEL/
HTTP Headers
Upgrade-Insecure-Requests 1
User-Agent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Connection keep-alive
Content-Length 1930
Accept-Encoding gzip, deflate
Content-Type application/x-www-form-urlencoded
Cookie WeBWorKCourseAuthen.Math1503_Fall_2017=tim%09fGvA4R4auAuQBfqG9sbgTVLWSzZwYisZ%091503925875; WeBWorKCourseAuthen.Math_1013_Online=tim%09yo55zgFnxVU13168FdO5YSzwVXZqbNjp%091503936851; WeBWorKCourseAuthen.Math1013_Fall_2017=tim%09T77tFRLApBmKnKLQiKRATb0yVufdDNmL%091503945914; WeBWorKCourseAuthen.admin=admin%09ErEkmkgeKTCvA1Nmb3e0jJPXICCKXqtN%091503946005; WeBWorKCourseAuthen.Math3733=tim%09YwGeK2XemlXlx4MbLVDJ3A4fV6uPPror%091504006715; WeBWorKCourseAuthen.Math1003_CEL=tim%0936H3a86t1FYiJj8dayYtFBFl2ojgIX9B%091504027615
Accept-Language en-US,en;q=0.5
Host webwork.unbsj.ca
In reply to Tim Alderson

Re: D2L Brightspace LTI issue

by Danny Glin -
That one's an easy fix. WeBWorK doesn't know what WeBWorK role to match with your D2L role of "Faculty".

Add the following line to the %LMSrolesToWeBWorKroles hash:
"Faculty" => "professor",

It looks like this was a recent change in D2L to calling instructors "Faculty". I'll change this in authen_LTI.conf.dist so that it is automatically recognized in future versions of WeBWorK. I haven't checked if they changed the title of the student role. Once you get it up and running as an instructor, make sure that students are able to log in as well.

A couple of housekeeping things:
  1. You don't need to check all of the boxes under security settings. I tend to select them all when testing. I believe the ones required are
    "Send user ID to tool provider"
    "Send user email to tool provider"
    "Send system role to tool provider"
  2. You can work with your D2L team to set WeBWorK up as a tool provider for all of your courses. Then you will be able to use the tool provider settings. I created a wiki page with the instructions at http://webwork.maa.org/wiki/LTI-Advanced_Authentication_for_D2L. I just realized that there is no link to this from the main LTI wiki page. I'll update that this afternoon.
In reply to Danny Glin

Re: D2L Brightspace LTI issue

by Tim Alderson -
Thank you again. All seems to be resolved.

Now we will just have to see how it goes with the September rush!
In reply to Tim Alderson

Re: D2L Brightspace LTI issue

by Michael Gage -
Tim,

Can you report what was wrong and how it was resolved -- in case someone else has a similar problem and needs to describe what to look for to their D2L  IT people?


In reply to Michael Gage

Re: D2L Brightspace LTI issue

by Tim Alderson -

The cause/solution in our case was a combination of the following:

1. Add the following line to the %LMSrolesToWeBWorKroles hash: "Faculty" => "professor"

2. When choosing the Security Settings as detailed at http://webwork.maa.org/wiki/LTI-Advanced_Authentication_for_D2L#.WacknNGQyHA ),
"Send user ID to tool provider" does not appear in the list, instead select "Send LTI user ID and LTI role list to tool provider" (choosing system username or system Org Defined ID instead failed in our case).

So the minimal check boxes are: