WeBWorK Main Forum

LTI authentication failed through Blackboard

LTI authentication failed through Blackboard

by Bianca Sosnovski -
Number of replies: 5

Hi everyone,

After some updates our Webwork server were displaying different types errors that would come and go. It would be temporarily fixed by after restarting the Apache.

We decided to reinstall from scratch and use the backup files for courses and database.

The new server is running and is set up to run with LTI connection via Blackboard. Students only access webwork via the links posted on Blackboard. But the following error appears even though the new server uses the same settings for the previous server:


Your authentication failed. Please try again. Please speak with your instructor if you need help.

bsosnovski_MA119 uses an external authentication system. You've authenticated through that system, but aren't allowed to log in to this course.

Any suggestion where to look for fixing it?

Thank you.


In reply to Bianca Sosnovski

Re: LTI authentication failed through Blackboard

by Bianca Sosnovski -
I forgot to mention the settings in the authen_LTI.conf:

$debug_lti_parameters = 0; (when I set up to 1 it doesn't show any debug message)
$debug_lti_grade_passback = 0;
$external_auth=0;
$permissionLevels{change_password} = "ta";
$preferred_source_of_username = 'lis_person_sourcedid';
$NonceLifeTime=60; ( changed this to 120 based on another post here in the Forum but didn't resolve the issue)
$LMSManageUserData=1;
$permissionLevels{change_email} = "ta";
$LTIBasicToThisSiteURL = "http://webwork.qcc.cuny.edu/webwork2";
$LTIGradeMode = "homework";
$LTIGradeOnSubmit = 1;
In reply to Bianca Sosnovski

Re: LTI authentication failed through Blackboard

by Nathan Wallach -
  1. Have a look at login.log and trigger a LTI login attempt and see what sort of message is being reported. You want to see a line which mention "credential_source=LTIAdvanced" even if is a failure line.
  2. Make sure the LTIBasicConsumerSecret is set and consistent on both sides.
  3. Make sure site.conf has an uncommented   include("conf/authen_LTI.conf");    line.
  4. Make sure the system time / date is correct.
  5. Check the setting of server_root_url (pay attention to http vs https) and webwork_url and LTIBasicToThisSiteURL (if defined).
  6. Maybe edit webwork2/lib/WeBWorK/Constants.pm to turn on and log debug data to a file. (Set $WeBWorK::Debug::Enabled = 1; and set a path using $WeBWorK::Debug::Logfile )
In reply to Nathan Wallach

Re: LTI authentication failed through Blackboard

by Bianca Sosnovski -

Nathan,

Thank you so much. I even didn't need to go over what you suggested because the new server was also running super slow and our IT decided to reinstall it again.

Now everything is working fine.


In reply to Nathan Wallach

Re: LTI authentication failed through Blackboard

by Wai Yan Pong -
Hello,

We are trying the same thing (BB--WW integration) and got the exact same error

Test_Course_for_BB_integration uses an external authentication system. You've authenticated through that system, but aren't allowed to log in to this course

We have tried what Nathan suggested with no avail. We also enabled the Debug log but not sure whether the follow part is relevant. Any suggestion on how this can be fixed?
Many thanks

[Mon Nov 16 08:33:54.743861 2020] WeBWorK::Authen::LTIAdvanced::authenticate: oauth_nonce->|364443565693028|
[Mon Nov 16 08:33:54.743888 2020] WeBWorK::Authen::LTIAdvanced::authenticate: oauth_timestamp->|1605544433|
[Mon Nov 16 08:33:54.743916 2020] WeBWorK::Authen::LTIAdvanced::authenticate: roles->|urn:lti:role:ims/lis/Learner|
[Mon Nov 16 08:33:54.743944 2020] WeBWorK::Authen::LTIAdvanced::authenticate: oauth_version->|1.0|
[Mon Nov 16 08:33:54.743972 2020] WeBWorK::Authen::LTIAdvanced::authenticate: lti_message_type->|basic-lti-launch-request|
[Mon Nov 16 08:33:54.792732 2020] WeBWorK::Authen::LTIAdvanced::authenticate: LTIAdvanced::authenticate request-> verify failed
[Mon Nov 16 08:33:54.792878 2020] WeBWorK::Authen::LTIAdvanced::authenticate: OAuth verification Failed
[Mon Nov 16 08:33:54.793144 2020] WeBWorK::Authen::LTIAdvanced::verify_normal_user: auth_result=|0|
[Mon Nov 16 08:33:54.793436 2020] WeBWorK::Authen::write_log_entry: Writing to login log: 'LOGIN FAILED OAuth verification failed. Check the Consumer Secret and that the URL in the LMS exactly matches the WeBWorK URL.slanaghan@csudh.edu - authentication failed: 0 user_id=slanaghan@csudh.edu login_type=normal credential_source=LTIAdvanced host=72.219.95.47 port=64477 UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36'.
[Mon Nov 16 08:33:54.794059 2020] WeBWorK::Authen::verify: END VERIFY
[Mon Nov 16 08:33:54.794115 2020] WeBWorK::Authen::verify: result 0
[Mon Nov 16 08:33:54.794152 2020] WeBWorK::dispatch: Bad news: authentication failed!
In reply to Wai Yan Pong

Re: LTI authentication failed through Blackboard

by Danny Glin -

The key message in there is "OAuth verification failed", which means that the information sent by BB doesn't exactly match what WeBWorK is expecting.

Did you have this working previously?

The first thing to check is exactly what the message suggests: make sure that the Consumer Secret that you have set in WeBWorK (probably in /opt/webwork/webwork2/conf/authen_LTI.conf) matches what you have entered in WeBWorK, and also that the URL used in BB matches the URL in WeBWorK, which includes checking $server_root_url in /opt/webwork/webwork2/conf/site.conf.

I also discovered that in my case leaving the Consumer Key blank in our LMS (we use D2L) caused problems.  As long as it was set to something then it worked.