WeBWorK Main Forum

LTI authentication failed through Blackboard

LTI authentication failed through Blackboard

by Bianca Sosnovski -
Number of replies: 15

Hi everyone,

After some updates our Webwork server were displaying different types errors that would come and go. It would be temporarily fixed by after restarting the Apache.

We decided to reinstall from scratch and use the backup files for courses and database.

The new server is running and is set up to run with LTI connection via Blackboard. Students only access webwork via the links posted on Blackboard. But the following error appears even though the new server uses the same settings for the previous server:


Your authentication failed. Please try again. Please speak with your instructor if you need help.

bsosnovski_MA119 uses an external authentication system. You've authenticated through that system, but aren't allowed to log in to this course.

Any suggestion where to look for fixing it?

Thank you.


In reply to Bianca Sosnovski

Re: LTI authentication failed through Blackboard

by Bianca Sosnovski -
I forgot to mention the settings in the authen_LTI.conf:

$debug_lti_parameters = 0; (when I set up to 1 it doesn't show any debug message)
$debug_lti_grade_passback = 0;
$external_auth=0;
$permissionLevels{change_password} = "ta";
$preferred_source_of_username = 'lis_person_sourcedid';
$NonceLifeTime=60; ( changed this to 120 based on another post here in the Forum but didn't resolve the issue)
$LMSManageUserData=1;
$permissionLevels{change_email} = "ta";
$LTIBasicToThisSiteURL = "http://webwork.qcc.cuny.edu/webwork2";
$LTIGradeMode = "homework";
$LTIGradeOnSubmit = 1;
In reply to Bianca Sosnovski

Re: LTI authentication failed through Blackboard

by Nathan Wallach -
  1. Have a look at login.log and trigger a LTI login attempt and see what sort of message is being reported. You want to see a line which mention "credential_source=LTIAdvanced" even if is a failure line.
  2. Make sure the LTIBasicConsumerSecret is set and consistent on both sides.
  3. Make sure site.conf has an uncommented   include("conf/authen_LTI.conf");    line.
  4. Make sure the system time / date is correct.
  5. Check the setting of server_root_url (pay attention to http vs https) and webwork_url and LTIBasicToThisSiteURL (if defined).
  6. Maybe edit webwork2/lib/WeBWorK/Constants.pm to turn on and log debug data to a file. (Set $WeBWorK::Debug::Enabled = 1; and set a path using $WeBWorK::Debug::Logfile )
In reply to Nathan Wallach

Re: LTI authentication failed through Blackboard

by Bianca Sosnovski -

Nathan,

Thank you so much. I even didn't need to go over what you suggested because the new server was also running super slow and our IT decided to reinstall it again.

Now everything is working fine.


In reply to Nathan Wallach

Re: LTI authentication failed through Blackboard

by Wai Yan Pong -
Hello,

We are trying the same thing (BB--WW integration) and got the exact same error

Test_Course_for_BB_integration uses an external authentication system. You've authenticated through that system, but aren't allowed to log in to this course

We have tried what Nathan suggested with no avail. We also enabled the Debug log but not sure whether the follow part is relevant. Any suggestion on how this can be fixed?
Many thanks

[Mon Nov 16 08:33:54.743861 2020] WeBWorK::Authen::LTIAdvanced::authenticate: oauth_nonce->|364443565693028|
[Mon Nov 16 08:33:54.743888 2020] WeBWorK::Authen::LTIAdvanced::authenticate: oauth_timestamp->|1605544433|
[Mon Nov 16 08:33:54.743916 2020] WeBWorK::Authen::LTIAdvanced::authenticate: roles->|urn:lti:role:ims/lis/Learner|
[Mon Nov 16 08:33:54.743944 2020] WeBWorK::Authen::LTIAdvanced::authenticate: oauth_version->|1.0|
[Mon Nov 16 08:33:54.743972 2020] WeBWorK::Authen::LTIAdvanced::authenticate: lti_message_type->|basic-lti-launch-request|
[Mon Nov 16 08:33:54.792732 2020] WeBWorK::Authen::LTIAdvanced::authenticate: LTIAdvanced::authenticate request-> verify failed
[Mon Nov 16 08:33:54.792878 2020] WeBWorK::Authen::LTIAdvanced::authenticate: OAuth verification Failed
[Mon Nov 16 08:33:54.793144 2020] WeBWorK::Authen::LTIAdvanced::verify_normal_user: auth_result=|0|
[Mon Nov 16 08:33:54.793436 2020] WeBWorK::Authen::write_log_entry: Writing to login log: 'LOGIN FAILED OAuth verification failed. Check the Consumer Secret and that the URL in the LMS exactly matches the WeBWorK URL.slanaghan@csudh.edu - authentication failed: 0 user_id=slanaghan@csudh.edu login_type=normal credential_source=LTIAdvanced host=72.219.95.47 port=64477 UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36'.
[Mon Nov 16 08:33:54.794059 2020] WeBWorK::Authen::verify: END VERIFY
[Mon Nov 16 08:33:54.794115 2020] WeBWorK::Authen::verify: result 0
[Mon Nov 16 08:33:54.794152 2020] WeBWorK::dispatch: Bad news: authentication failed!
In reply to Wai Yan Pong

Re: LTI authentication failed through Blackboard

by Danny Glin -

The key message in there is "OAuth verification failed", which means that the information sent by BB doesn't exactly match what WeBWorK is expecting.

Did you have this working previously?

The first thing to check is exactly what the message suggests: make sure that the Consumer Secret that you have set in WeBWorK (probably in /opt/webwork/webwork2/conf/authen_LTI.conf) matches what you have entered in WeBWorK, and also that the URL used in BB matches the URL in WeBWorK, which includes checking $server_root_url in /opt/webwork/webwork2/conf/site.conf.

I also discovered that in my case leaving the Consumer Key blank in our LMS (we use D2L) caused problems.  As long as it was set to something then it worked.

In reply to Danny Glin

Re: LTI authentication failed through Blackboard

by Bianca Sosnovski -

Hi everyone.

I started this post in October but didn't need to follow up on the issue back then because we had a new installed of our Webwork server . But now we started to have the same issue again. 

Some students (not all and students from different courses) started to have issue with the LTI login.  A similar message as below shows to them:

"Your authentication failed. Please try again. Please speak with your instructor if you need help.

MA119-S21-BSosnovski-F24 uses an external authentication system. You've authenticated through that system, but aren't allowed to log in to this course"

This happens to students who were able to login before to access a homework assignments and then they were not able to login for some time. Some of students started to have access again days later.

I followed all the steps and checks listed above by Nathan, but nothing resolved the issue. The debug.log file says that "Failed to verify nonce". I have changed the $NonceLifeTime in the file authen_LTI.cong several times as suggested by other post in the forum. Each time set to a larger values  (it is now 600) but didn't resolve the issue. 

Any idea what else to do or where to look for a possible solution?

Thanks.

------------------------------

Here is a sample of the error as shown in the debug.log:

[Thu Feb 04 14:00:25.214114 2021] WeBWorK::dispatch: The URLPath looks good, we'll add it to the request.[Thu Feb 04 14:00:25.214140 2021] WeBWorK::dispatch: Now we want to look at the parameters we got.

[Thu Feb 04 14:00:25.214162 2021] WeBWorK::dispatch: The raw params:

[Thu Feb 04 14:00:25.214398 2021] WeBWorK::dispatch: lis_person_name_given => 'Dxxxxx’

[Thu Feb 04 14:00:25.214446 2021] WeBWorK::dispatch: tool_consumer_instance_description => 'City University of New York'

[Thu Feb 04 14:00:25.214473 2021] WeBWorK::dispatch: custom_caliper_federated_session_id => 'https://caliper-mapping.cloudbb.blackboard.com/v1/sites/7ecc20d6-ef11-43ac-a3bd-6cd9edce367b/sessions/4FD2074BFC558D49BDB2993E08DFD476'

[Thu Feb 04 14:00:25.214498 2021] WeBWorK::dispatch: lis_result_sourcedid => 'bbgc52825049gi13011907'

[Thu Feb 04 14:00:25.214522 2021] WeBWorK::dispatch: custom_caliper_profile_url => 'https://cunyprod.blackboard.com/learn/api/v1/telemetry/caliper/profile/_54925451_1'

[Thu Feb 04 14:00:25.214546 2021] WeBWorK::dispatch: lis_person_sourcedid => ‘xxxxxxx’

[Thu Feb 04 14:00:25.214570 2021] WeBWorK::dispatch: user_id => 'f114c8e33ea84de486366b5f23e849cc'

[Thu Feb 04 14:00:25.214594 2021] WeBWorK::dispatch: lis_outcome_service_url => 'https://bbhosted.cuny.edu/webapps/gradebook/lti11grade'

[Thu Feb 04 14:00:25.214618 2021] WeBWorK::dispatch: lti_message_type => 'basic-lti-launch-request'

[Thu Feb 04 14:00:25.214643 2021] WeBWorK::dispatch: ext_launch_presentation_css_url => 'https://bbhosted.cuny.edu/common/shared.css,https://bbhosted.cuny.edu/themes/as_2015/theme.css,https://bbhosted.cuny.edu/branding/_1_1/brand.css?ts=1577714075000'

[Thu Feb 04 14:00:25.214667 2021] WeBWorK::dispatch: resource_link_id => '_54925451_1'

[Thu Feb 04 14:00:25.214690 2021] WeBWorK::dispatch: launch_presentation_locale => 'en-US'

[Thu Feb 04 14:00:25.214714 2021] WeBWorK::dispatch: oauth_consumer_key => 'Webwork'

[Thu Feb 04 14:00:25.214738 2021] WeBWorK::dispatch: oauth_version => '1.0'

[Thu Feb 04 14:00:25.214762 2021] WeBWorK::dispatch: context_title => '2021 Spring Term (1) Statistics MA 336 F24[45540] (Queensborough CC)'

[Thu Feb 04 14:00:25.214785 2021] WeBWorK::dispatch: ext_launch_id => 'b1c249ed-1351-4305-9e27-a7abab84d8f8'

[Thu Feb 04 14:00:25.214809 2021] WeBWorK::dispatch: roles => 'urn:lti:role:ims/lis/Learner'

[Thu Feb 04 14:00:25.214833 2021] WeBWorK::dispatch: lis_person_contact_email_primary => ‘xxxx.xxxxxx@student.qcc.cuny.edu'

[Thu Feb 04 14:00:25.214856 2021] WeBWorK::dispatch: oauth_callback => 'about:blank'

[Thu Feb 04 14:00:25.214879 2021] WeBWorK::dispatch: ext_lms => 'bb-3800.0.7-rel.16+bf839b4'

[Thu Feb 04 14:00:25.214903 2021] WeBWorK::dispatch: oauth_signature_method => 'HMAC-SHA1'

[Thu Feb 04 14:00:25.214926 2021] WeBWorK::dispatch: custom_tc_profile_url => 'https://bbhosted.cuny.edu/learn/api/v1/lti/profile?lti_version=LTI-1p0'

[Thu Feb 04 14:00:25.214950 2021] WeBWorK::dispatch: tool_consumer_instance_guid => '153e1b39d0e347519efa1253baed9da8'

[Thu Feb 04 14:00:25.214973 2021] WeBWorK::dispatch: lis_person_name_family => 'Nxxxxx’

[Thu Feb 04 14:00:25.214997 2021] WeBWorK::dispatch: lti_version => 'LTI-1p0'

[Thu Feb 04 14:00:25.215020 2021] WeBWorK::dispatch: lis_person_name_full => 'Dxxxxx Nxxxx Nxxx’

[Thu Feb 04 14:00:25.215043 2021] WeBWorK::dispatch: oauth_nonce => '3414564115058802'

[Thu Feb 04 14:00:25.215072 2021] WeBWorK::dispatch: tool_consumer_instance_name => 'City University of New York'

[Thu Feb 04 14:00:25.215097 2021] WeBWorK::dispatch: launch_presentation_return_url => 'https://bbhosted.cuny.edu/webapps/blackboard/execute/blti/launchReturn?course_id=_1982008_1&content_id=_54925451_1&toGC=false&launch_id=b1c249ed-1351-4305-9e27-a7abab84d8f8&link_id=_54925451_1&launch_time=1612464381020'

[Thu Feb 04 14:00:25.215121 2021] WeBWorK::dispatch: tool_consumer_info_version => '3800.0.7-rel.16+bf839b4'

[Thu Feb 04 14:00:25.215144 2021] WeBWorK::dispatch: context_id => '242fa12435f24913886de98475876420'

[Thu Feb 04 14:00:25.215168 2021] WeBWorK::dispatch: oauth_signature => 'oUJROHckKcZsNbmU/YLbS2fkVWk='

[Thu Feb 04 14:00:25.215192 2021] WeBWorK::dispatch: context_label => 'QCC01_MA_119_F24_1212_1'

[Thu Feb 04 14:00:25.215215 2021] WeBWorK::dispatch: tool_consumer_info_product_family_code => 'BlackboardLearn'

[Thu Feb 04 14:00:25.215239 2021] WeBWorK::dispatch: oauth_timestamp => '1612464381'

[Thu Feb 04 14:00:25.215262 2021] WeBWorK::dispatch: launch_presentation_document_target => 'window'

[Thu Feb 04 14:00:25.215286 2021] WeBWorK::dispatch: resource_link_title => 'HW Intro to WeBWorK'

[Thu Feb 04 14:00:25.215309 2021] WeBWorK::dispatch: tool_consumer_instance_contact_email => 'bbsupport@cuny.edu'

[Thu Feb 04 14:00:25.215333 2021] WeBWorK::dispatch: ---------------------------------------------

[Thu Feb 04 14:00:25.215367 2021] WeBWorK::dispatch: We need to get a course environment (with or without a courseID!)

[Thu Feb 04 14:00:25.220954 2021] WeBWorK::dispatch: Here's the course environment: WeBWorK::CourseEnvironment=HASH(0x55bb6bce3898)

[Thu Feb 04 14:00:25.221330 2021] WeBWorK::dispatch: Using user_authen_module WeBWorK::Authen::LTIAdvanced: WeBWorK::Authen::LTIAdvanced=HASH(0x55bb6bdc20b8)

[Thu Feb 04 14:00:25.221388 2021] WeBWorK::dispatch: We got a courseID from the URLPath, now we can do some stuff:

[Thu Feb 04 14:00:25.221420 2021] WeBWorK::dispatch: ...we can create a database object...

[Thu Feb 04 14:00:25.227112 2021] WeBWorK::dispatch: (here's the DB handle: WeBWorK::DB=HASH(0x55bb6bd398e8))

[Thu Feb 04 14:00:25.227194 2021] WeBWorK::Authen::verify: BEGIN VERIFY

[Thu Feb 04 14:00:25.227230 2021] WeBWorK::Authen::LTIAdvanced::request_has_data_for_this_verification_module: LTIAdvanced has been called for data verification

[Thu Feb 04 14:00:25.227271 2021] WeBWorK::Authen::LTIAdvanced::request_has_data_for_this_verification_module: LTIAdvanced returning that it has sufficient data

[Thu Feb 04 14:00:25.227316 2021] WeBWorK::Authen::do_verify: db ok

[Thu Feb 04 14:00:25.227344 2021] WeBWorK::Authen::LTIAdvanced::get_credentials: LTIAdvanced::get_credentials has been called

[Thu Feb 04 14:00:25.227415 2021] WeBWorK::Authen::LTIAdvanced::get_credentials: LTIAdvanced::get_credentials is returning a 1

[Thu Feb 04 14:00:25.227442 2021] WeBWorK::Authen::do_verify: credentials ok

[Thu Feb 04 14:00:25.227473 2021] WeBWorK::Authen::LTIAdvanced::check_user: LTIAdvanced::check_user has been called for user_id = |xxxxxxxxxx|

[Thu Feb 04 14:00:25.228633 2021] WeBWorK::Authen::LTIAdvanced::check_user: LTIAdvanced::check_user is about to return a 1.

[Thu Feb 04 14:00:25.228706 2021] WeBWorK::Authen::do_verify: check user ok

[Thu Feb 04 14:00:25.228751 2021] WeBWorK::Authen::LTIAdvanced::verify_normal_user: LTIAdvanced::verify_normal_user called for user |xxxxxxxx|

[Thu Feb 04 14:00:25.229102 2021] WeBWorK::Authen::LTIAdvanced::verify_normal_user: sessionExists='1' keyMatches='' timestampValid=''

[Thu Feb 04 14:00:25.229166 2021] WeBWorK::Authen::LTIAdvanced::authenticate: LTIAdvanced::authenticate called for user |xxxxxxxxxx|

[Thu Feb 04 14:00:25.229195 2021] WeBWorK::Authen::LTIAdvanced::authenticate: ref(r) = |WeBWorK::Request|

[Thu Feb 04 14:00:25.229220 2021] WeBWorK::Authen::LTIAdvanced::authenticate: ref of r->{paramcache} = |HASH|

[Thu Feb 04 14:00:25.229248 2021] WeBWorK::Authen::LTIAdvanced::authenticate: Nonce = |3414564115058802|

[Thu Feb 04 14:00:25.229567 2021] WeBWorK::Authen::LTIAdvanced::authenticate: Failed to verify nonce

[Thu Feb 04 14:00:25.229628 2021] WeBWorK::Authen::LTIAdvanced::verify_normal_user: auth_result=|0|

[Thu Feb 04 14:00:25.229763 2021] WeBWorK::Authen::write_log_entry: Writing to login log: 'LOGIN FAILED xxxxxxxx - authentication failed: 0 user_id=xxxxxxx login_type=normal credential_source=LTIAdvanced host=100.2.88.126 port=63526 UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36 Edg/88.0.705.56'.

[Thu Feb 04 14:00:25.230070 2021] WeBWorK::Authen::verify: END VERIFY

[Thu Feb 04 14:00:25.230105 2021] WeBWorK::Authen::verify: result 0

[Thu Feb 04 14:00:25.230142 2021] WeBWorK::dispatch: Bad news: authentication failed!

[Thu Feb 04 14:00:25.230168 2021] WeBWorK::dispatch: set displayModule to WeBWorK::ContentGenerator::Login

[Thu Feb 04 14:00:25.230192 2021] WeBWorK::dispatch: --------------------------------------------------------------------------------

[Thu Feb 04 14:00:25.230214 2021] WeBWorK::dispatch: Finally, we'll load the display module...

[Thu Feb 04 14:00:25.230289 2021] WeBWorK::dispatch: ...instantiate it...

[Thu Feb 04 14:00:25.230336 2021] WeBWorK::dispatch: ...and call it:

[Thu Feb 04 14:00:25.230361 2021] WeBWorK::dispatch: -------------------- call to WeBWorK::ContentGenerator::Login::go

[Thu Feb 04 14:00:25.233233 2021] WeBWorK::dispatch: -------------------- call to WeBWorK::ContentGenerator::Login::go

[Thu Feb 04 14:00:25.233422 2021] WeBWorK::dispatch: returning result: 0

[Thu Feb 04 14:00:25.393891 2021] WeBWorK::dispatch: 



In reply to Bianca Sosnovski

Re: LTI authentication failed through Blackboard

by Nathan Wallach -

The "Failed to verify nonce" error log message is triggered in  webwork2/lib/WeBWorK/Authen/LTIAdvanced.pm  when the test if (!($nonce->ok ) ) comes out true, namely when there is a detection of a reuse of the nonce.

There are some similar reports for other systems with BlackBoard's LTI:

I took a look at the code which checks if nonces are valid, and it seems to me not to be correct. I think that (a) the purge code should run more often (otherwise old nonces can stay around in the database for almost double as long as they were intended to and (b) I think any nonce reuse should trigger a reject, while at present based on time-stamps, some (probably most) are not rejected - which may be why the issue of (a) did not cause greater problems.

Note: If there was also a warning message about "Nonce Expired.  Your NonceLifeTime may be too short" increasing $NonceLifeTime might be able to help. However, as you did not report seeing a message about "Nonce Expired" so I suspect that the problems is that BlackBoard is reusing the same nonce again before it is removed from the database, and the reuse is triggering the rejection. The fact that a specific user keeps having problems for many hours seems to suggest that BlackBoard is not really using a "new" nonce each time, but is caching a value for the student and reusing it again and again - which is not how a nonce is meant to be generated and used.

I suspect that changing NONCE_LIFETIME in webwork2/lib/WeBWorK/Authen/LTIAdvanced.pm to a significantly lower value may help. That will allow the purge to run more often and to drop nonce records from that database much sooner than at present.

Please email me your current version of LTIAdvanced.pm and I will try to provide a patched version to test.

In reply to Nathan Wallach

Re: LTI authentication failed through Blackboard

by Bianca Sosnovski -

Hi Nathan,

Thank you for your reply.

You are right, most of the login don't get reject. It is my experience with my own courses that 3 or 4 students out 30 get rejected in the authentication process. 

There is no error or warming message about "Nonce Expired" in the debug.

I made the changes to  NONCE_LIFETIME  in webwork2/conf/authen_LTI.conf to higher values after the issue started. (I was trying what was suggested in the post https://webwork.maa.org/moodle/mod/forum/discuss.php?d=4818&parent=14379. But no success with the change). Just changed it back to NONCE_LIFETIME = 60.

The LTIAdvanced.pm currently in our server is attached. 

Thanks 😊 


In reply to Bianca Sosnovski

Re: LTI authentication failed through Blackboard

by Nathan Wallach -
Attached is a modified version which has 2 settings (to be made in the file):
  • NONCE_PURGE_FREQUENCY = how often to run the code to purge old nonce records from the database. Set to 7200 seconds (2 hours)
  • NONCE_LIFETIME = how long before an "old" nonce is purged. Set to 21600 seconds (6 hours).
An old nonce can hang around for about 8 hours in total if is created soon after a purge, so is just under 6 hours old when the 3rd review is done for it.

I hope that these setting will help. You can further reduce the NONCE_LIFETIME as needed, but make sure the NONCE_PURGE_FREQUENCY is more frequent than the duration time for a nonce.

It is also changed to reject any LTI login attempt with a nonce in the records (fixing what I think was a bug) but still resetting the timestamp when a reuse is seen.

Please update if this helps.
In reply to Nathan Wallach

Re: LTI authentication failed through Blackboard

by Bianca Sosnovski -

Hi, 

This is a follow up to the previous post.

Unfortunately the issue remains. After I placed Nathan's file for LTIAdvanced.pm we still have students for which the authentication fails with the same message: "Your authentication failed. Please try again. Please speak with your instructor if you need help." and debug still shows " Failed to verify nonce" as described above. 
I also try different parameters mentioned on the post by Nathan (NONCE_PURGE_FREQUENCY  and NONCE_LIFETIME) but it doesn't resolve the issue.

Something that may be related to this issue is that we also have that for a test/exam in quiz mode on Webwork, the LTI links take some students to the standard login webpage instead of to the test/exam. But for the quiz mode assignments login issue, no record is shown on the debug.log file (like it never happened!). I know this indeed happens for an assignment in quiz mode because I tried to login to one as a student via a LTI link and I was taken to the login page for Webwork.

I also communicated with Mike Gage by email and he suggested to contact Blackboard people to ask them to compare of the system clocks ( the date-time values) of the system running Blackboard and the system running webwork. This is my next step.
In reply to Bianca Sosnovski

Re: LTI authentication failed through Blackboard

by Nathan Wallach -

Mike's comment about the time on the servers is certainly something to check, as clock issues can certainly be a cause of LTI authentication problems.

Please try to collect some more debug data.

Of particular interest is the oauth_timestamp, as that indicates the "time" on the other side of the LTI connection.

The sample you had sent earlier showed:

  • [Thu Feb 04 14:00:25.215239 2021] WeBWorK::dispatch: oauth_timestamp => '1612464381'

Using https://www.epochconverter.com/ the timestamp 1612464381 corresponds to 

GMT: Thursday, February 4, 2021 6:46:21 PM

and manually adjusting to the time in NYC = GMT-5 would be

GMT-5: Thursday, February 4, 2021 1:46:21 PM

which disagrees by about 14 minutes from the timestamp on the log record.

You probably want your server to use NTP to keep it's clock synchronized to a time-server.

I'm going to post an updated file which also reports on the nonce and server time and the difference in a few minutes.

In reply to Bianca Sosnovski

Re: LTI authentication failed through Blackboard

by Nathan Wallach -

The new patch should add a block like the following to the debug output after all the LTI data:

============================
===== timestamp info =======
oauth_nonce = 1613384974
WW_server_time = 1613384974
diff(server-oauth) = 0 seconds (0 minutes)
============================ at /opt/webwork/webwork2/lib/WeBWorK/Authen/LTIAdvanced.pm line 145.

If the different is more than 5 seconds, it will be reported even when $debug_lti_parameters = 0 is set.

In reply to Nathan Wallach

Re: LTI authentication failed through Blackboard

by Bianca Sosnovski -

Nathan,

This is fantastic! Thank you  for providing yet another modified file to debug the timestamp.

I contacted our university's Blackboard people. I hope we will hear from them soon. Collecting the info with your modified file certainly helps to figure out the issue.

Our Webwork is running NTP:

root@webwork:~# timedatectl

               Local time: Mon 2021-02-15 13:38:58 EST  

           Universal time: Mon 2021-02-15 18:38:58 UTC  

                 RTC time: Mon 2021-02-15 18:38:58      

                Time zone: America/New_York (EST, -0500)

    System clock synchronized: yes                          

              NTP service: active                       

               RTC in local TZ: no  

I will keep you posted of what is going on.

Thank you gain.

In reply to Bianca Sosnovski

Re: LTI authentication failed through Blackboard

by Bianca Sosnovski -
This is just an update on the issue we had with the authentication failure via Blackboard.

I contacted our University IT for Blackboard and they said they would take a look at the issue.
Couple of weeks after that, I noticed that complains about the issue stopped. I haven't changed anything in the system to resolve the issue since my last post. But I'm happy that people stopped reporting the authentication failure.

Checking the debug file, I still see some occasional occurrence of "authentication failed" but the difference is that students now are able to login right away after it happens (within few seconds). Before it would take long periods of time, sometimes a couple of days for them to be able to login again.

By the way, I hadn't seen any timestamp info (from the patch in LTIAdvanced.pm above) if different between the servers are more than 5 secs appears in the debug that associated with an instance "authentication failed".

It may be that the issue was resolved by a change in the Blackboard system. I'm just not aware if any modification was done in Blackboard 🤷‍♀️.
I will ask the IT if they ever did anything directly related to the issue with Blackboard.

Thank you for all the help.
In reply to Nathan Wallach

Re: LTI authentication failed through Blackboard

by Nathan Wallach -

Warning - do not leave the debug log enabled for too long. It can use up huge amounts of disk space if it is not rotated/pruned.