WeBWorK Main Forum

Moodle LTI token

Moodle LTI token

by W. Ethan Duckworth -
Number of replies: 3

We've been using Webwork for awhile with LDAP authentication.  Recently we decided to try integrating it with Moodle using LTI.  We changed a couple of lines in the config files and added the External Tool for Moodle, but it's not working.  Here's what my sysadmin is saying:

"We followed this link

https://webwork.maa.org/wiki/LTI-Advanced_Authentication#WeBWorK_Setup

It does not appear to be applying the changes on the production build the way that it's described. It does appear to be disabling the ldap connection, however even with enabling the LTI line within the configuration files, for some reason the token does not appear to be passing back to web work. 

They only theory so far is that even though the ldap connection was disabled, webwork still seems to be configure it around that being the sole authentication method, and there's nothing in the configuration file documentation that spells out how to disable it, or if that's even a strategy that needs to be applied.

We are not getting an error message of any kind because it's not even recognizing the token to begin with. We changed the lines in the code, however the problem is it's not having the effect that the documentation indicates that it should.   

Once the LTI is configured within Moodle, when the instructor or student launches the Link for webwork, according to the documentation, it is supposed to pass the token that carries the login credentials over to webwork, and that's not happening. 

I can't recreate an error message because there isn't one, closest thing that I could do would be to record a video of the action not happening. Would that be helpful?"

Any help would be appreciated.

Ethan




In reply to W. Ethan Duckworth

Re: Moodle LTI token

by Danny Glin -
The default instructions don't handle a scenario where both LDAP authentication and LTI authentication are enabled. If you enable them both, then it creates a race condition where the last one wins, which by default is LDAP.

You can have both working simultaneously. You just have to make sure that whichever one is loaded last has a configuration indicating that they should both be valid authentication methods. In localOverrides.conf (unless you have moved things around) you will find the line
include("conf/authen_LTI.conf");
occurs somewhere before the line
include("conf/authen_ldap.conf");

This means that any duplicate configuration options in the latter file will overwrite the ones in the earlier file.  In particular, both of these files tell WeBWorK which authentication modules to use.  In your case the solution is probably to edit authen_ldap.conf and enable both authentication modules there.  It should look something like this:

$authen{user_module} = [ 

        {  "*" => "WeBWorK::Authen::LTIAdvanced", }, #preferred authorization method

        {  "*" => "WeBWorK::Authen::LDAP",}  #fallback authorization method

];


In reply to W. Ethan Duckworth

Re: Moodle LTI token

by Lars Jensen -
Hi Ethan,

While you're testing LTI authentication, I suggest you comment out ldap login in localoverrides.conf. Once you know that LTI login works as expected, you can enable ldap login again.

Lars.
In reply to W. Ethan Duckworth

Re: Moodle LTI token

by W. Ethan Duckworth -

Thanks for the suggestions Danny and Lars.  I don't think our sysadmin was trying to leave LDAP running at the same time, but I'll pass your posts along to him and see what happens.