WeBWorK Main Forum

Canvas LTI 1.3 authentification issue

Canvas LTI 1.3 authentification issue

by Wai Yan Pong -
Number of replies: 3

We are trying to integrate WebWork with our campus Canvas but run into problems.

Here are some info: Canvas' LTI 1.3, WebWork version 2.18

We follow the instructions on https://webwork.maa.org/wiki/LTI_Authentication_(for_WeBWorK_2.18_or_newer)

WebWork is added to the Externel Apps on Canvas and we modified the webwork config files accordingly. 

A new assignment called "LTI Test" is created in an existing Canvas Course and pointed to an existing webwork course

https://math.csudh.edu/webwork2/24Summer_MAT132_Pong/

Clicking the created link in Canvas brings us to 

https://math.csudh.edu/webwork2/ltiadvantage/login

with error messages from webwork2/logs

[2024-06-12 08:04:08.04346] [20607] [warn] [X2ASJI2hIuZe] [/webwork2/ltiadvantage/login] The LTI Advantage

login route was accessed with invalid or missing parameters.

Where did we go wrong? Perhaps, we simply don't understand how the creation of assignments and login mechanism. 

Please help.

In reply to Wai Yan Pong

Re: Canvas LTI 1.3 authentification issue

by Wai Yan Pong -
I would like to provide more details:
We create a new webwork course and a new Canvas course for testing. When accessing the WebWork course from Canvas
we get this error message: (see attachment)
  • The LTI Advantage login route was accessed with invalid or missing parameters.
when going to the URL : https://math.csudh.edu/webwork2/ltiadvantage/login 
directly from a browser, we get the error message:

This course does not exist.

The setting in authen_LTI_1_3.conf is:

$LTI{v1p3}{PlatformID}      = 'https://csudh.instructure.com';
(Client ID and Deployment ID are taken out here)
$LTI{v1p3}{PublicKeysetURL} = 'https://csudh.instructure.com/api/lti/security/jwks';
$LTI{v1p3}{AccessTokenURL}  = 'https://csudh.instructure.com/login/oauth2/token';
$LTI{v1p3}{AccessTokenAUD}  = 'https://csudh.instructure.com/login/oauth2/token';
$LTI{v1p3}{AuthReqURL}      = 'https://csudh.instructure.com/api/lti/authorize_redirect';

It would be great if someone who have successfully integrated canvas LTI 1.3 with WebWork can give us some pointers. Thanks
Attachment LTI-error.png
In reply to Wai Yan Pong

Re: Canvas LTI 1.3 authentification issue

by Glenn Rice -

The first thing to do is to set "$debug_lti_parameters = 1;" in /opt/webwork/webwork2/conf/authen_LTI.conf.  Then watch the /opt/webwork/webwork2/logs/webwork2.log file when you attempt to sign in via LTI.  That will give you more information.

If you try to go to https://math.csudh.edu/webwork2/ltiadvantage/login in the browser, it will not work.  That route is not intended for direct browser usage.

If you get the message "The LTI Advantage login route was accessed with invalid or missing parameters." then either the $LTI{v1p3}{PlatformID} or the $LTI{v1p3}{ClientID} is incorrect in conf/authen_LTI_1_3.conf, or the LMS is not sending the right thing.  If you have "$debug_lti_parameters = 1;" then the parameters sent by the LMS will be shown in the log.  The "iss" parameter sent by the LMS should be the same as the PlatformID you have set, and the "client_id" sent by the LMS should match the ClientID.

In reply to Glenn Rice

Re: Canvas LTI 1.3 authentification issue

by Wai Yan Pong -
Glenn,

$debug_lti_parameters was set to 1.

But I couldn't find either the "iss" and "client_id" values that you mentioned in the webwork2.log

The typical error messages look like:

[2024-06-12 15:14:53.45273] [22661] [info] Creating process id file "/run/webwork2/webwork2.pid"

[2024-06-12 15:14:53.45304] [22686] [info] Worker 22686 started

[2024-06-12 15:15:17.95425] [22685] [warn] [1-2TpRss-92I] [/webwork2/ltiadvantage/login] The LTI Advantage login route was accessed with invalid or missing parameters.

[2024-06-12 15:15:46.63068] [22662] [warn] [WMiZWblPTTqS] [/webwork2/ltiadvantage/login] The LTI Advantage login route was accessed with invalid or missing parameters.

[2024-06-12 15:20:33.96425] [22668] [warn] [Jmr90IYjMKbn] [/webwork2/ltiadvantage/login] The LTI Advantage login route was accessed with invalid or missing parameters.

[2024-06-12 15:20:54.45343] [22686] [warn] [WXcOc7JB82tU] [/webwork2/ltiadvantage/login] The LTI Advantage login route was accessed with invalid or missing parameters.

[2024-06-12 15:20:55.77463] [22661] [warn] Stopping worker 22674 immediately

[2024-06-12 15:20:55.77475] [22661] [warn] Stopping worker 22685 immediately

[2024-06-12 15:20:55.77623] [22661] [warn] Stopping worker 22670 immediately

[2024-06-12 15:20:55.78013] [22661] [info] Worker 22674 stopped

However, in the earlier part of the log, I did find

[2024-06-12 14:35:52.29798] [22302] [warn] [tGQBAQgRi8Jz] [/webwork2/ltiadvantage/login] The LTI Advantage login route was accessed with the appropriate parameters.

[2024-06-12 14:39:14.67747] [22302] [warn] [VFofusfq2hj4] [/webwork2/ltiadvantage/login] The LTI Advantage login route was accessed with the appropriate parameters.

[2024-06-12 14:39:59.11805] [22301] [warn] [F3tDR3GUkpOG] [/webwork2/ltiadvantage/login] The LTI Advantage login route was accessed with the appropriate parameters.

But I don't recall ever successfully login to WebWork via Canvas. And don't recall what I did differently.

The webwork roster does not have any user except the admin account. So I expect when attempted access the HW set via Canvas, a new user will be created in the WebWork course. 

Also, the url given in the Canvas assignment is 

https://math.csudh.edu/webwork2/Canvas_Integration 

or should it be 

https://math.csudh.edu/webwork2/Canvas_Integration/HW_01 

?

Hopefully, you understand the puzzle and can help us to solve it. Thanks.