WeBWorK Main Forum

Brightspace LTI Error: "Keyset URL cannot be reached"

Brightspace LTI Error: "Keyset URL cannot be reached"

by Bianca Sosnovski -
Number of replies: 2

Hi everyone,

Our college has a new Webwork server in development (version 2.18). We are currently using version 2.16.

We are trying to set up the LTI connection with Brightspace for this new server. This is not done at our College. It is done at Central University (our college is one of its 25 campuses). 

When they try to set up our server in the University's Brighspace test environment, the following issue appears: Has anybody had a similar issue before, and how was it resolved?Keyset URL cannot be reached

** Here are the settings we share with Central IT:

Register as a standard tool 

Domain: https://146.111.197.215/

Redirect URLs: https://146.111.197.215/webwork2/ltiadvantage/launch

OpenId Connect Login URL: https://146.111.197.215/webwork2/ltiadvantage/login 

Target Link URI: https://146.111.197.215/webwork2 

Keyset URL: https://146.111.197.215/webwork2/ltiadvantage/keys 

Under Roles, select “Send Institution Role.”


** Here is what has been done so far:

1) Checked URL Accessibility:  

The keyset URL seems to be working (https://146.111.197.215/webwork2/ltiadvantage/keys ). When I enter it in a browser, I see the JSON Webwork's cryptographic info stored (see below).

Keyset URL

2) TLS Compatibility: 

We checked our server, and it supports TLS 1.3. 

We still need the SSL certificate matching the site's name of the site. 

It will be temporary until we swap from the old server to the new one. Could that be the issue?

3) LTI Configuration: 

We double-checked the LTI configuration settings in WeBWorK. 

The authen_LTI.conf file is correctly set up for lTI 1.3, and all necessary variables are appropriately configured.

3) LTI Key: 

We searched about it and found that one possible issue was that the LTI_KEY variable was changed at any point. 

We looked into the database and found no such variable, so we are unsure if we should investigate further. 

4) Network and Firewall Settings: 

We ensured that there were no network or firewall restrictions. 


Please help us in the right direction.





In reply to Bianca Sosnovski

Re: Brightspace LTI Error: "Keyset URL cannot be reached"

by Danny Glin -

The issue is almost certainly the SSL certificate.  The Keyset URL is different than the other URLs in that Brightspace connects directly to your WeBWorK server to fetch the keys, whereas all of the other URLs are accessed by the browser of the user.  The user has the ability to override a certificate mismatch, but it looks like Brightspace won't connect if there isn't a valid certificate.

I believe that the only WeBWorK feature that currently requires the Keyset URL is the Content Selection tool.  If you leave the Keyset URL blank you should still be able to manually create LTI links to WeBWorK courses and assignments, and grade passback should work if configured correctly.  Once you get the certificate you can fill in the Keyset URL and set up Content Selection.

In reply to Danny Glin

Re: Brightspace LTI Error: "Keyset URL cannot be reached"

by Glenn Rice -

Unfortunately, what Danny said is not quite true.  The Keyset URL is not only used by the Content Selection tool.  In fact it was first used for grade pass back.  WeBWorK's site key is used to sign any LTI Advantage request, and the LMS will request the public key from WeBWorK anytime that it needs to decode one of these requests.  The first implemented instance of that was for grade pass back.  Content selection was added later.