Installation

Ubuntu 24.04 + WW 2.19 + Apache + Canvas LTI 1.3 + Shibboleth Issues

Ubuntu 24.04 + WW 2.19 + Apache + Canvas LTI 1.3 + Shibboleth Issues

by Spencer Felsted -
Number of replies: 2

I'm working on building an updated WW server and have run into a couple of issues.

1) Course Selection within Canvas is not showing the Context ID (See photo 1a below)

I don't see anything that is obviously wrong, and while debug_lti_parameters is enabled, there are no relevant logs in webworks2.log

At this point, I have not been able to map the LTI parameters, so I'm not sure if that is related.

2) Shibboleth Auth is successfully working within Apache and the provider, but WW is not thinking it is signed in.

I believe this issue is within the Apache RequestHeader set field and the user_id mapping, but I'm having difficulty diagnosing where the disconnect is.

If I have my Shibboleth attribute ID set to "userprincipalname" and my $shibboleth{mapping}{user_id} set to "upn". How does my Apache config need to look?


Any help would be appreciated!

Attachment Issue 1a.png
In reply to Spencer Felsted

Re: Ubuntu 24.04 + WW 2.19 + Apache + Canvas LTI 1.3 + Shibboleth Issues

by Danny Glin -

By default each external authentication module that you enable is set to be the only one that is active, so if you want both LTI and Shibboleth authentication you will need to tell WeBWorK that both should be checked.

In localOverrides.conf you will need to add the following somewhere after the LTI and Shibboleth authentication sections:

$authen{user_module} = [

        'WeBWorK::Authen::LTIAdvantage',

        'WeBWorK::Authen::Shibboleth',

        'WeBWorK::Authen::Basic_TheLastOption'

];

At the very least this should get you some debug information about LTI in the logs.

I don't know much about Shibboleth authentication in WeBWorK, but reading the documentation in the config file it says that you should replace every instance of "uid" in the apache config block with whatever you set $shibboleth{mapping}{user_id} to, so in your case that would be "upn".  Also, if I understand Shibboleth authentication correctly you will need to use lazy Shibboleth authentication in order to allow LTI to connect directly to WeBWorK before falling back to Shibboleth.

In reply to Danny Glin

Re: Ubuntu 24.04 + WW 2.19 + Apache + Canvas LTI 1.3 + Shibboleth Issues

by Spencer Felsted -

1)

I already have the $authen{user_module} set as you specified in localOverrides.conf.

I have also tried both of these modules individually (by commenting out 'WeBWorK::Authen::*' in '$authen{user_module}' and 'include("conf/authen_*.conf");' in localoverrides.conf)

Alas, still no LTI logs.

2)

I originally had everything set to eppn and had the Shibboleth, Apache, and Webwork configs set accordingly, including replacing all the uid instances, but it wasn't working. So I have now set the names to what we would prefer them to be, and am asking for assistance with how it should be set.

I already have it set to lazy auth as well, so that it should work with the LTI.

2.5)

Sidenote: When I go to a course login, I have not been able to get it to try external auth when I have external_auth=0, it just goes directly to the internal auth page.

Instead, I have been manually going to https://webwork.yourschool.edu/Shibboleth.sso/Login and then also to the variant with the return to variable in order to test. Not sure if this is related or not.


Thank you for your input. I feel like I've been pretty thorough reading through the docs and confs, but here I am.