Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-57704

Don't force SSLv3 in LTI provider

XMLWordPrintable

    • MOODLE_32_STABLE
    • MOODLE_32_STABLE
    • MDL-57704-master
    • Hide
      Note: Two sites are required for testing this issue.
      1. LTI consumer
      2. LTI provider.
      Enable LTI provider on course and activity
      1. Login as administrator.
      2. Follow Site administration ► Security ► HTTP security and enable 'Allow frame embedding'.
      3. Follow Site administration ► Plugins ► Authentication ► Manage authentication' and enable 'LTI' authentication.
      4. Follow Site administration ► Plugins ► Enrolments ► Manage enrol plugins and enable 'Publish as LTI tool'.
      5. Log out and log in as teacher.
      6. Visit a course with at least 1 activity (assignment) and 1 resource (file).
      7. Follow Course administration ► Users ► Enrolment methods.
      8. Add a Publish as LTI tool with 'Tool to be published' selected to course.
      9. Add a Publish as LTI tool with 'Tool to be published' selected to assignment
      10. Add a Publish as LTI tool with 'Tool to be published' selected to file.
      11. Follow Course administration ► Publish as LTI tool.
      12. Make note of all 3 URLs and secrets.
      On your LTI consumer site.
      1. Visit a course.
      2. Add 3 'External Tool' activities and use the following from your LTI provider site.
        • URL as 'Launch/Cartridge URL'.
        • Secret as 'Shared secret'.
        • Set 'Consumer key' as 'moodle'
      3. Log in as a student.
      4. Visit the course and click on each LTI activity.
      5. Verify 'External Tool' activity links to course display course.
      6. Verify 'External Tool' activity links to assignment display assignment.
      7. Verify 'External Tool' activity links to file display file.
      Proxy test
      1. Copy proxy url from published course in LTI provider site
      2. On a consumer site go to Site administration ► Plugins ► External tool ► Manage tools
      3. Paste the url you copied into the box, but don't click add
      4. Change the token part of the url to something else such as "ASDF123"
      5. Click add
      6. Make sure that there is an error displayed
      7. Click cancel
      8. Paste the URL and this time click add with the correct token
      9. Click continue
      10. Click save
      11. The tool should successfully be added.
      12. Go to a course
      13. Add an external tool
      14. Select the type as the tool you just added
      15. Save and display
      16. Verify it works as expected and you log into LTI provider site correctly
      Show
      Note: Two sites are required for testing this issue. LTI consumer LTI provider. Enable LTI provider on course and activity Login as administrator. Follow Site administration ► Security ► HTTP security and enable 'Allow frame embedding'. Follow Site administration ► Plugins ► Authentication ► Manage authentication' and enable 'LTI' authentication. Follow Site administration ► Plugins ► Enrolments ► Manage enrol plugins and enable 'Publish as LTI tool'. Log out and log in as teacher. Visit a course with at least 1 activity (assignment) and 1 resource (file). Follow Course administration ► Users ► Enrolment methods. Add a Publish as LTI tool with 'Tool to be published' selected to course. Add a Publish as LTI tool with 'Tool to be published' selected to assignment Add a Publish as LTI tool with 'Tool to be published' selected to file. Follow Course administration ► Publish as LTI tool. Make note of all 3 URLs and secrets. On your LTI consumer site. Visit a course. Add 3 'External Tool' activities and use the following from your LTI provider site. URL as 'Launch/Cartridge URL'. Secret as 'Shared secret'. Set 'Consumer key' as 'moodle' Log in as a student. Visit the course and click on each LTI activity. Verify 'External Tool' activity links to course display course. Verify 'External Tool' activity links to assignment display assignment. Verify 'External Tool' activity links to file display file. Proxy test Copy proxy url from published course in LTI provider site On a consumer site go to Site administration ► Plugins ► External tool ► Manage tools Paste the url you copied into the box, but don't click add Change the token part of the url to something else such as "ASDF123" Click add Make sure that there is an error displayed Click cancel Paste the URL and this time click add with the correct token Click continue Click save The tool should successfully be added. Go to a course Add an external tool Select the type as the tool you just added Save and display Verify it works as expected and you log into LTI provider site correctly

      In the LTI provider library we are using, only SSLv3 is used. We need to use TLS instead.

      This is a 3.2 regression because in 3.1 we hacked the library to use our curl wrapper instead (AFAIK)

      This has been fixed upstream. https://github.com/IMSGlobal/LTI-Tool-Provider-Library-PHP/pull/13 So we can either wait for a release or hotfix it ourselves

            johno John Okely
            johno John Okely
            Jun Pataleta Jun Pataleta
            Andrew Lyons Andrew Lyons
            cameron1729 cameron1729
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.