Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66708

LTI 1.3 private key reset on each tool edit

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Check current key exposed by Moodle by opening in browser: <moodle_domain>/mod/lti/certs.php
        1. Note the value for kid in the JSON content
      2. Installing a new LTI 1.3 tool should not change the site key; let's verify by installing ZTest tool 1.3 as a site external tool (or you can just open it and save without change if it is already configured)
        1. Log in as an administrator
        2. Navigate to Site Administration > Plugins > External tool > Manage tools
        3. Click on configure a tool manually
        4. Fill the form as follow:
          1. Tool name: ZTest 1.3
          2. Tool url: https://ztest.cengage.info/ztest/lti
          3. LTI Version: LTI 1.3
          4. Public key: copy the value from https://ztest.cengage.info/ztest/ LTI 1.3 Connect info tab
          5. Initiate Login URI: https://ztest.cengage.info/ztest/ws/lti/startlaunch?lti13=true&client_id=CLIENT_ID_HERE&platform=moodle
          6. Redirect URI: https://ztest.cengage.info/ztest/lti
          7. Click on ‘Show more’
          8. Check Content-Item message
          9. Change the 'Privacy' setting ‘Accept grades from the tool’ to 'Delegate to Teacher'.
          10. In Services, IMS LTI Assignment and Grade Services, choose Use this service for grade and column mgmt
        5. Save changes.
      3. Once the tool is created, open the cert page again <moodle_domain>/mod/lti/certs.php
        1. Verify the kid has not changed
      Show
      Check current key exposed by Moodle by opening in browser: <moodle_domain>/mod/lti/certs.php Note the value for kid in the JSON content Installing a new LTI 1.3 tool should not change the site key; let's verify by installing ZTest tool 1.3 as a site external tool (or you can just open it and save without change if it is already configured) Log in as an administrator Navigate to Site Administration > Plugins > External tool > Manage tools Click on configure a tool manually Fill the form as follow: Tool name: ZTest 1.3 Tool url: https://ztest.cengage.info/ztest/lti LTI Version: LTI 1.3 Public key: copy the value from https://ztest.cengage.info/ztest/ LTI 1.3 Connect info tab Initiate Login URI: https://ztest.cengage.info/ztest/ws/lti/startlaunch?lti13=true&client_id=CLIENT_ID_HERE&platform=moodle Redirect URI: https://ztest.cengage.info/ztest/lti Click on ‘Show more’ Check Content-Item message Change the 'Privacy' setting ‘Accept grades from the tool’ to 'Delegate to Teacher'. In Services, IMS LTI Assignment and Grade Services, choose Use this service for grade and column mgmt Save changes. Once the tool is created, open the cert page again <moodle_domain>/mod/lti/certs.php Verify the kid has not changed
    • Affected Branches:
      MOODLE_37_STABLE
    • Fixed Branches:
      MOODLE_37_STABLE, MOODLE_38_STABLE
    • Pull from Repository:
    • Pull 3.7 Branch:
      MDL-66708-MOODLE_37_KeyGenCache
    • Pull 3.8 Branch:
      MDL-66708-MOODLE_38_KeyGenCache
    • Pull Master Branch:
      MDL-66708-KeyGenCache

      Description

      The edit of LTI 1.3 tool will cause moodle to generate a new private key. The call to update function will also cause that issue. We found out moodleroom is caching the jwks page, causing LTI launches to fail as the key is often reset and the cached file still expose a previous public key.

      at 

      https://github.com/moodle/moodle/blob/b742fe1403e8e8030a0a092c01e56836903c5d45/mod/lti/upgradelib.php

      line 38 you will see

      $key = get_config('privatekey', 'mod_lti');

       

      It should be

      $key = get_config('mod_lti', 'privatekey'); //First plugin then name

       

        Attachments

          Activity

            People

            Assignee:
            claudevervoort Claude Vervoort
            Reporter:
            mwleinad Daniel Lopez
            Peer reviewer:
            Peter Dias
            Integrator:
            Jake Dallimore
            Tester:
            Gladys Basiana
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              13/Jan/20

                Time Tracking

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 51 minutes
                51m