Saltire As a LTI platform

LTI (Learning Tools Interoperability®) is a standard protocol for integrating learning management systems (LMS) to external tools such as Saltire that does not require direct logins. Saltire, as an LTI testing tool, assists in validating and debugging the signed launch requests received by the LMS, which contain user information and authorization data. This enables the Tool Provider to dynamically create user accounts and resources without requiring additional authentication processes. By depending on LTI, the LMS manages user rights, preventing unwanted access to resources and guaranteeing a smooth, safe interface between platforms.

Reasons for utilizing Saltire for LTI testing

• Simulates LTI Launch: Allows for testing of LTI launch requests without needing an actual LMS.
• OAuth Validation: Verifies OAuth signatures and authentication process.
• Parameter Validation: Ensures that LTI parameters (e.g., user info, resource details) are correctly passed and processed.
• Debugging: Provides detailed error logs and feedback for troubleshooting.
• Safe Testing Environment: Allows for testing before deployment in a live environment.
• Ensures Seamless Integration: Helps verify proper communication between the LMS and Tool Provider for user experience.

Launch Workflow

Step 1

LMS Initiates Launch: The LMS (Tool Consumer) sends a signed LTI request to the Tool Provider with necessary parameters (e.g., user details, course info).

Step 2

OAuth Authentication: The Tool Provider verifies the request using the shared secret and checks the OAuth signature for authenticity.

Step 3

User Access: Once authenticated, the Tool Provider processes the request, creates user sessions dynamically, and presents the relevant content.

Step 4

Return URL: After interacting with the tool, the user is redirected back to the LMS via the return URL.

For this LTI workflow, HMAC-SHA1 is using as a security profile.

LTI 1.0 parameters

Security Model

• LTI version : Defines the LTI standard version being used (e.g., LTI 1.0).

This variable is referenced in the request payload as “oauth_version” and “lti_version”.

• Nonce : A unique random string is used to prevent replay attacks and ensure that each request is unique.

This variable is referenced in the request payload as “oauth_nonce”.

• Timestamp : The time when the request was generated

This variable is referenced in the request payload as “oauth_timestamp”.

• Consumer key : Is a unique string identifying in the LMS or Tool Consumer when making the request.

This variable is referenced in the request payload as “oauth_consumer_key”.

• Message type : Specifies the type of LTI message

This variable is referenced in the request payload as “lti_message_type”.

• Signature : The cryptographic signature that authenticates the request and guarantees data integrity.

This variable is referenced in the request payload as “oauth_signature”.

How to create the LTI signature.

To generate an LTI signature, create a base string by concatenating LTI parameters and their values in a specific order, separated by ampersands (&). Include parameters like LTI message type, LTI version, resource link ID, user ID, roles, and OAuth consumer key. Exclude the OAuth signature, non-LTI parameters, and unclicked values in Saltire.

Hash the base string using a cryptographic hash function like SHA-256, then sign the hash value with the private key associated with the OAuth consumer key. The signed hash value is the LTI signature, which is encoded using a scheme like Base64 and included in the LTI request.

The LTI signature ensures the authenticity and integrity of the LTI message, allowing the Tool Provider to verify the request and integrate learning tools and platforms securely.

• signature method : Defines the hashing algorithm used, typically HMAC-SHA1.

This variable is referenced in the request payload as “oauth_signature_method”.

• Shared Secret : The shared secret is a key used by both the Tool Consumer (LMS) and Tool Provider (external tool) to authenticate and secure the LTI request.

This variable won’t share on request payload.

Saltire platform view on those parameters

How those parameters displays in request body

Resource Link

• ID : Indicates the particular resource or activity inside the LMS that is being launched.

This variable is referenced in the request payload as “resource_link_id”.

• Title : Is a human-readable title that describes the resource.

This variable is referenced in the request payload as “resource_link_title”.

• Description : Adds context or details to the resource. These settings enable the LMS to share specific resource information with the external tool.

This variable is referenced in the request payload as “resource_link_description”.

Saltire platform view on those parameters

How those parameters displays in request body

User Information

• ID : Unique identifier for the user.

This variable is referenced in the request payload as “user_id”.

• Role : Defines the user’s role(s) in the course. This parameter can have multiple values.

This variable is referenced in the request payload as “roles”.

• Full name : Full name of the user.

This variable is referenced in the request payload as “lis_person_name_full”.

• Family name : Family name of user.

This variable is referenced in the request payload as “lis_person_name_family”.

• Given name : Given name of user.

This variable is referenced in the request payload as “lis_person_name_given”.

• Email : Primary email of user.

This variable is referenced in the request payload as “lis_person_contact_email_primary”.

• Sourcedid : Source identifier for the user in the institution.

This variable is referenced in the request payload as “lis_person_sourcedid”.

• Image : URL for the user’s profile image.

This variable is referenced in the request payload as “user_image”.

Saltire platform view on those parameters

How those parameters displays in request body

Context

• ID : This variable is referenced in the request payload as “context_id”.
• Type : This variable is referenced in the request payload as “context_type”.
• Title : This variable is referenced in the request payload as “context_title”.
• Label : This variable is referenced in the request payload as “context_label”.
• Course offering sourcedid : This variable is referenced in the request payload as “lis_course_offering_sourcedid”.
• Course section sourcedid : This variable is referenced in the request payload as “lis_course_section_sourcedid”.

Saltire platform view on those parameters

How those parameters displays in request body

Platform

• Product family : This variable is referenced in the request payload as “tool_consumer_info_product_family_code”.
• Version : This variable is referenced in the request payload as “tool_consumer_info_version”.
• GUID : This variable is referenced in the request payload as “tool_consumer_instance_guid”.
• Name : This variable is referenced in the request payload as “tool_consumer_instance_name”.
• Description : This variable is referenced in the request payload as “tool_consumer_instance_description”.
• Contact email : This variable is referenced in the request payload as “tool_consumer_instance_contact_email”.
• URL : This variable is referenced in the request payload as “tool_consumer_instance_url”.

Saltire platform view on those parameters

How those parameters displays in request body

Message

• Return URL : This variable is referenced in the request payload as “launch_presentation_return_url”.
• CSS URL : This variable is referenced in the request payload as “launch_presentation_css_url”.
• Locale : This variable is referenced in the request payload as “launch_presentation_locale”.
• Target : This variable is referenced in the request payload as “launch_presentation_document_target”.
• Width : This variable is referenced in the request payload as “launch_presentation_width”.
• Height : This variable is referenced in the request payload as “launch_presentation_height”.
• Custom parameters : We can have multiple parameters here. Those variables started in request payload as “custom_[value]”.

Eg: if we need a destination as a custom parameter. It mention in request payload as “custom_destination”.

• Extension parameters : We can have multiple parameters for this also. Those variables started in request payload as “ext_[value]”.

Eg: if we need a role as a Extension parameter. It mention in request payload as “ext_role”.

Saltire platform view on those parameters

How those parameters displays in request body

Conclusion

The Saltire platform provides a reliable environment for testing LTI integrations, allowing users to simulate, validate, and troubleshoot LTI requests between an LMS and Tool Providers. It ensures secure communication by verifying OAuth signatures and testing key parameters like user identity, course details, and resource links. Saltire helps streamline the LTI development process by offering detailed feedback and error reporting, making it a valuable tool for ensuring seamless and secure LTI launches before live deployment.

Reference

saLTIre: LTI Tool emulator

Simple LTI Tool Consumer in HTML and JavaScript

Learning Tools Interoperability

Thank you!