Single Sign on from WordPress
OpenLearning supports Single Sign On (SSO) from WordPress using LTI 1.3.
LTI SSO (Learning Tools Interoperability Single Sign-On) is a secure way to log in to the OpenLearning platform. With LTI SSO, you only need to remember one set of login credentials, and you can use those same credentials to log in to multiple platforms.
Please note that LTI 1.3 SSO requires configuration on both sides (the OpenLearning platform and the tool or external platform or LMS).
Required WordPress plugins
For the SSO part, you will need to install two plugins in WordPress: ceLTIc LTI Library
and LTI Platform
. Please find below the link to the plugins that you need and also the private key generation tool that will be used later in the settings.
1. Plugin installation: https://github.com/celtic-project/wordpress-lti-platform/wiki/Installation#wordpress-plugin-repository
2. Administration setup: https://github.com/celtic-project/wordpress-lti-platform/wiki/Administration
3. Add the LTI tool on the WordPress page: https://github.com/celtic-project/wordpress-lti-platform/wiki/Usage
4. Private key generation tool: https://lti-ri.imsglobal.org/keygen/index
Setting up LTI 1.3 SSO in WordPress and OpenLearning
Once the plugins are installed, please follow the steps below to configure LTI 1.3 SSO in WordPress and OpenLearning.
Step 1
In WordPress, activate the LTI Tool plugin.
Step 2
Go to the LTI tools menu.
Step 3
In the LTI tools menu, set the Default Settings.
Step 4
Enable privacy settings.
Step 5
Add the private key ID and the private key. To add a private key, you can use the private key generation tool below:
https://lti-ri.imsglobal.org/keygen/index
Once done, click on the Save changes button and then go back to the LTI tools main menu.
Step 6
From the LTI Tools menu, click on the Add new button. Please consider one tool as one SSO connection. To create another SSO connection, you will need to add or create a new tool.
Step 7
The detail that needs to be configured in the LTI tool are:
1. Name and Code.
2. Launch message URL.
In the OpenLearning platform, the launch URL can be found in your Institution settings > Settings > Integrations menu. For each LTI tool, you will need to create one SSO connection in OpenLearning. Select LTI 1.3 from the connection type dropdown menu and then click on the Add new SSO connection button.
In the new SSO connection, the value in the Target Link URI is the one that needs to be inserted in the launch message URL in the WordPress LTI tool.
3. Then scroll down in the WordPress LTI tool settings until you find the LTI 1.3 configuration.
Fill in the value based on the rules below:
a. Initiate Login URL = Open ID Connect Initiation URL in the OpenLearning new SSO connection.
b. Redirection URI(s) = Target Link URI in the OpenLearning new SSO connection.
c. Public Keyset URL = JWK URL in the OpenLearning new SSO connection.
Step 8
You will also need to insert the LTI tool configuration into the new SSO connection in OpenLearning.
Fill in the value based on the rules below:
a. Keyset URL in OpenLearning = Public Keyset URL in the WordPress LTI tool.
b. Authentication URL in OpenLearning = Authentication request URL in the WordPress LTI tool.
c. The rest have the same name between the two platforms: Platform ID, Client ID, and Deployment ID. Please fill in the value in the new SSO connection in OL for these fields as well.
d. Access token URL in OpenLearning = Authentication request URL in the WordPress LTI tool as shown in the screenshot below.
Step 9
Once done, click on the Save Changes button in the WordPress LTI tool and the Save button in the OpenLearning new SSO connection window.
Step 10
The next step is to open a WordPress page where you can insert the LTI tool for SSO connection to OpenLearning. Insert the LTI tool that you've just created as shown in the screenshot below.
Step 11
Publish the page and the link will show up on the page.
Step 12
There are two options on how you can dictate the LTI SSO link behaviours:
a. Context mapping using page ID. So you can use the page ID in WordPress to dictate the link must redirect the user to a specific class in a course. However, NOTE that this means you can only use 1 LTI tool link on that page as the mapping is on the page level.
To set this mapping, you will need to:
a1. In OpenLearning, select the course in the course mapping section as shown in the screenshot below.
a2. Select the class that you would like to map the link to and enter the WordPress page ID number in the Context ID field for that class. Then click on the Save button to apply the changes.
The page ID number can be taken from the WordPress page URL.
a3. Clicking the LTI SSO link again will redirect the user to that specific class.
There is a video available for this setup type. you can watch the video below:
b. Mapping using the custom parameters in the WordPress LTI tool.
You can use the custom parameters to map the link to:
1. A specific class in a course using the format: class_id=[OL class/cohort ID].
2. A course using the format: course=[OL course ID].
Please note that if you want to use the course ID in the custom parameter, also need to register each learner to the class allocation by using either one of the API endpoints below:
1. https://api.openlearning.com/docs#/Courses/add_class_allocation_for_course
2. https://api.openlearning.com/docs#/Courses/set_class_allocations_for_course
This is because the OL platform needs to know which class to enrol the learners in. Therefore, you can use the API endpoints above to provide this information to the OL platform.
If you use the class ID, this step is not required anymore as you have provided the information on which class the OpenLearning platform should redirect the learner to.
To take into consideration when setting up LTI 1.3 SSO from WordPress
1. In the custom parameters, please ensure there is no extra space before and after the class or course format.
2. 1 WordPress LTI tool can be linked or mapped to only 1 OL SSO connection.
3. 1 WordPress LTI tool can be linked or mapped to only 1 OpenLearning class. To link to another class, you will need to create another new LTI tool in WordPress and 1 new SSO connection in OpenLearning.
4. Therefore, if you have 2 courses with 10 classes each. You will need to create 20 WordPress LTI tools and 20 OpenLearning SSO connections.
5. However, 1 WordPress LTI tool can also be linked or mapped to 1 OpenLearning course. So all learners will be redirected to that course by clicking the LTI SSO link and depending on which class he/she was enrolled in, the learner will be redirected to that class automatically.
6. By using this SSO method from WordPress, when a learner clicks the link for the first time, the login page will appear. This is used to link the incoming user (external ID) to the OpenLearning account the user wishes to use.
Please note that once the link is established, you'll need to contact the OpenLearning Customer Success (CS) team to break the link in case the learner wants to link it (learner's account in WordPress - external ID) to another account in OpenLearning. The CS team can be contacted via email at support@openlearning.com.