LTI v1.3: Single Sign-On (Launching OpenLearning from a consumer application)
Setting up LTI 1.3 SSO on OpenLearning
LTI SSO (Learning Tools Interoperability Single Sign-On) is a secure way to log in to the OpenLearning platform. With LTI SSO, you only need to remember one set of login credentials, and you can use those same credentials to log in to multiple platforms.
Please note that LTI 1.3 SSO requires configuration on both sides (the OpenLearning platform and the tool or external platform or LMS). Therefore, you will need to log in to your institution's LMS (Learning Management System) or another external platform that supports LTI to get the detail required during the setup and to enter the detail created in OpenLearning into the external platform.
Please follow the steps below to configure LTI 1.3 SSO in OpenLearning.
Step 1
Under Institution Settings > Integration scroll down to Manage Single Sign-on (SSO) connections.
Step 2
Add a new connection by selecting LTI 1.3 and then click Add new SSO connection.
Step 3
Configure LTI external platform/LMS or tool registration in OpenLearning.
In LTI 1.3, the OpenLearning platform and the external tool or platform exchange messages using a combination of JSON Web Tokens (JWTs) and the OAuth 2.0 framework.
The OpenLearning platform also needs to store some external tool or platform information, including its public key and the URLs where it expects to receive messages.
- Access token URL: the OpenLearning platform needs to send an access token response to the external tool or platform.
- Authentication URL: this is the initiation login. The user clicks on a link to access Openlearning content, at the first step, it will redirect this user to the LTI Platform to initiate the login process.
- Keyset URL: the OpenLearning platform could fetch the external tool or platform's public key from this URL.
For example, in Moodle, the platform detail can be obtained from moodle plugin> external tool > manage tools:
Once completed, click Save.
Step 4
After saving the platform configuration, go to view details and fetch some tool information, like Launch URL and Login URL.
Then, go back to the external platform/LMS or tool to complete the registration. For example in Moodle:
Note: Because different platforms have different configuration forms, the URL terms might be different.
- Login URL: it is the Login initiation URL.
- Launch URL: it might be called “target link URL”.
Testing Launch Flow LTI 1.3 SSO on OpenLearning
In this testing launch flow, you will see, it sends a request to the Login URL
and gets back from the platform, and finally sends a POST request to the launch URL.