Integration with ANewSpring LMS

[navalnichnik]

If this is about an issue in the guides

Describe the issue
We are trying to configure ANewSpring (ANS) LMS - it supports LTI 1.1 - to work with the tool. The ANS guide explains we need to have Link, Key, Secret and Custom Parameters in order to make the connection work >> https://support.anewspring.com/en/articles/45857-play-content-from-another-system-in-anewspring-using-lti-consumer

Expected behavior
Could you please clarify how to configure ANewSpring? Basically, how to get these Link, Key, and Secret values.

[leestott]

Hi @navalnichnik

So we have not see ANewSpring ANS LMS>
Have you tried using the setting

Tool name: give the tool a name of your choice. For example: "Microsoft Learn".
Tool URL: https://[lti-domain-url]/api/launch-lti1 where [lti-domain-url] is the Domain URL field from Microsoft Learn LTI application’s registration page.
LTI version: LTI 1.0/1.1
Consumer key: LearnLTI
Shared secret: LearnLTI

If you could try this as per https://github.com/microsoft/Learn-LTI/blob/main/docs/CONFIGURATION_GUIDE.md Again if this works would love for you to make a contribution to the Configuration_guide.md to add setup instructions for ANS LMS.

Please confirm if this works.

[navalnichnik]

Hi @leestott

Thank you for the prompt reply.

I tried the recommendations you kindly shared and I'm afraid it does not work for me.

When I launch the course in ANS after several redirections I get "Oops! Something went wrong." error.

I can see the following in the browser console:

I would really appreciate it if you have any idea how to make the connection work.

[leestott]

Hi @navalnichnik

So the issue is in relation to how your calling the AAD looking at the error
tokens calls are blocked in hidden iframes - https://www.bing.com/search?q=tokens+calls+are+blocked+in+hidden+iframes+ANewSpring&qs=n&form=QBRE&msbsrank=0_0__0&sp=-1&pq=tokens+calls+are+blocked+in+hidden+iframes+anewspring&sc=0-53&sk=&cvid=F33AFA7AA05F4045AB402EE3E6DE2E93

Could you confirm where in the process you get this error? Just some screenshots of the trying to access to app will initially help

[navalnichnik]

Hi @leestott

Sure, please find the details below.

I configured the connection the way you suggested:

When I test the connection, the new tab is opened with the URL (I'm mentioning all redirection in the list:

1. our_LMS_domain/do?action=getExternalActivity&id=361 and then it is immediately redirected to

2. our_LMS_domain/lti-v1p0/launch/361

3. 

4. the next URL is logim.microsoftonline.com/many_parameters_here and here I'm prompted to log in.

5. after successful login I'm redirected back to the URL from step 3 and I see "Loading Assignment screen":

Right after it I see the result I shared with you in my previous message.

Please let me know if there is anything else I can do to help with the troubleshooting.

Thank you and have a great weekend!

[adbindal]

Hi @navalnichnik,

TroubleShooting

It seems like the GetUserDetails API is failing in your case due to which you are facing the issue in opening the assignment page. I'd request you to please try troubleshooting shared at #71.

Probable Hypothesis

In case of LTI1.1, in my experience, the error occurs due to the lack of custom_context_membership_url key being sent to Learn-LTI in the LTI-Launch request. This url is being used by Learn-LTI service to get the details of all pariticipants of the course in order to allow them access to the assignment. For Moodle, setting the LTI Names and Roles Provisioning to Use this service.... enables sending of the context-membership-url. Without this url, Learn-LTI fails to validate the user as a course member and hence does not allow the user access to the assignment. Unfortunately, I am not sure how to turn ON this setting for ANewSpring, I can do some digging across the docs to see if I find something.

[leestott]

@navalnichnik we have opened a support request with anewspring to see if they can provide any guidance TicketNo. [#125340] - Anewspring LMS LTI support

[leestott]

update from anewspring LMS team.

Requirement from Learn LTI application

The context_membership_url is one that returns the enrollments for a particular course (and therefore, it is different for each course implemented within the LMS).

What we require is a url which can return the course-specific members from the LMS. In the case of canvas and Moodle we use the LTI membership from IMS LTI Standards. This can be a string. However, we're not sure how they will set the custom property at the tool level, when we want the url to return course-specific details.

Comment from anewspring LMS
Thank you for the additional information. This is unfortunately currently not possible within aNewSpring. While you could set a fixed value in the custom parameter field, we cannot insert a dynamic value here.
This has been forward this to our product designers to take into consideration for a future release. Should we include this in an upcoming update, we can then contact you as soon as possible.

[bmwsedee]

Hi @leestott ,

I've been looking at this from the aNewSpring side of things, to see what it would take on our end to get this integration up and running. If you could confirm some of my thoughts it would be tremendously helpful for us.

As I understand it, the context_membership_url should be something like https://<lms_domain>/memberships/<course-id>, correct, where this <course-id> should be the dynamic for every course?
Besides supporting that, we should of course also make sure the URL works. Since we currently support LTI 1.1, it's not implemented yet, but I did find http://www.imsglobal.org/specs/ltimemv1p0/specification-3, specifically section 3.2 / figure 3.3. Is it correct that the URL in the context_membership_url-parameter should return something like that example to make it all work on your end?

[leestott]

@bmwsedee Hi Ben thanks for reaching out let me have a speak with the team and come back to you, could you please email learnlti@microsoft.com and we can continue the discussion.

[leestott]

@bmwsedee

Thanks a lot for trying our product with ANewSpring and reaching out with your query. To answer your query, context_membership_url is something that we use on our end to get the list of students in a course. To be specific about the Learn-LTI implementation, we are not expecting the url to be of a specific type/form, but the only thing to be concerned about is that there should be one passed to us during the authentication callback and it should be an endpoint on LMS side which should be able to identify the course from the url invocation and return the list of students in that course as a response .

As long as the LMS implement these 2 requirements, the Learn-LTI should work flawlessly. To talk about our implementation, we are using LtiLibrary https://github.com/LtiLibrary/LtiLibrary OSS Implementation for LTI 1.1.1 for Membership response handling, and that internally uses LIS v2 membership api spec to communicate across Learn-LTI and LMS.

References:
• See RawMemberships.json as a reference response for the membership API. https://github.com/LtiLibrary/LtiLibrary/blob/da5ea4fb1c709130b1f90d390620997e4dbab010/test/LtiLibrary.AspNetCore.Tests/ReferenceJson/RawMemberships.json
• Detailed parsing logic was added to LtiLibrary repo as a part of PR #132. LtiLibrary/LtiLibrary#132

[bmwsedee]

Thanks for the answer so far, this clears things up a bit on our end.
This does all lead us to a question with regards to the authentication of the request. When you retrieve the course subscriptions, is that request signed using the OAuth Message Signing as described for LTI 1.1, or does that request require the OpenID tokens as described for LTI 1.3?

[leestott]

@bmwsedee

This does all lead us to a question with regards to the authentication of the request. When you retrieve the course subscriptions, is that request signed using the OAuth Message Signing as described for LTI 1.1, or does that request require the OpenID tokens as described for LTI 1.3?

wrt this-

(i) In case of LTI 1.1: Yes, we sign the request with the message string. In particular we're using the LtiLibrary which contains the implementation for this https://github.com/microsoft/Learn-LTI/blob/main/backend/Bindings/Edna.Bindings.Lti1/Edna.Bindings.Lti1/Lti1MembershipClient.cs, https://github.com/LtiLibrary/LtiLibrary/blob/master/src/LtiLibrary.NetCore/Clients/MembershipClient.cs

(ii) For LTI1.3: we first request an access token using the url shared during the registration process, and then add that access token in the request headers https://github.com/microsoft/Learn-LTI/blob/main/backend/Bindings/Edna.Bindings.LtiAdvantage/Services/NrpsClient.cs

[jeroenhabets]

Since Legacy LTI 1.1 is no longer supported due to serious vulnerabilities (IMS Security Bulletin), we are interested to learn if you got the LTI1.3 (aka LTI Advantage) integration to work with aNewSpring.

Added bonus of LTI Advantage is that it also covers the discussed course membership (LTI Advantage overview).
And the mentioned LTI Library on GitHub has an LtIAdvantage sibling.

[jeroenhabets]

@bmwsedee perhaps I'd better tag you in case you're no longer following this ticket:

Since Legacy LTI 1.1 is no longer supported due to serious vulnerabilities (IMS Security Bulletin), we are interested to learn if you got the LTI1.3 (aka LTI Advantage) integration to work with aNewSpring.

Added bonus of LTI Advantage is that it also covers the discussed course membership (LTI Advantage overview). And the mentioned LTI Library on GitHub has an LtIAdvantage sibling.

[bmwsedee]

@jeroenhabets Thanks for the tag, I had missed your previous comment indeed.

aNewSpring currently does not yet support LTI1.3. What we have made to work previously was support for the Memberships of LTI1.3 as addition to our support for LTI1.1, but there is no full support for LTI1.3 yet.
We are investigating when the addition of support for LTI1.3 will be put on our roadmap, but as of this moment it's not there yet.

If you could tell me what customer you would want this feature for, I can have this officially registered in our systems with the exising feature request

[jeroenhabets]

Hi @bmwsedee,
We actually had a partner that wanted to integrate our product as a tool for a bunch of aNewSpring customers. After the deprecation we had dropped LTI1.1 in early 2021 and aNewSpring had not embraced the secure LTI 1.3 yet so this never materialized. I stumbled upon this issue and for a brief moment thought something had moved here.