Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-33898

Expose support for SHA-256 in Sakai's UI

    Details

    • Type: Bug
    • Status: RESOLVED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 11.4
    • Fix Version/s: 12.0, 19.0
    • Component/s: BasicLTI
    • Labels:
      None
    • 12 status:
      Resolved
    • 11 status:
      Please Merge
    • Conversion Script Required:
      Yes
    • Test Plan:
      Hide

      (a) Go into a site as a site owner.  Add an External Tool and edit it to point at

      https://test.tsugicloud.org/mod/map/  / 12345 / secret

      Tick the checkbox for debug.  Do not tick the sha256 tick box. Save and launch the tool.  Look at the debug data and see

      oauth_signature_method=HMAC-SHA1

      Continue the launch and verify that it works.

      (b) Edit the item and tick the sha256 box, save and launch, again inspect the data and find:

      oauth_signature_method=HMAC-SHA256

      Continue the launch and verify that it works.  (Tsugi accepts either SHA1 or SHA256) signatures.

      (c) Go Admin Workspace / External Tools Add an LTI 1.x Tool with this data:

      https://test.tsugicloud.org/tsugi/lti/store/ /12345 / secret

      Check the normal boxes and check "Allow external tool to configure itself (the tool must support the IMS Content-Item message)" as well as checking "Always launch in debug mode" - leave SHA 256 unchecked.

      Go into Lessons / Add Content / And add the map tool from the store.  Launch the tool from Lessons and 

       Look at the debug data and see

      oauth_signature_method=HMAC-SHA1

      Continue the launch to see if it works.

      (d) Go back in and tick the SHA256 item in Admin / External Tools, come back to Lessons and re-launch the tool, the debug data should now say:

      oauth_signature_method=HMAC-SHA256

      Continue the launch to see if it works.

       

      Show
      (a) Go into a site as a site owner.  Add an External Tool and edit it to point at https://test.tsugicloud.org/mod/map/   / 12345 / secret Tick the checkbox for debug.  Do not tick the sha256 tick box. Save and launch the tool.  Look at the debug data and see oauth_signature_method=HMAC-SHA1 Continue the launch and verify that it works. (b) Edit the item and tick the sha256 box, save and launch, again inspect the data and find: oauth_signature_method=HMAC-SHA256 Continue the launch and verify that it works.  (Tsugi accepts either SHA1 or SHA256) signatures. (c) Go Admin Workspace / External Tools Add an LTI 1.x Tool with this data: https://test.tsugicloud.org/tsugi/lti/store/  /12345 / secret Check the normal boxes and check "Allow external tool to configure itself (the tool must support the IMS Content-Item message)" as well as checking "Always launch in debug mode" - leave SHA 256 unchecked. Go into Lessons / Add Content / And add the map tool from the store.  Launch the tool from Lessons and   Look at the debug data and see oauth_signature_method=HMAC-SHA1 Continue the launch to see if it works. (d) Go back in and tick the SHA256 item in Admin / External Tools, come back to Lessons and re-launch the tool, the debug data should now say: oauth_signature_method=HMAC-SHA256 Continue the launch to see if it works.  

      Description

      As of July 1, 2018 IMS will no longer certify LTI applications that use SHA-1.   Sakai already supports SHA-256 but it requires an LTI 2.0 registration to enable it.  This change will make it so that any LTI 1.1 tool can support SHA-256.

      This does not need to make 12.0 as it is a new feature.  It should be in 11-x, 12-x and 12.1 as it will be important going forward.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  csev Charles Severance
                  Reporter:
                  csev Charles Severance
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Git Source Code