Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-44194

Create Sakai property to provide a keypair to Sakai's LTI13Servlet

    XMLWordPrintable

    Details

    • 20 status:
      Resolved
    • Property addition/change required:
      Yes
    • Test Plan:
      Hide

       This is probably a dev test or worse.

      I have some sample properties attached to this Jira with good and bad values for the two new properties.

      You should start Sakai with nothing in the properties and test if the LMSTest tool can retrieve lineitems (which uses these keys).

      Then start Sakai with the bad properties.  You should see this error in the log:

      org.sakaiproject.lti13.LTI13Servlet.init Could not load tokenKeyPair from sakai.properties

      LMSTest lineitem retrieval should work.

      Then start Sakai with the good properties.  You should see this message in the log:

      org.sakaiproject.lti13.LTI13Servlet.init Loaded tokenKeyPair from sakai.properties

      LMSTest lineitem retrieval should work.

      No matter how this works or messes up - LMSTest lineitem retrieval should work.  The servlet falls back to making its own key pair if nothing else works.

      Testing on a cluster is pretty tricky.  That is even harder than a dev test.  Without the properties tokens issued by one server will be rejected by the other servers in the cluster.  This is hard to set up and cause to happen.

       

       

      Show
       This is probably a dev test or worse. I have some sample properties attached to this Jira with good and bad values for the two new properties. You should start Sakai with nothing in the properties and test if the LMSTest tool can retrieve lineitems (which uses these keys). Then start Sakai with the bad properties.  You should see this error in the log: org.sakaiproject.lti13.LTI13Servlet.init Could not load tokenKeyPair from sakai.properties LMSTest lineitem retrieval should work. Then start Sakai with the good properties.  You should see this message in the log: org.sakaiproject.lti13.LTI13Servlet.init Loaded tokenKeyPair from sakai.properties LMSTest lineitem retrieval should work. No matter how this works or messes up - LMSTest lineitem retrieval should work.  The servlet falls back to making its own key pair if nothing else works. Testing on a cluster is pretty tricky.  That is even harder than a dev test.  Without the properties tokens issued by one server will be rejected by the other servers in the cluster.  This is hard to set up and cause to happen.    

      Description

      The servlet which give out LTI Advantage tokens (LTI13Servlet) needs a public / private key pair so it can sign its tokens and check them later.   This is a short-term token and currently is regenerated at server startup and never stored in a database.

      This works great except in a clustered environment.  Different servers in the cluster will get different keys so tokens issued from one server will not be accepted by the other server.  The workaround for Sakai-20 was to load the key pair from sakai.properties so at least all the nodes in the cluster are working from the same key.

      This introduces two new properties

      lti.advantage.lti13servlet.public=MIIBIjANBgkqhkidjkssdhjk...
      lti.advantage.lti13servlet.private=MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYw...

      These properties are the base-64 encoded public and private keys on all one line (i.e. they don't have any "--- BEGIN" headers and are not broken into short lines but they contain the same material as PEM format keys with the headers.

      You can look at the code to generate these keys in Java in:

      basiclti/tsugi-util/src/test/org/tsugi/lti13/LTI13UtilTest.java

      There is even a comment as to how to generate and print these keys using the unit test itself in the source code for that unit test.

      This feature only has value for Sakai-20 - by Sakai-21 this code will use the Apache Ignite Service to generate and share the keys across the cluster automatically.  But it should be fixed and back-ported to Sakai-20 before we run off and build Sakai-21.

      A patch similar to this was developed at UVA for their fork of Sakai-19 but we never got it back into master so this Jira builds the functionality for Sakai-20 and later.

       

        Gliffy Diagrams

          Zeplin

            Attachments

              Activity

                People

                Assignee:
                csev Charles Severance
                Reporter:
                csev Charles Severance
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Git Integration