Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-44195

Use Apache Ignite to Automatically Distribute the LTI13Servlet keys across a cluster

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: RESOLVED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 21.0 [Tentative]
    • Component/s: BasicLTI
    • Labels:
      None
    • Test Plan:
      Hide

      This is a dev test special.  To test the cluster bits it is a mega-dev-test.

      Make sure these are not in sakai.properties:

      lti.advantage.lti13servlet.public
      lti.advantage.lti13servlet.private

      Start Sakai, navigate to (replace localhost with whatever server you are using):

      http://localhost:8080/imsblis/lti13

      This page will fail but force the servlet to load and run the init() method - watch for this in the logs.:

      org.sakaiproject.lti13.LTI13Servlet.init Generated tokenKeyPair and stored in Ignite Cache

       Go into Lessons and use LMSTest, retrieve the lineitems and verify that things work.

      Then find a way to re-deploy the servlet.  One way is to keep Sakai running and watch the logs - go into:

      basiclti/basiclti-blis

      and run a mvn command to recompile and re-deploy this code.  Watch the logs and when you see the servlet has reloaded and once again hit the imsblis url for your server:

      http://localhost:8080/imsblis/lti13

      Watch the logs and you should see:

      org.sakaiproject.lti13.LTI13Servlet.init Loaded tokenKeyPair from Ignite Cache

       Go into Lessons and use LMSTest, retrieve the lineitems and verify that things work.

       

      Show
      This is a dev test special.  To test the cluster bits it is a mega-dev-test. Make sure these are not in sakai.properties: lti.advantage.lti13servlet.public lti.advantage.lti13servlet.private Start Sakai, navigate to (replace localhost with whatever server you are using): http://localhost:8080/imsblis/lti13 This page will fail but force the servlet to load and run the init() method - watch for this in the logs.: org.sakaiproject.lti13.LTI13Servlet.init Generated tokenKeyPair and stored in Ignite Cache  Go into Lessons and use LMSTest, retrieve the lineitems and verify that things work. Then find a way to re-deploy the servlet.  One way is to keep Sakai running and watch the logs - go into: basiclti/basiclti-blis and run a mvn command to recompile and re-deploy this code.  Watch the logs and when you see the servlet has reloaded and once again hit the imsblis url for your server: http://localhost:8080/imsblis/lti13 Watch the logs and you should see: org.sakaiproject.lti13.LTI13Servlet.init Loaded tokenKeyPair from Ignite Cache  Go into Lessons and use LMSTest, retrieve the lineitems and verify that things work.  

      Description

      This is a Sakai-21 only Jira - if there is no public / private key pair in sakai.properties (SAK-44194) then the LTI13Servlet will check its Apache Ignite cache and load the public/private key pair from the cache and if it does not find it in the cache, generate a pair and add it to the cache.

      This means that all of the LTI13Servlets across a cluster will be sharing the same keypair.

      In Sakai-21 the better practice it to not set the:

      lti.advantage.lti13servlet.public=MIIBIjANBgkqhkidjkssdhjk...
      lti.advantage.lti13servlet.private=MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYw...

      But instead autogenerate these keys to avoid the security risk of private key material used to allow access to internal Sakai services sitting around in config files.

      This is definately not suitable for Sakai-20.

        Gliffy Diagrams

          Zeplin

            Attachments

            1. ignite-bits.rtf
              2 kB
              Charles Severance

              Issue Links

                Activity

                  People

                  Assignee:
                  csev Charles Severance
                  Reporter:
                  csev Charles Severance
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      Git Integration