Index: basiclti-common/src/java/org/sakaiproject/basiclti/util/SakaiBLTIUtil.java
===================================================================
--- basiclti-common/src/java/org/sakaiproject/basiclti/util/SakaiBLTIUtil.java	(revision 128955)
+++ basiclti-common/src/java/org/sakaiproject/basiclti/util/SakaiBLTIUtil.java	(working copy)
@@ -23,6 +23,8 @@
 import java.util.Map;
 import java.net.URL;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.imsglobal.basiclti.BasicLTIUtil;
 import org.imsglobal.basiclti.BasicLTIConstants;
 import org.sakaiproject.linktool.LinkToolUtil;
@@ -824,16 +826,32 @@
 		return default_secret;
 	}
 
-	static private String getOurServerUrl() {
-		String ourUrl = ServerConfigurationService.getString("sakai.rutgers.linktool.serverUrl");
+	// Since ServerConfigurationService.getServerUrl() is wonky because it sometimes looks
+    // at request.getServerName() instead of the serverUrl property we have our own 
+	// priority to determine our current url.
+	// BLTI-273
+	static public String getOurServerUrl() {
+		String ourUrl = ServerConfigurationService.getString("sakai.lti.serverUrl");
 		if (ourUrl == null || ourUrl.equals(""))
+			ourUrl = ServerConfigurationService.getString("serverUrl");
+		if (ourUrl == null || ourUrl.equals(""))
 			ourUrl = ServerConfigurationService.getServerUrl();
 		if (ourUrl == null || ourUrl.equals(""))
 			ourUrl = "http://127.0.0.1:8080";
 
+		if ( ourUrl.endsWith("/")  && ourUrl.length() > 2 ) 
+			ourUrl = ourUrl.substring(0,ourUrl.length()-1);
+
 		return ourUrl;
 	}
 
+	static public String getOurServletPath(HttpServletRequest request)
+	{
+		String URLstr = request.getRequestURL().toString();
+		String retval = URLstr.replaceFirst("^https??://[^/]*",getOurServerUrl());
+		return retval;
+	}
+
 	public static String toNull(String str)
 	{
 		if ( str == null ) return null;
Index: basiclti-blis/src/java/org/sakaiproject/blti/ServiceServlet.java
===================================================================
--- basiclti-blis/src/java/org/sakaiproject/blti/ServiceServlet.java	(revision 128955)
+++ basiclti-blis/src/java/org/sakaiproject/blti/ServiceServlet.java	(working copy)
@@ -451,7 +451,8 @@
 			oauth_secret = SakaiBLTIUtil.decryptSecret(oauth_secret);
 			M_log.debug("oauth_secret (decrypted): "+oauth_secret);
 
-			OAuthMessage oam = OAuthServlet.getMessage(request, null);
+			String URL = SakaiBLTIUtil.getOurServletPath(request);
+			OAuthMessage oam = OAuthServlet.getMessage(request, URL);
 			OAuthValidator oav = new SimpleOAuthValidator();
 			OAuthConsumer cons = new OAuthConsumer("about:blank#OAuth+CallBack+NotUsed", oauth_consumer_key,oauth_secret, null);
 
@@ -937,7 +938,8 @@
 			oauth_secret = SakaiBLTIUtil.decryptSecret(oauth_secret);
 			M_log.debug("oauth_secret (decrypted): "+oauth_secret);
 
-			pox.validateRequest(oauth_consumer_key, oauth_secret, request);
+			String URL = SakaiBLTIUtil.getOurServletPath(request);
+			pox.validateRequest(oauth_consumer_key, oauth_secret, request, URL);
 			if ( ! pox.valid ) {
 				if (pox.base_string != null) {
 					M_log.warn(pox.base_string);
Index: basiclti-util/src/java/org/imsglobal/pox/IMSPOXRequest.java
===================================================================
--- basiclti-util/src/java/org/imsglobal/pox/IMSPOXRequest.java	(revision 128955)
+++ basiclti-util/src/java/org/imsglobal/pox/IMSPOXRequest.java	(working copy)
@@ -288,8 +288,13 @@
 	// Assumes data is all loaded
 	public void validateRequest(String oauth_consumer_key, String oauth_secret, HttpServletRequest request) 
 	{
+		validateRequest(oauth_consumer_key, oauth_secret, request, null) ;
+	}
+
+	public void validateRequest(String oauth_consumer_key, String oauth_secret, HttpServletRequest request, String URL) 
+	{
 		valid = false;
-		OAuthMessage oam = OAuthServlet.getMessage(request, null);
+		OAuthMessage oam = OAuthServlet.getMessage(request, URL);
 		OAuthValidator oav = new SimpleOAuthValidator();
 		OAuthConsumer cons = new OAuthConsumer("about:blank#OAuth+CallBack+NotUsed", 
 				oauth_consumer_key, oauth_secret, null);
Index: basiclti-util/src/java/org/imsglobal/json/IMSJSONRequest.java
===================================================================
--- basiclti-util/src/java/org/imsglobal/json/IMSJSONRequest.java	(revision 128955)
+++ basiclti-util/src/java/org/imsglobal/json/IMSJSONRequest.java	(working copy)
@@ -157,8 +157,13 @@
 	// Assumes data is all loaded
 	public void validateRequest(String oauth_consumer_key, String oauth_secret, HttpServletRequest request) 
 	{
+		validateRequest(oauth_consumer_key, oauth_secret, request, null) ;
+	}
+
+	public void validateRequest(String oauth_consumer_key, String oauth_secret, HttpServletRequest request, String URL) 
+	{
 		valid = false;
-		OAuthMessage oam = OAuthServlet.getMessage(request, null);
+		OAuthMessage oam = OAuthServlet.getMessage(request, URL);
 		OAuthValidator oav = new SimpleOAuthValidator();
 		OAuthConsumer cons = new OAuthConsumer("about:blank#OAuth+CallBack+NotUsed", 
 				oauth_consumer_key, oauth_secret, null);