LTI Provider (Legacy) does not work

Keywords: Moodle - AWS - Technical issue - Other
Description:
Hello. I created two instances on AWS with the image ami-06c904be3a099b327 (bitnami-moodle-3.10.3-0-linux-debian-10-x86_64 -…), one to be a lti provider and the other a consumer.
As usual, I created a course and an activity on the lti provider, which later published the LTI tools, having generated the Cartridge URL, its Scret, the Launch URL and the Registration URL. So far, without any problem.
As for the lti consumer, I also followed the entire protocol. I created a course and then tried to add the activity of the lti provider as an External Tool, going through all possible combinations of the Cartridge URL, its Secret and Launch URL, but without any success. In the best case, when I press the link for this external activity, either as an administrator or as a student, all I can do is call the lti provider home page, but with it always requiring the login and password of the platform.
Then I ask the following questions:

  1. Are there any additional settings that I missed? If so, what is it?
  2. If this is a problem with the moodle version, what would be the most up-to-date version in which the LTI Provider (legacy) is functional?
  3. When will the version of moodle be released in which the LTI advantage will be released?
    Thanks for listening.

Hello @san.am.br,

Thanks for using Bitnami! When using “LTI Legacy”, are you referring to LTI v1 or v2 right? Moodle supports both versions of LTI and should work without problems. Are you following the official guide at https://docs.moodle.org/311/en/Publish_as_LTI_tool? They also link a thread in their official forums with an in-depth guide on it: https://moodle.org/mod/forum/discuss.php?d=345828

Please also keep in mind the following warning:

If your Moodle instance is using HTTP (and not HTTPS) you will only be able to use the tool on sites that are also using HTTP (and not HTTPS).

Regards,
Francisco de Paz

Dear Francisco de Paz.
The information I took as a reference was exactly that of the sites you recommended to me. However, once again I decided to redo all the procedures, this time, instead of placing in the Launch container one of these values: ‘Default’, or ‘Embed’, or ‘Embed, without blocks’, I tested ‘Existing Window’ ( which, by the way, is what the video from the first link shows), and then the ‘New Window’. So, when I tested these changes, I was fortunate to see that everything worked out! Anyway, thanks for the help.
Graciously,
Sanderson Pereira da Silva
Obrigado!

Hello @san.am.br,

I’m glad you could solve the issue and thanks for sharing the solution! Do not doubt to open a new thread if you encounter any more issues in the future.

Regards,
Francisco de Paz

Hello again fdepaz,
Previously I used 2 bitnami Moodle aws images (1 as a provider and the other as an LTI consumer) using only http, which worked. However, after passing both to https with the certificate manager and load balancer, I am having the following problem: “An error occurred when launching the external tool: Sorry, there was an error connecting you to the application.”
So I ask: Does anyone know what may be happening and how to solve such a problem?
Thank you very much in advance.

Regards,
Sanderson Pereira da Silva

Hello @san.am.br,

Given that HTTPS is working properly for both Moodle instances, I would say the error could be coming from the LoadBalancer or a missing configuration on the server side. Reading the docs on HTTPS transitioning, I’m not seeing any red flags.

To make sure, we can check the instances logs. Could you please execute our Support Tool on the machine where the stacks are running by following the steps described in the guide below?

Please note that you need to paste the code ID that is shown at the end.

Regards,
Francisco de Paz

Hi fdepaz,
Incredible this support from bitnami! The code obtained is just below:
6d0b45c8-c3f7-a76c-213d-63e1d06786d9

Thanks again.

Regards,
Sanderson Pereira da Silva

Hi @san.am.br,

There is nothing of note in the logs. I suggest you check in moodle’s official forums as they will be able to give you a more knowledgeable answer on this. There may be some headers that the LB or Apache are removing, but I couldn’t know for sure.

Regards,
Francisco de Paz

Hello again fdepaz
In order to find out where the problem lies, I decided to make another attempt, again creating an LTI Provider and an LTI Consumer, this time using a completely pure Bitnami-Moodle 3.10 image. In fact, the activities I created to pass on by LTI were done with the Moodle questionnaire itself, and not using external files or plugins. Additionally, I tried to run the command ‘sudo / opt / bitnami / bnsupport-tool’ to see if there were any errors in the terminal, which really happened, but only with the LTI Provider after I created the second questionnaire (why?):

The bndiagnostic tool has found some errors that may be related to the issue you are having. The output will be shown on the next page:
? Apache: Found possible issues
[Apache]
Found recent error or warning messages in the Apache error log.
[Fri May 28 13:23:12.870591 2021] [authz_core:error] [pid 2375:tid 140365713508096] [client 10.0.1.81:46060] AH01630: client denied by server configuration: /opt/bitnami/phpmyadmin/

Please check the following guide to troubleshoot server issues:
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-erro
(Code: c338f67f-7ff0-b7a4-5773-ac0dc33be1b2)

In any case, regardless of this error warning, the questionnaire passes between the LTI Provider and LTI Consumer continued to work. It is worth remembering that these tests were performed with both instances already linked to the Target Group and Load Balancer. Therefore, both could not be the problem that would follow with the (I) recording of Type A Record for the Provider and the Consumer (be it linked to their IPs or Load Balancers) and (II) with the binding of an AWS certificate for both.

So, when I performed procedures I and II above, everything went wrong again, including LTI Consumer showing the following message on the Moodle screen:
‘An error occurred when launching the external tool: Sorry, there was an error connecting you to the application.’

Additionally, here are the messages and the support code at the Provider and Consumer terminals, at this moment:

LTI Provider (9edd22f6-0da3-9548-4307-ae56807b7c27):

The bndiagnostic tool has found some errors that may be related to the issue you are having. The output will be shown on the next page:
? Apache: Found possible issues
[Apache]
Found recent error or warning messages in the Apache error log.
[Fri May 28 15:00:16.676278 2021] [authz_core:error] [pid 2376:tid 140365528868608] [client 10.0.2.149:28150] AH01630: client denied by server configuration: /opt/bitnami/phpmyadmin/
 [Fri May 28 15:00:49.682083 2021] [authz_core:error] [pid 1570:tid 140365671544576] [client 10.0.1.81:60248] AH01630: client denied by server configuration: /opt/bitnami/phpmyadmin/index.php
 [Fri May 28 15:08:50.813921 2021] [authz_core:error] [pid 2376:tid 140365612795648] [client 10.0.1.81:61416] AH01630: client denied by server Press [Enter] to continue:
configuration: /opt/bitnami/phpmyadmin/

LTI Consumer (67da7486-9d41-b48e-3596-e9d5c4620aa0):

? Apache: Found possible issues
[Apache]
[Fri May 28 15:22:07.647870 2021] [authz_core:error] [pid 2476:tid 140454280521472] [client 10.0.2.85:48564] AH01630: client denied by server configuration: /opt/bitnami/phpmyadmin/

Then, in an attempt to correct this flaw, I made adjustments to the Bitnami command line, according to the tutorial ‘https://docs.bitnami.com/aws/how-to/configure-elb-ssl-aws/’,
adding in ‘/opt/bitnami/apache2/conf/bitnami/bitnami.conf’ the following lines of code:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}

(NOTE: the line code ‘SetEnvIf x-forwarded-proto https HTTPS = on’ was already in the header of this file.)

However, even so, the problem continued (LTI Provider: 595feb50-8097-6946-0e39-ff9b9d0671fd, LTI Consumer: 81a72f35-4d7f-2ca5-3a8b-c8fa01568a2b).

Finally, I redirected HTTP to HTTPS on AWS Listeners, but there was no way either.

In any case, the problem presented could only be of the Type A Record or the AWS certificate. That’s when I decided to keep the records and remove the Certificate Manager. The result? Everything went back to working perfectly. What should I do? For now I can go using Provider and Consumer without a certificate, but I would really like to find a solution.

A few hours and many attempts later …

As I knew that the AWS Certificate was the problem, I looked for another alternative to certify my two Moodles and ended up finding the ‘Learn About The Bitnami HTTPS Configuration Tool’ tutorial (https://docs.bitnami.com/general/how-to /understand-bncert/),
which explains how to certify a web server by Let’s Encrypt, as long as the instances are removed from Load Balancer and are assigned a fixed IP (AWS Elastic IP). The result? Complete success !!! Finally I now have the LTI Provider communicating with LTI Consumer on https. I’m certainly happy, but without Load Balancer, how can I auto scale my servers? So, I think the most appropriate way would be,
who knows, your development team and AWS will solve this problem together, which due to your technical quality and competence should be easy to solve.

Hugs and thank you very much for your valuable help.
Regards,
Sanderson Pereira da Silva.

Hello @san.am.br,

Thanks a lot for sharing your investigation and discoveries! I’m glad you got this working even though it is not perfect. Could this be an issue with LTI not supporting Load Balancing?

Please note that Bitnami packages and configures already existing applications. In this case, the issue seems to be related to the application itself or AWS LB, which leaves us without many options to solve this on our side. I suggest to first check with Moodle’s developers whether this is an app’s limitation and if not, get in contact with AWS support.

We can leave this thread open in case the solution can be achieved by modifying some of our Bitnami configuration, in which case we will open an internal task to work on it.

Best regards,
Francisco de Paz

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.