This is a suppliment to the Tsugi LTI Advantage documentation available at www.tsugi.org/ADVANTAGE.md.
Sakai expects to mint the tool private keys as of Sakai-19.0. But you can also create the integration in Sakai and then override the Sakai-chosen tool keys by editing the entry after it is created. There are plans to add support for the tool keyset in a later release of Sakai 19.x.
The workflow between Sakai and Tsugi is quite easy if you can be in the admin UI of both tools at the same time. This can either happen if both systems are administered by the same person or they can work together exchanging values over Slack or email.
Tsugi has a self-service mechanism to request and approve LTI 1.1 keys but does not yet have a self service mechanism to request LTI Advantage keys so you need to create an Issuer.
You can work through this example using the Sakai and Tsugi nightly servers. They are nice to experiment with because they reset every night :)
https://trunk-mysql.nightly.sakaiproject.org/portal/ ( admin / admin )
https://dev1.tsugicloud.org/tsugi/admin/ (tsugi)In Sakai go to Adminstration Workspace, External Tools.
If you are editing an existing LTI 1.1 tool, you can edit the tool, leave the URL, key, and secret alone, turn on LTI 1.3, and skip to the LTI Advantage Security Setup below.
If you are making a new tool, you can either connect a single tool endpoint in Tsugi or you can add Tsugi as a Learning App (Content Item or Deep Linking). The process is the same except for a different URL and few checkboxes at the bottom of the add LTI tool screen.
For a single tool, simply check
Direct tool url like https://dev1.tsugicloud.org/mod/youtube
Check all the services and send name and email to the tool
When intalling Tsugi as an App Store under Learning Apps, check
App Store endpoint like https://dev1.tsugicloud.org/tsugi/lti/store/
Check all the services and send name and email to the tool
Allow external tool to configure itself
Allow the tool to be used from the rich content editor to select content
Continue with the LTI Advantage steps below.
For the process of exchanging LTI Advantage configuration information, it is easiest to have Sakai open in one browser tab and Tsugi open in another browser tab.
First go into the Tsugi Administrator UI and select 'Manage Keys'.
If the issuer entry for the Sakai server is already present in Tsugi,
simply view it and copy all the relevant values into the Sakai tool
entry. The issuer for Sakai is generally the URL of the Sakai server like
https://trunk-mysql.nightly.sakaiproject.org - with no trailing slash.
If no issuer exists in Tsugi, start the Add an Issuer process.
On the Add Issuer screen you can see the OIDC Connect
and OIDC Redirect endpoints before you save the Issuer.
Copy these to Sakai and save the Sakai LTI tool.
Then view the Tool in Sakai. Copy these values to the Tsugi Add Issuer screen:
Leave the tool public and private keys blank in Tsugi and leave the
LTI 1.3 Platform OAuth2 Bearer Token Audience Value blank as well.
Then save the issuer in Tsugi.
Then view the issuer in Tsugi and find the Tool public key. Edit the tool entry in Sakai
and overwrite the Tool Public Key. After you copy the Tool Public Key from Tsugi to Sakai,
you should delete/empty the Tool Private Key in the Sakai tool entry.
Sakai has no need for the Tool's private key and it is
bad security practice for Sakai to posess the Tool's private key and the private key that
was generated by Sakai is no longer even relevant. Sakai simply generated a public/private tool
pair for the tool in case the tool could not generate its own key pair but since Tsugi
does generate a key pair, we use the pair provided by Tsugi instead of the pair generated by Sakai.
Once you have created or found an issuer in Tsugi, you can either edit an
existing tenant/key ar make a new one.
To enable LTI 1.3 launches, you need to select an issuer, set the
deployment_id (always 1 on Sakai for now) and save the tenant/key.
You should be ready to use Lessons to place a tool in Sakai and do a launch. One fun aspect of Sakai is that once you set up a tool with both LTI 1.1 and LTI 1.3 values, you can switch back and forth between 1.1 and 1.3 launches by simply changing the LTI 1.3 radio button.