Customize, Review, and Publish the assignment

[Avihai-H]

I configured integration with Moodle and launched a new activity that uses an external tool, but I cannot move to the Microsoft Learn LTI launch.

what i'm missing?

[Avihai-H]

I've tried also with Canvas and I got the same error "Could not validate request"

[nehalilani]

hello @Avihai-H

Please make sure the tool has been registered properly in the LMS as well as the platform registration page.

Troubleshooting

Azure Function Traces

Go to your Resource Group inside Azure and select Function App matching connect-XXXXXXX.
Select Functions Blade in Left Hand Pane. Select LtiAdvantageLaunch afterwards.
Choose Monitor Blade in LHP and you should see the Invocation Traces.
Clicking on the failing trace should provide more details related to Server logs for that function invocation to help you.

We'd request you to please share the above details with us in order for us to be able to help you in a better way. Since the details might contain some private information as well. Please feel free to reach out to us via email at learnlti@microsoft.com.

[leestott]

Hi @Avihai-H

Can you check you have a Azure Active Directory connected to your users.

Check AAD, and NRPS is working.

We have seen recent issues where users emails in your LMS and AAD do not match you can receive a failure with the the tool as the email address with which the user was enrolled in the course was not the same as the AAD email- the casing being different.

Please ensure the email are the same and the case matches of the email. We have a action on our side to add case matching.

Please let us know if your issue is related to user accounts being different in AAD vs your LMS.

[Avihai-H]

I need to connect the user from the LMS to Azure AD authenticated? From: Lee Stott <notifications@github.com> Sent: Tuesday, 9 February 2021 11:33 To: microsoft/Learn-LTI <Learn-LTI@noreply.github.com> Cc: Avihai-H <Avihai@outlook.com>; Mention <mention@noreply.github.com> Subject: Re: [microsoft/Learn-LTI] Customize, Review, and Publish the assignment (#113) Hi @Avihai-H<https://github.com/Avihai-H> Can you check you have a Azure Active Directory connected to your users. Check AAD, and NRPS is working. We have seen recent issues where users emails in your LMS and AAD do not match you can receive a failure with the the tool as the email address with which the user was enrolled in the course was not the same as the AAD email- the casing being different. Please ensure the email are the same and the case matches of the email. We have a action on our side to add case matching. Please let us know if your issue is related to user accounts being different in AAD vs your LMS. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<#113 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKO4LLUPOXKY7EFOZGXFGU3S6D6M7ANCNFSM4XFRIAOA>.

[leestott]

Hi @Avihai-H so as per https://github.com/microsoft/Learn-LTI/blob/main/docs/ARCHITECTURE_OVERVIEW.md

You need to simply ensure the users in your LMS and the users in your AAD have the same email address as this is checked to ensure the user from the LMS is the same user as the user in the AAD. see #114

Here’s a breakdown of the key parts of Microsoft Learn LTI Application.

• AAD - Azure Active Directory is a multi-tenant, cloud-based identity and access management service. What this service does in the context of Learn LTI Application is provide single sign-on and multi-factor authentication, NB. Ensure user account details of users in the LMS and AAD are the same to allow users to access the Learn LTI Application.
• Connect - Provides endpoints between LMS v1.1 - 1.3 and Microsoft Learn LTI Application and Azure. Connect verifies Azure calls and serves as the management pipeline to Azure endpoints.
• Backend - Makes the Azure calls to Microsoft Learn Catalog APIs and updates Storage.
• Storage – Stores assignment information and tracks student progress with modules and callback URLs and does not store any personal student information.

[leestott]

Hi @Avihai-H

Thanks for the time today the team have done some debugging. The error you see happens when skipping a step, or not exactly following the installation instructions for an external tool. The team was able to reproduce the error you encountered on Canvas.

If you can follow the instructions after the tool is registered.

Please see the guide here. https://github.com/microsoft/Learn-LTI/blob/main/docs/CONFIGURATION_GUIDE.md#Canvas-LMS

In particular, follow the steps to be done in the Settings pane for installing an external tool.

The team was able to reproduce the error when they selected the "Manual" method instead of the recommended "Client Id" path. Please make sure that you are doing the latter.

the account level, external tools must be installed in the External Apps page in Account Settings. LTI Advantage apps can be added via the Client ID option. Only the Client ID is required to be added.

Click Settings from the left navigation pane.
Click View App Configurations.
Click +App.
Enter the following information:
Configuration Type: select By Client ID
Client ID: enter the "Client ID" from the LTI key registration. Config.Canvas.7

Furthermore, an expected tool launch will involve a redirection. In your case it seems like the tool would have been directly hitting the "https:///lti-advantage-launch/".

This might be because of an incorrect installation process.

Hope this helps. Please reach out to us again if the issue persists after the above remedial steps.

[leestott]

@Avihai-H See https://github.com/microsoft/Learn-LTI/blob/main/docs/TROUBLESHOOTING.md#lti-application-does-not-load-error-messagecould-not-validate-request

[leestott]

@Avihai-H

So the issue is a 401 unauthorized access we have seen this before with Moodle and the issue is relation to the Apache Config on Moodle. I am closing this issue as its now a known issue and fix has been created and documented on the Troubleshooting guide if the error is still present please reach out.

Fix
An Unauthorized (401) Exception occurred when access the Moodle's LTI services.
/mod/lti/services.php/CourseSection/39/bindings/2/memberships

The problem came from the Apache Config.
Solution
Make the following changes to the httpd.conf file or alternatively in the vhosts file

SetEnvIf Authorization "(.)" HTTP_AUTHORIZATION=$1
SetEnvIf Content-Type "(.)" HTTP_CONTENT_TYPE=$1
SetEnvIf Accept "(.*)" HTTP_ACCEPT=$1

References
See: https://stackoverflow.com/a/47031629
https://moodle.org/mod/forum/discuss.php?d=389429