Connecting Tsugi and Sakai with LTI Advantage

This is a suppliment to the Tsugi LTI Advantage documentation available at www.tsugi.org/ADVANTAGE.md.

Sakai expects to mint the tool private keys as of Sakai-19.0. But you can also create the integration in Sakai and then override the Sakai-chosen tool keys by editing the entry after it is created. There are plans to add support for the tool keyset in a later release of Sakai 19.x.

The workflow between Sakai and Tsugi is quite easy if you can be in the admin UI of both tools at the same time. This can either happen if both systems are administered by the same person or they can work together exchanging values over Slack or email.

Tsugi has a self-service mechanism to request and approve LTI 1.1 keys but does not yet have a self service mechanism to request LTI Advantage keys so you need to create an Issuer.

You can work through this example using the Sakai and Tsugi nightly servers. They are nice to experiment with because they reset every night :)

https://trunk-mysql.nightly.sakaiproject.org/portal/  ( admin / admin )
https://dev1.tsugicloud.org/tsugi/admin/ (tsugi)

Basic Tool Configuration

In Sakai go to Adminstration Workspace, External Tools.

If you are editing an existing LTI 1.1 tool, you can edit the tool, leave the URL, key, and secret alone, turn on LTI 1.3, and skip to the LTI Advantage Security Setup below.

If you are making a new tool, you can either connect a single tool endpoint in Tsugi or you can add Tsugi as a Learning App (Content Item or Deep Linking). The process is the same except for a different URL and few checkboxes at the bottom of the add LTI tool screen.

For a single tool, simply check

When intalling Tsugi as an App Store under Learning Apps, check

Continue with the LTI Advantage steps below.

LTI Advantage Security Setup

For the process of exchanging LTI Advantage configuration information, it is easiest to have Sakai open in one browser tab and Tsugi open in another browser tab.

First go into the Tsugi Administrator UI and select 'Manage Keys'.

If the issuer entry for the Sakai server is already present in Tsugi, simply view it and copy all the relevant values into the Sakai tool entry. The issuer for Sakai is generally the URL of the Sakai server like https://trunk-mysql.nightly.sakaiproject.org - with no trailing slash.

If no issuer exists in Tsugi, Add an Issuer. On the issuer screen you can see the OIDC Connect and OIDC Redirect endpoints to copy to Sakai before you add the Issuer in Tsugi.

If you want Tsugi to generate its own keys, leave them blank on the Tsugi Add Issuer screen and add the issuer.

Then view the issuer in Tsugi and find the Tool public key. Edit the tool entry in Sakai and overwrite the Tool Public Key. After you copy the Tool Public Key from Tsugi to Sakai, you should delete/empty the Tool Private Key in the Sakai tool entry as Sakai really has no need for the Tool's private key and it is bad security practice for Sakai to posess the Tool's private key and the private key that was generated by Sakai is no longer correct.

Once you have created or found an issuer in Tsugi, you can either edit an existing tenant/key ar make a new one. To enable LTI 1.3 launches, you need to select an issuer, set the deployment_id (always 1 on Sakai for now) and save the tenant/key.

You should be ready to use Lessons to place a tool in Sakai and do a launch. One fun aspect of Sakai is that once you set up a tool with both LTI 1.1 and LTI 1.3 values, you can switch back and forth between 1.1 and 1.3 launches by simply changing the LTI 1.3 radio button.