Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LTI Authentication #53

Merged
merged 6 commits into from
Dec 13, 2024
Merged

LTI Authentication #53

merged 6 commits into from
Dec 13, 2024

Conversation

ferishili
Copy link
Contributor

This PR fixes #52

Description

With introduced changes it is now possible to have LTI auth while rendering the opencast videos.

How it works

  • A new admin setting has been introduced "Enable LTI authentication" in filter plugin admin page:

    • the reason to have extra setting is to have a (activate/deactivate) flag by which we first maintain the current (older) rendering method and the use of LTI is more consise!

  • When LTI auth is enabled, we use a local page path as an iframe source, in order to perform the LTI launch directly in that page within iframe. This way, as we directly sumbit the launch form, we make sure that the LTI launch is 100% effective.

  • One important aspect to notice is that, by using LTI auth we have to use default Opencast player, as we need to use ltitool offered way, which /play/{episodeid} in the customtool, and it is not possible to do it in any other way. therefore, it is suggested to adjust default opencast player based on your likings (e.g. deactivate Editor or series list buttons in opencast paella player, etc.)

  • As mentioned in the comments of the linked issue, another important thing is to confgure the Opencast Nginx/Apache with the suggested cookies setting (Partinioned cookies):

...
proxy_cookie_path / "/; HTTPOnly; Secure; SameSite=none; Partitioned";
...

To Test:

  • You would need to patch this PR.
  • Make sure that your opencast is configured correctly:
    • Partinioned cookies, mentioned above.
    • LTI is configured
    • Secure Static Files Option is enabled.
  • Make sure in tool_opencast plugin, you set the LTI Consumerkey and Consumersecret.
  • Enable the admin config "Enable LTI authentication" in filter_opencast plugin.
  • Make sure to have a course with already upload video.
  • Set visibility of that video first to visible to all
  • Have an Opencast video filtered in the course page. (simply use the repository+filter filter as before)
  • Login with a user as enroled student in that course
    • Make sure the video is visible and playble in the filter!
  • With admin/teacher user, change the visibility of that video to hidden for all.
  • With "student" user as enroled student in that course
    • After refreshing the page, video should not be playeable anymore!

Your feedbacks and suggestion are very welcomed, and please don't histate to ask any question regarding this PR.

@ferishili ferishili requested a review from bluetom December 11, 2024 09:45
@ferishili ferishili self-assigned this Dec 11, 2024
@bluetom bluetom added the 4.5.1 label Dec 12, 2024
@bluetom bluetom merged commit 2c12724 into Opencast-Moodle:master Dec 13, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bluetom bluetom bluetom approved these changes

Assignees

@ferishili ferishili

Labels
4.5.1 enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

LTI authentication feature
2 participants
@ferishili @bluetom