I'm attempting to add an External Tool but it's failing to load (blank screen). I consulted an IT professional and he stated that as Moodle Cloud is https, and the External Tool I'm trying to add is http, Moodle Cloud will reject the request.
The host providing me with the LTI tool and shared secret are http only.
I'm also assuming Moodle Cloud cannot and will not deactivate https either...
Is there anyway where I can get around this to have both LMS' connect to one another?
Hi Natalie, sorry that you are encountering some troubles.
The IT professional you consulted with is correct, http LTI tools can't be used on an https moodle instance. (but the reverse case would work: https tools can be used on http moodle instances, but I digress)
You are correct, moodle cloud doesn't offer an option to disable SSL/https. Even if it did, you would not want to because of the security risk that would pose to your site. Basically, https on your cloud instance ensures that all content is encrypted and verifiably from your site. But if an http tool is used on that site, the content from that tool would not be encrypted, which would allow attackers to gain access to information about your users passed over LTI requests. So all modern browsers will not allow http content (such as LTI) on an https site.
So your best option is to contact the provider of your tool and ask them to start using SSL on their site so you can use it via https. This is in their best interests as well as it protects all their clients' data. SSL certificates are cheap these days, and the extra processing power required is not really a problem.
If you haven't already you might want to just double check that the tool is definitely not already working when you use https instead.
If the tool provider really refuses to start using SSL, your do have the option is create a proxy server on top of their tool which allows you to send the LTI requests via https and then forward them to the original tool. But I would recommend leaving that as your last option
