External Tool (Google Assignments) loads login screen

External Tool (Google Assignments) loads login screen

by Jon Witts -
Number of replies: 4
Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers

I am hoping someone can help...

I have configured an external tool in our Moodle to link Google Assignments as per the instructions here: https://support.google.com/edu/assignments/thread/62671405/set-up-assignments-in-moodle and initailly it worked well. However after various Moodle and server OS upgrades the external tool no longer works...

When you complete the cycle in the external tool (selecting content etc.) rather than returning to the External Tool setup page in Moodle you are presented with a pop-up Moodle login screen (even though you are still logged into Moodle). 

I have a feeling that it is probably something to do with our Apache install not correctly passing values from the Google external tool back to Moodle, but I have no idea where to start debugging this... 

Can anyone help?

Cheers,
Jon

Average of ratings: -
In reply to Jon Witts

Re: External Tool (Google Assignments) loads login screen

by Ken Task -
Picture of Particularly helpful Moodlers

"I have a feeling that it is probably something to do with our Apache install not correctly passing values from the Google external tool back to Moodle, but I have no idea where to start debugging this... "

A WAF (web application firewall) for Apache would act like that.   Got mod_security installed and active?   If it is, there should be references in either/both the apache server error logs as well as mod_security logs.

Cloudflare in front of your moodle would act as a content cache but it too has (if activited) a WAF.

Another ... maybe moodle isn't keeping pace with Google and versions of LTI support (highest 1.3?).

Did see a moodle page concerning LTI that kinda appears to be a plea for Moodle to begin supporting 1.3 (highest).   Other pages found via Google search indicated Google was 'working with' Canvas ... alas .. not mention of Google working with Moodle.

Some resources/references:

LTI 1.3 Advantage

https://docs.moodle.org/dev/LTI_1.3_support

https://tracker.moodle.org/browse/MDL-62599
test directions in above tracker page has a link to a testing tool
https://ztest.cengage.info/ztest/

'SoS', Ken


Average of ratings: -
In reply to Ken Task

Re: External Tool (Google Assignments) loads login screen

by Jon Witts -
Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers
Hi Ken,

Thanks for your reply.

There is nothing in the error logs that indicates anything from mod_security (I have posted a link to a PasteBin of the relevant logs below). There is no Cloudflare in front of our Moodle either...

With regards to Moodle / Google and LTI; the link in my original post is Google's official docs for settings this functionality up with Moodle and is supported; albeit with community / unofficial support. The Google docs indicate using LTI version 1.1 and not 1.3 as it only asks for a key / secret pair to be set up for access.

I will attempt some of the LTI tests and see if that turns up anything...

Thanks,
Jon
Average of ratings: -
In reply to Jon Witts

Re: External Tool (Google Assignments) loads login screen

by Jon Witts -
Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers
So I am back in work this morning and I have upped the error level to debug on the Moodle server and tailed the error log whilst trying add a Google Assignment LTI. I have copied the relevant error log entries over here on PasteBin: https://pastebin.com/ruuyMwsP

Lines 2 and 3 of the error log are the point at which Google Assignments passes back over to Moodle and my sesskey is seen as invalid and I am then presented with the login screen rather than the addition of the LTI completing... 

[Mon May 03 09:55:22.970353 2021] [php7:notice] [pid 6237] [client 10.0.96.200:50856] PHP Notice:  You should really redirect before you start page output
line 1237 of /lib/outputrenderers.php: call to debugging()
line 2970 of /lib/weblib.php: call to core_renderer->redirect_message()
line 37 of /auth/ldap/ntlmsso_attempt.php: call to redirect()
in /var/www/virt-hosts/vle.queenmargarets.com/htdocs/lib/weblib.php on line 3249, referer: https://assignments.google.com/ 

[Mon May 03 09:55:23.251967 2021] [php7:notice] [pid 6237] [client 10.0.96.200:50856] Default exception handler: Your session has most likely timed out. Please log in again. Debug: \nError code: invalidsesskey\n* line 498 of /lib/setuplib.php: moodle_exception thrown\n* line 33 of /lib/ajax/setuserpref.php: call to print_error()\n, referer: https://vle.queenmargarets.com/auth/ldap/ntlmsso_attempt.php

Any further clues to debug this would be greatly received!

I also have the same question posted over on the Google Assignments support page in case they have any ideas! https://support.google.com/edu/assignments/thread/108390171/cannot-get-assignments-working-with-moodle-3-9?hl=en

Thanks,

Jon

Average of ratings: -
In reply to Jon Witts

Re: External Tool (Google Assignments) loads login screen

by Jon Witts -
Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers
Mmmm, OK; so a little further on I think....

I also increased the server's Apache error logging to debug and re-ran the process of adding a new external tool.... Lots more error logs this time but it included some strange logs around a custom block we had installed called block_gcsepod that was giving warnings about using an empty initialization vector and being referred by the /mod/lti/contentitem_return.php script... See logs below:

[Mon May 03 11:57:16.467792 2021] [authz_core:debug] [pid 11204] mod_authz_core.c(809): [client 10.0.96.200:54281] AH01626: authorization result of : granted, referer: https://vle.queenmargarets.com/mod/lti/contentitem_return.php?course=872&id=3&sesskey=XXXXXXXX
[Mon May 03 11:57:16.486028 2021] [php7:warn] [pid 11204] [client 10.0.96.200:54281] PHP Warning:  openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /var/www/virt-hosts/vle.queenmargarets.com/htdocs/blocks/gcsepod/block_gcsepod.php on line 84, referer: https://vle.queenmargarets.com/mod/lti/contentitem_return.php?course=872&id=3&sesskey=XXXXXXXX
[Mon May 03 11:57:16.486102 2021] [php7:warn] [pid 11204] [client 10.0.96.200:54281] PHP Warning:  Creating default object from empty value in /var/www/virt-hosts/vle.queenmargarets.com/htdocs/blocks/gcsepod/block_gcsepod.php on line 90, referer: https://vle.queenmargarets.com/mod/lti/contentitem_return.php?course=872&id=3&sesskey=XXXXXXXX
[Mon May 03 11:57:16.486128 2021] [php7:warn] [pid 11204] [client 10.0.96.200:54281] PHP Warning:  openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /var/www/virt-hosts/vle.queenmargarets.com/htdocs/blocks/gcsepod/block_gcsepod.php on line 84, referer: https://vle.queenmargarets.com/mod/lti/contentitem_return.php?course=872&id=3&sesskey=XXXXXXXX
[Mon May 03 11:57:16.578607 2021] [deflate:debug] [pid 11204] mod_deflate.c(854): [client 10.0.96.200:54281] AH01384: Zlib: Compressed 230045 to 26573 : URL /my/index.php, referer: https://vle.queenmargarets.com/mod/lti/contentitem_return.php?course=872&id=3&sesskey=XXXXXXXX
[Mon May 03 11:57:16.835053 2021] [ssl:debug] [pid 11204] ssl_engine_kernel.c(383): [client 10.0.96.200:54281] AH02034: Subsequent (No.3) HTTPS request received for child 0 (server vle.queenmargarets.com:443), referer: https://vle.queenmargarets.com/my/

So I have disabled the gcsepod block and it appears as if the LTI is all working as expected.

I will continue testing it and see if I can contact the custom block developers for a fix...

Jon

Average of ratings: -