LTI 404's

233 views
Skip to first unread message

mostolog

unread,
Apr 24, 2017, 10:01:06 AM4/24/17
to Opencast Users
Hi.


Opencast newbie here.

Just cloned opencast repo, switched to branch 2.4 and built and configured /etc/custom.properties so we have an all-in-one working within a docker container (next to an activemq container)

As we need Sakai LTI integration, on file etc/security/mh_default_org.xml:

Uncommented
<!-- <ref bean="oauthProtectedResourceFilter" /> -->

Added (under <!-- Authentication filter chain -->)
<sec:custom-filter after="BASIC_AUTH_FILTER" ref="oauthProtectedResourceFilter" />

And uncommented/edited the "<!-- This is required for LTI." part to:
  <bean name="oAuthConsumerDetailsService" class="org.opencastproject.kernel.security.OAuthSingleConsumerDetailsService">
    <constructor-arg index="0" ref="userDetailsService" />
    <constructor-arg index="1" value="consumerkey" />
    <constructor-arg index="2" value="consumersecret" />
    <constructor-arg index="3" value="constructorName" />
  </bean>

  <bean name="oauthProtectedResourceFilter" class="org.opencastproject.kernel.security.LtiProcessingFilter">
    <property name="consumerDetailsService" ref="oAuthConsumerDetailsService" />
    <property name="tokenServices">
      <bean class="org.springframework.security.oauth.provider.token.InMemoryProviderTokenServices" />
    </property>
    <property name="nonceServices">
      <bean class="org.springframework.security.oauth.provider.nonce.InMemoryNonceServices" />
    </property>
    <property name="authHandler">
      <bean class="org.opencastproject.kernel.security.LtiLaunchAuthenticationHandler">
        <constructor-arg index="0" ref="userDetailsService" />
        <constructor-arg index="1" ref="securityService" />
        <constructor-arg index="2">
          <list>
            <value>consumerkey</value>
          </list>
        </constructor-arg>
      </bean>
    </property>
  </bean>


With all these, we are getting a buggy working LTI, with a lot of 404 errors which poorly display the player page:
GET jquery-ui.css 404 Not Found host:8080 321B ip:8080 12ms
GET jquery-ui-custom.css 404 Not Found host:8080 328B ip:8080 10ms
GET player-multi-hybrid.css 404 Not Found host:8080 341B ip:8080 17ms
GET player-multi-hybrid-icons.css 404 Not Found host:8080 347B ip:8080 24ms
GET shared.css 404 Not Found host:8080 315B ip:8080 21ms
GET opencast-reset.css 404 Not Found host:8080 336B ip:8080 16ms
GET jquery.wysiwyg.css 404 Not Found host:8080 323B ip:8080 23ms
GET oc.segments.css 404 Not Found host:8080 313B ip:8080 12ms
GET watch.css 404 Not Found host:8080 314B ip:8080 11ms
GET oc.comments.css 404 Not Found host:8080 324B ip:8080 18ms
GET oc.comment.list.css 404 Not Found host:8080 328B ip:8080 16ms
GET jquery.js 404 Not Found host:8080 313B ip:8080 14ms
GET moment.min.js 404 Not Found host:8080 314B ip:8080 10ms
GET date.helper.js 404 Not Found host:8080 315B ip:8080 24ms
GET jquery.utils.js 404 Not Found host:8080 327B ip:8080 22ms
GET FABridge.js 404 Not Found host:8080 319B ip:8080 20ms
GET Videodisplay.js 404 Not Found host:8080 319B ip:8080 18ms
GET jARIA.js 404 Not Found host:8080 320B ip:8080 16ms
GET jquery.cookie.js 404 Not Found host:8080 328B ip:8080 22ms
GET jquery-ui.js 404 Not Found host:8080 316B ip:8080 21ms
GET jquery.corners.js 404 Not Found host:8080 329B ip:8080 19ms
GET jquery.identicon5.js 404 Not Found host:8080 332B ip:8080 17ms
GET jquery.crypt.js 404 Not Found host:8080 327B ip:8080 16ms
GET init-watch.js 404 Not Found host:8080 317B ip:8080 16ms
GET player-multi-hybrid-scubber.js 404 Not Found host:8080 334B ip:8080 15ms
GET player-multi-hybrid.js 404 Not Found host:8080 326B ip:8080 14ms
GET ariaSpinbutton.js 404 Not Found host:8080 321B ip:8080 34ms
GET jquery.wysiwyg.js 404 Not Found host:8080 329B ip:8080 12ms
GET jquery.client.js 404 Not Found host:8080 328B ip:8080 13ms
GET jquery.sparkline.min.js 404 Not Found host:8080 335B ip:8080 12ms
GET engage-ui.js 404 Not Found host:8080 309B ip:8080 25ms
GET jquery.timers-1.2.js 404 Not Found host:8080 332B ip:8080 10ms
GET plugin-controller.js 404 Not Found host:8080 332B ip:8080 20ms
GET bookmarks.js 404 Not Found host:8080 324B ip:8080 9ms
GET description.js 404 Not Found host:8080 326B ip:8080 10ms
GET download.js 404 Not Found host:8080 323B ip:8080 9ms
GET description-plugin.js 404 Not Found host:8080 333B ip:8080 9ms
GET segments_ui.js 404 Not Found host:8080 326B ip:8080 8ms
GET segments_ui-plugin.js 404 Not Found host:8080 333B ip:8080 27ms
GET segments_ui_slider-plugin.js 404 Not Found host:8080 340B ip:8080 6ms
GET segments.js 404 Not Found host:8080 323B ip:8080 6ms
GET segments-plugin.js 404 Not Found host:8080 330B ip:8080 6ms
GET segments_text.js 404 Not Found host:8080 328B ip:8080 13ms
GET segments_text-plugin.js 404 Not Found host:8080 335B ip:8080 21ms
GET search.js 404 Not Found host:8080 321B ip:8080 5ms
GET search-plugin.js 404 Not Found host:8080 328B ip:8080 5ms
GET analytics-plugin.js 404 Not Found host:8080 331B ip:8080 15ms
GET analytics.js 404 Not Found host:8080 324B ip:8080 4ms
GET annotation_chapter-plugin.js 404 Not Found host:8080 340B ip:8080 3ms
GET annotation_chapter.js 404 Not Found host:8080 333B ip:8080 11ms
GET scrubber_comment-plugin.js 404 Not Found host:8080 349B ip:8080 9ms
GET slide_comment-plugin.js 404 Not Found host:8080 346B ip:8080 10ms
GET annotation_comment.js 404 Not Found host:8080 344B ip:8080 8ms
GET annotation_comment_list.js 404 Not Found host:8080 349B ip:8080 15ms
GET annotation_comment_list-plugin.js 404 Not Found host:8080 356B ip:8080 13ms
GET series-plugin.js 404 Not Found host:8080 328B ip:8080 12ms
GET series.js 404 Not Found host:8080 321B ip:8080 10ms
GET logging.js 404 Not Found host:8080 322B ip:8080 9ms
GET player-multi-hybrid-initialize.js 404 Not Found host:8080 337B ip:8080 30ms
GET trimpath.js 404 Not Found host:8080 312B ip:8080 29ms
GET watch.js 404 Not Found host:8080 312B ip:8080 27ms
GET player-multi-hybrid-flash.js 404 Not Found host:8080 332B ip:8080 26ms
GET leftarrow.png 404 Not Found host:8080 325B ip:8080 57ms
GET rightarrow.png 404 Not Found host:8080 326B ip:8080 56ms
GET moment.min.js 404 Not Found host:8080 314B ip:8080 2ms
GET date.helper.js 404 Not Found host:8080 315B ip:8080 2ms
GET jquery.utils.js 404 Not Found host:8080 327B ip:8080 2ms
GET FABridge.js 404 Not Found host:8080 319B ip:8080 2ms
GET Videodisplay.js 404 Not Found host:8080 319B ip:8080 2ms
GET jARIA.js 404 Not Found host:8080 320B ip:8080 2ms
GET jquery.cookie.js 404 Not Found host:8080 328B ip:8080 3ms
GET jquery-ui.js 404 Not Found host:8080 316B ip:8080 2ms
GET jquery.corners.js 404 Not Found host:8080 329B ip:8080 2ms
GET jquery.identicon5.js 404 Not Found host:8080 332B ip:8080 2ms
GET jquery.crypt.js 404 Not Found host:8080 327B ip:8080 2ms
GET init-watch.js 404 Not Found host:8080 317B ip:8080 1ms
GET player-multi-hybrid-scubber.js 404 Not Found host:8080 334B ip:8080 2ms
GET player-multi-hybrid.js 404 Not Found host:8080 326B ip:8080 2ms
GET ariaSpinbutton.js 404 Not Found host:8080 321B ip:8080 2ms
GET jquery.wysiwyg.js 404 Not Found host:8080 329B ip:8080 2ms
GET jquery.client.js 404 Not Found host:8080 328B ip:8080 1ms
GET jquery.sparkline.min.js 404 Not Found host:8080 335B ip:8080 1ms
GET engage-ui.js 404 Not Found host:8080 309B ip:8080 1ms
GET jquery.timers-1.2.js 404 Not Found host:8080 332B ip:8080 2ms
GET plugin-controller.js 404 Not Found host:8080 332B ip:8080 2ms
GET bookmarks.js 404 Not Found host:8080 324B ip:8080 2ms
GET description.js 404 Not Found host:8080 326B ip:8080 2ms
GET download.js 404 Not Found host:8080 323B ip:8080 2ms
GET description-plugin.js 404 Not Found host:8080 333B ip:8080 2ms
GET segments_ui.js 404 Not Found host:8080 326B ip:8080 2ms
GET segments_ui-plugin.js 404 Not Found host:8080 333B ip:8080 3ms
GET segments_ui_slider-plugin.js 404 Not Found host:8080 340B ip:8080 2ms
GET segments.js 404 Not Found host:8080 323B ip:8080 1ms
GET segments-plugin.js 404 Not Found host:8080 330B ip:8080 2ms
GET segments_text.js 404 Not Found host:8080 328B ip:8080 2ms
GET segments_text-plugin.js 404 Not Found host:8080 335B ip:8080 1ms
GET search.js 404 Not Found host:8080 321B ip:8080 2ms
GET search-plugin.js 404 Not Found host:8080 328B ip:8080 2ms
GET analytics-plugin.js 404 Not Found host:8080 331B ip:8080 2ms
GET analytics.js 404 Not Found host:8080 324B ip:8080 2ms
GET annotation_chapter-plugin.js 404 Not Found host:8080 340B ip:8080 1ms
GET annotation_chapter.js 404 Not Found host:8080 333B ip:8080 2ms
GET scrubber_comment-plugin.js 404 Not Found host:8080 349B ip:8080 2ms
GET slide_comment-plugin.js 404 Not Found host:8080 346B ip:8080 2ms
GET annotation_comment.js 404 Not Found host:8080 344B ip:8080 1ms
GET annotation_comment_list.js 404 Not Found host:8080 349B ip:8080 2ms
GET annotation_comment_list-plugin.js 404 Not Found host:8080 356B ip:8080 2ms
GET series-plugin.js 404 Not Found host:8080 328B ip:8080 2ms
GET series.js 404 Not Found host:8080 321B ip:8080 2ms
GET logging.js 404 Not Found host:8080 322B ip:8080 1ms
GET player-multi-hybrid-initialize.js 404 Not Found host:8080 337B ip:8080 1ms
GET trimpath.js 404 Not Found host:8080 312B ip:8080 2ms
GET watch.js 404 Not Found host:8080 312B ip:8080 2ms
GET player-multi-hybrid-flash.js 404 Not Found host:8080 332B ip:8080 2ms
GET space.png 404 Not Found host:8080 312B ip:8080 2ms
GET leftarrow.png 404 Not Found host:8080 325B ip:8080 5ms
GET rightarrow.png 404 Not Found host:8080 326B ip:8080 

Could anyone help us?

Sven Laudel

unread,
Apr 24, 2017, 10:13:44 AM4/24/17
to Opencast Users
Hi,

this is the same problem i'm having with our opencast 2.3.2.
On calling https://xyz.de/ltitools/player/index.html i'm getting the following screen(shot) (btw. calling https://xyz.de/lti/series/index.html?id=series-id works):



Chromes developer tools show me that all css and js files respond with 404.



I just posted this in to the german speaking community, but unfortunately, no one could help.

Best regards
Sven

mostolog

unread,
Apr 24, 2017, 10:18:56 AM4/24/17
to Opencast Users
Probably something related to filters. If no one knows what to do, I'll try with issue tracker.

Furthermore, documentation might have some other mistakes I could try to PR.

Karen Dolan

unread,
Apr 24, 2017, 10:23:43 AM4/24/17
to us...@opencast.org
Sven,

>
> this is the same problem i'm having with our opencast 2.3.2.
> On calling https://xyz.de/ltitools/player/index.html i'm getting the following screen(shot) (btw. calling https://xyz.de/lti/series/index.html?id=series-id works):
>
>
> Chromes developer tools show me that all css and js files respond with 404


From Chromes developer tools, what is the full path of the 404’d object. For example, is it https://xyz.de/ltitools/engage-ui.js, or https://xyz.de/engage-ui.js, or https://xyz.de/engage/engage-ui.js?
If you are logged into the engage server and paste that path directly into your browser, does it still return a 404 for the file, or does it find it?

- Karen
> --
> You received this message because you are subscribed to the Google Groups "Opencast Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to users+un...@opencast.org.

Sven Laudel

unread,
Apr 24, 2017, 10:26:34 AM4/24/17
to Opencast Users, kdo...@dce.harvard.edu
Hi,

it is "/engage/ui/css/jquery-ui/jquery-ui.css".

HTH
Sven

mostolog

unread,
Apr 24, 2017, 10:27:44 AM4/24/17
to Opencast Users, kdo...@dce.harvard.edu
 
From Chromes developer tools, what is the full path of the 404’d object. For example, is it https://xyz.de/ltitools/engage-ui.js, or https://xyz.de/engage-ui.js, or https://xyz.de/engage/engage-ui.js?
If you are logged into the engage server and paste that path directly into your browser, does it still return a 404 for the file, or does it find it?

We're using an allinone self-build .tgz deployment and getting a 404 on browser


Stephen Marquard

unread,
Apr 24, 2017, 10:29:11 AM4/24/17
to us...@opencast.org

Hi Sven and mostolog,

 

I suspect this is related to the roles that the user has in relation to the URL permissions defined in mh_default_org.xml

 

First, when logged in as an LTI user, access /info/me.json to see the effective roles that the user has.

 

You could try this change in mh_default_org.xml:


    <!-- Enable access to the LTI tools -->

    <sec:intercept-url pattern="/ltitools/**" access="ROLE_OAUTH_USER, ROLE_USER" />

 

but it’s possible that the player is somehow not being loaded correctly. Can you provide the full path that the user is being redirected to after LTI authentication, the player URL and the full paths of the jss and CSS files that are getting 404s?

 

For Sakai integration, you can also enable the Sakai user provider by copying org.opencastproject.userdirectory.sakai-default.cfg.sample to org.opencastproject.userdirectory.sakai-yourname.cfg and configuring it for your Sakai instance. This will give logged-in users a set of roles based on their Sakai site membership.

 

Regards

Stephen

 

---
Stephen Marquard, Learning Technologies Co-ordinator,
Centre for Innovation in Learning and Teaching (CILT)
University of Cape Town
http://www.cilt.uct.ac.za
stephen....@uct.ac.za
Phone: +27-21-650-5037 Cell: +27-83-500-5290

--

You received this message because you are subscribed to the Google Groups "Opencast Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to users+un...@opencast.org.

Disclaimer - University of Cape Town This e-mail is subject to UCT policies and e-mail disclaimer published on our website at http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27 21 650 9111. If this e-mail is not related to the business of UCT, it is sent by the sender in an individual capacity. Please report security incidents or abuse via cs...@uct.ac.za

Stephen Marquard

unread,
Apr 24, 2017, 10:33:16 AM4/24/17
to us...@opencast.org

I think you need to add

 

prop.lti.player.url=/engage/theodul/ui/core.html?id=

 

to org.opencastproject.organization-mh_default_org.cfg

 

https://groups.google.com/a/opencast.org/forum/#!msg/announcements/fvLp0It-K1c/EjSy4a0JBQAJ

 

Regards

Stephen

 

---
Stephen Marquard, Learning Technologies Co-ordinator,
Centre for Innovation in Learning and Teaching (CILT)
University of Cape Town
http://www.cilt.uct.ac.za
stephen....@uct.ac.za
Phone: +27-21-650-5037 Cell: +27-83-500-5290

 

From: mostolog [mailto:most...@gmail.com]

Sent: 24 April 2017 04:28 PM
To: Opencast Users <us...@opencast.org>

--

You received this message because you are subscribed to the Google Groups "Opencast Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to users+un...@opencast.org.

Disclaimer - University of Cape Town This e-mail is subject to UCT policies and e-mail disclaimer published on our website at http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27 21 650 9111. If this e-mail is not related to the business of UCT, it is sent by the sender in an individual capacity. Please report security incidents or abuse via cs...@uct.ac.za

Karen Dolan

unread,
Apr 24, 2017, 10:35:23 AM4/24/17
to us...@opencast.org
Stephen,

Do you know if "ROLE_OAUTH_USER" is automatically getting assigned "ROLE_ANONYMOUS" in order to be granted access to paths like "/engage/ui/**"?
Our site had to manually create that association in OCv1.63 (thank you Ruben P). But I thought this was added by default in v2x?

- Karen


> On Apr 24, 2017, at 10:29 AM, Stephen Marquard <stephen....@uct.ac.za> wrote:
>
> Hi Sven and mostolog,
>
> I suspect this is related to the roles that the user has in relation to the URL permissions defined in mh_default_org.xml
>
> First, when logged in as an LTI user, access /info/me.json to see the effective roles that the user has.
>
> You could try this change in mh_default_org.xml:
>
> <!-- Enable access to the LTI tools -->
> <sec:intercept-url pattern="/ltitools/**" access="ROLE_OAUTH_USER, ROLE_USER" />


>
> Regards
> Stephen
>
> ---
> Stephen Marquard, Learning Technologies Co-ordinator,
> Centre for Innovation in Learning and Teaching (CILT)
> University of Cape Town
> http://www.cilt.uct.ac.za
> stephen....@uct.ac.za
> Phone: +27-21-650-5037 Cell: +27-83-500-5290
>
> From: 'Sven Laudel' via Opencast Users [mailto:us...@opencast.org]
> Sent: 24 April 2017 04:14 PM
> To: Opencast Users <us...@opencast.org>
> Subject: [OC Users] Re: LTI 404's
>
> Hi,
>
> this is the same problem i'm having with our opencast 2.3.2.
> On calling https://xyz.de/ltitools/player/index.html i'm getting the following screen(shot) (btw. calling https://xyz.de/lti/series/index.html?id=series-idworks):
>
>
>
>
>
> Chromes developer tools show me that all css and js files respond with 404.
>
>
>
>
>

Ruth Lang

unread,
Apr 24, 2017, 10:46:58 AM4/24/17
to Opencast Users
Hi,

not using Moodle or Sakai but ILIAS....

the LTI provides two interfaces 
  • a complete series : ltitools/series/index.html or ltitools/course/index.html (using the LTI version from Capetown)
  • a single episode: ltitools/player/index.html
Only for the showing a series you can change the player (Paella, Theodule) and it will work.

For a single episode it will not work at all because the "old" engage player stuff which is needed for showing a single episode is not included any longer in OC versions > 2.3.
Have a look at .....modules/matterhorn-lti/src/main/resources/tools/index.html. This routine is a kind of copy of the former engage player.

Therefore we changed this side and implemented a simple redirect to the wished player.

Regarding the permissions of an user: When a LTI-user is allowed to see a video of a series, she/he can also see a single video.
For ILIAS we checked the user via LDAP.

Regards
Ruth

mostolog

unread,
Apr 24, 2017, 11:31:30 AM4/24/17
to Opencast Users

I suspect this is related to the roles that the user has in relation to the URL permissions defined in mh_default_org.xml

 

First, when logged in as an LTI user, access /info/me.json to see the effective roles that the user has.


{"org":{"anonymousRole":"ROLE_ANONYMOUS","name":"My Opencast","adminRole":"ROLE_ADMIN","id":"mh_default_org","properties":...

As I'm testing from browser, it won't probably behave the same way as LTI, but it could help.

 

 You could try this change in mh_default_org.xml:


    <!-- Enable access to the LTI tools -->

    <sec:intercept-url pattern="/ltitools/**" access="ROLE_OAUTH_USER, ROLE_USER" />


could? should?
May I add that ROLE_USER to "default" LTI configuration (can do a PR)
 

but it’s possible that the player is somehow not being loaded correctly.


It's neither being loaded. Going to add prop.lti.player as your other message suggested.
 

Can you provide the full path that the user is being redirected to after LTI authentication, the player URL and the full paths of the jss and CSS files that are getting 404s?

 

For Sakai integration, you can also enable the Sakai user provider by copying org.opencastproject.userdirectory.sakai-default.cfg.sample to org.opencastproject.userdirectory.sakai-yourname.cfg and configuring it for your Sakai instance. This will give logged-in users a set of roles based on their Sakai site membership.


Probably I'm wrong, but I though LTI didn't require userdirectory (our plan is to integrate with CAS). Nevertheless, I'm not able to find that file on 2.4 branch, neither after build.

mostolog

unread,
Apr 24, 2017, 1:40:32 PM4/24/17
to Opencast Users
Hello again


According to comments, I have created an issue
and pulled a couple of requests I would love someone to review and merge
hoping everything is correct.

Apart from that, with player properly set to
...
prop.player=/engage/theodul/ui/core.html
prop.lti.player.url=${prop.player}?id=
...
 and even adding ROLE_USER to <sec:intercept-url pattern="/ltitools/**" access="ROLE_OAUTH_USER" /> it doesn't seem to work.

Still getting lot of 404's when accesing to http://redacted:8080/ltitools/player/index.html?id=192ddc7a-307a-41b1-b9a0-f5bd50394555&tool=ltitools/player/index.html&
like:

As we're testing from https://lti.tools/test/tc.php I expected the user not being set the same way as Sakai would do, but for the sake of this issue, here's the me.json data:
{"org":{"anonymousRole":"ROLE_ANONYMOUS","name":"My Opencast","adminRole":"ROLE_ADMIN","id":"mh_default_org","properties":{"admin.shortcut.general.series_view":"s","admin.shortcut.editor.split_at_current_time":"v","org.opencastproject.admin.ui.url":"http:\/\/opencast:8080","player.shortcut.controls.nextChapter":"pageup","engageui.annotations.enable":"true","admin.shortcut.general.select_previous_dashboard_filter":"F","player.shortcut.controls.jumpToBegin":"backspace","admin.shortcut.player.mute":"m","admin.shortcut.editor.play_ending_of_current_segment":"n","player.mastervideotype":"presenter\/delivery","player.shortcut.layout.focusPrev":"<","org.opencastproject.admin.help.documentation.url":"http:\/\/docs.opencast.org","player.shortcut.controls.prevChapter":"pagedown","player.positioncontrols":"bottom","player.shortcut.zoom.moveLeft":"a","admin.shortcut.general.event_view":"e","admin.shortcut.editor.clear_list":"ctrl+backspace","adminui.user.external_role_display":"false","admin.shortcut.general.help":"?","org.opencastproject.admin.help.restdocs.url":"\/rest_docs.html","logo_mediamodule":"\/engage\/ui\/img\/logo\/opencast-icon.svg","admin.shortcut.general.new_series":"N","engageui.link_mobile_redirect.description":"For more information have a look at the official site.","player.shortcut.zoom.moveRight":"d","player.hide_video_context_menu":"false","player.shortcut.layout.movePiP":"p","player.shortcut.playbackrate.decrease":"T","admin.shortcut.general.select_next_dashboard_filter":"f","lti.player.url":"\/engage\/theodul\/ui\/core.html?id=","player.shortcut.zoom.in":"+","admin.shortcut.player.next_segment":"down","admin.shortcut.general.new_event":"n","player.shortcut.controls.playPause":"space","admin.shortcut.player.next_frame":"right","player.shortcut.fullscreen.cancel":"escape","player.focusedflavor":"presentation","org.opencastproject.admin.mediamodule.url":"http:\/\/opencast:8080\/engage\/ui","player.allowedtags":"engage-download,engage-streaming","player.shortcut.zoom.moveUp":"w","player.shortcut.zoom.out":"-","player.shortcut.layout.focusNext":">","player.shortcut-sequence":"controls,volume,playbackrate,layout,zoom,fullscreen","player.shortcut.controls.seekLeft":"left","player.shortcut.playbackrate.increase":"t","admin.shortcut.editor.play_current_segment_with_pre-roll":"C","org.opencastproject.engage.ui.url":"http:\/\/opencast:8080","player.shortcut.volume.up":"9","adminui.chunksize":"2048","admin.shortcut.player.step_backward":"ctrl+left","admin.shortcut.editor.cut_selected_segment":"backspace","player.shortcut.controls.seekRight":"right","admin.shortcut.editor.play_current_segment":"c","logo_player":"\/engage\/theodul\/ui\/img\/opencast.svg","admin.shortcut.general.remove_filters":"r","player":"\/engage\/theodul\/ui\/core.html","player.shortcut.volume.down":"8","admin.shortcut.general.main_menu":"m","engageui.link_download.enable":"false","engageui.links_media_module.enable":"true","engageui.link_mobile_redirect.enable":"false","login.display_defaults":"true","show_embed_links":"true","admin.shortcut.player.volume_up":"+","player.layout":"off","player.shortcut.fullscreen.enable":"mod+enter","link_mediamodule":"true","admin.shortcut.player.previous_frame":"left","admin.shortcut.player.play_pause":"space","player.shortcut.volume.muteToggle":"m","admin.shortcut.player.volume_down":"-","engageui.link_mobile_redirect.url":"http:\/\/opencast.org\/","admin.shortcut.player.previous_segment":"up","org.opencastproject.oaipmh.server.hosturl":"http:\/\/opencast:8080","admin.shortcut.player.step_forward":"ctrl+right","player.shortcut.zoom.moveDown":"s","player.shortcut.layout.togglePiP":"o"}},"roles":["ROLE_OAUTH_USER","ROLE_SUDO","ROLE_ADMIN","ROLE_ANONYMOUS","ROLE_USER_ADMIN","ROLE_GROUP_MH_DEFAULT_ORG_SYSTEM_ADMINS","ROLE_USER"],"userRole":"ROLE_USER_ADMIN","user":{"provider":"opencast","name":"My Opencast Administrator","email":"m...@mail.com","username":"admin"}}

Following @RuthLang reply, we have launched a few works associated with specific series, in order to check if LTI for series is properly working.

Any feedback is much appreciated.

Stephen Marquard

unread,
Apr 24, 2017, 3:13:29 PM4/24/17
to Opencast Users

Hi,


Can you send a screenshot of what you're filling in on  https://lti.tools/test/tc.php? You could also try testing from one of the Sakai QA servers (http://nightly2.sakaiproject.org/


The launch URL for LTI is a POST to /lti


So this URL won't work as the LTI endpoint:


http://redacted:8080/ltitools/player/index.html?id=192ddc7a-307a-41b1-b9a0-f5bd50394555&tool=ltitools/player/index.html&


The tool=... part is part of the LTI launch parameters, and is where the user is redirected to as the response from the POST to /lti


You should be able to specify


tool=/engage/ui/index.html


and see the same Media Module that you can access via the Admin UI.


The /info/me.json that you've posted looks like it's after you've logged in to Opencast as admin. You should able to start an LTI session (without having logged in to Opencast previously), then open another browser tab and open direct http://some.server/info/me.json and you should see the username provided by LTI and a few roles.


Regards

Stephen


From: mostolog <most...@gmail.com>
Sent: 24 April 2017 07:40:32 PM
To: Opencast Users

Subject: Re: [OC Users] LTI 404's
--
You received this message because you are subscribed to the Google Groups "Opencast Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to users+un...@opencast.org.

mostolog

unread,
Apr 25, 2017, 5:02:30 AM4/25/17
to Opencast Users

Can you send a screenshot of what you're filling in on  https://lti.tools/test/tc.php?

 Attached screen.png

 
and see the same Media Module that you can access via the Admin UI.
Maybe my media is also buggy, cause doesn't seem to work/load styles neither content
Attached media.png

BTW: I'm getting a 404 on http://redacted:8080/engage/ui/language/es-ES.json
 


The /info/me.json that you've posted looks like it's after you've logged in to Opencast as admin. You should able to start an LTI session (without having logged in to Opencast previously), then open another browser tab and open direct http://some.server/info/me.json and you should see the username provided by LTI and a few roles.


Testing on a fresh browser, without admin session started, request is showing login page
so it isn't probably getting proper credentials
{"org":{"anonymousRole":"ROLE_ANONYMOUS","name":"My Opencast","adminRole":"ROLE_ADMIN","id":"mh_default_org","properties":{"admin.shortcut.general.series_view":"s","admin.shortcut.editor.split_at_current_time":"v","org.opencastproject.admin.ui.url":"http:\/\/opencast:8080","player.shortcut.controls.nextChapter":"pageup","engageui.annotations.enable":"true","admin.shortcut.general.select_previous_dashboard_filter":"F","player.shortcut.controls.jumpToBegin":"backspace","admin.shortcut.player.mute":"m","admin.shortcut.editor.play_ending_of_current_segment":"n","player.mastervideotype":"presenter\/delivery","player.shortcut.layout.focusPrev":"<","org.opencastproject.admin.help.documentation.url":"http:\/\/docs.opencast.org","player.shortcut.controls.prevChapter":"pagedown","player.positioncontrols":"bottom","player.shortcut.zoom.moveLeft":"a","admin.shortcut.general.event_view":"e","admin.shortcut.editor.clear_list":"ctrl+backspace","adminui.user.external_role_display":"false","admin.shortcut.general.help":"?","org.opencastproject.admin.help.restdocs.url":"\/rest_docs.html","logo_mediamodule":"\/engage\/ui\/img\/logo\/opencast-icon.svg","admin.shortcut.general.new_series":"N","engageui.link_mobile_redirect.description":"For more information have a look at the official site.","player.shortcut.zoom.moveRight":"d","player.hide_video_context_menu":"false","player.shortcut.layout.movePiP":"p","player.shortcut.playbackrate.decrease":"T","admin.shortcut.general.select_next_dashboard_filter":"f","lti.player.url":"\/engage\/theodul\/ui\/core.html?id=","player.shortcut.zoom.in":"+","admin.shortcut.player.next_segment":"down","admin.shortcut.general.new_event":"n","player.shortcut.controls.playPause":"space","admin.shortcut.player.next_frame":"right","player.shortcut.fullscreen.cancel":"escape","player.focusedflavor":"presentation","org.opencastproject.admin.mediamodule.url":"http:\/\/opencast:8080\/engage\/ui","player.allowedtags":"engage-download,engage-streaming","player.shortcut.zoom.moveUp":"w","player.shortcut.zoom.out":"-","player.shortcut.layout.focusNext":">","player.shortcut-sequence":"controls,volume,playbackrate,layout,zoom,fullscreen","player.shortcut.controls.seekLeft":"left","player.shortcut.playbackrate.increase":"t","admin.shortcut.editor.play_current_segment_with_pre-roll":"C","org.opencastproject.engage.ui.url":"http:\/\/opencast:8080","player.shortcut.volume.up":"9","adminui.chunksize":"2048","admin.shortcut.player.step_backward":"ctrl+left","admin.shortcut.editor.cut_selected_segment":"backspace","player.shortcut.controls.seekRight":"right","admin.shortcut.editor.play_current_segment":"c","logo_player":"\/engage\/theodul\/ui\/img\/opencast.svg","admin.shortcut.general.remove_filters":"r","player":"\/engage\/theodul\/ui\/core.html","player.shortcut.volume.down":"8","admin.shortcut.general.main_menu":"m","engageui.link_download.enable":"false","engageui.links_media_module.enable":"true","engageui.link_mobile_redirect.enable":"false","login.display_defaults":"true","show_embed_links":"true","admin.shortcut.player.volume_up":"+","player.layout":"off","player.shortcut.fullscreen.enable":"mod+enter","link_mediamodule":"true","admin.shortcut.player.previous_frame":"left","admin.shortcut.player.play_pause":"space","player.shortcut.volume.muteToggle":"m","admin.shortcut.player.volume_down":"-","engageui.link_mobile_redirect.url":"http:\/\/opencast.org\/","admin.shortcut.player.previous_segment":"up","org.opencastproject.oaipmh.server.hosturl":"http:\/\/opencast:8080","admin.shortcut.player.step_forward":"ctrl+right","player.shortcut.zoom.moveDown":"s","player.shortcut.layout.togglePiP":"o"}},"roles":["ROLE_ANONYMOUS"],"userRole":"ROLE_USER_ANONYMOUS","user":{"provider":null,"name":null,"email":null,"username":"anonymous"}}

Regards
media.png
screen.png

Sven Laudel

unread,
Apr 25, 2017, 5:48:05 AM4/25/17
to Opencast Users, kdo...@dce.harvard.edu
Hello Karen,

when logged in to the engage/presentation server and pasting in the path to one of the files, they are also not found!
So i don't know if it is really a problem with user authorization???

As we are using a self compiled version of opencast, to cross check i tried it with the rpm version from the repo, which doesn't work either.

Best regards
Sven


Am Montag, 24. April 2017 16:23:43 UTC+2 schrieb Karen Dolan:

Karen Dolan

unread,
Apr 25, 2017, 8:09:44 AM4/25/17
to us...@opencast.org
HI Mostolog,

Rubén Pérez

unread,
Apr 25, 2017, 8:18:55 AM4/25/17
to us...@opencast.org

Hi Mostolog,

Please refer to our project in Crowdin: https://crowdin.com/project/opencast-matterhorn

We do not commit the translation files directly, but we use crowdin to get the translation done, then the release manager(s) merge these changes into the Opencast code.


Regards

Rubén

--
You received this message because you are subscribed to the Google Groups "Opencast Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to users+un...@opencast.org.

--
Rubén Pérez Vázquez

Universität zu Köln
Regionales Rechenzentrum (RRZK)
Weyertal 121, Raum 4.05
D-50931 Köln
✆: +49-221-470-89603

mostolog

unread,
Apr 25, 2017, 8:31:08 AM4/25/17
to Opencast Users, kdo...@dce.harvard.edu
Crowdin seems to require register and joining translator team..
Here's the translation.

{
  "series":"Series",
  "episodes":"Episodios",
  "sort":"Ordenar",
  "recording_date_new":"Fecha de grabación (Más reciente)",
  "recording_date_old":"Fecha de grabación (Más antigua)",
  "publishing_date_new":"Fecha de publicación (Más reciente)",
  "publishing_date_old":"Fecha de publicación (Más antigua)",
  "title_a_z":"Título (A-Z)",
  "title_z_a":"Título (Z-A)",
  "author_a_z":"Autor (A-Z)",
  "author_z_a":"Autor (Z-A)",
  "contributor_a_z":"Colaborador (A-Z)",
  "contributor_z_a":"Colaborador (Z-A)",
  "publisher_a_z":"Publisher (A-Z)",
  "publisher_z_a":"Publisher (Z-A)",
  "language":"Idioma",
  "license":"Licencia",
  "subject":"Asunto",
  "description":"Descripción",
  "search":"Buscar",
  "no_episodes":"No hay episodios disponibles.",
  "no_series":"No hay series disponibles.",
  "prev":"Anterior",
  "next":"Siguiente",
  "first":"Primero",
  "last":"Último",
  "login_title":"Iniciar sesión con una cuenta de Opencast.",
  "login_request":"Por favor, introduzca usuario y clave.",
  "username":"Usuario",
  "password":"Clave",
  "remember_me":"Recordarme.",
  "sthWentWrong":"Algo ha ido mal. Por favor, inténtelo de nuevo.",
  "loading":"Cargando ...",
  "no_data":"No hay datos disponibles.",
  "login_success":"Acceso correcto.",
  "login_failed":"Acceso erróneo.",
  "not_logged_in":"Sesión no iniciada."
}

Karen Dolan

unread,
Apr 25, 2017, 8:51:28 AM4/25/17
to us...@opencast.org
Hi Mostolog, Rubén,

Thank you both! I couldn’t figure out how to add the translation to the matterhorn-engage-ui module on https://crowdin.com/project/opencast-matterhorn, so I added it in a discussion question.
https://crowdin.com/project/opencast-matterhorn/discussions/3

Regards,
Karen

Karen Dolan
Harvard University DCE

Karen Dolan

unread,
Apr 25, 2017, 9:49:49 AM4/25/17
to Sven Laudel, Opencast Users
Sven,

> when logged in to the engage/presentation server and pasting in the path to one of the files, they are also not found!
> So i don't know if it is really a problem with user authorization???

If you are logged into the engage/presentation server, with an admin account, and cannot load a file from it’s path on the engage/presentation server, it sounds like a path problem to me, not authorization.
The LTI web pages reference some resources provided by other modules. It’s possible that those paths are not in synch.

For example:
Your getting 404 here: http://redacted:8080/engage/ui/js/engage-ui.js
What about this path provided by matterhorn-engage-ui? http://redacted:8080/engage/ui/js/app/engage-ui.js

- Karen

Sven Laudel

unread,
Apr 25, 2017, 9:52:34 AM4/25/17
to Opencast Users, s.la...@googlemail.com, kdo...@dce.harvard.edu
Hi Karen,

you are right, this works.
So what should i do now?

Regards Sven

mostolog

unread,
Apr 25, 2017, 10:25:37 AM4/25/17
to Opencast Users, kdo...@dce.harvard.edu
Sorry, I didn't notice haven't translated Publisher, perhaps Editor is correct.

Karen Dolan

unread,
Apr 25, 2017, 11:09:41 AM4/25/17
to Opencast Users, Sven Laudel
Hi Sven,

The following is from an earlier email on this thread. Stephen recommends specifying "tool=/engage/ui/index.html" as a param from the LTI client to direct the LTI user away from the sample LTI UI pages and to the same Media Module that you can access via the Admin UI. This should give you pages that have the right paths to its resources.

Best of luck,
Karen

mostolog

unread,
Apr 25, 2017, 11:19:44 AM4/25/17
to Opencast Users, s.la...@googlemail.com, kdo...@dce.harvard.edu
Hi

Finally, after switching to branch 3.0 LTI seems to be working for a dummy public series/videos.
Still, I have to figure it out how "Sakai users/groups" (actually integrated into CAS) will be linked to opencast ROLES (ie: one serie for each site)


According to https://documentation.opencast.org/develop/admin/modules/ltimodule/, LTI tool must one of:
custom_tool = ltitools/player/index.html
tool = ltitools/series/index.html

but, if I understood properly by @Stephen and @Karen comments
tool=/engage/ui/index.html can also be used.

Did I understood properly?
Will that make LTI to use "system default player" instead of classic one?
Could we switch to paella without having to change our LTI variables?

Karen Dolan

unread,
Apr 25, 2017, 11:37:58 AM4/25/17
to us...@opencast.org, s.la...@googlemail.com
Hi Mostolog,


> Will that make LTI to use "system default player" instead of classic one?
> Could we switch to paella without having to change our LTI variables?

The "tool=/engage/ui/index.html" references the Media Module. A series Id parm can be passed to limit the view to just publications of a series.
Media Module’s links can lead to the Paella player if the prop.player value is changed in etc/org.opencastproject.organization-mh_default_org.cfg[1].

- Karen

[1] From etc/org.opencastproject.organization-mh_default_org.cfg
...
# Choose the default video player
# comment in the following line for the old flash player
# prop.player=/engage/ui/player.html
# comment in the following line for the html5 player
prop.player=/engage/theodul/ui/core.html <— change this to the path to a different player (for example prop.player=engage/player/watch.html)
...
https://bitbucket.org/opencast-community/matterhorn/src/6c40e1c5129233b55172ae973573e0ba6aaf8b39/etc/org.opencastproject.organization-mh_default_org.cfg?at=r%2F3.x&fileviewer=file-view-default#org.opencastproject.organization-mh_default_org.cfg-235

mostolog

unread,
Apr 27, 2017, 3:44:15 AM4/27/17
to Opencast Users, s.la...@googlemail.com, kdo...@dce.harvard.edu
Hi


After comments and feedback received from list, we were able to almost configure Sakai LTI integration. Thanks a lot.

Actually, our Sakai server is able to launch requests and show a list of episodes within a serie using both, native view or media module view.

However, if we understood properly, this integration can be completes setting up Sakai Role Provider, which would let opencast to ask Sakai for roles and being able to show "different views" depending of the user role (ie: Instructor will be able to EDIT and view yet-unpublished media, while the student won't)

Is that correct?
Is there any documentation about that?
We found https://bitbucket.org/opencast-community/matterhorn/pull-requests/1332/ but, apart from setting URL and user/password, I don't know how to enable/make opencast use sakai provider for LTI requests (while other may use CAS, which we still have to configure it)

As usual, we'll try to document evrything to improve current documentation, which seems to be quite short sometimes.

Thanks a lot

Stephen Marquard

unread,
Apr 27, 2017, 4:24:02 AM4/27/17
to Opencast Users

Hi,


This presentation may be helpful in describing the interaction between users, roles, groups, permissions and providers:


https://www.slideshare.net/smarquard/opencast-valencia-2017-users-groups-roles-acls-and-providers

To configure the Sakai UserDirectoryProvider for Opencast, you need to:


1. Rename etc/org.opencastproject.userdirectory.sakai-default.cfg.sample to org.opencastproject.userdirectory.sakai-default.cfg


2. Configure the URL, user and password fields in the cfg file.


3. Check the logs to make sure that the provider is resolving user information correctly. You can increase the log level if you wish to DEBUG for this class by adding to etc/org.ops4j.pax.logging.cfg:


log4j.logger.org.opencastproject.userdirectory.sakai=DEBUG


Changes to the logging cfg file will reflect immediately, i.e. you do not need to restart Opencast.


4. To make sure your LTI users and Opencast/Sakai users are the same, be sure to configure your LTI as a trusted source, for example:


  <!-- ####################### -->

  <!-- # OAuth (LTI) Support # -->

  <!-- ####################### -->


  <!-- This is required for LTI. If you plan to use LTI, uncomment this and set

       custom values for consumerkey and consumersecret: -->

  <bean name="oAuthConsumerDetailsService" class="org.opencastproject.kernel.security.OAuthSingleConsumerDetailsService">

    <constructor-arg index="0" ref="userDetailsService" />

    <constructor-arg index="1" value="consumerkey" />

    <constructor-arg index="2" value="SOMEPASSWORD" />

    <constructor-arg index="3" value="constructorName" />

  </bean>


  <bean name="oauthProtectedResourceFilter" class="org.opencastproject.kernel.security.LtiProcessingFilter">

    <property name="consumerDetailsService" ref="oAuthConsumerDetailsService" />

    <property name="tokenServices">

      <bean class="org.springframework.security.oauth.provider.token.InMemoryProviderTokenServices" />

    </property>

    <property name="nonceServices">

      <bean class="org.springframework.security.oauth.provider.nonce.InMemoryNonceServices" />

    </property>

    <property name="authHandler">

      <bean class="org.opencastproject.kernel.security.LtiLaunchAuthenticationHandler">

        <constructor-arg index="0" ref="userDetailsService" />

        <constructor-arg index="1" ref="securityService" />

        <constructor-arg index="2">

          <list>

            <value>consumerkey</value>

          </list>

        </constructor-arg>

      </bean>

    </property>

  </bean>


In the above example, the LTI specified by "consumerkey" is trusted to provide users that are the same as Opencast internal users. If an LTI consumer is not trusted, the LTI users are namespaced in Opencast with a prefix, and they won't match up with internal Opencast users.


The User Providers are consulted for any type of user authentication or login, i.e. via LTI, direct login to Opencast, LDAP, or SSO like CAS, Shibboleth.


The effect of the Sakai UserDirectoryProvider is to give Opencast users who also exist in Sakai an additional set of roles based on their Sakai site membership.


The Sakai group provider also gives users who exist in Sakai group membership of ROLE_GROUP_SAKAI and you can use this group to give Sakai users additional roles (for example to allow them to use the Admin UI).


The last piece of the puzzle is that if you want LTI users to be able to do tasks like schedule recordings or update the details of scheduled recordings (via an embedded LTI UI rather than the Admin UI), you need more capable LTI tools (these are pure HTML/JS - no java code changes). Here is UCT's version:


https://bitbucket.org/cilt/opencast/src/b7262980bf4e0b8e52eef564d390397ea9abb804/modules/matterhorn-lti/src/main/resources/tools/?at=r/2.3.x


Allowing LTI users to schedule and update scheduled events requires them to have a few more permissions so that they can use some of the /admin-ng/ endpoints that are required. In our Opencast, we have enabled this by granting these roles to ROLE_GROUP_SAKAI:




It would be great to have some more documentation about this, so that would be a valuable contribution.


Regards

Stephen


From: mostolog <most...@gmail.com>
Sent: 27 April 2017 09:44:14 AM
To: Opencast Users
Cc: s.la...@googlemail.com; kdo...@dce.harvard.edu
Subject: [OC Users] Opencast Sakai LTI [WAS: LTI 404's]
 

mostolog

unread,
Apr 27, 2017, 5:10:30 AM4/27/17
to Opencast Users

This presentation may be helpful in describing the interaction between users, roles, groups, permissions and providers:


https://www.slideshare.net/smarquard/opencast-valencia-2017-users-groups-roles-acls-and-providers

On my way!

1. Rename etc/org.opencastproject.userdirectory.sakai-default.cfg.sample to org.opencastproject.userdirectory.sakai-default.cfg

Already did

2. Configure the URL, user and password fields in the cfg file.

Already did

3. Check the logs to make sure that the provider is resolving user information correctly. You can increase the log level if you wish to DEBUG for this class by adding to etc/org.ops4j.pax.logging.cfg:


log4j.logger.org.opencastproject.userdirectory.sakai=DEBUG

On my way!
 
Already configured LTI


In the above example, the LTI specified by "consumerkey" is trusted to provide users that are the same as Opencast internal users. If an LTI consumer is not trusted, the LTI users are namespaced in Opencast with a prefix, and they won't match up with internal Opencast users.


The User Providers are consulted for any type of user authentication or login, i.e. via LTI, direct login to Opencast, LDAP, or SSO like CAS, Shibboleth.


The effect of the Sakai UserDirectoryProvider is to give Opencast users who also exist in Sakai an additional set of roles based on their Sakai site membership.


The Sakai group provider also gives users who exist in Sakai group membership of ROLE_GROUP_SAKAI and you can use this group to give Sakai users additional roles (for example to allow them to use the Admin UI).

Seems we have the correct configuration, but karaf still shows:
bundle:list
154 | Active | 82 | 3.0.0.SNAPSHOT | matterhorn-userdirectory
155 | Active | 82 | 3.0.0.SNAPSHOT | matterhorn-userdirectory-ldap
156 | Active | 82 | 3.0.0.SNAPSHOT | matterhorn-usertracking-api
157 | Active | 82 | 3.0.0.SNAPSHOT | matterhorn-usertracking-impl

(sakai is not present)
Should I specify any flag/build option in maven/pom? (Using 3.0 from git)
 

The last piece of the puzzle is that if you want LTI users to be able to do tasks like schedule recordings or update the details of scheduled recordings (via an embedded LTI UI rather than the Admin UI), you need more capable LTI tools (these are pure HTML/JS - no java code changes). Here is UCT's version:


https://bitbucket.org/cilt/opencast/src/b7262980bf4e0b8e52eef564d390397ea9abb804/modules/matterhorn-lti/src/main/resources/tools/?at=r/2.3.x


Allowing LTI users to schedule and update scheduled events requires them to have a few more permissions so that they can use some of the /admin-ng/ endpoints that are required. In our Opencast, we have enabled this by granting these roles to ROLE_GROUP_SAKAI:




It would be great to have some more documentation about this, so that would be a valuable contribution.

Count on it ;)

Stephen Marquard

unread,
Apr 27, 2017, 5:29:10 AM4/27/17
to Opencast Users

OK, it seems that we neglected to add the sakai provider to:


https://bitbucket.org/opencast-community/matterhorn/src/6ede5a8afe8c29691086fb9f43600163f0417323/assemblies/karaf-features/src/main/feature/feature.xml?at=r%2F3.x&fileviewer=file-view-default


It should be listed there just under 


    <bundle start-level="82">mvn:org.opencastproject/matterhorn-userdirectory-ldap/${project.version}</bundle>

like 


    <bundle start-level="82">mvn:org.opencastproject/matterhorn-userdirectory-sakai/${project.version}</bundle>

Please try that (you'll have to do a rebuild or at least a "mvn clean install" in the assemblies folder), and if it works, could you create a JIRA and submit a PR (for 3.x).

Thanks
Stephen




From: mostolog <most...@gmail.com>
Sent: 27 April 2017 11:10 AM
To: Opencast Users
Subject: Re: [OC Users] Opencast Sakai LTI [WAS: LTI 404's]
 


...


Seems we have the correct configuration, but karaf still shows:
bundle:list
154 | Active | 82 | 3.0.0.SNAPSHOT | matterhorn-userdirectory
155 | Active | 82 | 3.0.0.SNAPSHOT | matterhorn-userdirectory-ldap
156 | Active | 82 | 3.0.0.SNAPSHOT | matterhorn-usertracking-api
157 | Active | 82 | 3.0.0.SNAPSHOT | matterhorn-usertracking-impl

(sakai is not present)
Should I specify any flag/build option in maven/pom? (Using 3.0 from git)

...

-- 
You received this message because you are subscribed to the Google Groups "Opencast Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to users+un...@opencast.org.

mostolog

unread,
Apr 27, 2017, 9:02:39 AM4/27/17
to Opencast Users

mostolog

unread,
Apr 28, 2017, 5:28:14 AM4/28/17
to Opencast Users
Hi

Once we have this running, our Opencast me.json is able to display logged user and roles, however there isn't a ROLE_GROUP_SAKAI I can give permissions to series on admin's create event GUI.

It is possible to browse/see Sakai users/groups/roles whithin admin GUI?
It is possible to create an event with ACL set to sakai groups/roles? in GUI?
It is possible to create an event WITH THE SAME ID as the site? (Not needing to handle site-series relation)

@Stephen: Do you think it makes sense to document sakai user integration whitin LTI module documentation? Would has more sense to be under https://documentation.opencast.org/develop/admin/configuration/security/ instead?

Thanks,
Regards

Stephen Marquard

unread,
Apr 28, 2017, 6:49:26 AM4/28/17
to Opencast Users

Hi,


I'm assuming that you see ROLE_GROUP_SAKAI as one of the roles in the /info/me.json output for an Opencast user who exists in Sakai?


If that's the case, you should be seeing


2017-04-28 12:41:08,118 | WARN  | qtp1922345447-9983 | (JpaGroupRoleProvider:239) - Group ROLE_GROUP_SAKAI not found


in the logs when a user logs in and gets resolved by the Sakai provider.


All you have to do now is create a group in the Admin UI with the name "Sakai" (the role name will be set to ROLE_GROUP_SAKAI). We should possibly add some code to make that group get created automatically if it doesn't exist.


In the Admin UI, you won't see a list of Sakai users in the ROLE_GROUP_SAKAI membership however (in general we didn't want every single Sakai user to show up in Opencast for performance reasons).


If you look at an individual user whoever who is resolved by the Sakai provider, you'll see ROLE_GROUP_SAKAI show up under Effective Roles, e.g.:





You can use any of those roles in Series or Event ACLs.

In genereal, you have to associate a Series in Opencast with one or more Sakai sites (Sakai Site ID + Sakai role = Opencast role) when the series is created. Events will inherit the Series ACL when they are created.

For documentation, the user providers should probably be documented under security, as they don't depend on LTI specifically.

Regards
Stephen

From: mostolog <most...@gmail.com>
Sent: 28 April 2017 11:28 AM

To: Opencast Users
Subject: Re: [OC Users] Opencast Sakai LTI [WAS: LTI 404's]
--
You received this message because you are subscribed to the Google Groups "Opencast Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to users+un...@opencast.org.

mostolog

unread,
May 2, 2017, 5:48:09 AM5/2/17
to Opencast Users
Hi


All you have to do now is create a group in the Admin UI with the name "Sakai" (the role name will be set to ROLE_GROUP_SAKAI). We should possibly add some code to make that group get created automatically if it doesn't exist.

Created. Role is showing now. :)
Any place I can create an issue to request for this improvement?
 

In the Admin UI, you won't see a list of Sakai users in the ROLE_GROUP_SAKAI membership however (in general we didn't want every single Sakai user to show up in Opencast for performance reasons).

+1
 
In general, you have to associate a Series in Opencast with one or more Sakai sites (Sakai Site ID + Sakai role = Opencast role) when the series is created. Events will inherit the Series ACL when they are created.
How do you associate a site with series? do you use an external tool? do you set series id=context_id?
 
 
For documentation, the user providers should probably be documented under security, as they don't depend on LTI specifically.
Thanks

Reply all
Reply to author
Forward
0 new messages