saLTIre is a testing system for LTI®. It is designed to allow users to inspect the communications which occur between an LTI Platform (formerly referred to as a Tool Consumer) and an LTI Tool (formerly referred to as a Tool Provider). The test systems can be accessed via the buttons above; the expected use cases are:
Note that the tools are designed to allow both valid and invalid communications to be sent and received, hence they do not ensure that only valid (compliant with the LTI specification) messages are composed. This allows the system to be used for testing that other systems properly handle invalid connections, not just valid ones.
The content below provides some information which you may find helpful when using the tools.
Use this menu to change the page which is displayed.
Each parameter supported by the LTI specification has an input box containing its current value.
The associated checkbox can be used to disable the parameter to stop it from being sent in the message.
Some parameters have a menu which can be used to select a value, but values may always be entered manually.
A checkbox is provided on the Platform page for each algorithm which is to be available.
The selected algorithms are available for signing the current message on the Security Model page.
A checkbox is provided on the Platform page for each service which is to be available. A settings panel is displayed for each selected service.
Each supported capability can be enabled on the Platform page. Capabilities related to services are not included here, but are automatically assumed when a service is selected.
Capabilities are divided into categories based on their type or prefix. Clicking on the title expands and hides the capabilities for the category.
On the Security Model page, select LTI-1p0 as the LTI version and enter the tool's message URL, consumer key and shared secret. Use the Save button to re-enable the Connect button.
Clicking on the Connect button in the top navigation bar page will cause a message of the type selected on the Message page to be sent to the Tool. You can preview the message or override where the connection is opened via the drop-down menu.
Only those parameters on each page which have been checked will be included in the message. Service parameters for any selected service will automatically be included as well.
Custom parameter substitution variables will be replaced where an appropriate value is available (for example, $User.username).
On the Security Model page, select 1.3.0 as the LTI version and enter the configuration details provided by the tool:
The public keyset URL will be used when no public key is defined. The public key may be entered using PEM format or as JSON (JWKS format). Use the Save button to re-enable the Connect button.
The Platform Details section contains the values which should be shared with the tool:
The public key should be entered in PEM format but can be viewed as JSON by clicking on the View as JSON button.
Clicking on the Connect button in the top navigation bar page will cause a message of the type selected on the Message page to be sent to the Tool using credentials supplied on the Security Model page. You can preview the message or override where the connection is opened via the drop-down menu.
Only those parameters on each page which have been checked will be included in the message. Service parameters for any selected service will automatically be included as well.
Custom parameter substitution variables will be replaced where an appropriate value is available (for example, $User.username).
Clicking on the Register button on the Tool page will cause a ToolProxyRegistration message to be sent to the Tool. The Tool Consumer Profile will include those services and capabilities which are selected on the Platform page.
When a Tool Proxy is accepted, the Tool page is replaced with a copy of the Tool Proxy and a summary of the agreed credentials. The services and capabilites on the Platform will be selected based on the services in the security contract and the enabled capabilities for a resource. Any parameters required for the message type will always be selected. All others are signified by a checkbox with a shaded background - the system allows the choices to be changed but the checkbox presentation will identify which formed part of the agreed Tool Proxy.
A resource defined in the Tool Proxy should be selected from the menu provided on the Tool Proxy page. A message supported by the resource should be selected on the Message page.
A Tool Proxy can be cancelled by clicking on the Unregister button.
This system uses sessions to manage your activity; these sessions last for at least 2 hours. However, when a new session is started some endpoints may change and so any existing integrations you are testing may require updating. Signing into the system using a Google ID allows you to have a static set of endpoints to avoid this issue. It also provides the following options:
The only data shared when you sign in is your email address and your ID number as supplied by Google.
To aid the re-use of an LTI 1.3 tool, it is possible to save a configuration and have it associated with your Google ID. By default each Google ID can have up to 5 saved tool configurations (use the Feedback option on the Help to enquire about increasing this limit if it is not sufficient for your needs).
To save a configuration, just enter its details into the fields on the Security Profile page and click on the Save button in the header of the Tool Details section. If a tool with the same initiate login URL is already defined, its details will be updated with the new values.
A tool can be dynamically registered by clicking on the Register button. By default, the process will use a registration token and send the deployment ID; uncheck either or both of these options if they are not required.
The Registered tools button opens a list of all the existing configurations which have been saved (or dynamically registered); full details can be displayed by clicking on the plus sign at the start of the row. Initially a configuration is given a name of Unnamed; click on the name to change it. A configuration can be made available for use by other users by turning on its Public setting. Click on the download icon in the Action column to copy the configuration settings to the Security Profile page. (A configuration can also be copied by selecting its name from the drop-down list on the Registered tools button.) Click on the delete button to remove the configuration.
Alternatively, the Test Tool can be opened using LTI 1.3 credentials or directly in a browser and the Platform's credentials and service endpoints entered manually via the Security Model and Service sections. The tool also supports the LTI 1.3 automated registration process.
Use this menu to change the page which is displayed.
This tab summarises the message received which opened the system.
This tab displays the credentials and security profile used for connections with the Platform. These values are used when sending service requests to the Platform. Changing them allows invalid requests to be tested. For LTI 1.3 connections, the tab also displays the configuration details for the tool; the public keyset URL or public key should be shared with the platform. The details shared by the platform should be configured on this tab as well.
If a profile has been obtained from the platform it will be also be displayed on this tab.
This tab is displayed for ContentItemSelectionRequest, ContentItemUpdateRequest or LtiDeepLinkingRequest messages. You can use it to select sample content-item(s) to be returned to the Platform, or to create a bespoke item. Messages to be returned with the items can also be added.
This menu lists all the services supported by the Test Tool. Selecting a service from the menu will display the settings relevant to its use, including the endpoint(s). The settings page can be used to send requests to the Platform; use the View last service request button to inspect the last request made and response received. When using LTI 1.3, the OAuth 2 Access Token service should be used first to obtain an access token for the required service scopes.
This system uses sessions to manage your activity; these sessions last for at least 2 hours. However, when a new session is started some endpoints may change and so any existing integrations you are testing may require updating. Signing into the system using a Google ID allows you to have a static set of endpoints to avoid this issue. It also provides the following options:
The only data shared by this process is your email address and your ID number as supplied by Google.
To aid the re-use of an LTI 1.3 platform, it is possible to save a configuration and have it associated with your Google ID. By default each Google ID can have up to 5 saved platform configurations (use the Feedback option on the Help to enquire about increasing this limit if it is not sufficient for your needs).
To save a configuration, just enter its details into the fields on the Security Profile page and click on the Save button in the header of the Platform Details section. If a platform with the same Platform ID, Client ID and Deployment ID is already defined, its details will be updated with the new values. If the deployment ID is left empty, an incoming message from the specified platform ID and client ID will be accepted with any deployment ID.
The Registered platforms button opens a list of all the existing configurations which have been saved; full details can be displayed by clicking on the plus sign at the start of the row. Initially a configuration is given a name of Unnamed; click on the name to change it. A configuration can be made available for use by other users by turning on its Public setting. Click on the download icon in the Action column to copy the configuration settings to the Security Profile page. (A configuration can also be copied by selecting its name from the drop-down list on the Registered platforms button.) Click on the delete button to remove the configuration.
More information about LTI and how to use it can be found in the following sources: