saLTIre - for your LTI testing needs

saLTIre is a testing system for LTI^®. It is designed to allow users to inspect the communications which occur between an LTI Platform (formerly referred to as a Tool Consumer) and an LTI Tool (formerly referred to as a Tool Provider). The test systems can be accessed via the buttons above; the expected use cases are:

as an independent system (where the Test Platform system connects to the Test Tool system) to aid an understanding of the LTI specifications,
use the Test Platform system to connect to another Tool, or
connect to the Test Tool system from another LTI Platform.

Note that the tools are designed to allow both valid and invalid communications to be sent and received, hence they do not ensure that only valid (compliant with the LTI specification) messages are composed. This allows the system to be used for testing that other systems properly handle invalid connections, not just valid ones.

Features

Full access to all message parameters/claims included in the LTI specifications
Easy to control which parameters/claims are included in messages
Ability to view the service messages (request and response) sent/received
Option to manually override service endpoints provided
Platform and tool configurations can be saved for re-use

Recent Changes

Added OAuth signature base string value to connection preview in test platform (22-Aug-24)
Improved display of errors and warnings for LTI messages and service responses (22-Aug-24)
Added verification of responses to service requests using JSON Schema files and error/warning messages on issues identified (1-Aug-24)
Added support for draft Outcomes Management 2 specification, superseded by the Assignment and Grade specification (13-May-24)
Fixed issue with registering a deployment ID (24-Feb-23)
Added support for Platform Storage (24-Dec-22)
Standardised role options based on LTI 1.3 spec (25-Oct-22)
Updated dependencies and minor user interface bug fixes (3-Oct-22)
Add option for registering tools without using an access token (26-Aug-22)
Enable display of dynamic registration requests (25-Jul-22)
Display warning messages for errors ignored when applying lenient checks (30-Jun-22)
Added check for third party cookie issues with an option to disable this (30-Jun-22)
Added support for middle name parameters (30-Jun-22)
Default to using fully-qualified user roles (16-May-22)
Added options to Tool Emulator for optional, unpublished, extension and experimental features (6-May-22)
Enhanced platform configuration for dynamic registration (6-May-22)
Added support for LtiSubmissionReviewRequest message (11-Apr-22)
Updated dynamic registration code (7-Apr-22)
Option for using GET when sending an initiate login request moved from the Options form to a choice next to the Initiate login URL setting (26-Feb-22)
Added choice to send authentication messages using GET rather than POST (26-Feb-22)
Starting a new platform session no longer resets the LTI version setting (8-Aug-21)
Added support for Course Groups service, Proctoring Services, ContentItemUpdateRequest message and Dynamic Registration (some may require the Enable unpublished LTI features option to be selected) (8-Aug-21)
Updated version released with an improved user interface and including support for LTI 1.3, options to manage platform and tool configurations (15-Jan-21)

Instructions

The content below provides some information which you may find helpful when using the tools.

Using the Test Platform

Quick Start Guide

By default required, recommended and optional parameters/claims are shown (use the Options form to hide optional features, or reveal unofficial and experimental features).
Select the Security Model page and check the LTI version to use and its credentials.
Click on the Connect button to send a message to the Tool.

Top Navigation Bar

Save

Click the button to save all changes to the current session, or use the drop-down menu:

Reload without saving: Used to refresh the system, clearing any changes made since the last save.
Save again: Used to update the system when the Save button is disabled (useful to refresh the current connection message in case its timestamps have expired).
Clear all non-required parameters: Each message parameter is tagged as being either Required, Recommended or Optional; this option will remove the values from all the recommended and optional parameters.
Start new session: This will clear the system and reset all values to their defaults.

View

Use this menu to display one of the following:

Last service message (last service request received and the response returned)
Gradebook (all the current line items and outcomes)
Tool settings (any tool settings created by the Tool Provider)
Event store (a sample store for Caliper Analytics^® event data)

Options

Open the Options form (see below). Use the drop-down menu to access the Sign in window (see below).

Connect

Send a message based on the currently selected settings to the tool. This button is disabled after you change the value of a parameter; your changes must be saved first.

Options Form

Open connections in a new window?: When selected connections to the Tool Provider will be opened in a new window rather than a page within the same window.
Include empty parameters in message?: By default any parameter which does not have a value will be omitted from a message; select to include them.
Allow empty secret values?: Allow a connection to be attempted even though no shared secret has been defined.
Display optional features?: Select to show any feature which is flagged as optional; e.g., those parameters which are neither required nor recommended.
Display unofficial extensions?: Select to show features which have been published but are not part of the 1EdTech specification.
Enable unpublished LTI features?: This option enables features which are still under development by 1EdTech and subject to change.
Enable experimental features?: These are extensions which are not expected to become part of the LTI specification at this time.
Only support outcomes for learners?: When selected only users with a Learner role will be enabled for the return of outcomes.
Display unsupported features (but disabled)?: Select to show any feature which is defined within the LTI specifications but is not supported by this system; the feature will be displayed as disabled so that it cannot be selected.
Offer browser storage?: Select to offer tools access to storage in the platform's browser frame.
Hide left navigation?: Remove the left navigation menu and show all the sections together on the page.

Left Navigation Menu

Use this menu to change the page which is displayed.

Platform: Details of the Platform including the security profiles, services and capabilities it supports (see below).
Context/Resource: Details of the context and resource link from which the message is to be initiated.
User: Details of the user making the connection.
Message: The type of message being sent and other related parameters.
Security Model: The LTI version and security credentials to be used when connecting to the Tool.
Tool Proxy: When a Tool Proxy is in place, this page replaces the Security Model page and shows the agreed credentials.
Tool: When not opened in a new window, messages sent to a Tool will be displayed here in an iframe.

Parameters

Each parameter supported by the LTI specification has an input box containing its current value.

The associated checkbox can be used to disable the parameter to stop it from being sent in the message.

Some parameters have a menu which can be used to select a value, but values may always be entered manually.

Security Profiles

A checkbox is provided on the Platform page for each algorithm which is to be available.

The selected algorithms are available for signing the current message on the Security Model page.

Services

A checkbox is provided on the Platform page for each service which is to be available. A settings panel is displayed for each selected service.

Capabilities

Each supported capability can be enabled on the Platform page. Capabilities related to services are not included here, but are automatically assumed when a service is selected.

Capabilities are divided into categories based on their type or prefix. Clicking on the title expands and hides the capabilities for the category.

Connecting to a Tool (LTI 1.0/1.1/1.2)

On the Security Model page, select LTI-1p0 as the LTI version and enter the tool's message URL, consumer key and shared secret. Use the Save button to re-enable the Connect button.

Clicking on the Connect button in the top navigation bar page will cause a message of the type selected on the Message page to be sent to the Tool. You can preview the message or override where the connection is opened via the drop-down menu.

Only those parameters on each page which have been checked will be included in the message. Service parameters for any selected service will automatically be included as well.

Custom parameter substitution variables will be replaced where an appropriate value is available (for example, $User.username).

Connecting to a Tool (LTI 1.3)

On the Security Model page, select 1.3.0 as the LTI version and enter the configuration details provided by the tool:

Message URL
Initiate login URL
Redirection URI(s) (one per line)
Public keyset URL and/or public key

The public keyset URL will be used when no public key is defined. The public key may be entered using PEM format or as JSON (JWKS format). Use the Save button to re-enable the Connect button.

The Platform Details section contains the values which should be shared with the tool:

Platform/Issuer ID
Client ID
Deployment ID
Authorization server ID (optional, defaults to the Authentication request URL when omitted)
Authentication request URL
Access Token service URL
Public keyset URL and/or public key

The public key should be entered in PEM format but can be viewed as JSON by clicking on the View as JSON button.

Clicking on the Connect button in the top navigation bar page will cause a message of the type selected on the Message page to be sent to the Tool using credentials supplied on the Security Model page. You can preview the message or override where the connection is opened via the drop-down menu.

Only those parameters on each page which have been checked will be included in the message. Service parameters for any selected service will automatically be included as well.

Custom parameter substitution variables will be replaced where an appropriate value is available (for example, $User.username).

Registering with a Tool (LTI 2)

Clicking on the Register button on the Tool page will cause a ToolProxyRegistration message to be sent to the Tool. The Tool Consumer Profile will include those services and capabilities which are selected on the Platform page.

When a Tool Proxy is accepted, the Tool page is replaced with a copy of the Tool Proxy and a summary of the agreed credentials. The services and capabilites on the Platform will be selected based on the services in the security contract and the enabled capabilities for a resource. Any parameters required for the message type will always be selected. All others are signified by a checkbox with a shaded background - the system allows the choices to be changed but the checkbox presentation will identify which formed part of the agreed Tool Proxy.

A resource defined in the Tool Proxy should be selected from the menu provided on the Tool Proxy page. A message supported by the resource should be selected on the Message page.

A Tool Proxy can be cancelled by clicking on the Unregister button.

Advanced Options

This system uses sessions to manage your activity; these sessions last for at least 2 hours. However, when a new session is started some endpoints may change and so any existing integrations you are testing may require updating. Signing into the system using a Google ID allows you to have a static set of endpoints to avoid this issue. It also provides the following options:

backup the current configuration to local file;
restore a previously backed-up configuration from a local file;
automatically save your session to the server
automatically log into the system and restore the last saved session
manage a set of LTI 1.3 tool configurations (see below)
send an LTI 1.3 registration request

The only data shared when you sign in is your email address and your ID number as supplied by Google.

Managing LTI 1.3 Tool Configurations

To aid the re-use of an LTI 1.3 tool, it is possible to save a configuration and have it associated with your Google ID. By default each Google ID can have up to 5 saved tool configurations (use the Feedback option on the Help to enquire about increasing this limit if it is not sufficient for your needs).

To save a configuration, just enter its details into the fields on the Security Profile page and click on the Save button in the header of the Tool Details section. If a tool with the same initiate login URL is already defined, its details will be updated with the new values.

A tool can be dynamically registered by clicking on the Register button. By default, the process will use a registration token and send the deployment ID; uncheck either or both of these options if they are not required.

The Registered tools button opens a list of all the existing configurations which have been saved (or dynamically registered); full details can be displayed by clicking on the plus sign at the start of the row. Initially a configuration is given a name of Unnamed; click on the name to change it. A configuration can be made available for use by other users by turning on its Public setting. Click on the download icon in the Action column to copy the configuration settings to the Security Profile page. (A configuration can also be copied by selecting its name from the drop-down list on the Registered tools button.) Click on the delete button to remove the configuration.

Troubleshooting Tips

If your connection is not validated by the Tool:
- check that you have entered the correct credentials on the Security Model page;
- use the Save option to refresh the message in case the timestamp has expired;
- ensure your JWKS endpoint is publicly accessible.
Try using the Start new session option from the Save menu to reset the data; you may have been impacted by system updates made during your session.
If you're not seeing all the parameters you expect, check that you have the Display optional features? option selected.
If the Advanced options are not available, make sure you have used the Sign in option on the Options menu to login with your Google ID.

Using the Test Tool

Quick Start Guide

Open from an LTI 1.0/1.1/1.2 Platform using the following credentials:
- message URL: https://saltire.lti.app/tool
- consumer key: your choice
- shared secret: secret
Use the Service menu to send requests to the services made available by the Platform.
The last request made can be viewed via the View last service request button on each service page.

Alternatively, the Test Tool can be opened using LTI 1.3 credentials or directly in a browser and the Platform's credentials and service endpoints entered manually via the Security Model and Service sections. The tool also supports the LTI 1.3 automated registration process.

Top Navigation Bar

Use this menu to change the page which is displayed.

Message

A summary the message received (it is only displayed when the Test Tool is opened by an LTI platform).

Security Model

Details of the Platform credentials, including its profile if a request has been made for a copy.

Sample Content

This tab is available when the Test Tool is opened by a ContentItemSelectionRequest, ContentItemUpdateRequest or LtiDeepLinkingRequest message. It allows pre-defined content-items to be selected for return to the Platform, or for a bespoke item to be created.

Service

A drop-down menu of the services supported by the Test Tool; any not made available by the Tool Consumer will not be fully populated with details. Select a service to send requests to the Platform. Click the View last service request button to view the last request sent and the response received.

Options

Open the Options form (see below). Use the drop-down menu to access the Sign in window (see below).

Save

Click the button to save all changes to the current session, or use the drop-down menu:

Reload without saving: Used to refresh the system, clearing any changes made since the last save.
Save again: Used to update the system when the Save button is disabled.
Start new session: This will clear the system and reset all values to their defaults.

Options Form

Display optional features?: Select to show any feature which is flagged as optional; e.g., those parameters which are neither required nor recommended.
Display unofficial extensions?: Select to show features which have been published but are not part of the 1EdTech specification.
Enable unpublished LTI features?: This option enables features which are still under development by 1EdTech and subject to change.
Enable experimental features?: These are extensions which are not expected to become part of the LTI specification at this time.
Disable prompt to display service request messages?: When selected, the prompt to display the message after it has completed will not appear.
Automatically display service request messages?: When selected, the service message will automatically be displayed when it has completed.
Apply some leniency to LTI conformance checks?: Accept messages which are not fully compliant with the LTI specification.
Disable third party cookie check?: Avoid check for third party cookies being blocked so opening a tool is never forced into a new window. (Note that if cookies are being blocked it is likely that this option will always revert to its default value of making the check.)

Message Tab

This tab summarises the message received which opened the system.

Summary: This section identifies the message URL, LTI version, message type, security profile used and whether the signature was verified. If the Platform provided a return URL, links are also displayed which allow this link to be followed with all combinations of return message and log entry.
Services Available: A list of services supported by the Test Tool Consumer is displayed with those made available in the message received from the Tool Consumer marked with a tick; all others are marked with a cross. All available services can be accessed directly by clicking on their name.
Initiate Login: For an LTI 1.3 message, this section shows the original initiate login request and the authentication request sent in response.
Message Parameters/Raw POST Parameters: This section lists the POST parameters received from the Platform.
JWT: When LTI parameters are passed as claims in a JWT, this section lists the headers and payload of the JWT.
Message Parameters (derived from JWT): This section is displayed a JWT has been passed by the Platform and represents the LTI parameters which are equivalent to the claims received.
Message Claims (derived from message parameters): This section lists the LTI claims which are equivalent to the message parameters. Each claim is listed in its fully expanded form which may differ from how it appears in the JWT section.
Message JWT (derived from message parameters): This section displays the JWT which is equivalent to the LTI message parameters listed in the Message Parameters section.

Security Model Tab

This tab displays the credentials and security profile used for connections with the Platform. These values are used when sending service requests to the Platform. Changing them allows invalid requests to be tested. For LTI 1.3 connections, the tab also displays the configuration details for the tool; the public keyset URL or public key should be shared with the platform. The details shared by the platform should be configured on this tab as well.

If a profile has been obtained from the platform it will be also be displayed on this tab.

Sample Content Tab

This tab is displayed for ContentItemSelectionRequest, ContentItemUpdateRequest or LtiDeepLinkingRequest messages. You can use it to select sample content-item(s) to be returned to the Platform, or to create a bespoke item. Messages to be returned with the items can also be added.

Service Menu

This menu lists all the services supported by the Test Tool. Selecting a service from the menu will display the settings relevant to its use, including the endpoint(s). The settings page can be used to send requests to the Platform; use the View last service request button to inspect the last request made and response received. When using LTI 1.3, the OAuth 2 Access Token service should be used first to obtain an access token for the required service scopes.

Advanced Options

backup the current configuration to local file;
restore a previously backed-up configuration from a local file;
automatically save your session to the server
automatically log into the system and restore the last saved session
manage a set of LTI 1.3 platform configurations (see below)

The only data shared by this process is your email address and your ID number as supplied by Google.

Managing LTI 1.3 Platform Configurations

To aid the re-use of an LTI 1.3 platform, it is possible to save a configuration and have it associated with your Google ID. By default each Google ID can have up to 5 saved platform configurations (use the Feedback option on the Help to enquire about increasing this limit if it is not sufficient for your needs).

To save a configuration, just enter its details into the fields on the Security Profile page and click on the Save button in the header of the Platform Details section. If a platform with the same Platform ID, Client ID and Deployment ID is already defined, its details will be updated with the new values. If the deployment ID is left empty, an incoming message from the specified platform ID and client ID will be accepted with any deployment ID.

The Registered platforms button opens a list of all the existing configurations which have been saved; full details can be displayed by clicking on the plus sign at the start of the row. Initially a configuration is given a name of Unnamed; click on the name to change it. A configuration can be made available for use by other users by turning on its Public setting. Click on the download icon in the Action column to copy the configuration settings to the Security Profile page. (A configuration can also be copied by selecting its name from the drop-down list on the Registered platforms button.) Click on the delete button to remove the configuration.

Troubleshooting Tips

If the message received is not validated by the Test Tool:
- check that the credentials are correct on the Security Model tab;
- check the time on your Platform server is accurate;
- try using the Start new session option from the Save menu to reset the data; and have the Platform send its message again;
- ensure your JWKS endpoint is publicly accessible.
When trying to open the Test Tool within an iframe and the page is blank, try opening it in a new browser window/tab to see if that works. If it does check that both the Platform and the Tool are using the same schema (e.g. both http or both https) and check the security settings in the browser for cross-origin resource sharing (CORS).
If your service request is not validated by the Tool:
- check the response received (via the View last ervice request button) for any error messages returned;
- check the credentials and service profile are correctly set on the Security Model tab;
- when using a JWT-based security profile ensure that you have first requested an access token with the required scope;
- ensure your service endpoints are publicly accessible.
If the Advanced options are not available, make sure you have used the Sign in option on the Options menu to login with your Google ID.

Further Information

More information about LTI and how to use it can be found in the following sources: