You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This week over at Desire2Learn, there was some upgrade of something that had a side effect of breaking the security certificate chain for https://online.pcc.edu/d2l/.well-known/jwks, which is the D2L value for $LTI{v1p3}{PublicKeysetURL}. Normally that would also cause problems with access to D2L itself but our local IT people put in place some workaround while D2L tried to fix things (which ultimately took them about 12 hours).
So students were in D2L, where everything seemed to work. But if they followed an LTI link to WeBWorK, they were met with a scary (for them) error page, including:
Error messages
SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /opt/webwork/webwork2/lib/WeBWorK/ContentGenerator/LTIAdvantage.pm line 326.
Context
321: $keyset_str = $db->getSettingValue('LTIAdvantageLMSPublicKey');
322: return decode_json($keyset_str) if $keyset_str;
323: }
324:
325: # Get public keyset from the LMS.
326: my $response = Mojo::UserAgent->new->get($ce->{LTI}{v1p3}{PublicKeysetURL})->result;
327: unless ($response->is_success) {
328: $c->stash->{LTIAuthenError} = 'Failed to obtain public key from LMS: ' . $response->message;
329: return;
330: }
331:
In fact all eternal tools that use LTI 1.3 were similarly not working. But with at least one other tool that I tried at the time (a Zoom meeting management tool), there was a more user friendly error page.
As the recipient of emails addressed to our WW server's "web master", I had dozens of students (from dozens of courses) emailing me that WeBWorK was broken. It was not broken though, nor misconfigured. This was all because of D2L's certificate breaking.
Should we provision an exception for this kind of thing so the students don't see that kind of raw error message? I haven't learned how to code that kind of thing, or I'd give it a try and open a PR.
The text was updated successfully, but these errors were encountered:
This week over at Desire2Learn, there was some upgrade of something that had a side effect of breaking the security certificate chain for https://online.pcc.edu/d2l/.well-known/jwks, which is the D2L value for
$LTI{v1p3}{PublicKeysetURL}. Normally that would also cause problems with access to D2L itself but our local IT people put in place some workaround while D2L tried to fix things (which ultimately took them about 12 hours).So students were in D2L, where everything seemed to work. But if they followed an LTI link to WeBWorK, they were met with a scary (for them) error page, including:
In fact all eternal tools that use LTI 1.3 were similarly not working. But with at least one other tool that I tried at the time (a Zoom meeting management tool), there was a more user friendly error page.
As the recipient of emails addressed to our WW server's "web master", I had dozens of students (from dozens of courses) emailing me that WeBWorK was broken. It was not broken though, nor misconfigured. This was all because of D2L's certificate breaking.
Should we provision an exception for this kind of thing so the students don't see that kind of raw error message? I haven't learned how to code that kind of thing, or I'd give it a try and open a PR.
The text was updated successfully, but these errors were encountered: