Using LTI for assessments
Through IMS Global Learning Consortium’s Learning Tool Interaction (LTI) standard, LTI users of applications can make use of TAO-designed tests and deliver them to students through an LTI platform, such as the Moodle platform, which is also Open Source.
“The principal concept of LTI is to establish a standard way of integrating rich learning applications (often remotely hosted and provided through third-party services) with platforms like learning management systems, portals, learning object repositories, or other educational environments.” (IMS Global Learning Consortium)
To explain how to connect TAO to an LTI consumer, we will be utilizing the Moodle Open Source project though you could similarly attach TAO to any LTI compliant application.
In this scenario, test authors can use TAO to create their Items and Tests while using the Moodle platform (or any other LMS) to deliver the Tests.
The test-taker tools available in TAO (such as the magnifying glass and the line reader) are also available when tests are delivered via an LTI platform (or LTI consumer), as is the option to do the test on a full screen. The LTI platform (or consumer) can specify which of these tools are available for which test-takers, thus adapting the assessment scenario for students with special needs. See for a list of the tools available.
As an administrator, you must have Administrator privileges for both TAO and the LMS. As a teacher, you must have Teacher privileges in the LMS and Test Delivery privileges in TAO.
The LTI interconnectivity must be set up prior to executing the delivery. There are two LTI versions which TAO supports as ways of delivering TAO assessments. The current version is LTI 1.3, and this version offers greater security. However, as not all platforms support LTI 1.3, TAO continues to support connectivity for both versions.
Follow the steps described below to connect TAO to an LTI platform.
Setting up a TAO delivery via LTI as an LTI Administrator
1. Ensure your TAO instance is configured to allow LTI connectivity.
Regardless of which LTI version you are using, you will need to verify that the ltiDeliveryProvider is installed. Instructions for accessing and installing an extension can be found on the Extensions Manager page.
To allow TAO to be accessed via LTI, hover over the cogs icon in the Assessment Builder Bar, as shown in the image below. If you wish to deliver a test via LTI 1.3, you will need to set up an LTI 1.3 Platform. To deliver a test via LTI 1.1 you will need to set up an LTI Consumer in TAO.
Note: In practice, an LTI Platform and an LTI Consumer are the same thing; ‘Consumer’ is the original IMS term for ‘Platform’, and it has been preserved in TAO for the LTI legacy version (1.1).
Setting up TAO for LTI 1.3
To deliver a test via LTI 1.3, select LTI Platforms from the drop-down menu.
This will take you to the Platforms library. Select the LTI Platform class (folder), and click on Add Platform in the button bank under the library, and fill in the required information, as in the image below.
Because of the added security layers which LTI 1.3 offers, LTI Platforms in TAO require considerably more information than do LTI Consumers. The contents of each field is described below.
Label: As for LTI consumers, you will need to give the new platform a name. This can be anything you like.
Client ID: This can also be anything you like – the important thing is that it can serve as an identifier for your LMS system.
Deployment ID: The deployment ID is generated by the LMS platform, and identifies the specific registration of a tool on the LMS (LTI platform) end. The deployment of a tool defines the contexts in which a tool is made available. For example, a tool may be deployed by an instructor for a single course, or the institution may deploy a tool across the whole institution, both for present and future use.
Audience: This specifies who is allowed to access the TAO delivery. It represents the issuer of the LTI message – the LMS (LTI Platform). The platform sends this value as an “iss” field of the JSON Web Token it generates. The “iss” (issuer) claim identifies the principal that issued the JWT. The “iss” value is a case-sensitive string containing a StringOrURI value. StringOrUri value is a JSON string value, with the additional requirement that while arbitrary string values MAY be used, any value containing a “:” character MUST be a URI.
Oauth Access Token URL: Here, a URL must be provided which generates a short-term access token to the LMS (LTI platform), making it much harder to steal. Note: This feature is the main improvement on LTI 1.1.
OIDC Authentication URL: Messages are redirected to this URL for authentication by the LMS (LTI Platform).
JSON Web Key Sets URL: This is used for a public key exchange, and can be rotated at any point, meaning that even if the private keys get stolen, they can be replaced without having to exchange the keys between the platform and the tool explicitly. It uses asymmetric signatures as it works in conjunction with the private key provided. JWKS is a set of keys containing the public keys used to verify any JSON Web Token (JWT) issued by the authorization server and signed using the RS256 signing algorithm.
The information provided in these fields enables a robust authentication process to take place. When an LTI platform sends a request to TAO in the form of a message, it sends identity information with each message, thus providing TAO with user authentication. This authentication relies on TAO and the LTI platform having various identifiers for each other, and also using public key encryption for signing the messages. The LTI platform cannot access the TAO delivery until this process has been completed.
When you have filled in all the fields, your LTI 1.3 Platform set-up for TAO is complete. Next, go to Step 2 below to configure your LMS – in this case, Moodle.
Setting up TAO for LTI 1.1
To deliver a test via LTI 1.1, select LTI Consumers from the drop-down menu shown above.
This will take you to the consumer library. To add a new consumer, click on Add Consumer in the button bank under the library, as in the image below.
Select the LTI Consumer class (folder), and click on Add Consumer. Name (label) the new consumer, as shown in the image below.
Decide on a key with which to identify the new LTI consumer and enter it in the box OAuth consumer key. (Note: The OAuth consumer key must contain only alphabetical and numeric characters.)
Then click on Create. TAO will generate a secret key corresponding to this consumer in Oauth consumer secret, as shown below. This is generated automatically as a security measure, to ensure that it is sufficiently complex. The new consumer will be asked to provide this key when accessing TAO.
Your LTI 1.1 Consumer is now set up in TAO. Next, go to Step 2 to configure your LMS – in this case, Moodle.
2. Ensure your LMS is correctly configured
The following description of how to configure your LMS so that it can communicate with TAO uses Moodle version 3.7 as an example. If you are using a different LMS (or a different version of Moodle) please refer to the appropriate documentation.
Go to Site Administration on the Moodle platform and then click on the Plugins tab. In the Activity modules section, click on Manage Activities. Go to the External tool and then click on Settings.
To configure TAO in Moodle, click on Add preconfigured tool. Add an appropriate name to the new configuration as the Tool name.
Next enter the Tool URL which will be
/ltiDeliveryProvider/DeliveryTool/launch. (If you don’t know the URL of your TAO installation, return to the TAO back office home, and copy the URL, removing
tao/Main/index from the end. For example, if your TAO home is
http://<hostname or IP>/tao/tao/Main/index, then your root URL would be
http://<hostname or IP>/tao/.)
Configuring the LMS for LTI 1.3
If you’re using LTI 1.3, you’ll need to enter the same information you used in TAO:
- Client ID – same as on the LTI platform registration
- Audience – TAO_ROOT_URL
- Access token URL – TAO_ROOT_URL + /taoLti/Security/oauth
- OIDC initiation URL – TAO_ROOT_URL + /taoLti/Security/oidc
- JWKS URL – TAO_ROOT_URL + /taoLti/Security/jwks
Configuring the LMS for LTI 1.1
Last, enter the Consumer key (OAuth consumer key) you used in TAO and the consumer secret (Oauth consumer secret) which was generated by TAO and then click on Save Changes.
The tool (TAO) and the platform (Moodle) are now configured to communicate with each other, so you are ready to deliver your assessment.
Executing a TAO delivery in your LMS as an LTI Teacher
1. Create and compile a new Delivery within TAO.
Follow the steps used in Create a delivery to create your Delivery. Next, insert the link to the delivery in the corresponding field of your LMS.
If you’re using LTI 1.3 to deliver your test, use the link:
/ltiDeliveryProvider/DeliveryTool/launch1p3?delivery=<delivery_resource_id>. You’ll need to replace the
<delivery_resource_id> part of this link with the ID of your delivery, which is the Published Delivery Id from your TAO delivery, shown in the image below.
If you’re using LTI 1.1 to deliver the test, click on the Delivery you just created and then click on the icon and then copy the Launch URL that this action generates.
2. Deliver the test in your LMS.
If you’re using Moodle, open your course in edit mode, then click on Add an activity or resource. Select External Tool, and click Add.
Give the activity an appropriate name and then paste the URL taken from TAO in the previous step into the Tool URL field. This should produce a green check mark to the right of the URL.
Finally, click Save and then return to the course. Your TAO delivery should now have been added to the Moodle course.
If you’re using a different LMS, follow the instructions provided with it.
3. Test-run the Delivery in your LMS.
Log in using a test account, i.e. a test-taker profile set up for test purposes, to ensure that the delivery works as planned. Select the course and then click on the activity. If everything works as desired, no further action will be required. If not, then you will need to troubleshoot the delivery in TAO, ensuring that it is fully functional.