2

I'm just getting started with D2L and am running into problems.

On the "Getting Started" page, I have completed the first three steps:

1) Acquire an App Key/ID pair from D2L - I have received the App ID and App Key

2) Create a test account in your host LMS - I have created a new user account with the administrator role for testing

3) Choose a client library to work with - I am using the PHP SDK

4) Authenticate with your LMS - This is where I'm running into trouble.

When I use the Getting Started sample: http://samples.valence.desire2learn.com/samples/GettingStartedSample/

And enter my host, app ID and app key and hit on the "Authenticate" button, I get a "This application is not authorized on this LMS instance. Ask your administrator to authorize this application" error.

I am an administrator on my D2L host and I'm not sure how to authorize my own app.

I have tried the following:

  • Navigating to the "Manage Extensibility" page because that's where D2L says my app should be located, but it isn't there.
  • Enabling the API (d2l.Security.Api.EnableApi) under the "DOME" page to no avail.

What am I doing wrong?

Ray
  • 33
  • 3
  • How long has it been since your app key was approved? – Jacob Parker May 30 '13 at 19:05
  • Hi Jacob, thanks for replying. My app key was approved early this week. – Ray May 30 '13 at 20:06
  • 1
    Just to update on this issue, I no longer get the "This application is not authorized on this LMS instance" error. However, when I attempt to login to my D2L subdomain, it doesn't redirect back to the Getting Started sample page. I believe this is because our D2L subdomain is using Shibboleth SSO and thus cannot redirect there. Can someone from D2L verify if this is a problem when using Shibboleth SSO and whether there is an alternative to getting the User ID keys when using this login system? – Ray May 30 '13 at 22:26
  • The authentication process requires that the `?target=` parameter be taken care of, and passed along, through out the process (i.e. it has to be passed along to your Shib IDP, and the Shib IDP has to pass it back to the LMS' callback entry point). If this is not working with your LMS, please open an incident with D2L Customer Support's help desk, and tell them it's a "Valence authentication target parameter issue" -- they will escalate as appropriate and should be able to fix this for you. – Viktor Haag Jun 03 '13 at 13:28

1 Answers1

0

Based on your question and comments, there were two issues here:

  • First is that the list of App ID/Key pairs appropriate for your LMS get regularly fetched by your LMS from the D2L KeyTool service. The schedule for this fetching is once a day; accordingly, if the scheduled task isn't set up, or if your LMS isn't identifying itself properly to the KeyTool service, or if time hasn't yet elapsed after key granting to the next scheduled run of the task, the App won't yet be in your LMS' Manage Extensibility list. It sounds like you no longer have that issue.

  • Second is that the Valence Learning Framework APIs' authentication process (requesting and retrieving a set of user tokens for an LMS user) requires several LMS features to be properly set up: (a) the LMS must be configured to support Deep Linking, (b) the LMS must be set up to handle the ?target= parameter on incoming client URL requests, and curate that parameter throughout the user authentication process.

    In cases where your LMS is not doing the user authentication but depending upon another, third-party IDP (like Shibboleth), any ?target= parameter passed into the login process must be taken care of by the IDP and properly handed back to the LMS after user authentication. In a situation where you have multiple redirections occurring during user authentication, this can involve successive generation of a target parameter, and each generation must re-URL-encode the previous request URL in its entirety (like sticking an envelope inside another envelope, inside yet another envelope).

If your LMS is not properly configured to support these two points, which you might not notice during other operations, then client calls to the Learning Framework APIs won't work because the calling client won't be able to fetch back a set of user tokens.

To solve the second of these issues, you may have to contact D2L's Customer Support desk -- they can verify, and adjust as necessary, the LMS configuration part of this authentication chain. If you're integrating your LMS with other third-party IDP components not administered or deployed by D2L, then you might also need to adjust their configurations: D2L can likely advise on what needs to be done there (curate the target parameter on URls), but cannot adjust the configuration for you in those cases.

Viktor Haag
  • 3,253
  • 1
  • 15
  • 21
  • Thanks again for replying to my questions. I'm going to try and respond to your points here. Apologies in advance for the lack of whitespace! **the App won't yet be in your LMS' Manage Extensibility list. It sounds like you no longer have that issue.** I am still running into this issue. No apps are displayed on the "Manage Extensibility" page. – Ray Jun 04 '13 at 00:24
  • We have a test subdomain on the main desire2learn.com site. However, I'm not sure how to contact D2L's customer support. I've tried opening a bug report on FogBugz, but have not received a reply. The organization I'm working for has tried to put me in contact with a D2L representative, but I haven't been able to contact one yet and a few weeks have passed. I won't be able to try out your second point until I know more details about the install. Specifically about Shibboleth SSO. I'll update this thread when I have more details. – Ray Jun 04 '13 at 00:37
  • This indeed was a configuration problem with the LMS. So if you're getting started, make sure that you have contacted D2L Customer Support to look into your LMS. – Ray Jun 08 '13 at 17:47
  • Yes, quite often the solution is just a simple adjustment to the LMS' configuration with respect to the other services it integrates with. I've amended the answer to add a link to the support help-desk portal: it requires a log-in, so the issue needs sponsoring by a client's "Approved Support Contact", or a D2L account or partner manager. – Viktor Haag Jun 21 '13 at 13:33