SSO-LTI is a simple script which is designed to illustrate how a page protected by an SSO mechanism (such as Shibbloth, CAS, CoSign) can be used to act as an IMS LTI tool consumer and be used to launch LTI tool providers.


The sso-lti script is provided as a prototype which can be deployed as follows:

  1. Unzip the files into a directory which is protected by an SSO provider.
  2. Enter the configuration details in the config.php file: launch URL, consumer key and consumer secret. An optional return URL can be specified.
  3. Navigate to the directory in a browser window. If you have not already authenticated with the SSO provider for this browser session, then you should be redirected to the appropriate login page. After being authenticated, you should be redirected back to the folder and the LTI launch script executed - this should perform an LTI launch request to the endpoint specified in the configuration file.

Assumptions made by this code:

  1. index.php is a default page for directories (otherwise make sure you specify index.php in the URL).
  2. The directory used is otherwise empty; if not, you may wish to rename the index.php to something else (e.g. launch.php) and navigate to this file in your browser.
  3. Users are already provisioned on your system and you have a way of mapping the user ID provided by the SSO to a user account. Alternatively, the code includes comments about passing name and email data which could be obtained from another server (e.g. via LDAP) which would allow user accounts to be provisioned on-the-fly.

Version history

1.0.002 May 2013Initial release


Creative Commons License This work is written by Stephen Vickers and is released under a Creative Commons GNU General Public Licence. The SSO-LTI application is available for download from OSCELOT where it is also possible to report bugs.

Valid XHTML 1.0 Strict