Supporting the LTI protocol in KeyCloak

jonnewell · May 5, 2025, 4:02pm

LTI (Learning Tools Interoperability Core Specification 1.3 | IMS Global Learning Consortium) is an IDP initiated protocol that is similar to OIDC. I have some ideas about how this could be supported using server REST endpoints but wanted to ask here to se if anyone has covered this ground previously.

The desire is to support an LTI launch that establishes a KC session and session cookie, and either launches into the target as an OIDC app or and LTI Tool Producer.

Thanks!

xgp · May 13, 2025, 9:42am

Authentication: Platforms in LTI acts as OpenID Providers and LTI Messages are OpenID tokens communicating the End-User’s identity from the platform to the tool using the OpenID third-party initiated login flow. See the IMS Security Framework [SEC-10] for more details.

From that link you posted, it looks like LTI uses OIDC What is different?

Topic		Replies	Views
Encrypted Tokens from 3rd Party IDPs identity-brokering , oidc	0	388	March 1, 2021
Generate ID_Token without login screen Getting advice oidc	0	453	September 23, 2020
Outgoing auth (KC -> other IdP) Private key JWT assertion customisation Getting advice oidc	0	118	May 21, 2024
Service Account creation/authentication using KeyCloak Securing applications	2	397	January 7, 2021
IdP provider - logging /token endpoint response Getting advice identity-brokering , oidc	0	806	February 4, 2022

Supporting the LTI protocol in KeyCloak

Related topics