Search the Community
I am curious about how others are setting up their subcatalogs in order to allow for multiple item(index/budget) codes on the payment side?
We are stuck in a limbo where Cashnet is saying that they would need the item codes specified via the payment gateway. On the Catalog side, this appears to require separate domain URLs for each subcatalog. Anyone else using Cashnet and solved this in a different way?
We are applying a vanity URL. Before the proposed change from subaccount path URLs to domain URLs, applying the SSL was pretty straightforward. For the subcatalog domain URLs, we were first told that the subdomain would use hyphens to differentiate, now we are being instructed to use dots so that a wildcard cert can be applied.
Anyone been through this and have any recommendations and/or lessons learned?
Thank you!
The Canvas test environment allows admins and instructors to test real data without affecting the production environment, such as adding users, testing course content, and/or troubleshooting issues. The test environment can also be configured with production-ready features, such as access to an institution's login authentication system.
Note: The test environment may not be available at your institution. If you cannot access the test environment, consider using the Canvas beta environment for testing purposes.
When are new features added to test?
The test environment inherits new and updated features added to the production environment on Monday after the production release. For details, please see What is the Canvas Release Schedule?
Note: Not all tools are available in the test environment. Currently, the following tools are not available in the test environment:
- New Quizzes
- Admin Analytics
How do I access the test environment?
- How do I access the Canvas test environment as an instructor?
- How do I access the Canvas test environment as an admin?
Note: The test environment may not be available at your institution. If you cannot access the test environment, consider using the Canvas beta environment for testing purposes.
What happens to my content in the test environment?
The test environment is updated every third Saturday of the month to align with the production release. Any content added to or modified in the test environment will be overwritten by content in the production environment on the same day as the production release. Test is not available for use when the environment is being refreshed.
Although the test environment is stable and can be used at any time, please note this environment is offered as a courtesy and does not maintain the same availability and uptime as provided for the Canvas production environment.
How do I find out about new features available in test?
If you want to keep up on the latest production features in Canvas, visit the Release Notes page in the Canvas Community.
Upcoming Canvas Changes |
---|
2022-05-25
For more information, please see Upcoming Canvas Changes. |
In this Canvas release (18 June), instructors can include observers when sending messages from the Message Students Who link in the Gradebook.
To view functionality according to user role, please see Canvas Features by User Role.
Screencast | View the New Feature Screencasts page for a compilation of all available videos in this release. All Resources | Features in this release may be included in product blogs and other content areas. For all related links, view the 2022-06-18 Community tag.
|
- New Features
- Gradebook
- Message Observers of Students Who
- Platform/Integration
- Browsers
- Server Name Indication (SNI)
New Features |
Gradebook
Message Observers of Students Who
Beta Environment Availability |
2022-05-16 |
Production Environment Availability |
2022-06-18 |
Affects User Interface |
Yes |
Affected User Roles and Areas |
Instructors, Gradebook |
Related Idea Conversations |
|
Feature Video |
Release Screencast: 2022-06-18 Gradebook Message Observers of Students Who |
Releases Q&A: 2022-06-18 Gradebook Message Observers of Students Who |
Summary
Instructors can include observers when sending messages from the Message Students Who link in Gradebook.
Change Benefit
This update allows instructors to collaborate with observers through targeted communication.
Feature Workflow
In the Gradebook, find the assignment and click the Options icon [1]. Then click the Message Students Who link [2].
By default, Canvas will show names from the Haven't submitted yet category.
In the For students who.. drop-down menu [1], select the category of students you want to message. Based on real-time data, Canvas will show the names of the observers who fall in the category you selected [2]. You can also remove observers from the message by clicking the Remove icon [3].
Additional Details
This feature supports the option to include all observers, specific observers, or only students when sending a message from the Message Students Who link in the Gradebook only. This feature is not available in New Analytics at this time.
Platform/Integration |
Browsers
Server Name Indication (SNI)
Summary
Vanity Canvas URL users may encounter Secure Sockets Layer (SSL) validation errors if their browser or any other tools interacting with Canvas is not Server Name Indication (SNI) compatible. All browser versions listed in the Canvas Basics Guide are SNI compatible.
Change Benefit
This change allows reduced slowness and errors within Canvas. Additionally, this change simplifies the Canvas infrastructure footprint.
Implications
SNI limits the resources that can access Canvas. To access Canvas, users must be using one of the following browser versions:
- Internet Explorer 7 or newer, on Windows Vista or newer.
- Mozilla Firefox 2.0 or later
- Opera 8.0 or newer (TLS 1.1 protocol needs to be enabled)
- Opera Mobile with at least version 10.1 bèta on Android
- Google Chrome (Vista or newer. XP on Chrome 6 or newer)
- OS X 10.5.7 or newer on Chrome 5.0.342.1 or newer
- Safari 2.1 or later (Mac OS X 10.5.6 or newer and Windows Vista or newer)
- Konqueror/KDE 4.7 or newer
- MobileSafari in Apple iOS 4.0 or newer
- Android default browser on Honeycomb or newer
- Windows Phone 7
- MicroB on Maemo
Additional Details
Customers who utilize a vanity URL and use non-SNI compliant resources (e.g. unsupported browsers, automations, etc.) may receive errors when accessing Canvas.
If a user attempts to view their institution’s Canvas account via vanity URL using a non-SNI compliant client, an error may display. Additionally, the error differs from browser to browser.
If institutions with vanity URLs are unable to keep browsers updated, they should use <institution>.instructure.com. If you are unsure of your institution’s non-vanity URL, please contact your Canvas Admin.
Verify Automations
There are two ways users can make sure their automations work:
- Redirect workflows/automations to the <institution>.instructure.com URL.
- Identify and update the software interacting with the vanity domain name
Date | |
---|---|
2022-05-16 | Published Release Notes |
- Tags:
- 2022-06-18
In this production release (October 29), users can expand and collapse the Global Navigation Menu and view all items with a due date in the To Do list. Instructors have a small workflow change for group assignments and can create group assignments with intra-group peer reviews. Admin can create a telephone URL scheme in a custom Help Menu link and add federated attributes to all authentication methods.
For institutions using the Learning Mastery Gradebook, users can view all aligned items for an outcome. For institutions using Multiple Grading Periods, instructors can view additional close date verifications in Assignments, Gradebook CSV files, and Quizzes.
The Groups interface has received some small icon and link changes that affect all users.
Production release notes also include fixed bugs.
Canvas New Feature Screencast (2016-10-29)
Next release schedule:
- Beta release and notes: November 7
- Production release notes: November 14
- Production release and documentation: November 19
Production release notes indicate Canvas updates that will be included with Saturday’s release and are subject to change. New features may differ from those available in your beta environment. Learn more about the Canvas Release Schedule.
- New Features
- Assignments
- Global Navigation
- Updated Features
- Account Settings
- Assignments
- Authentication
- Dashboard
- Groups
- Learning Mastery Gradebook
- Multiple Grading Periods
- Platform/Integration
- API
- Fixed Bugs
- Accessibility
New Features |
Assignments
Intra-Group Peer Reviews
Group assignments supports intra-group peer reviews. This option allows or prevents automatic peer review assignments from within a student's own group. The intra-group peer review option is only available in group assignments when an instructor automatically assign peer reviews.
The default for the Allow intra-group peer reviews checkbox is always set to off, which means Canvas filters out members of the same group when automatically assigning the reviews. However, if the checkbox is selected, Canvas allows submission assignments to be truly random without any regard for group delegation.
The intra-group peer review setting is only available in the Canvas interface. For new group assignments, the setting displays in the peer review section.
Peer reviews require a student to review an individual submission by another student. However, group assignment submissions are made by one group member on behalf of the entire group, and all group members have the same submission.
In peer reviews, group assignments are treated the same as regular assignments and are still assigned by student. As part of automatic peer reviews assignments, the intra-group setting tells Canvas whether or not to consider group membership when assigning peer reviews. For instance, if an assignment is assigned to several groups, and Emily and Jessica are in the same group, selecting the Allow intra-group peer reviews checkbox allows Canvas to potentially assign Emily’s peer review to Jessica. However, if the checkbox is not selected, Emily and Jessica can only be assigned peer reviews from other students in other groups.
Canvas Community contributions:
This change resolves a fixed bug in Canvas:
When an instructor assigned peer reviews to students in a group assignment, members of a group would sometimes receive a peer review from their own group. Canvas code has been updated to only allow intra-group peer reviews if the option is specifically enabled for an assignment.
Global Navigation
Global Navigation Menu Width
The Global Navigation Menu can be manually collapsed to hide the menu text. This update was originally implemented automatically for smaller screen resolutions. When users collapse the menu, the menu persists even if they log out of Canvas or switch browsers. When collapsed, the menu also displays text if a user hovers over an icon.
Canvas Community contributions:
Updated Features |
Account Settings
Custom Help Link Telephone URL Scheme
In the Help Menu, custom help links support the telephone (tel:) URL scheme. A Link URL is required when creating a custom help link, so the telephone URL scheme allows institutions to add a telephone number in the URL field. The Link URL field supports tel:+, followed by the phone number in the internal format (country code, area code, and number).
To display the number directly in the Help Menu, the number should also be added to the link description. In some browsers, the number can also be viewed at the bottom of the browser when hovering over the telephone link.
Additionally, users can use the telephone link to call the number through their computers. When a user clicks the link, the user receives a confirmation alert before the call is placed.
Custom help links can only be viewed in Canvas web browsers. In mobile devices, the Canvas by Instructure app does not display custom help links. However, users may be able to access the telephone link when viewing Canvas in a mobile browser, although mobile browsers are not officially supported by Canvas.
Canvas Community contributions:
Assignments
Group Assignment Menu and New Group Button
In group assignments, the process of creating a new set of groups has been moved from the drop-down menu to an individual button.
Once a group set is either created or selected, the name of the set displays in the assignment.
This change resolves a fixed bug in Canvas:
In group assignments, new group sets can be created by screen reader and keyboard users.
Authentication
Additional Federated Attributes
Open ID, GitHub, Google, Twitter, Microsoft, and Clever authentication support federated attributes, which complements JIT provisioning. When users log into Canvas, more information beyond just ID is passed to Canvas, and that information is associated with their existing user accounts. Additional information includes display name, email, given name, integration ID, locale, name, SIS user ID, sortable name, surname, and time zone. More information can also be found in the Authentication Providers API.
SSO Login Theme Editor Settings
In the Canvas login page, single sign-on (SSO) links inherit settings from the Theme Editor. Links can be updated in the Theme Editor Login section.
Dashboard
To Do List Due Date Items
All items with a due date display in the To Do list. These items include ungraded quizzes and assignments that do not require a submission.
Canvas Community contributions: Assignments appearing in To Do list, , " modifiedtitle="true" title="Ungraded Assignments - To Do List
Groups
Group Navigation Menu Course Link
In groups, the Group Navigation Menu no longer includes the name of the course as a link back to the course home page. Instead, users should access the breadcrumbs links for course access, or they can view the course through the Courses link in the Global Navigation Menu.
Students who create their own groups will also see the Switch Group link in Group Navigation.
Instructor Group Links
When instructors visit a group’s home page, the icon to switch to another group has been expanded to a full link. This change allows instructors to more intuitively access other groups within a group set.
Students who create their own groups will also see the Switch Group link in Group Navigation.
File Status Icons
The Files page within groups does not display the status icon for a file. File statuses could include published, unpublished, or restricted. This change simplifies the Files page since all students in a group can access group files regardless of their status.
Note: If Usage Rights is enabled for a course, Usage Rights also apply to group files. File status icons are available in the Usage Rights settings window, and by default the file is unpublished. The status can be changed in the Usage Rights settings window but the updated status does not appear in the Files page.
This change resolves a fixed bug in Canvas:
When a student added a file to a group and set a file restriction, all other students in the group were able to view the file because all students in the group had the same access to group files. Canvas code has been updated to remove file status icons from the Files page in groups.
Learning Mastery Gradebook
Aligned Outcome Artifacts
Outcomes display all artifacts aligned to an outcome instead of just the last eight artifacts. Artifacts are displayed with the most recently graded artifact listed first.
Canvas Community contributions:
Multiple Grading Periods
Close Date Verification in Assignments, Gradebook CSV Files, and Quizzes
Assignments, assignment groups, Gradebook CSV files, and quizzes validate grading period close dates. Close dates were originally introduced in grading periods in the 2016-10-08 Canvas release. Grading period restrictions only apply to instructors; they do not apply to admins.
Assignments
Instructors cannot delete individual assignments for any student, group, or section in a closed grading period.
If a course includes assignment groups, instructors cannot delete assignment groups if they contain an assignment or quiz for any student, group, or section in a closed grading period. Additionally, instructors cannot move assignments and quizzes that are part of a closed grading period to another assignment group. However, instructors can move open assignments and quizzes to another assignment group.
Assignment Group Settings
Assignment group weights can only be managed through the Assignments page. Once an assignment group has any assignments in a closed grading period, instructors cannot change any assignment group settings, including assignment group weights, drop rules, and whether or not assignment groups are weighted. When settings can no longer be edited, the assignment group settings window is grayed out. Instructors can still view the assignment group weights and drop rules, if any.
Gradebook CSV Files
The Gradebook verifies grading periods as part of a CSV upload. Grades cannot be changed for an assignment in a grading period. If grades have been changed for an assignment in a closed grading period, Canvas generates an error message after the CSV upload has completed. This behavior also considers differentiated assignments when verifying uploaded files.
Quizzes
Instructors cannot delete quizzes for any student, group, or section in a closed grading period.
If a course includes quiz groups, instructors cannot delete quiz groups if they contain a quiz for any student, group, or section in a closed grading period. Additionally, instructors cannot move quizzes that are part of a closed grading period to another quiz group. However, instructors can move open quizzes to another quiz group as necessary.
Note: Discussions currently do not apply to grading periods and will be updated in a future release.
Platform/Integration |
API
For details about using Canvas APIs, please see the Canvas API Policy page.
SIS Integration API
The SIS Integration API lists user override data for assignments in Canvas.
Fixed Bugs |
Accessibility
Calendar
When expanded by a keyboard or screen reader, the Undated Items list retains focus in the Undated Items button.
Discussions
In discussions, timestamps do not include escaped HTML.
Global Navigation
Each item link in the Global Navigation Menu retains focus with a solid outline.
Modules
In the instructor view, each form element in the Modules page includes a label for screen readers.
The module sequence footer for previous and next links includes a navigation aria role for screen readers.
Multiple Grading Periods
When a grading period cannot be edited, appropriate buttons are disabled for both keyboard and screen readers.
Quizzes
Quiz statistics includes a description of the statistics bars to screen readers.
Theme Editor
The CSS/JS Upload fields display text as ic-font-color-dark instead of gray light, which improves the color contrast.
API
Assignments API
In the Assignments API, the assignment[grading_type] defaults to points if the field is omitted, and external tool assignments always appear in the Gradebook.
Explanation: When a SCORM package was imported as an ungraded assignment, the assignment displayed in the Gradebook. This behavior occurred because a SCORM assignment requires an external submission type to launch the LTI, which cannot be set to not_graded. Canvas code has been updated to modify the Assignments API documentation and clarify that the assignment[grading_type] defaults to points if the field is omitted from the API call.
Courses API
The Courses API includes the total number of students in a section.
Explanation: When a user tried to use the section parameter to view total students with includes[]=total_students, the parameter did not return a result. Canvas code has been updated to correct the section parameter for total students.
Enrollments API
When an instructor gives zero points for a manually graded quiz question, submissions are marked as complete and recomputed once a manually graded quiz question has been graded, even if the score does not change.
Explanation: If an instructor gave zero points for manually graded quiz questions, the grades in the Enrollments API would not update until a new assignment was graded. This behavior affected institutions who used the Enrollments API to pull grades. Canvas code has been updated to mark submissions as complete in the API once a manually graded quiz question has been graded and recompute grades even if the score does not change.
Assignments
Assignment Grading and External Tool Submission Types
When an instructor grades an external tool submission, Canvas does not change the submission type.
Explanation: When a student submits an external tool submission and the instructor grades the submission, the submission type changed and did not allow previews of the submission. Canvas code has been updated to retain the submission type when grading external tools.
Differentiated Assignments
Instructors can create differentiated assignments for all students enrolled in a course.
Explanation: When an instructor created an assignment with differentiated due dates, instructors were not able to assign a due date to students whose enrollments were located in another account through a trust setup. Canvas code has been updated to save due dates for differentiated assignments.
Dropbox LTI
Files submitted through the DropBox LTI do not override previous submissions.
Explanation: If a student submitted a file through the Dropbox LTI for an assignment submission and then submits the same file to a different assignment, the first submission is deleted from the student’s submissions folder and SpeedGrader and not downloadable. Canvas code has been updated to not overwrite files by adding a suffix to the second file submission.
Calendar
All-Day Events and Daylight Savings Time
All-day calendar events retain their all-day status when dragged across a daily savings time boundary.
Explanation: When an all-day calendar event was dragged to a date on the other side of a daylight savings time boundary, the event lost its all-day status and changes to a time slot in the same date. Canvas code has been updated to retain all-day statuses when dragging calendar events.
Calendar Exports and Date Adjustments
Course exports with shifted calendar dates display all calendar events in ICS files.
Explanation: When a course was imported and assignment due dates were adjusted, calendar events did not show up correctly in ICS exports. Canvas code has been updated to retain dates in course copies and exported ICS files.
Conversations
Unpublished Files and Conversation Attachments
If a conversations file attachment is unpublished, the recipient receives a message stating the file is unpublished or locked.
Explanation: When a user includes a file attachment in a conversation but the attachment is unpublished or locked, the page would refresh when the user tried to view the link to the attachment. Canvas code has been updated to display a message to the recipient stating that the file is unpublished or locked.
Course Import
Module Placement
Imported modules are placed after any existing modules.
Explanation: When a user created multiple courses with modules and imported one course into the other, the modules were intermixed in the new course. Canvas code has been updated to place imported modules after any existing modules in a course.
Numerical Answer Quizzes and Answer Settings
In Numerical Answer quiz questions, the Answer with Precision quiz setting is retained in course copies.
Explanation: When an instructor created a Numerical Answer quiz question with the Answer with Precision quiz setting, importing the quiz into another course changed the quiz to the Answer in the Range quiz setting. This behavior also affected QTI and IMSCC imported files. Canvas code has been updated to retain the Answer with Precision setting.
Question Banks
Question banks can be re-imported to a course without error.
Explanation: When a question bank was imported into a course, updated, and imported again, the question bank generated an error message. Canvas code has been updated to fix imports with question banks. This change was deployed to production on October 25.
Rich Content Editor Feature Option and File Links
When the Use remote version of Rich Content Editor and sidebar feature option is enabled, page URLs in copied courses retain their association with the current course.
Explanation: When the Use remote version of Rich Content Editor and sidebar feature option was enabled, file links added via the Rich Content Editor retained the file ID after migration. This behavior caused instructors to relink each file within a page since students did not have access to the parent course. Canvas code has been updated to retain URLs added through the Rich Content Editor with the current course.
Rich Content Editor Feature Option and Vanity URL Links
When the Use remote version of Rich Content Editor and sidebar feature option is enabled, inserting a link from the sidebar in Pages or the Syllabus does not affect institutions with vanity URLs.
Explanation: When the Use remote version of Rich Content Editor and sidebar feature option was enabled, inserting a link from Pages or the Syllabus affected institutions with vanity URLs. if an institution had an account with a Canvas URL (e.g. yourdomain.instructure.com) and a separate vanity URL (e.g. www.yourdomain.com), and a user inserted a link from the sidebar in the Canvas URL site, the link would not work when viewed in the vanity URL site. Canvas code has been updated to correct sidebar links added through the Rich Content Editor sidebar and viewed in a course from a vanity URL. This change does not affect existing links in courses.
Dashboard
Multiple Grading Periods and Trust Accounts
Students can view Grades in the Dashboard if their course is in another account and uses Multiple Grading Periods.
Explanation: When an instructor used Multiple Grading Periods in a course, and a student’s course was located in another account through a trust setup, the student was not able to view the Grades page in the Dashboard of the main account. Canvas code has been updated to display grades from courses using Multiple Grading Periods in a course in another account.
Files
Submission Folder and Trust Accounts
Students can view and download files in their Submissions folder even if the submissions are for a course in another account.
Explanation: When a student was enrolled in a course in another account through a trust setup and tried to view or download the file in their Submissions folder, the folder generated a page error. Canvas code has been updated to allow students to view and download all assignments in the Submissions folder regardless of course location.
Global Navigation
Help Menu Resizing
The Help Menu cannot be resized outside of the menu window.
Explanation: When a user clicked the Ask Your Instructor a Question link or the Report a Problem link in the Help Menu, the user was able to resize the message field so it stretched outside the menu window. Canvas code has been updated to restrict the width of the message field to the width of the Help Menu.
Modules
Move-To Setting Option
Instructors can use the Move To option to move module items.
Explanation: When an instructor created a new module and opened the Settings menu, the Move To option did not move a module item until the page was refreshed. Canvas code has been updated to move module items without requiring a page refresh.
Notifications
Inactive Students and Unmuted Assignments
Inactive students in sections with course override dates do not receive notifications about unmuted assignments.
Explanation: When a student’s enrollment was changed to Inactive, the student was still receiving notifications for assignments that were unmuted. This behavior affected students enrolled in a section with a course override date. Canvas code has been updated to not send assignment notifications to inactive users.
Public Courses
When a user clicks a notification that was sent from a public course and then logs into Canvas, the notification link redirects to the item shown in the notification.
Explanation: When an instructor created an announcement or discussion on a public course, any student who received the notification and authenticated through Canvas was redirected to the general page for the item, not the specific item shown in the notification. Canvas code has been updated to redirect users to the notification item after logging in to Canvas.
Scheduler Appointments
Notifications are not sent to students for Scheduler appointments in published courses with student access restrictions.
Explanation: When an instructor created a Scheduler appointment in a published conference with student access restrictions, notifications were being sent to students, even though they did not have access to the course. Canvas code has been updated to verify the enrollment state for a student before sending notifications.
Permissions
Course Sections
Users cannot remove a student from a course section unless the users have the Add/remove students from the course permission.
Explanation: When a user was given the permission to Add/remove other teachers but not the permission to Add/remove students, the user was able to remove students from the course using the Sections page in Course Settings. Canvas code has been updated to only allow users to remove students from a course section if the user have the permission to Add/remove students for the course.
SIS
Date Adjustments and the Calendar
When an assignment is moved from one day to another in the Calendar, the assignment’s Post Grade to SIS option is retained as part of the assignment date change.
Explanation: When an assignment was moved from one day to another in the Calendar, the assignment’s Post Grade to SIS option was removed from the assignment and set to the SIS default setting for the account. Canvas code has been updated to retain the Post Grade to SIS option for assignments changed in the Calendar.
PowerSchool and Quizzes
Quizzes can be posted to PowerSchool through the Gradebook.
Explanation: When an instructor tried to post grades to PowerSchool, the Post Grades window did not capture any quizzes. Canvas code has been updated to post grades for quizzes that have the Post to SIS option enabled in the quiz settings.
- Tags:
- account settings
- assignments
- authentication
- canvas
- canvas production
- canvas release
- custom help links
- dashboard
- global navigation
- grading periods
- group files
- groups
- learning mastery gradebook
- mgp
- multiple grading periods
- outcomes
- peer reviews
- release notes
- sso
- theme editor
- to-do list
Hi!
I work at a university that is using the Canvas LMS. The current instance of Canvas uses cloud hosting via Instructure themselves (AWS, I reckon). Since we are using this solution, the url to our instance is something along the lines of <universityname>.instructure.com. This has proven to be a bit confusing for students since they are used to accessing university related content on url:s such as <universityname>.com/cool-endpoint.
Is there any way to make a cloud hosted version of Canvas into a subdomain of the university in some more or less virtual way or is self-hosting the only solution?
- Labels:
-
Standards
Kommande ändringar i Canvas |
---|
2022-05-25
Se Kommande ändringar i Canvas för mer information. |
I den här Canvas-versionen (18 juni) kan lärare inkludera observatörer när de skickar meddelanden från länken Meddela Studenter som i omdömesboken.
Se Canvas-funktioner efter roll för att visa funktioner efter användarroll.
Skärminspelning | Se sidan Skärminspelningar av nya funktioner för att få en sammanställning av tillgängliga videor i den här versionen. Alla resurser | Funktionerna i den här versionen kan vara inkluderade i produktbloggar och i andra innehållsområden. För alla relaterade länkar, se community-taggen 2022-06-18.
|
- Nya funktioner
- Omdömesbok
- Skicka meddelande till observatörer för studenter som
- Plattform/Integration
- Webbläsare
- Servernamnindikation (SNI)
Nya funktioner |
Tillbaka till tabell över innehåll
Omdömesbok
Skicka meddelande till observatörer för studenter som
Betamiljöns tillgänglighet |
2022-05-16 |
Produktionsmiljöns tillgänglighet |
2022-06-18 |
Berör användargränssnittet |
Ja |
Berörda användarroller och områden |
Lärare, omdöme |
Konversationer om releterad idé |
|
Funktionsvideo |
Skärminspelning av version 2022-06-18 Meddela observatörer för studenter som, i omdömesboken |
Vanliga frågor om versioner: 2022-06-18 Meddela observatörer för studenter som, i omdömesboken |
Sammanfattning
Lärare kan inkludera observatörer när de skickar meddelanden från länken Meddela Studenter som i omdömesboken.
Ändringsfördel
Med den här uppdateringen kan lärare samarbeta med observatörer via inriktad kommunikation.
Funktionsarbetsflöde
Leta upp uppgiften i omdömesboken och klicka på ikonen Alternativ [1]. Klicka sedan på länkenMeddela studenter som[2].
Som standard visar Canvas namn från kategorin Har ännu inte lämnat in.
I rullgardinsmenyn För studenter som.. [1], välj studentkategorin du vill meddela. Baserat på realtidsdata visar Canvas namnen på observatörer i kategorin du valde [2]. Du kan även ta bort observatörer från meddelandet genom att klicka på ikonen Ta bort [3].
Mer information
I den här funktionen finns alternativ att inkludera alla observatörer, specifika observatörer eller endast studenter när du skickar ett meddelande från länken Meddela studenter som (endast i omdömesboken). Den här funktionen är inte tillgänglig i New Analytics för närvarande.
Plattform/Integration |
Tillbaka till tabell över innehåll
Webbläsare
Servernamnindikation (SNI)
Sammanfattning
Vanity Canvas URL-användare kan få SSL-valideringsfel (Secure Sockets Layer) om deras webbläsare eller andra verktyg som interagerar med Canvas inte är kompatibla med servernamnindikatorn (SNI). Alla webbläsare som är listade i guiden Grunderna i Canvas är SNI-kompatibla.
Ändringsfördel
Den här ändringen bidrar till minskad slöhet och fel i Canvas. Dessutom förenklar den här ändringen Canvas-infrastrukturens fotavtryck.
Konsekvenser
SNI begränsar antalet resurser som kan ansluta till Canvas. Användare måste använda en av följande webbläsarversioner för att ansluta till Canvas.
- Internet Explorer 7 eller senare, på Windows Vista eller senare.
- Mozilla Firefox 2.0 eller senare
- Opera 8.0 eller senare (TLS 1.1-protokoll måste aktiveras)
- Opera Mobile version 10.1 (beta) på Arnold eller senare
- Google Chrome (Vista eller senare. XP på Chrome 6 eller senare)
- OS X 10.5.7 eller senare på Chrome 5.0.342.1 eller senare
- Safari 2.1 eller senare (Mac OS X 10.5.6 eller senare och Windows Vista eller senare)
- Konqueror/KDE 4.7 eller senare
- MobileSafari på Apple iOS 4.0 eller senare
- Standardwebbläsare för Android på Honeycomb eller senare
- Windows Phone 7
- MicroB på Maemo
Mer information
Kunder som använder Vanity-URL:er och resurser som ej är kompatibla med SNI (t.ex. webbläsare som inte stöds, automatiseringar m.m.) kan råka ut för fel när de ansluter till Canvas.
Om en användare försöker visa sin institutions Canvas-konto med en Vanity-URL via en ej SNI-kompatibel klient kan ett felmeddelande visas. Felmeddelandet kan dessutom variera beroende på webbläsaren.
Om lärosäten med Vanity-URL:er inte kan hålla webbläsare uppdaterade bör de använda .instructure.com. Om du inte känner till ditt lärosätes icke-Vanity-URL ska du kontakta din Canvas-administratör.
Verifiera automatiseringar
Användare kan kontrollera att deras automatiseringar fungerar på två sätt:
- Omdirigera arbetsflöden/automatiseringar till .instructure.com URL.
- Identifiera och uppdatera programvaran som interagerar med Vanity-domännamnet
Ändringslogg för versionsinformation
Tillbaka till tabell över innehåll
Datum | |
---|---|
2022-05-16 | Publicerad versionsinformation |
Kommende Canvas-endringer |
---|
25.05.2022
For mer informasjon, se Kommende Canvas-endringer. |
I denne Canvas-distrubusjonen (18. Juni) kan instruktører inkludere observatører når de sender meldinger fra lenken Send melding til studenter som i Karakteroversikten.
For å se funksjonalitet i henhold til brukerrolle, se Canvas-funksjoner etter brukerrolle.
Screencast | Se siden Nye funksjoner for Screencast for en samling av alle tilgjengelige videoer i denne utgivelsen. Alle ressurser | Funksjoner i denne utgivelsen kan inkluderes i produktblogger og andre innholdsområder. For alle relaterte lenker, se 18.06.2022 Community-tag.
|
- Nye funksjoner
- Vurderingsoversikt
- Send melding til observatører av studenter som
- Plattform/integrasjon
- Nettlesere
- Servernavnindikasjon (SNI)
Nye funksjoner |
Tilbake til innholdsfortegnelsen
Vurderingsoversikt
Send melding til observatører av studenter som
Tilgjengelighet for betamiljø |
16.05.2022 |
Tilgjengelighet for produksjonsmiljø |
18.06.2022 |
Påvirker brukergrensesnitt |
Ja |
Berørte brukerroller og områder |
Instruktører og karakteroversikt |
Samtale om relaterte idéer |
«Send melding til OBSERVATØRER av studenter som …» i karakteroversikt! |
Funksjonsvideo |
Slipp Screencast: 18.06.2022 Send melding til observatører av studenter som |
Utgivelser Q&A: 18.06.2022 Send melding til observatører av studenter som |
Sammendrag
Instruktører kan inkludere observatører når de sender meldinger fra lenken Send melding til studenter som i Karakteroversikt.
Fordeler med endringen
Denne oppdateringen lar instruktører samarbeide med observatører gjennom målrettet kommunikasjon.
Funksjon arbeidsflyt
Finn oppgaven i Karakteroversikt og klikk på Alternativer-ikonet [1]. Klikk deretter på Send melding til studenter som-lenken [2].
Som standard vil Canvas vise navnene fra kategorien Har ikke levert ennå.
I rullegardinmenyen For studenter som … [1] velger du kategorien med studenter du vil sende melding til. Basert på sanntidsdata vil Canvas vise navnene på observatører som faller innenfor kategorien du valgte [2]. Du kan også fjerne observatører fra meldinger ved å klikke på Fjern-ikonet [3].
Ekstra detaljer
Denne funksjonen støtter alternativet for å inkludere alle observatører, spesifikke observatører eller bare studenter når du sender en melding fra lenken Send melding til studenter som, kun i Karakteroversikten. Denne funksjonen er ikke tilgjengelig i Nye analyser på dette tidspunktet.
Plattform/integrasjon |
Tilbake til innholdsfortegnelsen
Nettlesere
Servernavnindikasjon (SNI)
Sammendrag
Vanity Canvas URL-brukere kan støte på Secure Lockets Layer (SSL)-valideringsfeil hvis nettleseren eller andre verktøy som samhandler med Canvas ikke er Servernavnindikasjon (SNI)-kompatibel. Alle nettleserversjoner på listen i Canvas Basics Guide er SNI-kompatible.
Fordeler med endringen
Denne endringen gir mindre treghet og færre feil i Canvas. I tillegg forenkler denne endringen fotavtrykket til Canvas’ infrastruktur.
Implikasjoner
SNI begrenser ressurser som kan få tilgang til Canvas. For å få tilgang til Canvas må brukere bruke en av følgende nettleserversjoner:
- Internet Explorer 7 eller nyere, på Windows Vista eller nyere.
- Mozilla Firefox 2.0 eller senere
- Opera 8.0 eller nyere (TLS 1.1-protokoll må være aktivert)
- Opera Mobile med versjon 10.1 bèta eller nyere på Android
- Google Chrome (Vista eller nyere. XP på Chrome 6 eller nyere)
- OS X 10.5.7 eller nyere på Chrome 5.0.342.1 eller nyere
- Safari 2.1 eller senere (Mac OS X 10.5.6 eller nyere og Windows Vista eller nyere)
- Konqueror/KDE 4.7 eller nyere
- MobileSafari i Apple iOS 4.0 eller nyere
- Android standard nettleser på Honeycomb eller nyere
- Windows Phone 7
- MicroB på Maemo
Ekstra detaljer
Kunder som bruker en vanity-lenker og bruker ikke-SNI-kompatible ressurser (f.eks. nettlesere som ikke støttes, automatiseringer, osv.) kan motta feilmeldinger når de forsøker å åpne Canvas.
Hvis en bruker forsøker å se Canvas-kontoen til sin institusjon via vanity-lenker ved å bruke en ikke-SNI-kompatibel klient, kan det vises en feilmelding. I tillegg er feilen forskjellig fra nettleser til nettleser.
Hvis institusjoner med vanity-lenker ikke klarer å holde nettlesere oppdatert, bør de bruke .instructure.com. Hvis du er usikker på institusjonens ikke-vanity-lenke, ta kontakt med din Canvas-administrator.
Bekreft automatiseringer
Det er to måter brukere kan sikre at automatiseringene fungerer:
- Omdiriger arbeidsflyter/automatiseringer til .instructure.com URL.
- Identifiser og oppdater programvaren som samhandler med vanity-domenenavnet.
Utgivelsesnotater endringslogg
Tilbake til innholdsfortegnelsen
Dato | |
---|---|
16.05.2022 | Publiserte utgivelsesnotater |
Aanstaande Canvas-wijzigingen |
---|
25-5-2022
Zie Aanstaande Canvas-wijzigingen voor meer informatie. |
In deze Canvas-release (van 18 juni) kunnen cursusleiders waarnemers opnemen bij het versturen van berichten via de link "Bericht naar cursisten die" in de Cijferlijst.
Zie Canvas-functies per gebruikersrol voor informatie over de functionaliteit per gebruikersrol.
Screencast | Ga naar de pagina Nieuwe functie Screencasts voor een overzicht van alle beschikbare video's in deze release. Alle bronnen | Functies in deze release kunnen zijn opgenomen in productblogs en andere inhoud. Zie de Community-tag van 2022-06-18 voor alle gerelateerde links.
|
- Nieuwe functies
- Cijferlijst
- Bericht naar waarnemers van cursisten die
- Platform/integratie
- Browsers
- Server Name Indication (SNI)
Nieuwe functies |
Cijferlijst
Bericht naar waarnemers van cursisten die
Beschikbaarheid voor bèta-omgeving |
16-5-2022 |
Beschikbaarheid voor productie-omgeving |
18-6-2022 |
Van invloed op gebruikersinterface |
Ja |
Relevante gebruikersrollen en gebieden |
Cursusleiders, Cijferlijst |
Gesprekken over gerelateerde ideeën |
"Bericht naar WAARNEMERS van cursisten die..." in Cijferlijsten! |
Functievideo |
Release-screencast: 18-6-2022 Cijferlijst - Bericht naar waarnemers van cursisten die |
Releases Q&A: 18-6-2022 Cijferlijst - Bericht naar waarnemers van cursisten die |
Samenvatting
Cursusleiders kunnen waarnemers opnemen bij het versturen van berichten via de link "Bericht naar cursisten die" in Cijferlijst.
Voordeel van de wijziging
Met deze update kunnen cursusleiders samenwerken met waarnemers via gerichte communicatie
Functiewerkstroom
Zoek in de Cijferlijst naar de opdracht en klik op het pictogram voor opties [1]. Klik vervolgens op de link Bericht naar cursisten die (Message Students Who) [2].
Standaard geeft Canvas namen weer uit de categorie Hebben nog niets ingeleverd.
Selecteer in de vervolgkeuzelijst Voor cursisten die... (For students who...) [1] de categorie cursisten die je een bericht wilt sturen. Canvas geeft op basis van real-time gegevens de namen weer van de waarnemers in de categorie die je hebt geselecteerd [2]. Je kunt waarnemers uit het bericht verwijderen door te klikken op het pictogram voor verwijderen [3].
Aanvullende details
Deze functie ondersteunt de optie om alle waarnemers, specifieke waarnemers of alleen cursisten op te nemen bij het sturen van een bericht via de link "Bericht naar cursisten die" in de Cijferlijst. Deze functie is momenteel niet beschikbaar in Nieuwe analyse.
Platform/integratie |
Browsers
Server Name Indication (SNI)
Samenvatting
Gebruikers van een vanity Canvas-URL kunnen te maken krijgen met SSL-validatiefouten (Secure Sockets Layer) als hun browser of andere tool die voor Canvas wordt gebruikt, niet compatibel; is met SNI (Server Name Indication). Alle vermelde browserversies in de Basishandleiding van Canvas zijn compatibel met SNI.
Voordeel van de wijziging
Deze wijziging maakt Canvas sneller en zorgt voor minder fouten. Bovendien wordt hiermee de voetafdruk van de Canvas-infrastructuur vereenvoudigd.
Implicaties
SNI zorgt voor een beperking van de bronnen die toegang hebben tot Canvas. Voor toegang tot Canvas moeten gebruikers een van de volgende browserversies hebben:
- Internet Explorer 7 of nieuwer op Windows Vista of nieuwer.
- Mozilla Firefox 2.0 of hoger
- Opera 8.0 of hoger (TLS 1.1-protocol moet zijn ingeschakeld)
- Opera Mobile met minimaal versie 10.1 bèta op Android
- Google Chrome (Vista of nieuwer; XP op Chrome 6 of nieuwer)
- OS X 10.5.7 of nieuwer op Chrome 5.0.342.1 of nieuwer
- Safari 2.1 of hoger (Mac OS X 10.5.6 of nieuwer en Windows Vista of nieuwer)
- Konqueror/KDE 4.7 of nieuwer
- MobileSafari in Apple iOS 4.0 of nieuwer
- Android-standaardbrowser op Honeycomb of nieuwer
- Windows Phone 7
- MicroB op Maemo
Aanvullende details
Klanten die gebruikmaken van een vanity-URL en van niet-SNI-compatibele (zoals nie4t-ondersteunde browsers, automatisering, etc.) kunnen een foutbericht te zien krijgen wanneer ze Canvas openen.
Als gebruikers proberen het Canvas-account van hun organisatie te openen via een vanity-URL op een client die niet SNI-compatibel is, kan er een fout worden weergegeven. Bovendien verschilt het foutbericht van browser tot browser.
Als organisaties met vanity-URL's browsers niet bijgewerkt kunnen houden, moeten ze .instructure.com gebruiken. Als je niet precies weet wat de niet-vanity-URL van je organisatie is, neem dan contact op met je Canvas-beheerder.
Automatiseringen verifiëren
Gebruikers kunnen er op twee manieren voor zorgen dat hun automatiseringen werken:
- Workflows/automatiseringen doorsturen naar de URL .instructure.com.
- De software vaststellen en bijwerken die communiceert met de vanity-domeinnaam
Wijzigingenlogboek Releaseopmerkingen
Datum | |
---|---|
16-5-2022 | Gepubliceerde releaseopmerkingen |
- For Canvas admins:
- What is changing?
- How is this change being communicated?
- For LTI 1.3 tool developers:
- What is changing?
- What is the OIDC Auth Endpoint?
- Why is it changing?
- What will you need to change?
- What are the consequences of not making this change?
- When is this change happening?
- Who is behind this change?
- LTI Platform Storage Overview and Support Update
Canvas is changing its LTI 1.3 OIDC Auth domain to align with security practices and to support the new LTI 1.3 Platform Storage specification. This specification lets LTI tools function when browsers disable cross-site 3rd-party cookies. LTI 1.3 tool developers, read on for an implementation guide and the full status of Platform Storage support. These are not breaking changes.
For Canvas admins:
What is changing?
We are asking tool developers to update some of the Canvas URLs that they store in their tool configuration. The old URLs will continue to work, but updating will prevent future possible issues with LTI Tools and the Content Security Policy feature, and will allow tools to take advantage of a new 1EdTech LTI 1.3 specification called Platform Storage.
Platform Storage is an 1EdTech LTI specification that allows tools to function when browsers disable cross-site cookies. Until now, tools launching from Canvas have relied on cookies to store information. Browsers have been locking down this behavior to protect users from marketing and ill-intentioned uses. Since tools have a valid need for these cookies, we have enabled a way for them to store information with Canvas instead of as a cookie, so they are not impacted.
As a Canvas administrator, this change will only require work on your part if you have LTI 1.3 tools configured for your account that you needed to configure yourself. For example, if you installed an LTI 1.3 tool and as part of the setup you had to enter URLs from Canvas like the OIDC Auth endpoint or Public JWKs URL, then you will need to update those URLs in the tool's configuration. Specific steps can be found in the "What will I need to change?" section below.
Otherwise, this won't require any work on your part! LTI 1.3 tool providers wishing to use Platform Storage will need to implement the specification on their side in order to allow them to continue working when cross-site cookies are disabled, but those changes should not require any modifications from within Canvas. You will need to work with the tool providers directly to learn more about their plans to implement this specification.
On August 19, 2023 (July 17 for Beta), the Platform Storage API will be fully supported by Canvas, and the OIDC Auth endpoint and other 1.3 configuration URLs recommended in our API docs will change. No existing LTI 1.3 behavior will break after those dates, and tools do not need to switch endpoints before those dates. We recommend that all 1.3 tools move to use these endpoints as soon as possible, but will not be enforcing the change at this time.
If you’re curious, you are more than welcome to read the rest of the article to understand the context behind these changes!
How is this change being communicated?
In addition to being posted here, notices that link to this article will be posted in our API Docs, on the Developer Keys page in Canvas, in the Canvas release notes, and sent to our LTI partners. You are welcome to contact your tool providers to make sure they have seen this information and learn more about their plans to implement the feature.
If you have questions about this process, please contact Instructure support through the normal avenues and be sure to mention LTI Platform Storage.
For LTI 1.3 tool developers:
What is changing?
The domain of the OIDC Auth endpoint and other Canvas endpoints used in configuring LTI 1.3 tools is changing from canvas.instructure.com
to sso.canvaslms.com
. The reasoning behind this change and the exact modifications you will need to make are all documented below. You can make these changes at any point starting now.
In addition, the 1EdTech specification for Platform Storage will be fully supported in Canvas on August 19, 2023 (July 17 for Beta) for LTI 1.3 tools. Canvas already supports most of this specification, and tools are already developing against it. An overview of the spec and a full implementation progress update is laid out at the end of this article.
Updating the OIDC Auth endpoint is required to fully implement the 1EdTech specification for Platform Storage. This feature is not supported in LTI 1.1, so we want to take this opportunity to encourage you to begin your migration to LTI 1.3 if you have not yet. We are continuing to develop new and exciting features for LTI 1.3 and it will be the go-forward specification. Note that there is not a sunset date for LTI 1.1 at this time and we are committed to providing 12 months of full support after a date is announced as well as an additional 12 months after that where the code is still available though not fully supported.
What is the OIDC Auth Endpoint?
It's a canvas endpoint that usually looks like https://canvas.instructure.com/api/lti/authorize_redirect
that tools redirect to during the LTI Launch process. The LTI 1.3 Launch flow is built on the OIDC (Open ID Connect) spec, which uses the OAuth 2 Client Credentials flow to securely give credentials (in this case, the LTI launch parameters) to a trusted source (the LTI tool). During tool "registration", or the process of creating a trusted relationship between Canvas and a tool using an LTI Developer Key, the tool is required to store some Canvas-specific configuration variables, one of which is the OIDC Auth endpoint.
Why is it changing?
The canvas.instructure.com domain is not only used for OIDC authentication and redirection, but also for our Free for Teacher offering that lets anyone try Canvas for free. As you can imagine, this free domain comes with both happy users and a lot of spam. The main impetus for this change is to separate the distinct functions of 1) a central, authentication-related domain and 2) an actual Canvas instance open to the public.
The need for this change was emphasized by problems with two separate features, stemming from the browser security feature called the Content Security Policy. The CSP Header helps to mitigate XSS (Cross-Site Scripting) attacks on one domain from another. As you will see, these aren’t capital-P problems like “Canvas doesn’t protect against XSS attacks”, but are instead reinforcements to existing security.
- Canvas supports configuring this header at the root account level, so that institutions can allow only certain websites to be rendered inside
<iframe>
elements in Canvas. Domains for installed LTI tools are automatically added to this list, but the LTI 1.3 launch flow also requires the OIDC Auth domain (ie,canvas.instructure.com
) to be added to this list. - The LTI Platform Storage spec (more on this at the end if you aren't familiar with it) requires that tools send Javascript postMessages to Canvas using the OIDC Auth endpoint for the target origin. This requires a message listener running on that domain, which makes for an interesting engineering puzzle. Since Canvas is a multi-tenant application and domains vary by institution, this required work on our side. The spec allows a platform like Canvas to direct tools to send postMessages to a specific named browser frame, which helps to solve this specific problem. However, rendering this listener frame also requires the OIDC Auth domain to be added to the CSP list.
This is where the duties of canvas.instructure.com
start to work against one another. As the OIDC Auth domain, it's required to be present in the CSP header so that it can serve content inside iframes in Canvas. But, as the Free for Teacher domain, there is a lot of content that it serves that can be spammy or even malicious. We aren't comfortable making that tradeoff and don't want to enable content from canvas.instructure.com
to be served to every other Canvas institution.
Enter sso.canvaslms.com
, a newer domain that performs just the right function we need - centralized authentication and SSO login. This domain has been around for a while, and presented the perfect solution to this CSP dilemma. Content served from this domain is only from Instructure, and so can be confidently added to the CSP header, and used as the new OIDC Auth endpoint for all LTI 1.3 tools moving forward.
What will you need to change?
Right off the bat, it's crucially important to note that the Issuer Identifier (iss) is not changing. That will continue to be canvas.instructure.com
, since that is a unique identifier for Canvas as an LTI Platform, and not actually a URL.
Other than that, any Platform-related URLs that live in your tool's datastore that use canvas.instructure.com
should switch to using sso.canvaslms.com
.
URLs that will change:
- The OIDC Auth endpoint, also called the Authorization Redirect URL
- Old: https://canvas.instructure.com/api/lti/authorize_redirect
- New: https://sso.canvaslms.com/api/lti/authorize_redirect
- The Canvas Public JWKs endpoint
- Old: https://canvas.instructure.com/api/lti/security/jwks
- New: https://sso.canvaslms.com/api/lti/security/jwks
- The Grant Host endpoint, sent as the aud claim in LTI Advantage API tokens
In addition, any references to other Canvas environments like Beta and Test should also change in the same manner:
- canvas.beta.instructure.com becomes sso.beta.canvaslms.com
- canvas.test.instructure.com becomes sso.test.canvaslms.com
As a side note, there are some tools and institutions that use their direct Canvas domain in place of canvas.instructure.com
for these endpoints. Though this practice doesn't technically conform to the LTI spec, it's accepted and will continue to work with both *.instructure.com
domains, and all vanity domains. These configurations do not need to switch to the new endpoint to continue working, although we recommend using the new endpoint to conform to the LTI 1.3 spec. However, note that to fully conform to the Platform Storage spec, postMessages must be addressed to the OIDC Auth endpoint defined by the platform, which in this case will be sso.canvaslms.com
.
What are the consequences of not making this change?
You may have already picked up on the fact that even though we are asking you to use sso.canvaslms.com
, canvas.instructure.com
still exists and works. These endpoints are accessible from every Canvas institution, even your own. There isn't a point in time where using https://canvas.instructure.com/api/lti/authorize_redirect
during the LTI 1.3 launch flow will suddenly stop working.
But, there are consequences for not making this change. You can decide how severely these will impact your tool. If a tool does not switch domains:
- The tool will not be able to fully conform to the Platform Storage specification. For now, Canvas will still accept postMessages with a target origin of
*
, even though this limits postMessage security. Eventually, all tools will need to use the new OIDC Auth domain for the target origin for all postMessages. LTI launches that don't properly use the Platform Storage spec will be open to MITM (man in the middle) attacks. LTI tools can decide whether to use cookies or the Platform Storage spec in most browsers, but in browsers that block 3rd party cookies (like Safari), they will need to correctly store the state parameter in Platform Storage. - In the future, if a Canvas institution in which the tool is installed decides to enable the CSP feature and restrict domains that can serve content in that institution, launches to the tool will fail unless the institution admins explicitly add the old
canvas.instructure.com
domain to the CSP Domain Allowlist. The tool developers will need to communicate with the institution admins directly, as Instructure won't provide support for making this change. We do not yet have an enforcement date for this, as we want to provide tools with the necessary time to make the change so that we minimize impact on educators. We will announce the enforcement date as we monitor tools’ migrations to the new endpoint.
When is this change happening?
Tools are free to change their stored config for Canvas and use this new endpoint starting right now. We recommend that all 1.3 tools begin using this new endpoint as soon as possible, but it's important to note that no current LTI 1.3 behavior will break if tools do not update their configuration. This is an opt-in change for now, and enforcement of consequence 2 listed above will happen on a later, unspecified date - accompanied by a 90-day change notice.
However, tools wishing to use Platform Storage should note that the consequence listed in point 1 above will take effect in Beta on July 17, 2023, and in Production on August 19, 2023. In addition, the full implementation of the Platform Storage API will be enabled that day, including the requirement to use sso.canvaslms.com
for the target origin of Platform Storage postMessages (see the support update below for exact details).
Notices that link to this article will be posted in our API Docs, on the Developer Keys page in Canvas, in the Canvas release notes, and sent to our LTI partners via newsletter.
If you have questions about this process, please contact Instructure support through the normal avenues, and be sure to mention LTI Platform Storage.
Who is behind this change?
The Interoperability (or Interop) team focuses on LTI in Canvas and enabling all of our 3rd-party tools and partners with LTI APIs, Developer Keys, and a few other tools like Live Events. We wanted to take this opportunity to introduce a couple of ourselves to the Canvas community!
My name is Alexis Nast, and I joined Instructure in January 2022. Before this, I worked as a middle school math teacher and then as a product manager at other software organizations. I’m the product manager for the Interop team, and I look forward to continuing to work closely with both schools and ed-tech integrators.
And I'm Xander Moffatt, a software engineer on the Interop team. I first joined Instructure in 2017 for an internship and never (really) left. I've been working on LTI-related code for a while now, and contributed to the Platform Storage spec as a member of the LTI working group.
LTI Platform Storage Overview and Support Update
Some browsers (as of writing, only Safari) block 3rd party cookies inside iframes - that is, cookies set on a domain that is different from the domain of the parent frame. The main reason for this change is to discourage tracking for ad/marketing purposes. This interrupts some LTI 1.3 functionality, including securing the two halves of the launch process together, and setting cookies as a tool inside an LTI iframe.
The LTI working group established the Platform Storage spec to let tools still accomplish these goals by treating the platform (in this case, Canvas) as a storage method for cookie-like data, using the window.postMessage
API, the standard for cross-frame Javascript communication. This will help tools secure their launches, prevent MITM (man in the middle) attacks, and continue to function inside Canvas as they have in the past.
There is work required on the tool side to take advantage of these new APIs, mostly during the login and launch requests to store and retrieve the state parameter. There is a tool-side implementation guide that is part of the LTI spec, and for other information about using postMessage in Canvas, please see our API documentation.
Canvas supports almost all of the spec, with a few important exceptions. Until August 19, 2023 (July 17 for Beta), Canvas will not accept any messages that use the OIDC Auth URI origin as the target origin, which is an important part of securing these messages to provide the same end-to-end launch security as using a cookie to store the state parameter. After August 19, 2023 (July 17 for Beta), Canvas will conform fully to the spec in all regards. Details are laid out below, organized by the section of the specification they regard, as well as links to the various spec documents:
- ➖ 2: Canvas supports most of this section, with some caveats below.
- ✅ 2.2: target frame will be provided by the
lti_storage_target
body parameter in both login and launch requests, as well as in the response to thelti.capabilities
postMessage. Until August 19, 2023 (July 17 for Beta), this value will be_parent
or not present, which signifies that tools should use the parent frame. After then, the value will bepost_message_forwarding
, which signifies that tools should use the frame with that name. - ❌ 2.3.2: the OIDC Auth URI Origin will not be accepted as a target origin until August 19, 2023 (July 17 for Beta). Until then, tools should use the
*
target origin for all messages, which isn’t part of the spec. - ✅ 3: Canvas supports all request parameters and conforms to all response parameters and error codes in this section.
- ✅ 4: Canvas supports the
lti.capabilities
message and response in its entirety. Until August 19, 2023 (July 17 for Beta), all returned subjects will not have aframe
parameter, signifying that tools should send these messages to the parent frame. After then, thelti.get_data
andlti.put_data
subjects will haveframe: 'post_message_forwarding'
to signify that those messages should be sent to the frame with that name. - ❗Note that in a previous version of this spec, the subject for this message was
org.imsglobal.lti.capabilities
, and was simplified after IMS Global was renamed to 1EdTech. Canvas currently supports both formats, and will remove support for this previous format after August 19, 2023 (July 17 for Beta).
- ➖ 1: Canvas supports most of this section, with some caveats below.
- ❌ 1.1.1.1: Until August 19, 2023 (July 17 for Beta), Canvas will not accept any messages with the OIDC Auth URI origin as its target origin. After then, Canvas will conform fully to this portion of the spec.
- ✅ 2: Canvas conforms to all request and response message definitions for
lti.get_data
andlti.put_data
. - ❗Note that in a previous version of this spec, the message subjects for this section were
org.imsglobal.lti.get_data
andorg.imsglobal.lti.put_data
, and were simplified after IMS Global was renamed to 1EdTech. Canvas currently supports both formats, and will remove support for this previous format after August 19, 2023 (July 17 for Beta). - ✅ 3: Canvas provides the minimum storage limits for each tool to use.
- ✅ 4: Canvas uses localStorage as the backing for this API, which has no Time-to-Live. It does not encrypt any data before storing it. If tools wish their data to be encrypted, they should do it before storing it.
✅ 2.1: Canvas sends lti_storage_target
as an extra body parameter in both the login and launch requests. Until August 19, 2023 (July 17 for Beta), this value will always be _parent
, signifying that tools should send all messages to the parent frame. After then, the value will be post_message_forwarding
, signifying that the Platform Storage messages should be sent to the frame with that name.
I have inherited some customization in Canvas which displays a banner at the top of the dashboard page. Although I cannot currently see it displaying any info, I believe it to be reaching out to a webapi that has been setup here. A studentid and some other info is passed to the WebAPI and it determines if the student is up to date on immunizations using our SIS system. If they are not, it shows a big red banner at the top of the dashboard page. Is there a possibility there is a way to customize that dashboard page to call to another site for info and display accordingly if needed. I do not see any way this is possible logging into Canvas but may be missing something. I have attached an image to display what I am talking about.
- Labels:
-
Administrator