Behind the Blackboard! Secure LTI 1.1 to LTI 1.3 Migration Results in Duplicate User Creation - Behind the Blackboard Skip Navigation
Download PDF  Icon Download PDF    Print article

Secure LTI 1.1 to LTI 1.3 Migration Results in Duplicate User Creation

Date Published: Jul 27,2024


CategoryPlanned First Fix Release:3900.95.0 Release; Product:Blackboard Learn MH,Blackboard Learn SaaS,Blackboard Learn Software; Version:3900.84.0,3900.86.0,3900.89.0,3900.91.0,3900.93.0,3900.95.0,SaaS
Article No.: 000078686
Product:
Learn SaaS
Release:
9.1;SaaS
Service Pack(s):
3900.84.0, 3900.86.0, 3900.89.0, 3900.91.0, 3900.93.0, 3900.95.0, SaaS
Description:
The security fix for LTI 1.1 to LTI 1.3 conversion not only adds oauth_consumer_key_sign, but also a new user_id parameter that is passed to the 1p1 claim. The user_id is only meant to be passed if the sub from LTI 1.3 is different to the existing user_ids that were passed before in LTI 1.1. Learn is now passing the same user_id's for sub and user_id between LTI 1.1 and LTI 1.3. This results in duplicate user creation in the tool provider system.
Steps to Repeat:
  1. Check the LTI 1.3 launch of content that has been converted from LTI 1.1 from Blackboard LearnĀ 
  2. Observe that Learn is now passing a 'userId' claim in the new 1p1 claim that were not being passed previously.
  3. Observe that duplicate users are created in the tool provider system





Target Release:

SaaS - Fixed (v3900.95.0-rel.36 or higher)







The information contained in the Knowledge Base was written and/or verified by Blackboard Support. It is approved for client use. Nothing in the Knowledge Base shall be deemed to modify your license in any way to any Blackboard product. If you have comments, questions, or concerns, please send an email to kb@blackboard.com. © 2024 Blackboard Inc. All rights reserved