What it does
The Canvas LMS User Provider enriches Opencast users
with a set of roles made up of the user's membership in Canvas sites, of the form
SITEID_Role. For example, an Opencast user who is also a Canvas user and a member
of the Canvas site
CourseID with the Canvas role
Student will be granted the
The mapping of Canvas sites and roles to Opencast roles is consistent with the site and role mapping used by the LTI endpoint. The Canvas User Provider can therefore be used with LTI or another method of authenticating users.
The Canvas Role Provider allows Canvas site and role combinations to be used in
Event and Series ACLs. For example, the role
CourseID_Learner can be added to a
Series ACL to grant access to the Series to members of the
CourseID site in Canvas.
The Canvas User Provider requires a token of a user who has at least the following permissions of an account role in a Canvas instance.
Users - manage login details: Required for getting site list of a given user.
Users - view list: Required for getting details of a given user.
etc/org.apache.karaf.features.cfg and make sure the
opencast-canvas feature is listed in the
To enable the Canvas User Provider, copy and rename the bundled configuration template from
Edit the configuration file to set your Canvas URL, and the token of the admin user:
# The URL and login token for Canvas LMS org.opencastproject.userdirectory.canvas.url=https://demo.instructure.com/ org.opencastproject.userdirectory.canvas.token=token_of_a_user_with_sufficient_privilege
Verify that the Canvas User Provider starts up with the correct Canvas URL by looking for a log entry like this:
(CanvasUserRoleProvider:116) - Activating CanvasUserRoleProvider(url=https://demo.instructure.com, cacheSize=1000, cacheExpiration=60, instructorRoles=[teacher, ta], ignoredUserNames=[admin, anonymous]
Then login to Opencast using a username which also exists in your Canvas system. Verify the roles granted to the user by opening the URL OPENCAST-URL/info/me.json in a new browser tab.
If necessary, you can increase the logging detail from the Canvas user provider by
adding an entry to
log4j2.logger.canvas.name = org.opencastproject.userdirectory.canvas log4j2.logger.canvas.level = DEBUG
You can use the group role name
ROLE_GROUP_CANVAS in Event or Series ACLs for all Canvas users
ROLE_GROUP_CANVAS_INSTRUCTOR for all Canvas instructors.