I've been asked to make a course that is available in one cloud-based learning management system (brightspace) available in other learning management systems. The intent is that someone would open the course in the third party learning management system (LMS), like Moodle, and then from what I've read, an iframe would load that would contain the course as hosted by the original LMS (Brightspace).
I've been researching this all day and I haven't made any headway. It seems like there is oauth between the LMS' but I can't work it out.
How can I create a SCORM package that will contain an iframe to a central LMS? And, is there any standardised LMS/SCORM protocol that handles authentication or something like that?
Thanks!
Embedding a SCORM package inside another SCORM package is not the way to go. The solution for this problem as intended by the makers of SCORM would be to export the SCORM package and import it in the third party LMS, because thats what SCORM is all about. However, this is obviously not what you want to achieve.
In general, a SCORM package is simply a packaged website (with a manifest), which requires a JS API to be provided by the embedding LMS. So basically, you can do "anything" inside a SCORM package, e.g. creating an iframe, calling functions in the parent browsing context, open a popup etc., as long as it is not prohibited by web security mechanisms such as the same origin policy.
In theory, if your LMS would serve the content of the package "as is" and without authentication, i.e. you have a deep-link to the start page (think index.html) inside the scorm package (and the LMS would not send protective headers such as X-Frame-Options), you would be generally able to embed this page in any iframe in the web, thus within another SCORM package. The remaining problem would be the same origin policy, which would prevent the package sitting in the child frame from calling the API in the parent frame. There might be some tricks to work around this, e.g. by using a reverse proxy under the same origin that forwards to the other domain, but this will most likely be not practical or prohibited by other mechanisms. If you can work around this, you would still have to manually pass-through/forward the API calls from the embedded package up to your LMS's API adapter. Overall, this approach is not really practical/feasible.
In general, the SCORM does not deal with authentication. Please have a look at the IMS Learning Tools Interoperability (LTI) specification for that purpose. It allows to launch a Tool/Content hosted by another party and provides backchannels for e.g. grades.
I think the guys from Rustici Software provide a hosted SCORM RTE that can be launched via LTI, you may want to have a look at that, too...