Disable Jitsi login pop up

Hi,

I have enabled Lobby with JWT on our Jitsi setup. We can now login to a reserved meeting with a valid JWT.

If the user JWT has lobby = true the user bypasses the lobby and directly goes to the meeting.
If the user JWT has lobby = false the user has to wait in the lobby for someone to admit them.
Now this is valid behaviour as per the functionality of token_lobby_ondemand.

The issue is when a user joins the reserved meeting without any JWT, the person is redirected to a login pop up in Jitsi meet web that prompts for username and password.

Screenshot 2023-03-07 at 14.56.152876×844 91.1 KB

How do I disable this pop up? Kindly help.

We are using Jitsi version: stable-7439 with Jitsi docker setup on custom k8s cluster.

Below is our prosody configuration file.

admins = { "focus@auth.meet.jitsi", "jvb@auth.meet.jitsi" }

unlimited_jids = { "focus@auth.meet.jitsi", "jvb@auth.meet.jitsi"}

plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }

muc_mapper_domain_base = "meet.jitsi";
muc_mapper_domain_prefix = "muc";
http_default_host = "meet.jitsi"

asap_accepted_issuers = { "jitsi-authentication-adapter" }
asap_accepted_audiences = { "Jitsi Meet" }

consider_bosh_secure = true;
consider_websocket_secure = true;

VirtualHost "meet.jitsi"
  authentication = "token";
  app_id = "jitsi-internal-portal";
  app_secret = "######";
  allow_empty_token = false;

  --enable_domain_verification = true;

  ssl = { key = "/config/certs/meet.jitsi.key"; certificate = "/config/certs/meet.jitsi.crt"; }

  modules_enabled = {
    "bosh";
    "websocket";
    "smacks"; -- XEP-0198: Stream Management
    "pubsub";
    "ping";
    "speakerstats";
    "conference_duration";
    "external_services";
    "muc_lobby_rooms";
    "av_moderation";
    "reservations";
    "presence_identity";
    "persistent_lobby";
  }

  main_muc = "muc.meet.jitsi"
  lobby_muc = "lobby.meet.jitsi"
  speakerstats_component = "speakerstats.meet.jitsi"
  conference_duration_component = "conferenceduration.meet.jitsi"
  av_moderation_component = "avmoderation.meet.jitsi"
  c2s_require_encryption = false

  reservations_api_prefix = "https://IP:Port"
  reservations_enable_max_occupants = true
  reservations_api_timeout = 60000
  reservations_api_headers = {
    ["Authorization"] = "Basic #####";
  }

VirtualHost "auth.meet.jitsi"
  ssl = { key = "/config/certs/meet.jitsi.key"; certificate = "/config/certs/meet.jitsi.crt"; }
  modules_enabled = {
    "limits_exception";
  }
  authentication = "internal_hashed"

Component "internal-muc.meet.jitsi" "muc"
  modules_enabled = {
    "ping";
  }
  restrict_room_creation = true
  muc_room_locking = false
  muc_room_default_public_jids = true

Component "muc.meet.jitsi" "muc"
  modules_enabled = {
    "muc_meeting_id";
    "muc_domain_mapper";
    "muc_max_occupants";
    "token_verification";
    "token_affiliation";
    "token_lobby_ondemand";
    "polls";
    "muc_domain_mapper";
  }
  muc_room_cache_size = 1000
  muc_room_locking = false
  muc_room_default_public_jids = true
  muc_max_occupants = "5"
  muc_access_whitelist = { "focus@auth.meet.jitsi", "jvb@auth.meet.jitsi" }

Component "focus.meet.jitsi" "client_proxy"
  target_address = "focus@auth.meet.jitsi"

Component "speakerstats.meet.jitsi" "speakerstats_component"
  muc_component = "muc.meet.jitsi"

Component "conferenceduration.meet.jitsi" "conference_duration_component"
  muc_component = "muc.meet.jitsi"

Component "avmoderation.meet.jitsi" "av_moderation_component"
  muc_component = "muc.meet.jitsi"

Component "lobby.meet.jitsi" "muc"
  restrict_room_creation = true
  muc_room_locking = false
  muc_room_default_public_jids = true
  storage = "memory"
  modules_enabled = {
    "muc_rate_limit";
  }

That popup you see is likely because you do not currently allow access to rooms without token:

You will see that same behaviour whether you’ve enabled lobby or not.

What do you expect your users to see if they attempt to join without a token?

If your goal is for non-token users to go directly to lobby, then try setting allow_empty_token: true – so users can join as guest without token – but enable lobby automatically using something like lobby_autostart so they cannot join without being admitted by a moderator. You will also need token_lobby_bypass to allow selected users to bypass the lobby so they can admit others.

If your goal is to completely exclude non-token users, then leave allow_empty_token: false. For now, AFAIK there is no way to disable that auth popup. You could abuse the tokenAuthUrl config to redirect them to a static page, but be advised that that config will eventually get removed.

I tried setting allow_empty_token: true but now users without JWT can join in directly. Also I do not see the security options in the menu of Jitsi meet web at the bottom of the screen as it is available on meet.jit.si.

Moderators who bypassed the lobby with proper JWT do not get the option to allow people waiting to be admitted

Sorry, my mistake. You will also need to have lobby started automatically using something like lobby_autostart to ensure that everyone including tokenless users wait in lobby. You will also need token_lobby_bypass to exclude your moderators from the lobby. I’ve updated my post above.

token_lobby_ondemand is not sufficient in this case since you want lobby started for all rooms, not just when it is requested for in the token.

Should I exclude token_lobby_ondemand module or keep it as it is? Does token_lobby_ondemand and lobby_bypass conflict with each toher?

Can I send lobby = true from the reservation API to prosody when making the POST /conference request?

Will this be equivalent to enabling the modules lobby_autostart and token_lobby_bypass? If not, what does lobby = true does in the context of reservation system for prosody?

You should probably not use token_lobby_ondemand if you use token_lobby_autostart.

lobby=true doesn’t do anything for reservations unless you enable reservations_enable_lobby_support. But again, this is for selectively enabling lobby which is pointless if you already use lobby_autostart.