Enable Authentication

Hi,

I just installed Jitsi on Ubuntu 16.04 using this quick-start guide.

The server is working like a charm. I can create live session without any issue.

Then I would like to enable authentication to create live sessions.
I followed this guide :

https://github.com/jitsi/jicofo#secure-domain (from secure domain as suggest by another user)

unfortunately following the guide step by step make the server not working anymore.
When trying to start a session the webcam is up regarding the hardware but on the website it’s shut as the mic and it’s impossible to enable it.

the /var/log/jitsi/jicofo.log is not updated anymore.

I can make it works back removing changes I have done but of course authentication is mandatory for us.

At the end of the config I ran :

sudo prosodyctl register frsystemsupport jitsi.mysite.org passwordjitsi

These are my config files that have been changed (domaine name changed on purpose):

-/etc/prosody/conf.avail/jitsi.mysite.org.cfg.lua

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "jitsi.mysite.org";

turncredentials_secret = "ivwisdQc";

turncredentials = {
  { type = "stun", host = "jitsi.mysite.org", port = "443" },
  { type = "turn", host = "jitsi.mysite.org", port = "443", transport = "udp" },
  { type = "turns", host = "jitsi.mysite.org", port = "443", transport = "tcp" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;

VirtualHost "jitsi.mysite.org"
    -- enabled = false -- Remove this line to enable this host
    authentication = "internal_plain"
VirtualHost "guest.jitsi.mysite.org"
    authentication = "anonymous"
    -- Properties below are modified by jitsi-meet-tokens package config
    -- and authentication above is switched to "token"
    --app_id="example_app_id"
    --app_secret="example_app_secret"
    -- Assign this host a certificate for TLS, otherwise it would use the one
    -- set in the global section (if any).
    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
    -- use the global one.
    ssl = {
            key = "/etc/prosody/certs/jitsi.mysite.org.key";
            certificate = "/etc/prosody/certs/jitsi.mysite.org.crt";
    }
    speakerstats_component = "speakerstats.jitsi.mysite.org"
    conference_duration_component = "conferenceduration.jitsi.mysite.org"
    -- we need bosh
    modules_enabled = {
        "bosh";
        "pubsub";
        "ping"; -- Enable mod_ping
        "speakerstats";
        "turncredentials";
        "conference_duration";
    }
    c2s_require_encryption = false
Component "conference.jitsi.mysite.org" "muc"
storage = "null"
modules_enabled = {
    "muc_meeting_id";
    "muc_domain_mapper";
    -- "token_verification";
}
admins = { "focus@auth.jitsi.mysite.org" }
muc_room_locking = false
muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.jitsi.mysite.org" "muc"
storage = "null"
modules_enabled = {
  "ping";
}
admins = { "focus@auth.jitsi.mysite.org", "jvb@auth.jitsi.mysite.org" }

VirtualHost "auth.jitsi.mysite.org"
ssl = {
    key = "/etc/prosody/certs/auth.jitsi.mysite.org.key";
    certificate = "/etc/prosody/certs/auth.jitsi.mysite.org.crt";
}
authentication = "internal_plain"

Component "focus.jitsi.mysite.org"
component_secret = "SEzOz1Oi"

Component "speakerstats.jitsi.mysite.org" "speakerstats_component"
muc_component = "conference.jitsi.mysite.org"

Component "conferenceduration.jitsi.mysite.org" "conference_duration_component"
muc_component = "conference.jitsi.mysite.org"

-/etc/jitsi/meet/jitsi.mysite.org-config.js

/* eslint-disable no-unused-vars, no-var */

var config = {
    // Connection
    //

    hosts: {
        // XMPP domain.
        domain: 'jitsi.mysite.org',
        anonymousdomain: 'guest.jitsi.mysite.org',

        // When using authentication, domain for guest users.
        // anonymousdomain: 'guest.example.com',

        // Domain for authenticated users. Defaults to <domain>.
        // authdomain: 'jitsi.mysite.org',

        // Jirecon recording component domain.
        // jirecon: 'jirecon.jitsi.mysite.org',

        // Call control component (Jigasi).
        // call_control: 'callcontrol.jitsi.mysite.org',

        // Focus component domain. Defaults to focus.<domain>.
        // focus: 'focus.jitsi.mysite.org',

        // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
        muc: 'conference.<!--# echo var="subdomain" default="" -->jitsi.mysite.org'
    },

    // BOSH URL. FIXME: use XEP-0156 to discover it.
    bosh: '//jitsi.mysite.org/http-bind',

    // Websocket URL
    // websocket: 'wss://jitsi.mysite.org/xmpp-websocket',

    // The name of client node advertised in XEP-0115 'c' stanza
    clientNode: 'http://jitsi.org/jitsimeet',

    // The real JID of focus participant - can be overridden here
    // focusUserJid: 'focus@auth.jitsi.mysite.org',


    // Testing / experimental features.
    //

...

-/etc/jitsi/jicofo/sip-communicator.properties

#org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.jitsi.mysite.org
org.jitsi.jicofo.auth.URL=XMPP:jitsi.mysite.

Any help would be really appreciated.

Many thanks by advance.

And here is the JS log :

2020-04-09T16:15:15.760Z [modules/statistics/AnalyticsAdapter.js] <value>:  Disposing of analytics adapter. Logger.js:154:22
2020-04-09T16:15:15.760Z [features/analytics] <te/<>:  Error: "No analytics handlers created!"
    te functions.js:100
Logger.js:154:22
2020-04-09T16:15:15.770Z [modules/RTC/RTCUtils.js] <value/<>:  Available devices:  
Array(6) [ MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo ]
Logger.js:154:22
2020-04-09T16:15:15.872Z [features/base/storage] <persistState>:  redux state persisted. f5d8f24922d1603848998a7a11cf798a -> fa97f9f7c335c5c167ed69784a73df3a Logger.js:154:22
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
gtr
(TIME) index.html loaded:	 268 gtr:22:17
2020-04-09T16:15:16.194Z [modules/browser/BrowserCapabilities.js] This appears to be firefox, ver: 74.0 Logger.js:154:22
2020-04-09T16:15:16.924Z [index.web] (TIME) document ready:	 1177 Logger.js:154:22
2020-04-09T16:15:17.085Z [features/base/lastn] There is no active conference, not updating last N Logger.js:154:22
2020-04-09T16:15:17.087Z [modules/UI/videolayout/VideoLayout.js] <changeUserAvatar>:  Missed avatar update - no small video yet for undefined Logger.js:154:22
2020-04-09T16:15:17.111Z [features/base/media] Start muted: Logger.js:154:22
2020-04-09T16:15:17.115Z [features/base/media] Start audio only set to false Logger.js:154:22
2020-04-09T16:15:17.123Z [features/analytics] <te/</<>:  Loaded 0 analytics handlers Logger.js:154:22
2020-04-09T16:15:17.125Z [modules/statistics/AnalyticsAdapter.js] <value>:  Disposing of analytics adapter. Logger.js:154:22
2020-04-09T16:15:17.126Z [features/analytics] <te/<>:  Error: "No analytics handlers created!"
    te functions.js:100
Logger.js:154:22
    o Logger.js:154
    te functions.js:107
2020-04-09T16:15:17.281Z [features/base/devices] setAudioOutputDevice: undefined[default] Logger.js:154:22
2020-04-09T16:15:17.289Z [features/base/devices] <O/</</<>:  Failed to set audio output device.
                        Default audio output device will be used instead Error: Audio output device change is not supported Logger.js:154:22
2020-04-09T16:15:17.697Z [modules/RTC/RTCUtils.js] <value/<>:  Available devices:  
Array(6) [ MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo ]
Logger.js:154:22
2020-04-09T16:15:17.700Z [features/base/devices] Device list updated:
audioInput:
		[DBXSlt/okSVdxB/StdcPl+G227VsTsssq8J9x0z5IQ8=]
		[FN0hJ78SY4naV/+gqkM16l9mvH5PQ8sfgGU3EBAwL1o=]
audioOutput:

videoInput:
		[zxr7nR6wU+lsoDBnvpdkF+7fphoikp+mIbL3AJ9AQac=]
		[zxr7nR6wU+lsoDBnvpdkF+7fphoikp+mIbL3AJ9AQac=]
		[zxr7nR6wU+lsoDBnvpdkF+7fphoikp+mIbL3AJ9AQac=]
		[zxr7nR6wU+lsoDBnvpdkF+7fphoikp+mIbL3AJ9AQac=] Logger.js:154:22
2020-04-09T16:15:17.717Z [modules/xmpp/xmpp.js] <value>:  P2P STUN servers:  
Array [ {…} ]
Logger.js:154:22
2020-04-09T16:15:17.730Z [modules/xmpp/xmpp.js] <value>:  (TIME) Strophe connecting:	 1982 Logger.js:154:22
2020-04-09T16:15:17.736Z [modules/RTC/RTCUtils.js] <value>:  Using the new gUM flow Logger.js:154:22
2020-04-09T16:15:17.738Z [modules/RTC/RTCUtils.js] <value/i<>:  Got media constraints:  
Object { video: {…}, audio: {…} }
Logger.js:154:22
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
http-bind
2020-04-09T16:15:17.861Z [JitsiMeetJS.js] <getGlobalOnErrorHandler>:  UnhandledError: null Script: null Line: null Column: null StackTrace:  Error: "Strophe: BOSH-Connection failed: host-unknown"
    log strophe.util.js:89
    error strophe.umd.js:1392
    _connect_cb strophe.umd.js:4697
    _connect_cb strophe.umd.js:3229
    _onRequestStateChange strophe.umd.js:5012
Logger.js:154:22
    o Logger.js:154
    getGlobalOnErrorHandler JitsiMeetJS.js:612
    onerror middleware.js:100
    callErrorHandler GlobalOnErrorHandler.js:61
    log strophe.util.js:89
    error strophe.umd.js:1392
    _connect_cb strophe.umd.js:4697
    _connect_cb strophe.umd.js:3229
    _onRequestStateChange strophe.umd.js:5012
2020-04-09T16:15:17.864Z [modules/xmpp/strophe.util.js] <t.a/i.Strophe.log>:  Strophe: BOSH-Connection failed: host-unknown Logger.js:154:22
    o Logger.js:154
    log strophe.util.js:90
    error strophe.umd.js:1392
    _connect_cb strophe.umd.js:4697
    _connect_cb strophe.umd.js:3229
    _onRequestStateChange strophe.umd.js:5012
2020-04-09T16:15:17.867Z [modules/xmpp/xmpp.js] <value>:  (TIME) Strophe connfail[host-unknown]:	 2120 Logger.js:154:22
2020-04-09T16:15:17.868Z [JitsiMeetJS.js] <getGlobalOnErrorHandler>:  UnhandledError: TypeError: second argument to Function.prototype.apply must be an array Script: https://jitsi.mysite.org/libs/lib-jitsi-meet.min.js?v=3969 Line: 17 Column: 117962 StackTrace:  TypeError: "second argument to Function.prototype.apply must be an array"
    _interceptDoDisconnect strophe.stream-management.js:207
    _connect_cb strophe.umd.js:4710
    _connect_cb strophe.umd.js:3229
    _onRequestStateChange strophe.umd.js:5012
Logger.js:154:22
    o Logger.js:154
    getGlobalOnErrorHandler JitsiMeetJS.js:612
    onerror middleware.js:100
TypeError: second argument to Function.prototype.apply must be an array strophe.stream-management.js:207:29
    _interceptDoDisconnect strophe.stream-management.js:207
    _interceptDoDisconnect self-hosted:876
    _connect_cb strophe.umd.js:4710
    _connect_cb strophe.umd.js:3229
    _connect_cb self-hosted:876
    _onRequestStateChange strophe.umd.js:5012
    _onRequestStateChange self-hosted:922
    _onRequestStateChange self-hosted:920
2020-04-09T16:15:19.015Z [features/base/storage] <persistState>:  redux state persisted. fa97f9f7c335c5c167ed69784a73df3a -> 696e6ad577b2b5657b82979f7f414c51 Logger.js:154:22
2020-04-09T16:15:26.066Z [modules/RTC/RTCUtils.js] <value/</<>:  onUserMediaSuccess Logger.js:154:22
2020-04-09T16:15:26.071Z [modules/RTC/JitsiLocalTrack.js] <value>:  Setting new MSID: {1afe6c78-e9e0-45c8-8aba-25d1ac7d51e5} {dbc0f77c-6992-4e52-8538-99ae5aab9fd1} on LocalTrack[undefined,audio] Logger.js:154:22
2020-04-09T16:15:26.073Z [modules/RTC/JitsiLocalTrack.js] <value>:  Setting new MSID: {ac04952d-6da8-49be-8c4c-c95d5b71aec2} {c1dbb356-ad3e-4618-9987-8a01477676db} on LocalTrack[undefined,video]

This is your error.

I see in config.js bosh: '//jitsi.mysite.org/http-bind', and in prosody config VirtualHost "jitsi.mysite.org" and all those seem fine.

Have you done any modifications in the web config. Maybe share your webserver config for this host.

First of all, thank you for your answer !

I can share my web config, but I did do not any change in my web config. I either did not installed the web server. Everything has been done by the quick install.

More, without the change described in github to enable authentication, it’s working fine, so do you think it could config error in the webserver anyway?

New information. I made this authentication works but I got another issue :

Authentication works if this part is removed :

anonymousdomain: 'guest.jitsi.mysite.org',

but then I can’t access the meeting without being authenticated and if I let this line there is no authentication anymore and the access : https://guest.jitsi.mysite.org is not working anyway.

many thanks by advance.

1 Like

You don’t need this. Anonymous is used by the guests accessing the same domain as the host, the url does not change. These are virtualhosts in prosody and are internal to the system and does not need DNS or webconfig.

Ok. But if I remove everyhting related to ‘guest’, even to access an already created session I need to authenticate.

I made it works after a new clean install.

May be I missed something the first time even if I read and read the jifoco guide.

Thanks for your help anyway.

Does it still work for you if you rebooted the server? My server with authentication works until I reboot.

Mebus

More than that. I had to reboot to make it works.

Restarting the services didn’t help?

Mebus

I had some issues just restarting the services

Hi,

we have the same issue. If we disable anonymousdomain in web container’s config.js file then it always asks with authentication no matter if the meeting has been already started by the host by entering the credentials. When we enable anonymousdomain: guest.meet.jitsi, it completely removes the authentication from our Jitsi instance.

Our prosody config already has the following block:

VirtualHost "guest.meet.jitsi"
    authentication = "anonymous"
    c2s_require_encryption = false

We are running it using docker containers.

Any help would be appreciated!

Can you send the confs of :

/etc/jitsi/jicofo/sip-communicator.properties
/etc/jitsi/meet/jitsi.mysite.org-config.js
/etc/prosody/conf.avail/jitsi.mysite.org.cfg.lua
/etc/prosody/prosody.cfg.lua

It would be easier to help you. change any domain names if you want stay a little bit a anonymous.

turned out the problem was due to auth related environment variables, which were not on web and jicofo containers. We only set it on prosody container and later found by looking into the code that these variables are used by web and jicofo too, obviously.

Authentication is working as expected now.