How to configure multiple authentication methods

Hi,

I’m running my Jitsi instance with JWT authentication, so my RocketChat can use it. Now I want to embed this also in Matrix/Synapse, but this does not support JWT - I need to configure Matrix Authentication.

Finally the option to authenticate against my LDAP would be nice as well.

I’m struggling how the configuration should look like to have more than one authentication option available. Can anyone help me?

Thanks, @emrah . So it’s not really possible and I need to set up three different Jitsi’s :frowning:

Hi @netmax,

This is the last discussion on this topic. Maybe be there is a way but I don’t know what it is.

Then the participants cannot join the same meeting if they use different auth mechanism.

You can create 3 different virtual hosts - one for each authentication method. Participants will still land in the same meeting.

@Freddie That sounds good … but they need to have different domains then? Is there a sample config available somewhere?

You can check out the Jibri virtual host as an example. It uses its own authentication.

I’ve been trying to achieve this for a few days now. I have a Jitsi service that I want to integrate with matrix auth, but still want internal hash passwords to work so people can access jitsi direct and start an adhoc meeting.

I’m using the docker deployment. What ive done so far is create an additional conf.d prosody config that adds an additional virtual host for matrix integration:

VirtualHost "matrixvtc.jitsi.internal"

  
    authentication = "matrix_user_verification"
    app_id = "issuer"
    uvs_base_url = "https://matrix.mydomain.com/user-verification-service"
    uvs_auth_token = "somethingsecret"
    
  

    ssl = {
        key = "/config/certs/vtc.jitsi.internal.key";
        certificate = "/config/certs/vtc.jitsi.internal.crt";
    }
    modules_enabled = {
        "bosh";
        
        "websocket";
        "smacks"; -- XEP-0198: Stream Management
        
        "pubsub";
        "ping";
        "speakerstats";
        "conference_duration";
        
        "external_services";
        
        
        "muc_lobby_rooms";
        
        
        "muc_breakout_rooms";
        
        
        "av_moderation";
        
        
        "event_logging";
    }

    main_muc = "muc.jitsi.internal"
    lobby_muc = "lobby.vtc.jitsi.internal"
    breakout_rooms_muc = "breakout.vtc.jitsi.internal"
    speakerstats_component = "speakerstats.vtc.jitsi.internal"
    conference_duration_component = "conferenceduration.vtc.jitsi.internal"
    av_moderation_component = "avmoderation.vtc.jitsi.internal"
    c2s_require_encryption = false

And ive added a custom-config.js to the web deployment that looks like:

config.hosts.focus = 'focus.' + config.hosts.domain;
var host = window.location.host.split('.')[0];
config.hosts.domain = host + '.jitsi.internal';
config.hosts.authdomain = host + '.jitsi.internal';

The idea is that if its accessed via https://matrixvtc.... which is what matrix/element is configured to use, it should use the matrixvtc.jitsi.internal virtual host.

This almost works, in the prosody logs, I can see the user being authed:

prosody_1   | c2s561cd88a86a0                                                      info	Client connected
prosody_1   | matrixvtc.jitsi.internal:auth_matrix_user_verification               info	Found room ID: !CPHlwtBnrLXANWCWDj:matrix.mydomain.com, server_name: matrix.mydomain.com

prosody_1   | matrixvtc.jitsi.internal:auth_matrix_user_verification               warn	Custom username: (nil)
prosody_1   | matrixvtc.jitsi.internal:auth_matrix_user_verification               warn	self.username: fa8752a5-c544-4305-8e31-62565de93f72
prosody_1   | matrixvtc.jitsi.internal:auth_matrix_user_verification               info	REQUEST_COMPLETE reason:ok
prosody_1   | c2s561cd88a86a0                                                      info	Authenticated as fa8752a5-c544-4305-8e31-62565de93f72@matrixvtc.jitsi.internal

But then it tells me the meeting hasnt started. And I get the option for “I Am the Host”.

While its waiting, I can see jocofo periodically logging:

Jicofo 2022-09-12 06:58:30.879 INFO: [94] ConferenceIqHandler.handleConferenceIq#63: Focus request for room: efbvasdmo52ee3tsjrmectsxinlui2r2nvqxi4tjpaxhg4djnzwg6y3lonswg5lsnf2hsltdn5wq@muc.jitsi.internal

I’m feeling like its a jocofo issue, not knowing about the additional authenticated domain or something like that.
Any ideas?