Hi,
I’m running my Jitsi instance with JWT authentication, so my RocketChat can use it. Now I want to embed this also in Matrix/Synapse, but this does not support JWT - I need to configure Matrix Authentication.
Finally the option to authenticate against my LDAP would be nice as well.
I’m struggling how the configuration should look like to have more than one authentication option available. Can anyone help me?
Hi @netmax,
This is the last discussion on this topic. Maybe be there is a way but I don’t know what it is.
Then the participants cannot join the same meeting if they use different auth mechanism.
You can create 3 different virtual hosts - one for each authentication method. Participants will still land in the same meeting.
@Freddie That sounds good … but they need to have different domains then? Is there a sample config available somewhere?
You can check out the Jibri virtual host as an example. It uses its own authentication.
I’ve been trying to achieve this for a few days now. I have a Jitsi service that I want to integrate with matrix auth, but still want internal hash passwords to work so people can access jitsi direct and start an adhoc meeting.
I’m using the docker deployment. What ive done so far is create an additional conf.d prosody config that adds an additional virtual host for matrix integration:
VirtualHost "matrixvtc.jitsi.internal"
authentication = "matrix_user_verification"
app_id = "issuer"
uvs_base_url = "https://matrix.mydomain.com/user-verification-service"
uvs_auth_token = "somethingsecret"
ssl = {
key = "/config/certs/vtc.jitsi.internal.key";
certificate = "/config/certs/vtc.jitsi.internal.crt";
}
modules_enabled = {
"bosh";
"websocket";
"smacks"; -- XEP-0198: Stream Management
"pubsub";
"ping";
"speakerstats";
"conference_duration";
"external_services";
"muc_lobby_rooms";
"muc_breakout_rooms";
"av_moderation";
"event_logging";
}
main_muc = "muc.jitsi.internal"
lobby_muc = "lobby.vtc.jitsi.internal"
breakout_rooms_muc = "breakout.vtc.jitsi.internal"
speakerstats_component = "speakerstats.vtc.jitsi.internal"
conference_duration_component = "conferenceduration.vtc.jitsi.internal"
av_moderation_component = "avmoderation.vtc.jitsi.internal"
c2s_require_encryption = false
And ive added a custom-config.js to the web deployment that looks like:
config.hosts.focus = 'focus.' + config.hosts.domain;
var host = window.location.host.split('.')[0];
config.hosts.domain = host + '.jitsi.internal';
config.hosts.authdomain = host + '.jitsi.internal';
The idea is that if its accessed via https://matrixvtc.... which is what matrix/element is configured to use, it should use the matrixvtc.jitsi.internal virtual host.
This almost works, in the prosody logs, I can see the user being authed:
prosody_1 | c2s561cd88a86a0 info Client connected
prosody_1 | matrixvtc.jitsi.internal:auth_matrix_user_verification info Found room ID: !CPHlwtBnrLXANWCWDj:matrix.mydomain.com, server_name: matrix.mydomain.com
prosody_1 | matrixvtc.jitsi.internal:auth_matrix_user_verification warn Custom username: (nil)
prosody_1 | matrixvtc.jitsi.internal:auth_matrix_user_verification warn self.username: fa8752a5-c544-4305-8e31-62565de93f72
prosody_1 | matrixvtc.jitsi.internal:auth_matrix_user_verification info REQUEST_COMPLETE reason:ok
prosody_1 | c2s561cd88a86a0 info Authenticated as fa8752a5-c544-4305-8e31-62565de93f72@matrixvtc.jitsi.internal
But then it tells me the meeting hasnt started. And I get the option for “I Am the Host”.
While its waiting, I can see jocofo periodically logging:
Jicofo 2022-09-12 06:58:30.879 INFO: [94] ConferenceIqHandler.handleConferenceIq#63: Focus request for room: efbvasdmo52ee3tsjrmectsxinlui2r2nvqxi4tjpaxhg4djnzwg6y3lonswg5lsnf2hsltdn5wq@muc.jitsi.internal
I’m feeling like its a jocofo issue, not knowing about the additional authenticated domain or something like that.
Any ideas?
I’d also be very interested in this – allowing authorization from RocketChat (and Nextcloud) but also via username/password in the Android/iOS apps.
Me too, for Mattermost, Nextcloud and Username/password