How to end webinar when Host leaves?

jhustead · October 12, 2020, 4:38pm

Is there a way to have the webinar end when the Host leaves, so all the other participants aren’t just sitting in an empty webinar room? If not, is there a command to send to the API to force the webinar to close?

emrah · October 12, 2020, 6:32pm

two new Prosody modules to control a tokenized conference room

jhustead · October 12, 2020, 6:54pm

Thanks! Is there a good tutorial on how to install and use the user token authentication?

emrah · October 13, 2020, 6:10am

If your distro is Debian Buster then How I’m installing jitsi-meet-tokens now

If it’s Ubuntu 20.04 then The installation steps for Ubuntu 20.04

gpatel-fr · October 13, 2020, 7:33am

@jhustead
if you just want to kick users with vanilla Jitsi internal authentication use @emrah’s module but delete the pre-join hook, it’s not really needed because with internal authentication an anonymous user can’t start a meeting. It could be disabled with a flag but for that you would have to send a PR to @emrah

jhustead · October 13, 2020, 3:12pm

I followed the “Installation steps for Ubuntu” and installed the mod_token_affiliation.lua and mod_token_party_owner.lua Prosody plugins and it looks good so far, thanks!

It is always asking for a login/password now. I have “enableUserRolesBasedOnToken = true”.

Do I need to create a token for EVERY user so it can pass the “affiliation” now? That is fine, but is there a tutorial on how to create and where/how to pass the token?

jhustead · October 13, 2020, 3:45pm

I think I understand how to generate the JWT key now. But, how do I identify the “aud” and “iss” values to pass in the token body?

github.com

jitsi/lib-jitsi-meet/blob/master/doc/tokens.md

JWT token authentication Prosody plugin
==================

This plugin implements Prosody authentication provider that verifies client connection based on JWT token described in [RFC7519].
It allows to use any external form of authentication with lib-jitsi-meet. Once your user authenticates you need to
generate the JWT token as described in the RFC and pass it to your client app. Once it connects with valid token is considered authenticated by jitsi-meet system.

During configuration you will need to provide the *application ID* that identifies the client and a *secret* shared by both server and JWT token generator. Like described in the RFC, secret is used to compute HMAC hash value which allows to authenticate generated token. There are many existing libraries which can be used to implement token generator. More info can be found here: [http://jwt.io/#libraries-io]

JWT token authentication currently works only with BOSH connections.

[RFC7519]: https://tools.ietf.org/html/rfc7519
[http://jwt.io/#libraries-io]: http://jwt.io/#libraries-io

### Token structure

The following JWT claims are used in authentication token:
- 'iss' specifies *application ID* which identifies the client app connecting to the server. It should be negotiated with the service provider before generating the token.
- 'room' contains the name of the room for which the token has been allocated. This is *NOT* full MUC room address. Example assuming that we have full MUC 'conference1@muc.server.net' then 'conference1' should be used here.  Alternately, a '*' may be provided, allowing access to all rooms within the domain.
- 'exp' token expiration timestamp as defined in the RFC

This file has been truncated. show original

emrah · October 13, 2020, 4:18pm

A sample PHP script which generates the token. No need the moderator field but needed the affiliation field under context -> user

iss and aud are your app_id

jhustead · October 13, 2020, 4:26pm

Thanks! I generated a token and passed it in ‘jwt’ querystring and authentication failed. I see this in my prosody.log “Error verifying token err:not-allowed, reason:Not acceptable by exp”. It looks like everything is working, but not sure what this error means:

mod_bosh        info    Client tried to use sid '21aa3e70-a163-4869-bf26-a13454858561' which we don't know about
conference.MyDomain.com:muc_domain_mapper warn    Session filters applied
mod_bosh        info    New BOSH session, assigned it sid '696396ab-7183-495c-bbb4-7d1da34a3cc3'
general warn    Error verifying token err:not-allowed, reason:Not acceptable by exp

jhustead · October 13, 2020, 4:30pm

Oops I have default exp value which is a date in the past. I will fix that.

jhustead · October 13, 2020, 4:32pm

It’s working now that I have valid ‘exp’ date value. Thanks!

emrah · October 13, 2020, 4:53pm

tips
If you want to allow guests to participate the conferences without a token, add the following line in your prosody config

allow_empty_token = true

jhustead · October 13, 2020, 4:56pm

Thanks! I notice that when I have someone join token as “member” (using the prosody modules to control tokenized room) it says “Oops you can’t join this yet” if the host hasn’t joined. Is there a way to make that throw them in a waiting room so when the host joins, they automatically join the conference instead of getting that error message?

Also, when the host leaves, it posts a message in chat but it doesn’t close the conference down. Is there a way to make it so if the host leaves or hangs up, the conference will automatically close?

emrah · October 13, 2020, 5:07pm

I don`t know a solution for this and probably needed some UI customization to add this feature.

Waiting the timeout then it closes the conference. The timeout gives change to reconnect to the moderator in case of network error. The default timeout (party_check_timeout) value is 60 second.

jhustead · October 13, 2020, 5:08pm

Is there no way to have token authentication for ‘member’ to always join in a waiting room? Or, does the host always have to have started the webinar as token authenticated ‘owner’ before any ‘member’ can join?

What is the timeout for when the host leaves to have the webinar automatically shut down for everyone? Can I configure that somewhere?