Hi all. Thanks för a great project!
Is there a way to really enforce displayName, i.e. display name depends on login name/page header/similar and the user cannot change it (even if they replace the web client), for all parties in a meeting, i.e. both moderators and participants?
I am setting up Jitsi-meet with proxy based authentication and authorization for all parties (not only the moderator). I use a modified version of the SAML based web authentication described in:
but rather than protecting the Jicofo with Shibboleth, I am protecting all of Jitsi (basically). This means I can force all parties(moderator and participant) to come in as a fully authenicated user, authorized for this particular meeting. From my understanding, Jitsi in itself doesn’t assume there are accounts for participants, they just need a password to login?
Authorization means that not only does a user need a successful login through SAML, they also need to actually be invited to the meeting (invitation process is totally outside of Jitsi, basically the authorization is querying a web service for whether a certain user is invited to a certain meeting). Thus, I am free to add my own code at proxy level (setting headers or whatnot) and the user would not be able to tamper with them from the client.
This all basically works, I currently have functioning federated authentication and authorization of all parties in the meeting.
But, since the autentication takes place outside of Jitsi, users can call themselves whatever they want, which is a problem with regards to security. And, I suspect that even if I somehow manage to use Jicofo for authentication, that would only affect the moderator and not the participants, or am I wrong?
Sorry about the wall of text. As you can see, I am a bit confused and would appreciate any pointers on what is possible and how to proceed. Thank you.