How to request authentication before the meeting room is initialized?


#1

Hi team,
After a quick install, users can create meeting rooms by automatically copying the link eg https://meet.jit.si/b is going to the meeting room screen. How to request authentication before the meeting room is initialized? To limit the meeting room to be initiated without control.

Thanks,


#2

Check https://github.com/jitsi/jicofo/blob/master/README.md#secure-domain


#3

Hi @damencho,
I did follow the guide but it didnt work. The web can not load home page.
My wish is that the meeting room is only allowed to initialize when click GO button from the homepage.
Also, I have a question about creating a user on a prosody. Is it possible that each user who wants to create a meeting room must be created on the prosody:

prosodyctl register <username> jitsi-meet.example.com <password>

Pls help me resolve it.
Thanks,


#4

@Cuong_Quyet_Nguyen check your config.js for a syntax error, people usually miss a comma there around the modified files.
We will fix that common problem: https://github.com/jitsi/jitsi-meet/pull/3593


#5

That is correct, every user must be created.


#6

Thank @damencho,
I fix it with miss a comma.
But when i create a meeting, there is a error on meeting room.

My configs:
hosts: {
// XMPP domain.
domain: ‘vc1.xxx.vn’,

    // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
    muc: 'conference.vc1.xxx.vn',

    // When using authentication, domain for guest users.
    anonymousdomain: 'guest.vc1.xxx.vn'

    // Domain for authenticated users. Defaults to <domain>.
    // authdomain: 'vc1.xxx.vn',

    // Jirecon recording component domain.
    // jirecon: 'jirecon.vc1.xxx.vn',

    // Call control component (Jigasi).
    // call_control: 'callcontrol.vc1.xxx.vn',

    // Focus component domain. Defaults to focus.<domain>.
    // focus: 'focus.vc1.xxx.vn',
},

Pls help me resolve it,
Thanks,


#7

Open jacascript console and save the output when you see the error
Without that output we can keep guessing.


#8

Hi @damencho,
That is console monitor.


Addition:
root@server:~# prosodyctl mod_listusers
xxx@vc1.xxx.vn
focus@auth.vc1.xxx.vn

Thanks,


#9

Your prosody does not have the correct configuration for the host, as it says host-unknown


#10

Hi @damencho,
That is my prosody config:

VirtualHost “vc1.xxx.vn”
– enabled = false – Remove this line to enable this host
– Changed by me
authentication = “internal_plain”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/vc1.xxx.vn.key”;
certificate = “/etc/prosody/certs/vc1.xxx.vn.crt”;
}
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
}

    c2s_require_encryption = false

Component “conference.vc1.xxx.vn” “muc”
storage = “null”
–modules_enabled = { “token_verification” }
admins = { “focus@auth.vc1.xxx.vn” }

Component “jitsi-videobridge.vc1.xxx.vn”
component_secret = “vcDHEVvk”
– Added by me
VirtualHost “guest.vc1.xxx.vn”
authentication = “anonymous”
c2s_require_encryption = false

VirtualHost “auth.vc1.xxx.vn”
ssl = {
key = “/etc/prosody/certs/auth.vc1.xxx.vn.key”;
certificate = “/etc/prosody/certs/auth.vc1.xxx.vn.crt”;
}
authentication = “internal_plain”

Component “focus.vc1.xxx.vn”
component_secret = “C3cSJKD”

Thanks


#11

So you are accessing your deployment using https://vc1.xxx.vn and your bosh config in config.js is bosh: ‘//vc1.xxx.vn/http-bind’, is this correct?


#12

Yes, @damencho,

// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: ‘//vc1.xxx.vn/http-bind’,

–> This is default in config.js


#13

So probably prosody is not loading your config. The host-unknown error you see is coming from prosody not knowing anything about the domain vc1.xxx.vn.
Try opening https://vc1.xxx.vn/http-bind what is the output?
Try restarting prosody and check its logs, do you see any error?


#14

Thank @damencho for your support,
Password required is actived after i restart prosody.
I have a addition question,
I install jitsi-meet all in one server. So if i set anonymousdomain: ‘guest.vc1.xxx.vn’ every one can create a meeting room. If i dont set //anonymousdomain: ‘guest.vc1.xxx.vn’ password required active. why is that? And
Now i need to setup:

  • password only required when created.
  • When room was created everyone can join with no password (if not set password for room)
    How can i do that?
    Pls, help me config it.

Thanks,


#15

When you follow this: https://github.com/jitsi/jicofo#secure-domain every time a participant that tries to join will be asked for a password. If you enable anonymousdomain then username/password will be asked only when such room does not exist. Participants that try to join existing room will just join.
If it doesn’t work like that, then there must be something wrong with the setup.


#16

Hi @damencho,
That mean i still was wrong config.
That are prosody config and jitsi meet config.js. Pls support me to check it.
-----------------------config.js --------------------------------
// Connection
//

hosts: {
    // XMPP domain.
    domain: 'vc1.xxx.vn',

    // XMPP MUC domain. FIXME: use XEP-0030 to discover it.
    muc: 'conference.vc1.xxx.vn',

    // When using authentication, domain for guest users.
    anonymousdomain: 'guest.vc1.xxx.vn'

    // Domain for authenticated users. Defaults to <domain>.
    // authdomain: 'vc1.xxx.vn',

    // Jirecon recording component domain.
    // jirecon: 'jirecon.vc1.xxx.vn',

    // Call control component (Jigasi).
    // call_control: 'callcontrol.vc1.xxx.vn',

    // Focus component domain. Defaults to focus.<domain>.
    //focus: 'focus.vc1.xxx.vn'
},

// BOSH URL. FIXME: use XEP-0156 to discover it.
bosh: '//vc1.xxx.vn/http-bind',

// The name of client node advertised in XEP-0115 'c' stanza
clientNode: 'http://jitsi.org/jitsimeet',

--------------------Prosody Config------------------------------------
– Plugins path gets uncommented during jitsi-meet-tokens package install - that’s where token plugin is located
–plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

VirtualHost “vc1.xxx.vn”
– enabled = false – Remove this line to enable this host
– thay doi
authentication = “internal_plain”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/vc1.xxx.vn.key”;
certificate = “/etc/prosody/certs/vc1.xxx.vn.crt”;
}
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
}

    c2s_require_encryption = false

Component “conference.vc1.xxx.vn” “muc”
storage = “null”
–modules_enabled = { “token_verification” }
admins = { “focus@auth.vc1.xxx.vn” }

Component “jitsi-videobridge.vc1.xxx.vn”
component_secret = “vc3LEVvk”
– them
VirtualHost “guest.vc1.xxx.vn”
authentication = “anonymous”
c2s_require_encryption = false

VirtualHost “auth.vc1.xxx.vn”
ssl = {
key = “/etc/prosody/certs/auth.vc1.xxx.vn.key”;
certificate = “/etc/prosody/certs/auth.vc1.xxx.vn.crt”;
}
authentication = “internal_plain”

Component “focus.vc1.xxx.vn”
component_secret = “mNklH7K”

Thanks,


#17

Seems fine, what about jicofo in /etc/jitsi/jicofo/sip-communicator.properties do you have:
org.jitsi.jicofo.auth.URL=XMPP:vc1.xxx.vn have you restarted jicofo since editing the config?


#18

Greate @damencho,
But I have a question. After restart jicofo, first time create a room password required. But from second time I create a room password not required. Why that?
And i need integrate OAuth2 authenticate. How can i do that?

Thanks so much for your support,


#19

There is a session-id written in the local storage that logs you in. OAuth2 is not possible, at some point we were working on that, I know there is till some outdated branches, but nothing currently.

If you enable org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true inc jicofo you will need to login every time.


#20

Thank @damencho so much,
As far as I understand the user authentication is done in the prosody right?
If so, can integrate authentication methods such as OAuth2, LDAP, SQL … in the prosody, then with such config Jitsi-meet can still use it?

Thanks,