Implementing Jitsi Meet Docker with Keycloak

Hi,

Does anyone have experience with implementing Jitsi-Meet-Docker/kubernetes with Keycloak? Is there a straight-forward way to implement this set-up?

Thanks

Does anyone have any feedback on this topic? Please help.

I have just a little tip. Nothing special, but may help.

I have a fully operating client of Keycloak, working perfectly for loggin in on my “WebApp” (not the Jitsi one). I wanted to authenticate users automatically, using JWT token directly coming from Keycloak. I have a backend server that respond for some APIs with REST protocol.

Since Jitsi can use JWT tokens as authentication, but needs a specific format for it, I created a simple Kotlin class to take all the data I need and just put it as output. So, the user MUST be already authenticated by my WebApp to call this route, so I can surely know that the user that wants Jitsi is legit.

JWT options for Jitsi are here:

In my .env i put this params:

# Enable authentication
 ENABLE_AUTH=1
 # Select authentication type: internal, jwt or ldap
 AUTH_TYPE=jwt
 # Application identifier (change it!)
 JWT_APP_ID=<ID>
 # Application secret known only to your token generator (CHANGE IT!!!)
 JWT_APP_SECRET=<secret>
 # OPTIONAL found on internet
 JWT_ALLOW_EMPTY=0
 JWT_AUTH_TYPE=token
 JWT_TOKEN_AUTH_MODULE=token_verification

In my application.config (it’s a SpringBoot Application) I put all the configs needed to read correct params, such as AppID and Secret, also the domain used by Jitsi. There is a class that reads all the data needed:

@ConfigurationProperties(prefix="myCompanyName.jitsi")
class ConfigDataJitsi {
    var secret: String = ""
    var appId: String = ""
    var sub: String = ""
}

Then I have a class that manages to create a valid JWT token:

class JitsiJwtManager(
    private val secret: String,
    private val aud: String,
    private val iss: String,
    private val sub: String,
    private val userService: UserService
) {
    constructor(configDataJitsi: ConfigDataJitsi, userService: UserService)
            : this(configDataJitsi.secret, configDataJitsi.appId, configDataJitsi.appId, configDataJitsi.sub, userService)
    fun Room getJwtFor(room: Room, authInfo: AuthInfo) : String {
        val user = User(authInfo.requireUsernameNotNull(), userService.getMailOf(authInfo.requireUsernameNotNull()), userService.getAvatarUrlOf(authInfo.requireUsernameNotNull()))
        val context = Context(user)
        val jwt = Jwt(context, aud, iss, sub, room.name)

        return Jwts.builder()
            .setHeader(mapOf("typ" to "JWT"))
            .setPayload(ObjectMapper().writeValueAsString(jwt))
            .signWith(Keys.hmacShaKeyFor(secret.toByteArray(StandardCharsets.UTF_8)))
            .compact()
    }
}

Where:

  • ConfigDataJitsi is the class above
  • AuthInfo is the class that interacts with Keycloak
  • Context it’s just a class Context (val user: User)
  • User it’s just a class User (name, email, avatar), all strings.
  • Jwt it’s just a class (context, aud, iss, sub, room)

With this utility i can create a JWT token based of user details from Keycloak, not strictly using the Keycloak JWT, but reading it and transforming it into a “readable” format for Jitsi. After creating it, I just open my room in my jitsi server like this:
my.jitsi.com/room_name_here?jwt=here_goes_the_jwt

Automatically, user will be authenticated with his avatar (Base64) and his username.

2 Likes

Thank you!

Hi,

Can someone provide more assistance on implementing Jitsi Meet Docker (kubernetes) with Keycloak. I followed the instructions in this link: GitHub - d3473r/jitsi-keycloak: Login to jitsi with keycloak https://hub.docker.com/r/d3473r/jitsi-keycloak.
However, I am not getting the authentication window. Can someone please assist???