Jitsi-meet displayName from shibboleth headers


#1

I’ve managed to convince jitsi-meet into external auth and for the meantime during test I inject authentication headers in apache using

<Location /login>
RequestHeader set mail "foobar@<domain>"
RequestHeader set displayName "FooBar"
ProxyPass http://localhost:8888/login
</Location>

I am shortly welcomed as “FooBar” by jicofo external auth servlet, but jitsi-meet doesn’t update my displayName?

I’ve toggled useNicks in jitsi-meeting config, but that doesn’t help. How can I convince jitsi-meeting to consume the freshly acquired displayName from the external authenticated testuser?


#2

I Martin,
The shibboleth displayname is not set into jitsi meet UI variables. I think it could be done by modifying the jicofo shibboleth auth servlet to set the client local storage displayname value to th shibboleth attribute.

Regards Damien.


#3

Hi Damien,

Thx for your answer.
I see that displayName is read in ShibbolethHandler.java in jicofo src:

But it only seems to be used to greet the user? :frowning:

On the other hand, https://rendez-vous.renater.fr/ does use one of the shibboleth attributes to generate displayName from eduGAIN login, so the code is available at Renater? Was this enhancement never merged upstream?

Best regards,
Martin


#4

Hi Martin,

Rendez-vous doesn’t use the displayname shibboleth attribute.
It only display the user’s authenticated identity name (email attributes) in the profile menu.
The user profile menu was changed since the Jitsi version 2794 currently used by RENdez-vous.
This login informations is no longer displayed in last stable release that’s why you didn’t see it in your Jitsi-Meet instance.

A made a pull request for jicofo code (https://github.com/jitsi/jicofo/pull/328) to set the localstorage features/base/settings displayName to the shibboleth displayName.
It is set to shibboleth displayName or email if user havn’t already set a value to displayName .

Best Regards,
Damien.


#5

Hi Damien,

I could have sworn I saw my displayName used in rendex-vouz but I must have been dreaming :wink:
Nevertheless, thx for the pull request. It only seems a logical step to consume the displayName when it’s supplied in the SAML token. Nice!