[jitsi-users] authentication issues


#1

Hello:

I'm trying to have a situation where an authenticated user is the only one
who can create a room. I have seen the instruction of how to do that, but I
have a problem. My letsencrypt cert will not be good for my main domian and
also the guest.main domain as per that setup.

I don't want my users to have to click a security exception.

Is there any way to get around that problem besides a wildcard cert?

I also thought of making the extra domain the secured one, so I might go to
admin.main domain to set up the room but the users go to main domain.
Problem there is then the room gets created with the admin.main domain URL
so it does't help solve the problem.

I would not mind too much if all users had to enter username/password, but
there's another problem: it requires a pop-up window. For me, in Firefox
and Chrome, the pop-up was silently blocked. So I would then have to tell
users to dig into their settings to allow pop-up windows from my domain.
Again, that isn't really going to work.

Thanks for any ideas.

-Casey


#2

Hi,

Those domains like the guest domain are virtual hosts inside prosody
and had nothing to do with DNS, they are only known to jitsi-meet and
prosody. You need only one cert that is used by the webserver to serve
your jitsi-meet instance.

Regards
damencho

···

On Mon, Sep 11, 2017 at 5:10 PM, scoremixer <scoremixer@gmail.com> wrote:

Hello:

I'm trying to have a situation where an authenticated user is the only one
who can create a room. I have seen the instruction of how to do that, but I
have a problem. My letsencrypt cert will not be good for my main domian and
also the guest.main domain as per that setup.

I don't want my users to have to click a security exception.

Is there any way to get around that problem besides a wildcard cert?

I also thought of making the extra domain the secured one, so I might go to
admin.main domain to set up the room but the users go to main domain.
Problem there is then the room gets created with the admin.main domain URL
so it does't help solve the problem.

I would not mind too much if all users had to enter username/password, but
there's another problem: it requires a pop-up window. For me, in Firefox and
Chrome, the pop-up was silently blocked. So I would then have to tell users
to dig into their settings to allow pop-up windows from my domain. Again,
that isn't really going to work.

Thanks for any ideas.

-Casey

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

Thank you. My first attempts probably would have been successful if not for
the pop-up blocker making it so I couldn't see the login prompt. That and I
guess I was expecting a login prompt to appear before the attempted room
creation. But now that I understand better how the different parts of
jitsi-meet operate it makes sense. Still, if there's a way to not use
pop-up windows to solicit credentials, that would be better.

I do have the secure room setup working now. One other help for script
kiddies would be to correct the instructions at
https://github.com/jitsi/jicofo#secure-domain -- step 1-B the virtual host
name should be in quotes VirtualHost "guest.jitsi-meet.example.com". And
maybe a note there telling people how to create the prosody user's
credentials. That could be step 1-C.

···

On Tue, Sep 12, 2017 at 12:50 AM, Damian Minkov <damencho@jitsi.org> wrote:

Hi,

Those domains like the guest domain are virtual hosts inside prosody
and had nothing to do with DNS, they are only known to jitsi-meet and
prosody. You need only one cert that is used by the webserver to serve
your jitsi-meet instance.

Regards
damencho


#4

I have just created a pull request in Github for this particular bit, as it seems helpful.

Neil

···

On 15 Sep 2017, at 09:09, scoremixer <scoremixer@gmail.com> wrote:

And maybe a note there telling people how to create the prosody user's credentials. That could be step 1-C.