Logins saved on client side?

Hi,
I just reconfigured my Jitsi-Meet installation to use Active-Directory-Auth and keep rooms persistent. But there is one thing I noticed: When a user want’s to create a Room, he has to authenticate only once. For every other room he enteres, he will be authenticated automatically. That’s weird because this way you can “hijack” another room. Example: User A creates Room A, has to enter credentials. User B creates Room B, has to enter credentials. Both leave their rooms. User A enters Room B. Doesn’t have to enter credentials and is granted moderator rights.

Looks like there is some sort of SessionID or Tokes working in the background.
The only way to get around this is to delete the browser cache.

I’m running Ubuntu 20.04 with Jitsi-Meet installed from the repository.
Joined the machine into AD and configured saslauthd to use PAM.
Finally followed this tutorial for persistent rooms:Persistent Passwords on Self Hosted Rooms

Edit: How can i deactivate this autologon?

You can set org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true in Jicofo’s sip-communicator.properties
However, User A will still be able to create a Room B (after authentication) as rooms are not perstisted. Thats just how Jitsi works. As a workaround, you can enable persistent rooms (as discussed in the thread you mentioned) and add a room password that is only known to authorized users.

You can set org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true in Jicofo’s sip-communicator.properties

Unfortunately this didn’t work.

However, User A will still be able to create a Room B (after authentication) as rooms are not perstisted. Thats just how Jitsi works. As a workaround, you can enable persistent rooms (as discussed in the thread you mentioned) and add a room password that is only known to authorized users.

I Know. I already made the rooms persistent. It’s also the same problem with passwords set. When a user knows the rooms password and was previously logged in, he enters as moderator, if he is first in the room. Without having to authanticate again.

I believe this property saves session ID for about 24hrs:

org.jitsi.jicofo.auth.AUTH_LIFETIME

Thank’s but still no change.

That’s my sip-communicator.properties:

org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.[mydomain]
org.jitsi.jicofo.auth.URL=XMPP:[mydomain]
org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true
org.jitsi.jicofo.auth.AUTH_LIFETIME = 1

I’m not sure that’s how you set that property, but maybe remove the spaces? So, instead:

org.jitsi.jicofo.auth.AUTH_LIFETIME=1

If that doesn’t work, perhaps try

org.jitsi.jicofo.auth.AUTH_LIFETIME=false

I’m just hazarding guesses, just so you know.

org.jitsi.jicofo.auth.AUTH_LIFETIME=1

org.jitsi.jicofo.auth.AUTH_LIFETIME=false

I treid both. But still the same.

Check this out for inspiration - https://github.com/jitsi/jicofo/blob/7659cdd4c0fb96de6f0f23adf17c6263ef911da0/src/main/java/org/jitsi/jicofo/auth/AuthBundleActivator.java#L77

Hi Freddie,
thank’s again. I already found this.

Also:

/**
* The name of the {@code ConfigurationService} property which disables auto
* login feature. Authentication sessions are destroyed immediately when the
* conference ends.
*/
public static final String DISABLE_AUTOLOGIN_PNAME
= AUTH_PNAME + “.DISABLE_AUTOLOGIN”;

This should actually do the trick. But it doesnt’.