Secured Domain | Guest Login Issue

Dear Jitsi Team,
Hope you are doing well.
I am trying to use secure domain in JITSI.

I have followed the instructions provided in https://github.com/jitsi/jicofo#secure-domain.
Please find below the configurations which i have done so far.

Prosody: cfg.lua configuration

– Plugins path gets uncommented during jitsi-meet-tokens package install - that’s where token plugin is located
–plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

VirtualHost “abc.xyz.com.pk”
– enabled = false – Remove this line to enable this host
authentication = “internal_plain”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/abc.xyz.com.pk.key”;
certificate = “/etc/prosody/certs/abc.xyz.com.pk.crt”;
}
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
}

    c2s_require_encryption = false

Component “conference.abc.xyz.com.pk” “muc”
storage = “none”
–modules_enabled = { “token_verification” }
admins = { “focus@auth.abc.xyz.com.pk” }

Component “jitsi-videobridge.abc.xyz.com.pk”
component_secret = “IRABxSxT”

VirtualHost “auth.abc.xyz.com.pk”
ssl = {
key = “/etc/prosody/certs/auth.abc.xyz.com.pk.key”;
certificate = “/etc/prosody/certs/auth.abc.xyz.com.pk.crt”;
}
authentication = “internal_plain”

VirtualHost “abclink.xyz.com.pk”
authentication = “anonymous”
c2s_require_encryption = false

Component “focus.abc.xyz.com.pk”
component_secret = “zxon09Xj”
Component “callcontrol.abc.xyz.com.pk” component_secret = “UKEQ#jT6”

===========================================================================

config.js in jitsi meet

var config = {
hosts: {

    domain: 'abc.xyz.com.pk',
    anonymousdomain: 'abclink.xyz.com.pk',
    muc: 'conference.abc.xyz.com.pk'
},

bosh: '//abc.xyz.com.pk/http-bind',
clientNode: 'http://jitsi.org/jitsimeet',



testing: {
    
    enableFirefoxSimulcast: false,
    p2pTestMode: false

   },

disableSuspendVideo: true,
desktopSharingChromeExtId: null,
desktopSharingChromeSources: [ ‘screen’, ‘window’, ‘tab’ ],
desktopSharingChromeMinExtVersion: ‘0.1’,
channelLastN: -1,
enableWelcomePage: true,
enableUserRolesBasedOnToken: false,
enableCalendarIntegration: true,

p2p: {

    enabled: true,

   
    stunServers: [
        { urls: 'stun:stun.l.google.com:19302' },
        { urls: 'stun:stun1.l.google.com:19302' },
        { urls: 'stun:stun2.l.google.com:19302' }
    ],

   
},

===========================================================================

In JICOFO sip-communicator.properties i have added below

org.jitsi.jicofo.auth.URL=XMPP:abc.xyz.com.pk

and then i have added users by using below command

prosodyctl register QAZ abc.xyz.com.pk ABC

Currently when i am using my main domain abc.xyz.com.pk the snapshot1 appear on the screenSnapshot-1

and after clicking on “i am the host” i can able to see the user and password form and after successful login i can create a room.

But when i am using my guest domain i.e. abclink.xyz.com.pk it opens up the welcome page let me create the room and then only get below screen

Can you please help me out in this matter as when guest try to join with abclink.xyz.com.pk they can join the room successfully.

My both URLs abc.xyz.com.pk & abclink.xyz.com.pk are bind towards my hosted server IP via DNS.

best regards
Salman Ali

The anonymousdomain is a virtual host defined in prosody and is virtual to the system, you do not need dns for it or to be able to access it via web.

So the scenario/use case is the following:

  1. Open https://abc.xyz.com.pk/mynewroom say you are host, authenticate
  2. Open an incognito window or another browser or use another computer and open https://abc.xyz.com.pk/mynewroom you should be able to join without authentication, this is because the host is there(and this connection will use the anonymousdomain internally). You need another browser or incognito cause there is a session stored in the browser to not request authentication on every join for hosts.

Now try the second use case:

  1. From that incognito window, open https://abc.xyz.com.pk/mysecondroomtest and you will see the dialog that a host is not there
  2. Now from the original window where the host is authenticated you should be able to join https://abc.xyz.com.pk/mysecondroomtest without username/password, now check incognito window the user will join the room in 5 seconds after the host arrives.

Dear Damencho,
Thanks you so much for explanation and now i understood.
I also added JIGASI configuration i.e.

org.jitsi.jigasi.xmpp.acc.USER_ID=SALMAN
org.jitsi.jigasi.xmpp.acc.PASS=03432615524
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false

whereas USER_ID and PASS are the same as i have created in prosody by using the below command

prosodyctl register SALMAN abc.xyz.com.pk 03432615524

and i am not able to make outbound and incoming calling.

below are the JIGASI logs when i am trying to make an outbound call.

2019-10-17 05:53:46.604 WARNING: [70] org.jitsi.jigasi.xmpp.CallControl.checkAuthorized().262 Requests are not secured by JID filter!
2019-10-17 05:53:46.604 INFO: [70] org.jitsi.jigasi.xmpp.CallControl.handleDialIq().188 Got dial request fromnumber -> 03444489170 room: emp9@conference.abc.xyz.com.pk
2019-10-17 05:53:46.606 SEVERE: [70] impl.protocol.jabber.ProtocolProviderFactoryJabberImpl.createService().169 SALMAN is not a valid JID
org.jxmpp.stringprep.XmppStringprepException: XmppStringprepException caused by ‘SALMAN’: org.jxmpp.stringprep.XmppStringprepException: Argument can’t be the empty string
at org.jxmpp.jid.impl.JidCreate.entityBareFrom(JidCreate.java:591)
at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderFactoryJabberImpl.createService(ProtocolProviderFactoryJabberImpl.java:165)
at net.java.sip.communicator.service.protocol.ProtocolProviderFactory.loadAccount(ProtocolProviderFactory.java:1010)
at org.jitsi.jigasi.JvbConference.start(JvbConference.java:452)
at org.jitsi.jigasi.AbstractGatewaySession.createOutgoingCall(AbstractGatewaySession.java:103)
at org.jitsi.jigasi.SipGatewaySession.createOutgoingCall(SipGatewaySession.java:308)
at org.jitsi.jigasi.SipGateway.createOutgoingCall(SipGateway.java:172)
at org.jitsi.jigasi.xmpp.CallControl.handleDialIq(CallControl.java:214)
at org.jitsi.jigasi.xmpp.CallControlComponent.handleIQ(CallControlComponent.java:327)
at org.jitsi.jigasi.xmpp.CallControlComponent.handleIQSetImpl(CallControlComponent.java:286)
at org.jitsi.xmpp.component.ComponentBase.handleIQSet(ComponentBase.java:362)
at org.xmpp.component.AbstractComponent.processIQRequest(AbstractComponent.java:515)
at org.xmpp.component.AbstractComponent.processIQ(AbstractComponent.java:289)
at org.xmpp.component.AbstractComponent.processQueuedPacket(AbstractComponent.java:239)
at org.xmpp.component.AbstractComponent.access$100(AbstractComponent.java:81)
at org.xmpp.component.AbstractComponent$PacketProcessor.run(AbstractComponent.java:1051)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.jxmpp.stringprep.XmppStringprepException: Argument can’t be the empty string
at org.jxmpp.stringprep.XmppStringPrepUtil.throwIfEmptyString(XmppStringPrepUtil.java:131)
at org.jxmpp.stringprep.XmppStringPrepUtil.localprep(XmppStringPrepUtil.java:57)
at org.jxmpp.jid.parts.Localpart.from(Localpart.java:137)
at org.jxmpp.jid.impl.LocalAndDomainpartJid.(LocalAndDomainpartJid.java:46)
at org.jxmpp.jid.impl.JidCreate.entityBareFrom(JidCreate.java:589)
… 18 more
2019-10-17 05:53:46.607 WARNING: [70] org.jitsi.xmpp.component.ComponentBase.verifyProcessingTime().540 PROCESSING TIME LIMIT EXCEEDED - it took 3ms to process:
2019-10-17 05:53:46.607 WARNING: [70] org.jitsi.jigasi.xmpp.CallControlComponent.processIQ() (serving component ‘Call control’) Unexpected exception while processing IQ stanza:
java.lang.IllegalArgumentException: service
at org.jitsi.impl.osgi.framework.launch.FrameworkImpl.registerService(FrameworkImpl.java:296)
at org.jitsi.impl.osgi.framework.BundleContextImpl.registerService(BundleContextImpl.java:241)
at org.jitsi.impl.osgi.framework.BundleContextImpl.registerService(BundleContextImpl.java:229)
at net.java.sip.communicator.service.protocol.ProtocolProviderFactory.loadAccount(ProtocolProviderFactory.java:1017)
at org.jitsi.jigasi.JvbConference.start(JvbConference.java:452)
at org.jitsi.jigasi.AbstractGatewaySession.createOutgoingCall(AbstractGatewaySession.java:103)
at org.jitsi.jigasi.SipGatewaySession.createOutgoingCall(SipGatewaySession.java:308)
at org.jitsi.jigasi.SipGateway.createOutgoingCall(SipGateway.java:172)
at org.jitsi.jigasi.xmpp.CallControl.handleDialIq(CallControl.java:214)
at org.jitsi.jigasi.xmpp.CallControlComponent.handleIQ(CallControlComponent.java:327)
at org.jitsi.jigasi.xmpp.CallControlComponent.handleIQSetImpl(CallControlComponent.java:286)
at org.jitsi.xmpp.component.ComponentBase.handleIQSet(ComponentBase.java:362)
at org.xmpp.component.AbstractComponent.processIQRequest(AbstractComponent.java:515)
at org.xmpp.component.AbstractComponent.processIQ(AbstractComponent.java:289)
at org.xmpp.component.AbstractComponent.processQueuedPacket(AbstractComponent.java:239)
at org.xmpp.component.AbstractComponent.access$100(AbstractComponent.java:81)
at org.xmpp.component.AbstractComponent$PacketProcessor.run(AbstractComponent.java:1051)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2019-10-17 05:53:50.202 INFO: [152] impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack: Setting SIPMessage peerPacketSource to: /103.31.82.213:5060

best regards
Salman Ali

USER_ID is wrong, should be org.jitsi.jigasi.xmpp.acc.USER_ID=SALMAN@abc.xyz.com.pk

Dear Damencho,
Thank you so much for your support. Now the issue is resolved and i am able to make inbound and outbound calls by using Jigasi.

I have one more query, you have mentioned that

“You need another browser or incognito cause there is a session stored in the browser to not request authentication on every join for hosts.”

I have observed this when i am logged into conference room after using username & password (secured domain) even if i close that session and again try to make another session it will allow me to make a new room without asking for credentials, i have also tried it with incognito and sometime it behaves normally and sometimes it also allows me to create room without asking credentials.

Is there any way to reduce or eliminate session timer at browser end by which browser will authenticate for every new user with login credentials or is there any way at Jitsi end to tackle this matter.

best regards
Salman Ali

Dear Damencho,
Thanks for the reply.

I have added the below line in /etc/jitsi/jicofo/sip-communicator-properties but the behavior is still same, i have opened the room incognito with the name ABC and it asked me for login, once i logged in, I opened another incognito and opened another room with the name MBA and it hasn’t asked for login and allowed me to create room.

org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true

best regards
Salman Ali

Did you restart jicofo?

Yes, i restarted all services
Jicofo
jigasi
prosody
video bridge

best regards
Salman Ali

The file is /etc/jitsi/jicofo/sip-communicator.properties

Dear Damencho,
Yes, it was a typy mistake, i have changed it in sip-communicator.properties.

but issue is still same even restarting all services.

best regards
Salman Ali