Unable to connect Jibri with Jitsi using JWT

Hello!

Jitsi is workin ok with JTW, can’t connect Jibri after JTW.

  jwt-info {
    signing-key-path = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
    kid = "The_JWT_Secret "
    issuer = "the_issuer"
    audience = "the_audience"
    ttl = 1 hour
  }

On the log file I see this:

2021-09-18 13:50:41.579 INFO: [1] org.jitsi.jibri.webhooks.v1.JwtInfo.log() got jwtConfig: {
# /etc/jitsi/jibri/jibri.conf: 84
“audience” : “the_audience”,
# /etc/jitsi/jibri/jibri.conf: 83
“issuer” : “the_issuer”,
# /etc/jitsi/jibri/jibri.conf: 82
“kid” : “The_JWT_Secret”,
# /etc/jitsi/jibri/jibri.conf: 81
“signing-key-path” : “/etc/ssl/certs/ssl-cert-snakeoil.pem”,
# /etc/jitsi/jibri/jibri.conf: 85
“ttl” : “1 hour”
}

2021-09-18 13:50:41.692 INFO: [1] org.jitsi.jibri.webhooks.v1.JwtInfo.log() Unable to create JwtInfo: java.lang.ClassCastException: class org.bouncycastle.cert.X509CertificateHolder cannot be cast to class org.bouncycastle.openssl.PEMKeyPair (org.bouncycastle.cert.X509CertificateHolder and org.bouncycastle.openssl.PEMKeyPair are in unnamed module of loader 'app')
....
2021-09-18 13:50:44.094 SEVERE: [27] org.jitsi.retry.RetryStrategy.log() org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
        at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:292)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1100)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
        at java.base/java.lang.Thread.run(Thread.java:829)

What am I missing?

Looks like a wrong password/secret.

Thanks Freddie, How can I fix it?

You are messing up things.
Read this jwt is used to authenticate webhooks

Jibri does not need jwt to connect your system, as it uses a dedicated virtual host/domain to connect to meetings, this is the domain in your config.js in your hidden domain setting.

I removed the jwt-info secion in jibri.conf on the recorder server.

In the jitsi server on /etc/prosody/conf.avail/meet.myhost.com.cfg.lua I have:

VirtualHost "meet.myhost.com"
....
    muc_lobby_whitelist = { "recorder.meet.myhost.com" }
...
...
VirtualHost "recorder.meet.myhost.com"
  modules_enabled = {
    "ping";
    }
  authentication = "internal_plain"
                                    

runned the command: prosodyctl register recorder recorder.meet.myhost.com ThePasswordSetIn_JibriConf
did a

service nginx restart && service jitsi-videobridge2 restart && service prosody restart && service jicofo restart

then

service jibri restart

Still I see the:

2021-09-18 13:50:44.094 SEVERE: [27] org.jitsi.retry.RetryStrategy.log() org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:292)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1100)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
at java.base/java.lang.Thread.run(Thread.java:829)

This you get when you try to record or on startup of jibri?
This is wrong password.

On startup of jibri.

Wrong recorder password?

Nope on startup error are the control accounts auth.domain.com one

I see the error on /var/log/jitsi/jibri/log.0.txt

After restarting jibri.

Which password is the one I need to change? and where? =)

Thanks Damencho!