Using mod_auth_http in jitsi

Is it possible to use prosody’s mod_auth_http in jitsi?
Based on prosody’s documentation:

This authentication module allows Prosody to authenticate users against an external HTTP service.

So I want Jitsi to authenticate users against my external HTTP service.

I think yes, just follow secure domain part from the handbook. And use your authentication instead of "internal_hashed"

1 Like

Thanks for your answer. I have deployed Jitsi using docker but unfortunately there is no http_auth_url environment variable in the docker-compose.yml file for setting the http_auth_url.

I set it by manually going in prosody docker shell and setting the http_auth_url. But unfortunately I get
SASLErrorException: SASLError using PLAIN: not-authorized in my jicofo’s docker log.
And Jitsi keeps reloading by showing me “You have been disconnected” dialog. following is part of the Jicofo log:

Smack: Reconnection failed due to an exception (XMPPTCPConnection[focus@auth.meet.jitsi/focus2425219796943670] (0))

And I should mention that my external HTTP service to which I am trying to authenticate users is not getting called at all.

Maybe check to make sure the component secrets are correct?

1 Like

Thanks for your response, Considering that I had generated secrets before and that Jitsi worked before changing the auth_type from internal_hashed to http, I’d say the component secrets are in order.

Following is What I have done step by step after setting up a working dockerized JITSI server as suggested by handbook:

  1. in jitsi/prosody docker in the /config/config.d/jitsi-meet.cfg.lua I have added the following lines(in bold):

VirtualHost “meet.jitsi”
authentication = "http"
http_auth_url = "https://my-domain.com/auth"
ssl = {
key = “/config/certs/meet.jitsi.key”;
certificate = “/config/certs/meet.jitsi.crt”;
}
modules_enabled = {
“bosh”;
“websocket”;
“smacks”; – XEP-0198: Stream Management
“pubsub”;
“ping”;
“speakerstats”;
“conference_duration”;
"auth_http";
}
speakerstats_component = “speakerstats.meet.jitsi”
conference_duration_component = “conferenceduration.meet.jitsi”
c2s_require_encryption = false

VirtualHost “auth.meet.jitsi”
ssl = {
key = “/config/certs/auth.meet.jitsi.key”;
certificate = “/config/certs/auth.meet.jitsi.crt”;
}
modules_enabled = {
"auth_http";
}
authentication = "http"
http_auth_url = "https://mydomain.com/auth"

VirtualHost “recorder.meet.jitsi”
modules_enabled = {
“ping”;
"auth_http";
}
authentication = "http"
http_auth_url = "https://mydomain.com/auth"

  1. in jitsi/prosody docker in the /config/prosody.cfg.lua I have added the following lines in (in bold):

modules_enabled = {
"auth_http";
“roster”; – Allow users to have a roster. Recommended :wink:
“saslauth”; – Authentication for clients and servers. Recommended if you want to log in.
“tls”; – Add support for secure TLS on c2s/s2s connections
“dialback”; – s2s dialback support
“disco”; – Service discovery

"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords

– Admin interfaces
“admin_adhoc”; – Allows administration via an XMPP client that supports ad-hoc commands
“posix”; – POSIX functionality, sends server to background, enables syslog, etc.
};

  1. in jitsi/prosody docker added mod_auth_http.lua file in /prosody-plugins directory
  2. service in jitsi/prosody docker’s shell I ran prosodyctl --config /config/prosody.cfg.lua restart

(output:
WARNING: Use of prosodyctl start/stop/restart/reload is not recommended
if Prosody is managed by an init system - use that directly instead.
e.g. systemctl stop prosody

Still waiting…
Prosody is still running. Please give it some time or check your log files for errors.)