I have a project where we need to have clients be able to view live video streams from traffic cameras on VLC player. We wish to have a level of security where only the clients are able to view the streams. We have a separate server that houses the access to the streams and we want to be able to use a wowza token to allow the the client to place the camera URL with the appended token and shared secret into VLC and view the stream. Right now, we are able to view the streams externally from the client server environment by using a specific port number in the URL created for camera access, which is what we want, but we are able to view the streams by using the camera URL with or without the token, which is not desired as it is a big security issue. I have a couple questions:
- The wowza engine doesn’t seem to recognize the tokens. I have the parameter prefix and shared secret created in the live/Playback security section, no client restrictions, Protect all protocols using hash (Secure Token version 2) and SHA 256 hash algorithm. Start time and end time is not needed. Is there something else that needs to be activated? The URL with token looks like this:
https://server address:port/redirect/live/camera name?type=m3u8&shared secret&wowzaprefixparameterhash=base64
But like I said, the URL without the token:
https://server address:port/redirect/live/camera name?type=m3u8
also brings up the stream, so the secure token authorization is not working.
- Next question, currently the base 64 hash token is created on the client side as per wowza documentation instructions, but the documentation mentions the generation of a wowza token on the wowza side. Is that wowza token sent back to the client side, or kept in the wowza server side? If it is kept on the wowza server side, how does that affect the token matching? If it can be sent to the client side, how do I retrieve the wowza token generated by wowza so it can be relayed to the client as a secure link to the live video stream?
Any insight would be appreciated, I’m new to wowza and the documentation is daunting to go through!