How to enable username/password authentication for RTMP and RTSP publishing

By default, Wowza Streaming Engine™ software authenticates RTMP and RTSP source (encoder) connections to applications. On the other hand, Wowza Media Server™ software doesn't authenticate connections from RTMP and RTSP sources by default. This article describes how to manage username/password authentication when publishing a stream from RTMP/RTSP-based encoders to Wowza™ server applications.

Contents


Configure authentication for RTMP sources
Configure authentication for RTSP sources
Configure per-application authentication using properties More resources

Configure authentication for RTMP sources


To enable username/password authentication to publish a stream via the RTMP protocol to the Wowza media server, do the following:

Wowza Streaming Engine

  1. In the Server contents panel, click Source Authentication, and then click Add Source.


     
  2. Add Source User Name and Password information, and then click Add. The sourcename and password values are case-sensitive and can only contain alphanumeric, period (.), underscore (_), and hyphen (-) characters.



    By default, the source credentials are stored in [install-dir]/conf/publish.password.
     
  3. In the live application contents panel, click Source Security, and then click Edit.


     
  4. In the Source Security page, under RTMP Sources, select the Require password authentication option, and then click Save.

     

Wowza Media Server (version 3.5 and later)

  1. Open [install-dir]/conf/[application]/Application.xml in a text editor and add the following <Module> definition as the last entry in the <Modules> list:
    <Module>
    	<Name>ModuleRTMPAuthenticate</Name>
    	<Description>ModuleRTMPAuthenticate</Description>
    	<Class>com.wowza.wms.security.ModuleRTMPAuthenticate</Class>
    </Module>
  2. By default, the ModuleRTMPAuthenticate module is configured to use source usernames and passwords that are stored in the [install-dir]/conf/publish.password file. Open this file in a text editor and add source username and password entries (one per line) to this file to enable individual RTMP sources. The following example shows how to add these entries:
    # Publish password file (format [username][space][password])
    # username password
    myPublisher myPassword

Wowza Media Server (version 3.1.2 and earlier)

  1. Download and unzip the MediaSecurity Addon package, copy the wms-plugin-security.jar file from the package /lib folder to the Wowza Media Server /lib folder, and then restart the server.
     
  2. Open [install-dir]/conf/[application]/Application.xml in a text editor and add the following <Module> definition as the last entry in the <Modules> list:
    <Module>
         <Name>ModuleRTMPAuthenticate</Name>
         <Description>ModuleRTMPAuthenticate</Description>
         <Class>com.wowza.wms.plugin.security.ModuleRTMPAuthenticate</Class>
    </Module>
  3. By default, the ModuleRTMPAuthenticate module is configured to use source usernames and passwords that are stored in the [install-dir]/conf/publish.password file. Open this file in a text editor and add source username and password entries (one per line) to this file to enable individual RTMP sources. The following example shows how to add these entries:
    # Publish password file (format [username][space][password])
    # username password
    myPublisher myPassword

Configure authentication for RTSP sources


To enable username/password authentication to publish a stream via the RTSP protocol to the Wowza media server, do the following:

Wowza Streaming Engine

  1. In the Server contents panel, click Source Authentication, and then click Add Source.


     
  2. Add Source User Name and Password information, and then click Add. The source name and password values are case-sensitive and can only contain alphanumeric, period (.), underscore (_), and hyphen (-) characters.



    By default, the source credentials are stored in [install-dir]/conf/publish.password.
     
  3. In the live application contents panel, click Source Security, and then click Edit.


     
  4. In the Source Security page, under RTSP Sources, select the Require password authentication option, and then click Save.

     

Wowza Media Server

  1. In a text editor, open the [install-dir]/conf/[application]/Application.xml file and change the <RTP>/<Authentication>/<PublishMethod> to digest (this is the default value):
    <PublishMethod>digest</PublishMethod>
    Note: Some RTSP encoders don't support digest authentication. If your encoder doesn't support digest authentication, set the PublishMethod value to basic, which should be supported.
  2. By default, source user names and passwords are stored in the [install-dir]/conf/publish.password file. Open this file in a text editor and add source user name and password entries (one per line) to this file to enable individual RTSP sources. The following example shows how to add these entries:
    # Publish password file (format [username][space][password])
    # username password
    myPublisher myPassword

Configure per-application authentication using properties


The default setting in Wowza media server software uses the [install-dir]/conf/publish.password file for authenticating all source connections to all live applications on the server. If you're running Wowza Streaming Engine software, this file is written to by Wowza Streaming Engine Manager when you use the Server > Source Authentication page to add or edit source credentials. Wowza Media Server users must add or edit the source credentials to publish.password using a text editor.

To set up per-application source authentication, copy the [install-dir]/conf/publish.password file to a live application configuration folder ([install-dir]/conf/[live-application-name]) and then configure application properties so that source connections to that specific live application use the custom publish.password location. When you do this, the default [install-dir]/conf/publish.password file isn't used and you must manage the password file for the application using a text editor. This section describes the following custom properties that you can configure:

securityPublishPasswordFile property
rtmpEncoderAuthenticateFile property
rtspEncoderAuthenticateFile property
 
Note: In Wowza Streaming Engine software, only administrators with advanced permissions can configure properties in Wowza Streaming Engine Manager. For more information, see Manage credentials.

securityPublishPasswordFile property

Wowza Streaming Engine 

  1. In the Streaming Engine Manager contents panel, click the name of the live application that you want to configure.
     
  2. In the application details page, click the Properties tab.
     
  3. In the Quick Links bar, click Custom.
     
  4. In the Custom properties section, click Edit and then click the Add Custom Property button.
     
  5. In the Add Custom Property dialog box, specify the property settings shown in the following table, and then click Add.
    Path
    Name
    Type
    Value
    Root/Application securityPublishPasswordFile String ${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password
  6. Click Save, and then restart the application.
 
Notes:
  • The securityPublishPasswordFile property isn't supported in Wowza Media Server software. You must use the rtmpEncoderAuthenticateFile and rtspEncoderAuthenticateFile properties to authenticate sources using per-application publish.password files.
     
  • Wowza Streaming Engine 4.1 software will first check to see if the securityPublishPasswordFile property is set. If it's not set, it will then check to see if either (or both) of the rtmpEncoderAuthenticateFile or rtspEncoderAuthenticateFile properties are set.
     
  • If you're running Wowza Streaming Engine 4.0 software, the securityPublishPasswordFile property only supports authentication of RTMP-based sources using per-application publish.password files. To authenticate RTSP-based sources, you must configure the rtspEncoderAuthenticateFile property.

rtmpEncoderAuthenticateFile property

Wowza Streaming Engine

  1. In the Streaming Engine Manager contents panel, click the name of the live application that you want to configure.
     
  2. In the application details page, click the Properties tab.
     
  3. In the Quick Links bar, click Custom.
     
  4. In the Custom properties section, click Edit and then click the Add Custom Property button.
     
  5. In the Add Custom Property dialog box, specify the property settings shown in the following table, and then click Add.
    Path
    Name
    Type
    Value
    Root/Application rtmpEncoderAuthenticateFile String ${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password
  6. Click Save, and then restart the application.

Wowza Media Server 

  1. In a text editor, open the [install-dir]/conf/[application]/Application.xml file and add the rtspEncoderAuthenticateFile property to the <Properties> container at the bottom of the file (be sure to add the property to the correct <Properties> container - there are several in Application.xml)
    <Property>
    	<Name>rtmpEncoderAuthenticateFile</Name>
    	<Value>${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password</Value>
    </Property>
  2. Restart the server

rtspEncoderAuthenticateFile

Wowza Streaming Engine 

  1. In the Streaming Engine Manager contents panel, click the name of the live application that you want to configure.
     
  2. In the application details page, click the Properties tab.
     
  3. In the Quick Links bar, click Custom.
     
  4. In the Custom properties section, click Edit and then click the Add Custom Property button.
     
  5. In the Add Custom Property dialog box, specify the property settings shown in the following table, and then click Add.
    Path
    Name
    Type
    Value
    Root/Application rtspEncoderAuthenticateFile String ${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password
  6. Click Save, and then restart the application.

Wowza Media Server

  1. In a text editor, open the [install-dir]/conf/[application]/Application.xml file and add the rtmpEncoderAuthenticateFile property to the <Properties> container at the bottom of the file (be sure to add the property to the correct <Properties> container - there are several in Application.xml):
    <Property>
    	<Name>rtspEncoderAuthenticateFile</Name>
    	<Value>${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password</Value>
    </Property>
  2. Restart the server

More resources


How to configure security using Wowza Streaming Engine Manager
How to protect RTMP streaming using SecureToken (ModuleSecureToken)
How to integrate Wowza user authentication with external authentication systems
Originally Published: 11-08-2012.
Updated: For Wowza Streaming Engine 4.2 on 06-20-2015.
 

If you're having problems or want to discuss this article, post in our forum.