• How to enable username/password authentication for RTMP and RTSP publishing

    By default, Wowza Streaming Engine™ software authenticates RTMP and RTSP source (encoder) connections to applications. On the other hand, Wowza Media Server™ software doesn't authenticate connections from RTMP and RTSP sources by default. This article describes how to manage username/password authentication when publishing a stream from RTMP/RTSP-based encoders to Wowza™ server applications.

    Contents


    Configure authentication for RTMP sources
    Configure authentication for RTSP sources
    Configure per-application authentication using properties
    More resources

    Configure authentication for RTMP sources


    To enable username/password authentication to publish a stream via the RTMP protocol to the Wowza media server, do the following:

    Wowza Streaming Engine

    1. In the Server contents panel, click Source Authentication, and then click Add Source.



    2. Add Source User Name and Password information, and then click Add. The sourcename and password values are case-sensitive and can only contain alphanumeric, period (.), underscore (_), and hyphen (-) characters.



      By default, the source credentials are stored in [install-dir]/conf/publish.password.

    3. In the live application contents panel, click Source Security, and then click Edit.



    4. In the Source Security page, under RTMP Sources, select the Require password authentication option, and then click Save.


    Wowza Media Server (version 3.5 and later)

    1. Open [install-dir]/conf/[application]/Application.xml in a text editor and add the following <Module> definition as the last entry in the <Modules> list:
      <Module>
      	<Name>ModuleRTMPAuthenticate</Name>
      	<Description>ModuleRTMPAuthenticate</Description>
      	<Class>com.wowza.wms.security.ModuleRTMPAuthenticate</Class>
      </Module>
    2. By default, the ModuleRTMPAuthenticate module is configured to use source usernames and passwords that are stored in the [install-dir]/conf/publish.password file. Open this file in a text editor and add source username and password entries (one per line) to this file to enable individual RTMP sources. The following example shows how to add these entries:
      # Publish password file (format [username][space][password])
      # username password
      myPublisher myPassword

    Wowza Media Server (version 3.1.2 and earlier)

    1. Download and unzip the MediaSecurity Addon package, copy the wms-plugin-security.jar file from the package /lib folder to the Wowza Media Server /lib folder, and then restart the server.

    2. Open [install-dir]/conf/[application]/Application.xml in a text editor and add the following <Module> definition as the last entry in the <Modules> list:
      <Module>
           <Name>ModuleRTMPAuthenticate</Name>
           <Description>ModuleRTMPAuthenticate</Description>
           <Class>com.wowza.wms.plugin.security.ModuleRTMPAuthenticate</Class>
      </Module>
    3. By default, the ModuleRTMPAuthenticate module is configured to use source usernames and passwords that are stored in the [install-dir]/conf/publish.password file. Open this file in a text editor and add source username and password entries (one per line) to this file to enable individual RTMP sources. The following example shows how to add these entries:
      # Publish password file (format [username][space][password])
      # username password
      myPublisher myPassword

    Configure authentication for RTSP sources


    To enable username/password authentication to publish a stream via the RTSP protocol to the Wowza media server, do the following:

    Wowza Streaming Engine

    1. In the Server contents panel, click Source Authentication, and then click Add Source.



    2. Add Source User Name and Password information, and then click Add. The source name and password values are case-sensitive and can only contain alphanumeric, period (.), underscore (_), and hyphen (-) characters.



      By default, the source credentials are stored in [install-dir]/conf/publish.password.

    3. In the live application contents panel, click Source Security, and then click Edit.



    4. In the Source Security page, under RTSP Sources, select the Require password authentication option, and then click Save.


    Wowza Media Server

    1. In a text editor, open the [install-dir]/conf/[application]/Application.xml file and change the <RTP>/<Authentication>/<PublishMethod> to digest (this is the default value):
      <PublishMethod>digest</PublishMethod>
      Note: Some RTSP encoders don't support digest authentication. If your encoder doesn't support digest authentication, set the PublishMethod value to basic, which should be supported.
    2. By default, source user names and passwords are stored in the [install-dir]/conf/publish.password file. Open this file in a text editor and add source user name and password entries (one per line) to this file to enable individual RTSP sources. The following example shows how to add these entries:
      # Publish password file (format [username][space][password])
      # username password
      myPublisher myPassword

    Configure per-application authentication using properties


    The default setting in Wowza media server software uses the [install-dir]/conf/publish.password file for authenticating all source connections to all live applications on the server. If you're running Wowza Streaming Engine software, this file is written to by Wowza Streaming Engine Manager when you use the Server > Source Authentication page to add or edit source credentials. Wowza Media Server users must add or edit the source credentials to publish.password using a text editor.

    To set up per-application source authentication, copy the [install-dir]/conf/publish.password file to a live application configuration folder ([install-dir]/conf/[live-application-name]) and then configure application properties so that source connections to that specific live application use the custom publish.password location. When you do this, the default [install-dir]/conf/publish.password file isn't used and you must manage the password file for the application using a text editor. This section describes the following custom properties that you can configure:

    securityPublishPasswordFile property
    rtmpEncoderAuthenticateFile property
    rtspEncoderAuthenticateFile property

    Note: In Wowza Streaming Engine software, only administrators with advanced permissions can configure properties in Wowza Streaming Engine Manager. For more information, see Manage credentials.

    securityPublishPasswordFile property

    Wowza Streaming Engine


    1. In the Streaming Engine Manager contents panel, click the name of the live application that you want to configure.

    2. In the application details page, click the Properties tab.

    3. In the Quick Links bar, click Custom.

    4. In the Custom properties section, click Edit and then click the Add Custom Property button.

    5. In the Add Custom Property dialog box, specify the property settings shown in the following table, and then click Add.
      Path
      Name
      Type
      Value
      Root/Application securityPublishPasswordFile String ${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password

    6. Click Save, and then restart the application.

    Notes:
    • The securityPublishPasswordFile property isn't supported in Wowza Media Server software. You must use the rtmpEncoderAuthenticateFile and rtspEncoderAuthenticateFile properties to authenticate sources using per-application publish.password files.

    • Wowza Streaming Engine 4.1 software will first check to see if the securityPublishPasswordFile property is set. If it's not set, it will then check to see if either (or both) of the rtmpEncoderAuthenticateFile or rtspEncoderAuthenticateFile properties are set.

    • If you're running Wowza Streaming Engine 4.0 software, the securityPublishPasswordFile property only supports authentication of RTMP-based sources using per-application publish.password files. To authenticate RTSP-based sources, you must configure the rtspEncoderAuthenticateFile property.

    rtmpEncoderAuthenticateFile property

    Wowza Streaming Engine


    1. In the Streaming Engine Manager contents panel, click the name of the live application that you want to configure.

    2. In the application details page, click the Properties tab.

    3. In the Quick Links bar, click Custom.

    4. In the Custom properties section, click Edit and then click the Add Custom Property button.

    5. In the Add Custom Property dialog box, specify the property settings shown in the following table, and then click Add.
      Path
      Name
      Type
      Value
      Root/Application rtmpEncoderAuthenticateFile String ${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password

    6. Click Save, and then restart the application.

    Wowza Media Server


    1. In a text editor, open the [install-dir]/conf/[application]/Application.xml file and add the rtspEncoderAuthenticateFile property to the <Properties> container at the bottom of the file (be sure to add the property to the correct <Properties> container - there are several in Application.xml)
      <Property>
      	<Name>rtmpEncoderAuthenticateFile</Name>
      	<Value>${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password</Value>
      </Property>
    2. Restart the server

    rtspEncoderAuthenticateFile

    Wowza Streaming Engine


    1. In the Streaming Engine Manager contents panel, click the name of the live application that you want to configure.

    2. In the application details page, click the Properties tab.

    3. In the Quick Links bar, click Custom.

    4. In the Custom properties section, click Edit and then click the Add Custom Property button.

    5. In the Add Custom Property dialog box, specify the property settings shown in the following table, and then click Add.
      Path
      Name
      Type
      Value
      Root/Application rtspEncoderAuthenticateFile String ${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password

    6. Click Save, and then restart the application.

    Wowza Media Server


    1. In a text editor, open the [install-dir]/conf/[application]/Application.xml file and add the rtmpEncoderAuthenticateFile property to the <Properties> container at the bottom of the file (be sure to add the property to the correct <Properties> container - there are several in Application.xml):
      <Property>
      	<Name>rtspEncoderAuthenticateFile</Name>
      	<Value>${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password</Value>
      </Property>
    2. Restart the server

    More resources


    How to configure security using Wowza Streaming Engine Manager
    How to protect RTMP streaming using SecureToken (ModuleSecureToken)
    How to integrate Wowza user authentication with external authentication systems


    Originally Published: 11-08-2012.
    Updated: For Wowza Streaming Engine 4.2 on 06-20-2015.

    If you're having problems or want to discuss this article, post in our forum.