Enable username/password authentication for RTMP/RTSP publishing to Wowza Streaming Engine

By default, Wowza Streaming Engine™ media server software authenticates RTMP and RTSP source (encoder) connections to applications. This article describes how to manage username/password authentication when publishing a stream from RTMP/RTSP-based encoders to Wowza Streaming Engine applications.

Configure source authentication for the server


  1. In Wowza Streaming Engine Manager, click Server in the menu bar and then click Source Authentication in the contents panel.


     
  2. Click Add Source.
  3. Add Source User Name and Password information. The source user name and password values are case-sensitive and can only contain alphanumeric, period (.), underscore (_), and hyphen (-) characters.

  4. Click Add.

    A source account is used to authenticate connections from sources to live applications in Wowza Streaming Engine. You can create and store multiple source accounts for a Wowza Streaming Engine instance. By default, the source credentials are stored in [install-dir]/conf/publish.password.

  5. In your application's contents panel, click Source Security, and then click Edit.


     

  1. Under your source type, select Require password authentication.

  2. (Optional) Under Client Restrictions, select one of the options to control which IP addresses encoders can connect from. Restricting source publishing to specific IP addresses or blocking source publishing from specific IP address is recommended for security purposes.
  3. Click Save and then restart the application.

For more information about Source Security options, see Secure incoming sources.

Configure source authentication per application


By default, Wowza Streaming Engine uses the [install-dir]/conf/publish.password file for authenticating all source connections to all live applications on the server. This file is written to by Wowza Streaming Engine Manager when you use the Server > Source Authentication page to add or edit source credentials.

To set up per-application source authentication, copy the [install-dir]/conf/publish.password file to a live application configuration folder ([install-dir]/conf/[application-name]) and then configure application properties so that source connections to that specific live application use the custom publish.password location. When you do this, the default [install-dir]/conf/publish.password file isn't used and you must manage the password file for the application using a text editor. This section describes the following custom properties that you can configure:

securityPublishPasswordFile property
rtmpEncoderAuthenticateFile property
rtspEncoderAuthenticateFile property

Note: Only administrators with advanced permissions can configure properties in Wowza Streaming Engine Manager. For more information, see Manage credentials.

securityPublishPasswordFile property

  1. In the Wowza Streaming Engine Manager Applications contents panel, click the live application that you want to configure.
     
  2. In the application details page, click the Properties tab.
     
  3. In the Quick Links bar, click Custom.
     
  4. In the Custom properties section, click Edit and then click the Add Custom Property button.
     
  5. In the Add Custom Property dialog box, specify the property settings shown in the following table, and then click Add.
    Path
    Name
    Type
    Value
    Root/Application securityPublishPasswordFile String ${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password
  6. Click Save, and then restart the application.
 
Notes:
  • Wowza Streaming Engine 4.1 software first checks to see if the securityPublishPasswordFile property is set. If it's not set, it will then check to see if either (or both) of the rtmpEncoderAuthenticateFile or rtspEncoderAuthenticateFile properties are set.
     
  • If you're running Wowza Streaming Engine 4.0 software, the securityPublishPasswordFile property only supports authentication of RTMP-based sources using per-application publish.password files. To authenticate RTSP-based sources, you must configure the rtspEncoderAuthenticateFile property.

rtmpEncoderAuthenticateFile property

  1. In the Wowza Streaming Engine Manager Applications contents panel, click the live application that you want to configure.
     
  2. In the application details page, click the Properties tab.
     
  3. In the Quick Links bar, click Custom.
     
  4. In the Custom properties section, click Edit and then click the Add Custom Property button.
     
  5. In the Add Custom Property dialog box, specify the property settings shown in the following table, and then click Add.
    Path
    Name
    Type
    Value
    Root/Application rtmpEncoderAuthenticateFile String ${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password
  6. Click Save, and then restart the application.

rtspEncoderAuthenticateFile

  1. In the Wowza Streaming Engine Manager Applications contents panel, click the live application that you want to configure.
     
  2. In the application details page, click the Properties tab.
     
  3. In the Quick Links bar, click Custom.
     
  4. In the Custom properties section, click Edit and then click the Add Custom Property button.
     
  5. In the Add Custom Property dialog box, specify the property settings shown in the following table, and then click Add.
    Path
    Name
    Type
    Value
    Root/Application rtspEncoderAuthenticateFile String ${com.wowza.wms.context.VHostConfigHome}/conf/${com.wowza.wms.context.Application}/publish.password
  6. Click Save, and then restart the application.

More resources