Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Secure Token for Client not working on Wowza on EC2

  1. #1

    Default Secure Token for Client not working on Wowza on EC2

    I've been using Wowza on EC2 (devpay) successfully now for several weeks. My app is live streaming via RTMP. I'm using RTMP Auth to authenticate originating encoders which are FMLE or Wirecast. That all works fine. I wanted to add authentication to the Flash client player to help thwart leeches on the playback side. I followed the directions on using secure token with Wowza and JW player 5. I modified the JW 5 source to use the shared token per the instructions, and rebuilt player.swf using the flex tools. I also modified the Application.xml in my 'live' sub-dir of my Wowza conf directory. The stream URL in the invocation of the modified player.swf client was changed to be 'rtmpe://server_ip/live'.

    The client never plays the stream and I always get this in the log every time the player polls for the stream:

    ERROR session comment 2012-04-03 04:39:09 1927003086 173.65.230.15 - 3639 3543 1.411 - - - -- - - 1927003086 ModuleRTMPAuthenticate.checkSecureToken: Action before response received: kill connection: clientId:1927003086

    It seems the player.swf is not authenticating properly with the wowza server. However, I know the changes to RTMPMediaProvider.as and the re-compile of player.swf were done correctly per the instructions. My Application.xml in my 'conf/live' folder on the server has this in it...


    .
    .
    .
    <Module>
    <Name>flvplayback</Name>
    <Description>FLVPlayback</Description>
    <Class>com.wowza.wms.module.ModuleFLVPlayback</Class>
    </Module>
    <Module>
    <Name>ModuleLiveStreamRecord</Name>
    <Description>ModuleLiveStreamRecord</Description>
    <Class>com.wowza.wms.plugin.livestreamrecord.ModuleLiveStreamRecord</Class>
    </Module>
    <Module>
    <Name>ModuleRTMPAuthenticate</Name>
    <Description>ModuleRTMPAuthenticate</Description>
    <Class>com.wowza.wms.plugin.security.ModuleRTMPAuthenticate</Class>
    </Module>
    </Modules>
    <Properties>
    <Property>
    <Name>domainLock</Name>
    <Value>localhost,livenewsvideonetwork.com,*livenewsvideonetwork.com</Value>
    </Property>
    <Property>
    <Name>AllowEncoder</Name>
    <Value>FM,Wirecast</Value> <!--FM, Wirecast-->
    </Property>
    <Property>
    <Name>requireSecureConnection</Name>
    <Value>true</Value>
    <Type>Boolean</Type>
    </Property>
    <Property>
    <Name>secureTokenSharedSecret</Name>
    <Value>123456789</Value>
    </Property>
    </Properties>
    </Application>
    </Root>

    I've stop and restarted Wowza after modifying Application.xml to be sure it's been reloaded. I also know I'm loading the right modified player.swf in my client browser. Still I can't get this to work and get that above error in the log.

    Any ideas to help my debug? Is it possible the instructions for secure token are not 100% correct for live streams on Wowza-EC2 or the latest JW player source?

    Thanks for your help.

    Brian

  2. #2
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    The log message shows that SecureToken is working in Wowza, but that the token does not match.

    Richard

  3. #3

    Default

    Quote Originally Posted by rrlanham View Post
    The log message shows that SecureToken is working in Wowza, but that the token does not match.

    Richard

    It *should* match because the same exact token is in "RTMPMediaProvider.as" at line 556 of 758 before I recompile player.swf. This is what has me stumped and looking for other possible explanations for it not working.

    .
    .
    .
    /** Receive NetStream status updates. **/
    private function statusHandler(evt:NetStatusEvent):void {
    _responded = true;
    switch (evt.info.code) {
    case 'NetConnection.Connect.Success':
    if (evt.info.secureToken != undefined) {
    _connection.call("secureTokenResponse", null,
    TEA.decrypt(evt.info.secureToken,'12345678')); <<<<<<<<<< token matches that in Application.xml
    }
    if (evt.info.data) {
    checkDynamic(evt.info.data.version);
    }
    if(getConfigProperty('dvr')) {
    _connection.call("DVRSubscribe", null, getID(item.file));
    setTimeout(doDVRInfo,2000,getID(item.file));
    } else if (getConfigProperty('subscribe')) {
    _subscribeInterval = setInterval(doSubscribe, 2000);
    } else {
    if (item.levels.length > 0) {
    if (_dynamic || _bandwidthChecked) {
    setStream();
    } else {

  4. #4
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    In your examples the two tokens are different. Keep looking at the Flash side, the Wowza side is working.

    Richard

  5. #5

    Default

    Quote Originally Posted by rrlanham View Post
    In your examples the two tokens are different. Keep looking at the Flash side, the Wowza side is working.

    Richard

    Well, that brain fart typo of mine was from staying up way too late working on this last night. Still, when I fix it to 'really' match. I get the same error in the wowza error log (same as I saw last night with various attempts at using different tokens.)

    1) Change conf/live/Application.xml for *correct* token.

    .
    .
    <Property>
    <Name>requireSecureConnection</Name>
    <Value>true</Value>
    <Type>Boolean</Type>
    </Property>
    <Property>
    <Name>secureTokenSharedSecret</Name>
    <Value>12345678</Value> <<<<<<<<< removed the '9' at the end now
    </Property>
    .
    .

    2) service WowzaMediaServer stop
    3) service WowzaMediaServer start

    4) Start FMLE encoder live stream. Ok.
    5) Start JW player with the matching secure token compiled in.

    6) Tail the log...

    tail -F -s 3 wowzamediaserver_error.log

    keeps giving me this when the player tries to connect...


    ERROR session comment 2012-04-03 13:20:03 1709015410 173.65.230.15 - 3640 3543 1.645 - - - -- - - 1709015410 ModuleRTMPAuthenticate.checkSecureToken: Action before response received: kill connection: clientId:1709015410


    Now, the URL I'm using in the client is of this form:
    rtmpe://<wowza_ec2_ip>/live

    Does rtmpe need to be caps (RTMPE?) or shouldn't that matter?

    If you can agree that my conf/live/Application.xml setup is completely correct for what I'm trying to do, then I will start looking for support from longtail for JW 5.x. I noticed their instructions say the change for the token in RTMPMediaProvider.as is around line 182. That is off by a few hundred lines in the latest JW player 5.x, but the code looks the same. My there is something obsolete in this instructions for the new player code. I need this feature to work, so I need to get to the bottom of it.

    Thanks for your excellent help.

    -Brian

  6. #6
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    Brian,

    Take a look at this guide also:
    http://www.wowza.com/forums/content....to-JW-Player-5

    It's a more generic, no line numbers. You need to find the right line.

    Richard

  7. #7

    Default

    Those are the exact instructions I used from Wowza. JW give their version too on their site. Everything looks fine there. There something more to this. I believe there is an authentication bug here. I need to bypass secure token to make this work temporarily until I can root cause it. If I change conf/live/Application.xml to not require RTMPE, and change the client URL to use rtmp and not rtmpe, it still aborts with that same error in the log.

    So on server side, I changed this....

    <Property>
    <Name>requireSecureConnection</Name>
    <Value>true</Value>
    <Type>Boolean</Type>
    </Property>
    <Property>

    to this....

    <Property>
    <Name>requireSecureConnection</Name>
    <Value>false</Value> <<<<< make false
    <Type>Boolean</Type>
    </Property>
    <Property>

    Then on client side, the url was changed to use rtmp and not rtmpe:
    rtmp://<wowza_ec2_ip>/live

    Restart server and refresh browser with client reference. Getting these error log messages w/o any playback...

    ERROR session comment 2012-04-03 14:08:16 308512701 173.65.230.15 - 3639 3543 0.907 - - - -- - - 308512701 ModuleRTMPAuthenticate.checkSecureToken: Action before response received: kill connection: clientId:308512701


    Seem like with requireSecureConnection being *false* and the client URL having rtmp and not rtmpe, this would work now using straight rtmp and ignore the requirement to verify the token, but it doesnt.

    -Brian

  8. #8
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    You can show the bit of Actionscript you changed from and to. Are you compiling with Flash Builder? There is probably not a bug on the Wowza side of this, we haven't heard any other reports.

    Richard
    Last edited by rrlanham; 04-03-2012 at 07:35 AM.

  9. #9

    Default

    "src/com/longtailvideo/jwplayer/media/RTMPMediaProvider.as" line 556 of 758

    /** Receive NetStream status updates. **/
    private function statusHandler(evt:NetStatusEvent):void {
    _responded = true;
    switch (evt.info.code) {
    case 'NetConnection.Connect.Success':
    if (evt.info.secureToken != undefined) {
    _connection.call("secureTokenResponse", null,
    TEA.decrypt(evt.info.secureToken,'12345678')); <<<< '12345678' was config.token prior to my change
    }

    That is all I changed. I'm using ant and Flex SDK on linux to build. It all seems to be building fine and the player.swf is generated fresh each time I complile. I'm following the instructions to compile from the link shown in the first post here:

    http://www.longtailvideo.com/support...a-secure-token

    Thanks,
    Brian

  10. #10

    Default

    Note that even if I use the official released player.swf, and try and pull in this token using the config.token reference from the player invocation in the web page, i get the same failing type of result. I know having the token in the html isn't very secure, but it was only for a test to figure this out. This method should work per the original RTMPMediaProvider.as source code prior to my change. However, it doesn't.

Page 1 of 2 12 LastLast

Similar Threads

  1. Secure Token for playback Secure URL params for publishing.
    By Pandepoulus in forum AddOn: Other AddOns
    Replies: 6
    Last Post: 06-18-2012, 04:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •