Wowza Community

No FMLE login popup with RTMP authentication

Wowza 3.1.2

MediaSecurity_2.0

Adobe FMLE 3.2

Debian 64bit

The .jar files from MediaSecurity have been copied into [install]/lib, and the authentication module (below) was added to [install]/conf/live/Application.xml, as described in the included PDF. Streams/StreamType is set to live, and the RTP/Authentication/PublishMethod is set to digest. A username and password have been placed in [install]/conf/publish.password.

<Module>
  <Name>ModuleRTMPAuthenticate</Name>
  <Description>ModuleRTMPAuthenticate</Description>
  <Class>com.wowza.wms.plugin.security.ModuleRTMPAuthenticate</Class>
</Module>

Live streaming works without the RTMP authentication module. I can connect from FMLE and start the stream. The stream can be viewed by clients. If all I do is add the module above, restart Wowza and click the connect button in FMLE, the cursor sits and spins for quite a while until it times out. Sniffing the network, I see the connect request go to the server, and the server responds with

0x0070:  00b3 1400 0000 0002 0006 5f65 7272 6f72  .........._error
0x0080:  003f f000 0000 0000 0005 0300 056c 6576  .?...........lev
0x0090:  656c 0200 0565 7272 6f72 0004 636f 6465  el...error..code
0x00a0:  0200 1e4e 6574 436f 6e6e 6563 7469 6f6e  ...NetConnection
0x00b0:  2e43 6f6e 6e65 6374 2e52 656a 6563 7465  .Connect.Rejecte
0x00c0:  6400 0b64 6573 6372 6970 7469 6f6e 0200  d..description..
0x00d0:  435b 2041 6363 6573 734d 616e 6167 6572  C[.AccessManager
0x00e0:  2e52 656a 6563 7420 5d20 3a20 5b20 636f  .Reject.].:.[.co
0x00f0:  6465 3d34 3033 206e 6565 6420 6175 7468  de=403.need.auth
0x0100:  3b20 6175 7468 6d6f 643d 6164 6f62 6520  ;.authmod=adobe.
0x0110:  5d20 3a20 0008 636c 6965 6e74 6964 0041  ].:...clientid.A
0x0120:  d0a0 55c4 0000 0000 0009 0300 0000 0000  ..U.............
0x0130:  1214 0000 0000 0200 0563 6c6f 7365 0000  .........close..
0x0140:  0000 0000 0000 0005                      ........

There is no other contact. FMLE does not popup the login dialog box. It sits there until it times out. I’ve dug through the documentation, looked through the forums and read through the comments for “How to get MediaSecurity AddOn”. I think I’m doing everything that should be done, but I must be missing something. Pointers to other documentation and other suggestions appreciated. Thanks!

Do you have an open ticket? If not, zip up and send conf and logs to support@wowza.com

Include a link to this thread for reference

Richard

Thanks for reporting your solution, and your problems with the docs. I will try to go through them and see if there is anything I can suggest to the Wowza doc people for clarification. If you have any specific suggestions, please do send them, since it difficult for experienced users to notice omissions and the like which may be more apparent to new users. So, please know your comments are appreciated and needed.

To clarify your statements: You can use RTMP with FMLE without using a secure connection. RTMP is the non-encrypted flash streaming protocol. RTMPE is the encrypted streaming protocol, which is used to prevent copyright infringement. You can use RTMPE or RTMP automatically simply by using either RTMP or RTMPE in your publish URL or your playback URL. SecureToken is used to prevent unauthorized playback by allowing or denying the connection.

You should be able to get RTMP Authentication working in just a couple minutes, after you have read the entire MediaSecurity User’s Guide included in the download here.

Just now I followed the steps in the “Installation” section, and steps 1, 2, 3, and 6 in the “ModuleRTMPAuthentication” section. Started Wowza, published to the application I configured, and saw the FMLE authentication popup. It should be easy, not difficult. If it’s not easy, please let us where you saw difficulty so it can be fixed.

If you have any questions, feel free to ask.

I responded to this in ticket #36917.

Tim

I’m afraid that I will need more information about how to access the ticket. A message from tickets@wowza.com sent through zendesk.com was rejected by our email server, because the SPF information for wowza.com violates the specification for SPF (too many DNS lookups). If you are interested, you may check the SPF entry at www.kitterman.com/validate.html. This is the result from our check locally.

Email address? tickets@wowza.com

IP address? 184.106.12.190

result code permerror

result local wowza.comoutlook.com: Maximum DNS-interactive terms limit (10) exceeded

I have accessed the ticket. No further details are needed.

We could not get RTMP authentication to work with the comments from support. It is not clear and was not explained by support if a secure connection is required to use RTMP with FMLE. We do not need and are not interested in playing a protected stream at this time. We are only looking for authentication for the publisher.

We tested other available methods. OnConnect2 works for authentication, but it requires the player to authenticate, as well, despite the comment to the contrary at https://www.wowza.com/docs/how-to-do-file-based-rtmp-authentication-with-url-query-strings-onconnectauthenticate2, claiming that authentication is not needed to play a stream.

moduleSecureURLParams (https://www.wowza.com/docs/how-to-secure-publishing-from-an-rtmp-encoder-that-does-not-support-authentication-modulesecureurlparams) provides a workable solution for us. The publisher is required to provide credentials, and the player can play an unsecure stream. The operator doesn’t have to login or relogin after a disconnect/connect, and there are no messy usernames and passwords to distribute to the various (non-technical) people who might man the encoder. We just configure the encoder with the necessary settings, and every time after that, the operator simply starts it and stops it. Nice and simple.