Results 1 to 5 of 5

Thread: LDAP authentication with player integration AND secure creds

  1. #1

    Default LDAP authentication with player integration AND secure creds

    We are working on a project with an authentication requirement for streaming content from our Wowza server, and the preference would be for users to authenticate via the player itself, rather than authenticating access to the web page where the player is displayed.

    My co-workers and I have pieced together a number of posts that demonstrate that we could roll a custom authentication backend plugin for Wowza that would use LDAP as the auth store, and there is some (though less) discussion of modifying player code to challenge the user for credentials and pass them to the server, but not to combine those two things in such a way that the username and password are protected in transit, rather than being passed in clear text as part of the query string.

    This post comes pretty close to answering my questions, but is from a year ago, so thought it was worth re-asking the question, esp. since management would like to see a definitive explanation if this is not technically possible:

    http://www.wowza.com/forums/showthre...client-support

    However, I'm interested to know if there is any way of securing the connection string itself. In the longer term we want to provide authentication for tens of thousands of users against an existing identity service, and as such we can't really get away with sending their credentials in clear-text in the RTMP request- the security guys would flay me! Do you know if there are established methods for sending the authentication request over an encrypted connection, perhaps tunneling it over https or something?
    I don't think you can hide or encrypt the connection string
    Thanks in advance for any assistance that can be provided.

    -Paul

  2. #2
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    Welcome Paul,

    You might encrypt and decrypt using your own scheme as Johansensen suggested. Or maybe use a HTTPS container for the player, I think that should hide credentials.

    Richard

  3. #3

    Default

    Thanks for the reply Richard.

    Can you elaborate at all on what you mean by using an https container for the player?

    Thanks,
    Paul

  4. #4
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    On 2nd thought, I don't think serving the player in https page (container) will have any affect on what happens between the player and Wowza.

    Richard

  5. #5

    Default

    Yeah, I was wondering if that's what you meant, and I think you are correct.

    Thanks again for your assistance.

    -Paul

Similar Threads

  1. Secured RTMP authentication integration
    By tan-tan in forum Live Streaming and Encoder Discussion
    Replies: 1
    Last Post: 09-09-2013, 03:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •