We are working on a project with an authentication requirement for streaming content from our Wowza server, and the preference would be for users to authenticate via the player itself, rather than authenticating access to the web page where the player is displayed.
My co-workers and I have pieced together a number of posts that demonstrate that we could roll a custom authentication backend plugin for Wowza that would use LDAP as the auth store, and there is some (though less) discussion of modifying player code to challenge the user for credentials and pass them to the server, but not to combine those two things in such a way that the username and password are protected in transit, rather than being passed in clear text as part of the query string.
This post comes pretty close to answering my questions, but is from a year ago, so thought it was worth re-asking the question, esp. since management would like to see a definitive explanation if this is not technically possible:
However, I'm interested to know if there is any way of securing the connection string itself. In the longer term we want to provide authentication for tens of thousands of users against an existing identity service, and as such we can't really get away with sending their credentials in clear-text in the RTMP request- the security guys would flay me! Do you know if there are established methods for sending the authentication request over an encrypted connection, perhaps tunneling it over https or something?Thanks in advance for any assistance that can be provided.I don't think you can hide or encrypt the connection string