Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Custom RTMP authentication on a per stream basis

  1. #1

    Default Custom RTMP authentication on a per stream basis

    I read the documentation on RTMP authentication. It seems like you can only get this to work by supplying a password for a specific username.

    What I want to do:
    - Let users supply an username and password in FMLE for streaming
    - Only allow streaming to a specific stream name
    - Validate the supplied credentials against an external source (REST api)

    Is it possible to have access to the supplied username and password later on in the application? So that I can validate that a user is allowed to stream a specific stream name? Because then I could use a two-step authentication scheme:

    Step 1) Validate if credentials are valid
    Step 2) When user tries to stream validate if supplied credentials are valid for specified stream name.

    Is this possible or should I stick with my current URL Query parameters approach?

  2. #2
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    You can use WMSProperties in the onConnect handler to attach credentials to IClient object that you can look at later in publish (or play) override or IMediaStreamActionNotify3.onPublish() or .onPlay()

    client.getProperties().setProperty("username", "richard");
    		
    String username = client.getProperties().getPropertyStr("username");
    This article shows how to extend ModuleRTMPAuthenticate so you can validate against external database or other authentication services.


    Richard

  3. #3

    Default

    I read that article and know how to store variables on a client object. But I don't think that will solve my problem.

    But how do I get access to the username and password if it's supplied via RTMP authentication?

    Because as far as I can see you don't have access to the client object in the ModuleRTMPAuthenticate (at least not in the right methods)? And I don't know how to access this information in the onConnect method.

    I have this working already with URL parameters. I just want to know if I can access the supplied username and password somewhere else in the application when they are supplied via RTMP authentication and not via URL parameters.

  4. #4
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    But how do I get access to the username and password if it's supplied via RTMP authentication?
    The article I linked to above is what we have to do that.

    It doesn't actually return the password, just the username. You then look up that user in your database and return the password.

    Richard

  5. #5

    Default

    But how do I store the username in the client object if I don't have access to the client object in the getPassword method?

    And I still think it's a strange implementation. For this you need the passwords as plain-text, it's very bad practice to store passwords as plain text.

  6. #6
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    I'm not sure what you mean at this point. At top you had credentials in a querystring, which you can grab in onConnect and add to the client instance with WMSProperties, and look at anytime later.

    With AuthenticateUsernamePasswordProviderBase you can get the username supplied by the encoder and look up the password. In that case the username and password is sent to Wowza with digest authentication, not in the rtmp connection.

    Richard

  7. #7

    Default

    So there's is basically no way to do a more sophisticated integration with RTMP authentication because you can't access the supplied credentials later on? So you can't do a per publish stream authentication with RTMP, only with query params?

  8. #8
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    This is how to do it:

    public String getPassword(String username)
    	{
    		// return password for given username		
    		String pwd = null;
    
    		// lookup pwd in external authentication system
    		
    		IClient client = this.getClient();
    		
    		client.getProperties().setProperty("username", username);
    		client.getProperties().setProperty("pwd", pwd);
    	}
    Richard

  9. #9

    Default

    Thank you, that I can use.

    Is there no way to use RTMP authentication with encrypted passwords? In a lot of usecases the plain text password is not available.

  10. #10
    Join Date
    Dec 2007
    Posts
    21,962

    Default

    Not sure what you mean exactly, but RTMP Authentication uses digest, which is not clear text.

    Richard

Page 1 of 2 12 LastLast

Similar Threads

  1. Custom User Authentication Plugin
    By matador in forum Assistance with live events
    Replies: 3
    Last Post: 12-11-2013, 01:53 AM
  2. LiveStreamPacketizers on a per stream basis
    By nitinkaplan in forum Live Streaming and Encoder Discussion
    Replies: 5
    Last Post: 11-19-2013, 01:44 PM
  3. Unable to get authentication on RTMP stream
    By majidkhan in forum Server-side Modules and Code Samples Discussion
    Replies: 2
    Last Post: 11-11-2013, 10:10 PM
  4. RTMP authentication, RTSP authentication => problem
    By nvanhaute1 in forum Server Administration Discussion
    Replies: 4
    Last Post: 11-09-2011, 03:01 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •