MediaSecurity AddOn Package (SecureToken, RTMP & RTSP Authentication and more)

That is the player, and that’s all successful. Good so far.

Check the Wowza access log, not the error log, for what is happening on the Wowza side.

Richard

You’ll have to zip up and send: /conf and /log folders to: support@wowza.com, with reference to this post.

And a link to the player if possible.

Richard

Do you want to use SecureToken only?

Remove this from Application.xml

<Module> 
	<Name>ModuleRTMPAuthenticate</Name> 
	<Description>ModuleRTMPAuthenticate</Description> 
	<Class>com.wowza.wms.plugin.security.ModuleRTMPAuthenticate</Class> 
</Module> 

Use this instead:

<Module>
	<Name>ModuleSecureToken</Name>
	<Description>ModuleSecureToken</Description>
	<Class>com.wowza.wms.plugin.security.ModuleSecureToken</Class>
</Module>

Richard

I don’t quite understand. Are you using RTMPE in the FMS url? I don’t think that will work.

Richard

I see. Re-download the package, because it was updated just yesterday for this exact case.

One note: RTMPE just works, this package does not enable it.

Richard

FMLE doesn’t do SecureToken. But if you reverse what you did here, put the ModuleRTMPAuthenticate module back, and take out ModuleSecureToken, but leave the SecureToken Property, then you can use Username/Password in FMLE. Add the username/password to /conf/publish.password.

Sorry to go back and forth, but that’s the way you should do it. ModuleRTMPAuthenticate includes SecureToken.

Richard

Derrick,

Yes, that’s right.

Richard

It should be possible, but we don’t have an example. But there is an example of doing SecureToken with the Flash CS flvplayback component which might be helpful. Download the Security package:

http://community.wowza.com/t/-/45

And take a look at the /client/flvplaybacksecure.fla and this file:

/com/wowza/WowzaNCManagerAS3.as

You should be able to accomplish something similar with Flex VideoDisplay component.

Richard

This is the SWFLoader:

https://www.wowza.com/forums/showthread.php?t=7064

Also there is HotlinkDenial package:

https://www.wowza.com/forums/showthread.php?t=5239

Richard

For JW Player 5:

https://www.wowza.com/forums/showthread.php?t=7615

For JW player 4:

https://www.wowza.com/forums/showthread.php?t=7614

Richard

There should be a an Digital Rapid update that fixes this problem.

http://community.wowza.com/t/-/34105&page=2

http://community.wowza.com/t/-/34105&page=3

Richard

I guess I don’t really understand. But with Wowza 2 you can use ModuleRTMPAuthenticate, and that includes SecureToken, which is enable by adding the secureTokenSharedSecret Property. This way the Flash client has to have the matching token to connect, and the publisher has to supply username and password to match a set of credentials in /conf/publish.password.

Or, I think you can still use SecureURLParams with Wowza 2 if the encoder does not support username and password.

But I think there were some problems address in recent version of Digital Rapids, and if you have to downgrade for other reasons, I’m not sure what to do.

Richard

It works both ways if you add ModuleSecureURLParams to the Modules list and the secureTokenSharedSecret property to the Properties list.

Do not add the ModuleSecureToken to the Modules list because it is included in ModuleSecureURLParams, and is enabled by adding the property. Like this:

<Modules>
...
<Module>
<Name>ModuleSecureURLParams</Name>
<Description>ModuleSecureURLParams</Description>
<Class>com.wowza.wms.plugin.security.ModuleSecureURLParams</Class>
</Module>
</Modules>

Then in the Properties section:

<Properties>
<Property>
<Name>secureTokenSharedSecret</Name>
<Value>#ed%h0#w@1</Value>
</Property>
</Properties>

Richard

There is nothing built-in like that, but here are two posts on doing customized authentication that might help:

https://www.wowza.com/forums/showpost.php?p=33210&postcount=15

https://www.wowza.com/forums/showthread.php?t=7812

Richard

What version of Wowza are you using?

Richard

You should be using ModuleRTMPAuthenicate not ModuleSecureURLParams. Download this package and read the guide:

https://www.wowza.com/downloads/forums/mediasecurity/MediaSecurity_2.0.zip

Richard

SecureToken is used in a Flash app, not FMLE

You can use ModuleSecureURLParams if you want. In that case, download the 1.7 package and follow the guide included with it. You will be adding properties to support the doPublish value.

https://www.wowza.com/downloads/forums/mediasecurity/MediaSecurity.zip

It should work on Wowza 2 following that guide, even with the Wowza 2 security jar.

Richard

Read thru the guide again. You want to use SecureToken I think. That module just requires that you connect with secure connection protocol: rtmpe or rtmps.

Richard

It should work, if you have the MediaSecurity jar in /lib folder and SecureURLParams configured for that application.

But take out the dot, it’s just “doPublish”

rtmp://wowzaip/application/stream?doPublish=blabla

Richard

Take out doConnect Property:

<Module>
<Name>ModuleSecureURLParams</Name>
<Description>ModuleSecureURLParams</Description>
<Class>com.wowza.wms.plugin.security.ModuleSecureURLParams</Class>
</Module>
...
...
<Property>
<Name>secureurlparams.publish</Name>
Value>54321.doPublish</Value>
</Property>

Then this will work:

ffmpeg -i /dev/video0 [non-important params] rtmp://wowzaip:1935/auth/first?doPublish=54321

This way, other publishers will be able to connect, but will not be able to publish without the doPublish querystring key.

However, this should work with both properties in place:

ffmpeg -i /dev/video0 [non-important params] rtmp://wowzaip:1935/auth/first?doPublish=54321&doConnect=12345

You do have two typos in what you posted, missing left angle brackets.

secureurlparams.connect

12345.doConnect

secureurlparams.publish

Value>54321.doPublish

Richard