Use Cloudron Logins for host protected settings
-
I did the same but ticked
Allow all users from this Cloudron
Thing is @jdaviescoates by default anyone can create/join a room. But I want to restrict room creation to logged in users and anyone can join with the link.
And when activating those parameters is when problems arise.@cvachery said in Use Cloudron Logins for host protected settings:
Thing is @jdaviescoates by default anyone can create/join a room. But I want to restrict room creation to logged in users and anyone can join with the link.
Ah, right. That ought to be default when choosing Cloudron user management, but I guess it isn't.
-
@avatar1024 said in Use Cloudron Logins for host protected settings:
Otherwise, while guest cannot enter the app base domain without a login, they can still create rooms freely by creating a url: mirotalkappprefix.mydomain.com/join/roomname
@MiroTalk is that behaviour intended?
Not a behaviour intended! I'm considering a refinement where guests are only allowed to join specified rooms that have already been created by authenticated users. This approach might offer better control and security. Will be released in the next version.
Thanks to @MiroTalk in the latest version it works and the config is nearly perfect
Only issue is still one identified erlier that anonymous users can create room if they go to the specific URL@MiroTalk said in Use Cloudron Logins for host protected settings:
@avatar1024 said in Use Cloudron Logins for host protected settings:
Otherwise, while guest cannot enter the app base domain without a login, they can still create rooms freely by creating a url: mirotalkappprefix.mydomain.com/join/roomname
@MiroTalk is that behaviour intended?
Not a behaviour intended! I'm considering a refinement where guests are only allowed to join specified rooms that have already been created by authenticated users. This approach might offer better control and security. Will be released in the next version.
-
Thanks to @MiroTalk in the latest version it works and the config is nearly perfect
Only issue is still one identified erlier that anonymous users can create room if they go to the specific URL@MiroTalk said in Use Cloudron Logins for host protected settings:
@avatar1024 said in Use Cloudron Logins for host protected settings:
Otherwise, while guest cannot enter the app base domain without a login, they can still create rooms freely by creating a url: mirotalkappprefix.mydomain.com/join/roomname
@MiroTalk is that behaviour intended?
Not a behaviour intended! I'm considering a refinement where guests are only allowed to join specified rooms that have already been created by authenticated users. This approach might offer better control and security. Will be released in the next version.
@cvachery said in Use Cloudron Logins for host protected settings:
Thanks to @MiroTalk in the latest version it works and the config is nearly perfect
Only issue is still one identified erlier that anonymous users can create room if they go to the specificShould be fixed in both
MiroTalk P2P v.1.3.79&MiroTalk SFU v.1.5.80. Cheers. -
@cvachery said in Use Cloudron Logins for host protected settings:
Thanks to @MiroTalk in the latest version it works and the config is nearly perfect
Only issue is still one identified erlier that anonymous users can create room if they go to the specificShould be fixed in both
MiroTalk P2P v.1.3.79&MiroTalk SFU v.1.5.80. Cheers.@MiroTalk said in Use Cloudron Logins for host protected settings:
@cvachery said in Use Cloudron Logins for host protected settings:
Thanks to @MiroTalk in the latest version it works and the config is nearly perfect
Only issue is still one identified erlier that anonymous users can create room if they go to the specificShould be fixed in both
MiroTalk P2P v.1.3.79&MiroTalk SFU v.1.5.80. Cheers.Yeah I am still having issue with this / cannot figure out the correct settings to prevent anonymous user room creation.
Basically, I am trying to limit room creation to registered Cloudron User, but still keep the possibility for anonymous users to join a room once created.
At the moment, my MiroTalk SFU app has its cloudron setting access control set to "Only allow the following users and groups".
I do have a custom config.js with the following:
host: { /* Host Protection (default: false) To enhance host security, enable host protection - user auth and provide valid usernames and passwords in the users array. */ protected: true, user_auth: false, users: [ /* { username: 'username', password: 'password', }, { username: 'username2', password: 'password2', }, ... */ ] },Yet room creation is still allowed for anonymous users.
I could set
user_authtotrueand provider "provide valid usernames and passwords in the users array." as mentioned in the config.js comment, but my understanding is that this will void/conflict with the cloudron OIDC integration.Of course, I am likely missing something so I am wondering if anyone got this working properly and if/when so, what are the proper settings for preventing room creation by anonymous users.
Many thanks,
-
@MiroTalk said in Use Cloudron Logins for host protected settings:
@cvachery said in Use Cloudron Logins for host protected settings:
Thanks to @MiroTalk in the latest version it works and the config is nearly perfect
Only issue is still one identified erlier that anonymous users can create room if they go to the specificShould be fixed in both
MiroTalk P2P v.1.3.79&MiroTalk SFU v.1.5.80. Cheers.Yeah I am still having issue with this / cannot figure out the correct settings to prevent anonymous user room creation.
Basically, I am trying to limit room creation to registered Cloudron User, but still keep the possibility for anonymous users to join a room once created.
At the moment, my MiroTalk SFU app has its cloudron setting access control set to "Only allow the following users and groups".
I do have a custom config.js with the following:
host: { /* Host Protection (default: false) To enhance host security, enable host protection - user auth and provide valid usernames and passwords in the users array. */ protected: true, user_auth: false, users: [ /* { username: 'username', password: 'password', }, { username: 'username2', password: 'password2', }, ... */ ] },Yet room creation is still allowed for anonymous users.
I could set
user_authtotrueand provider "provide valid usernames and passwords in the users array." as mentioned in the config.js comment, but my understanding is that this will void/conflict with the cloudron OIDC integration.Of course, I am likely missing something so I am wondering if anyone got this working properly and if/when so, what are the proper settings for preventing room creation by anonymous users.
Many thanks,
-
@Neiluj I just tried this here also with MiroTalk SFU and without changing the app configs manually, just install the app with Cloudron usermanagement enabled and then only authenticated users can create meetings, while everyone can join them with the share link.
-
@Neiluj I just tried this here also with MiroTalk SFU and without changing the app configs manually, just install the app with Cloudron usermanagement enabled and then only authenticated users can create meetings, while everyone can join them with the share link.
@nebulon said in Use Cloudron Logins for host protected settings:
@Neiluj I just tried this here also with MiroTalk SFU and without changing the app configs manually, just install the app with Cloudron usermanagement enabled and then only authenticated users can create meetings, while everyone can join them with the share link.
cant login when i follow your direction
-
I think a direct link is like a public link share unless the room is protected, so that might be expected on how the app is currently written
@nebulon said in Use Cloudron Logins for host protected settings:
I think a direct link is like a public link share unless the room is protected, so that might be expected on how the app is currently written
even if i enable protection still cant use couldron account
-
@nebulon said in Use Cloudron Logins for host protected settings:
I think a direct link is like a public link share unless the room is protected, so that might be expected on how the app is currently written
even if i enable protection still cant use couldron account
@mdc773 I think perhaps you're missing something here.
If you're already logged into your Cloudron dashboard in the same browser you visit your MiroTalk app URL, it doesn't prompt for auth - it just magically checks if you're logged in and if you are just automatically logs you in.
But if you visit the same URL in a private tab you should indeed get prompted to login to Cloudron.
At least that's what happens for me.
I am logged into my Cloudron dashboard, so when I visit my MiroTalk URL I arrive here:
But if I visit the same URL in a private tab I get this:
I also just double checked and if you try to visit a join URL of a meeting after the logged in person has left the meeting, it no longer works and you are presented with the login screen again.
-
@mdc773 I think perhaps you're missing something here.
If you're already logged into your Cloudron dashboard in the same browser you visit your MiroTalk app URL, it doesn't prompt for auth - it just magically checks if you're logged in and if you are just automatically logs you in.
But if you visit the same URL in a private tab you should indeed get prompted to login to Cloudron.
At least that's what happens for me.
I am logged into my Cloudron dashboard, so when I visit my MiroTalk URL I arrive here:
But if I visit the same URL in a private tab I get this:
I also just double checked and if you try to visit a join URL of a meeting after the logged in person has left the meeting, it no longer works and you are presented with the login screen again.
@jdaviescoates awesome i was wondering how i did not think of this
silly me
-
N nebulon has marked this topic as solved on
-
Hi there,
re: Mirotalk SFU 1.9.77
I'm trying to configure Mirotalk SFU to only allow logged in Cloudron users to join a room.
If I'm reading this thread correctly, I don't need to include any OIDC settings in the env file anymore - so this is what my env file looks like, attached.
As the host, Mirotalk now (incorrectly) says that I am not logged in myself (even though I launched MiroTalk from my Cloudron admin dashboard), and then it asks me to login with the MiroTalk interface itself (and not the Cloudron login). When I attempt to use my Cloudron login details it says I have invalid credentials.
So do I actually need to configure all the OIDC settings in the env file? If so, can I pls get some guidance on how to arrive at the exact settings needed?
Thank you!
Ads
-
Hi there,
re: Mirotalk SFU 1.9.77
I'm trying to configure Mirotalk SFU to only allow logged in Cloudron users to join a room.
If I'm reading this thread correctly, I don't need to include any OIDC settings in the env file anymore - so this is what my env file looks like, attached.
As the host, Mirotalk now (incorrectly) says that I am not logged in myself (even though I launched MiroTalk from my Cloudron admin dashboard), and then it asks me to login with the MiroTalk interface itself (and not the Cloudron login). When I attempt to use my Cloudron login details it says I have invalid credentials.
So do I actually need to configure all the OIDC settings in the env file? If so, can I pls get some guidance on how to arrive at the exact settings needed?
Thank you!
Ads@admeister said in Use Cloudron Logins for host protected settings:
I'm trying to configure Mirotalk SFU to only allow logged in Cloudron users to join a room.
Simply remove all the old or unnecessary entries from your
envfile:
Note: The parameter
ALLOW_ROOM_CREATION_WITHOUT_HOSTis not related to MiroTalk SFU.To explicitly configure MiroTalk with Cloudron OIDC Authentication (this is also the default behavior if not explicitly set), use the following environment variables:
OIDC_ENABLED=true OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS=trueOIDC_ENABLED=true— Enables OIDC authentication.OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS=true— Allows all authenticated users via OIDC to create their own rooms.
If you do not want to use OIDC authentication but still want to define your own user logins, you can disable OIDC and enable MiroTalk SFU internal Host Protection Mode:
# Disable Cloudron OIDC OIDC_ENABLED=false # Host protection HOST_PROTECTED=true HOST_USER_AUTH=false # Define host users in the format: # username:password:displayName:allowedRooms (comma-separated) HOST_USERS="user1:pass1:user-1:*|user2@mail.com:pass2:user two:*|user3:pass3:user name:*"HOST_PROTECTED=true— Enables Host Protection mode.HOST_USER_AUTH=false— Disables additional user authentication beyond host users.HOST_USERS— List of host users, with*allowing access to all rooms or specific room names separated by commas.
️ After making changes, restart your MiroTalk instance for them to take effect.
For a complete environment configuration, check the
.env.templatefile:
Full env exampleThe environment variables are loaded in
config.jsand serve both as runtime configuration and documentation for additional features:
Full config.js example -
Thank you everyone for your responses.
I'm trying to configure Mirotalk SFU to only allow logged in Cloudron users to join a room.
Realised that the solution was far simpler than I thought - I just needed to add a single line to the .env file:
OIDC_AUTH_REQUIRED=true
Thank you deeply to everyone working on Cloudron and all associated apps... I'm in awe of this community!
Ads
