Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Authentication support?

    Jitsi
    15
    43
    860
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • rmdes
      rmdes @chetbaker last edited by

      @chetbaker both
      You can use this approach to create several users/pass allowing other people to join
      but the moment you put this in place, you can't access the jitsi without a user/pass

      chetbaker 1 Reply Last reply Reply Quote 0
      • chetbaker
        chetbaker @rmdes last edited by

        @rmdes thanks! I was digging in some of the jitsi documentation and there's something called secure domain that in the handbook seems to be different than LDAP. Would that work?

        rmdes 1 Reply Last reply Reply Quote 0
        • rmdes
          rmdes @chetbaker last edited by

          @chetbaker I don't think so, better wait for LDAP support cos it will bring you authentication and a closed jitsi server in one shot 🙂

          chetbaker 1 Reply Last reply Reply Quote 0
          • chetbaker
            chetbaker @rmdes last edited by

            @rmdes oh no, for sure! I was thinking more on something like this while we wait for LDAP

            rmdes 1 Reply Last reply Reply Quote 0
            • rmdes
              rmdes @chetbaker last edited by

              @chetbaker This could be a path to explore outside of a cloudron context, but within cloudron I'm not sure I have the know-how to talk about this, maybe @nebulon can chime in?

              1 Reply Last reply Reply Quote 0
              • nebulon
                nebulon Staff last edited by

                Package version 0.2.0 now has LDAP integration. This allows authentication of users but also enables the guest mode as outlined in https://jitsi.github.io/handbook/docs/devops-guide/secure-domain#enable-anonymous-login-for-guests

                imc67 H 2 Replies Last reply Reply Quote 9
                • imc67
                  imc67 translator @nebulon last edited by

                  @nebulon very good news!!

                  How do we disable anonymous access so only LDAP?

                  1 Reply Last reply Reply Quote 0
                  • H
                    hakunamatata @nebulon last edited by

                    @nebulon
                    I just installed the update but now the app is stuck starting. Log excerpt:

                    Mar 02 22:57:04 => Ensure directories
                    Mar 02 22:57:04 => Create configs
                    Mar 02 22:57:04 ==> Configuring static assets
                    Mar 02 22:57:04 ==> Configuring SASLauthd for LDAP
                    Mar 02 22:57:04 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable
                    Mar 02 22:57:05 => Ensure directories
                    Mar 02 22:57:05 => Create configs
                    Mar 02 22:57:05 ==> Configuring static assets
                    Mar 02 22:57:05 ==> Configuring SASLauthd for LDAP
                    Mar 02 22:57:05 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable
                    Mar 02 22:57:06 => Ensure directories
                    Mar 02 22:57:06 => Create configs
                    Mar 02 22:57:06 ==> Configuring static assets
                    Mar 02 22:57:06 ==> Configuring SASLauthd for LDAP
                    Mar 02 22:57:06 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable
                    Mar 02 22:57:07 => Ensure directories
                    Mar 02 22:57:07 => Create configs
                    Mar 02 22:57:07 ==> Configuring static assets
                    Mar 02 22:57:07 ==> Configuring SASLauthd for LDAP
                    Mar 02 22:57:07 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable
                    Mar 02 22:57:09 => Ensure directories
                    Mar 02 22:57:09 => Create configs
                    Mar 02 22:57:09 ==> Configuring static assets
                    Mar 02 22:57:09 ==> Configuring SASLauthd for LDAP
                    Mar 02 22:57:09 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable
                    Mar 02 22:57:11 => Ensure directories
                    Mar 02 22:57:11 => Create configs
                    Mar 02 22:57:11 ==> Configuring static assets
                    Mar 02 22:57:11 ==> Configuring SASLauthd for LDAP
                    Mar 02 22:57:11 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable
                    

                    Running Cloudron v7.1.2 on Ubuntu 20.04.3 LTS. Reverted to Jitsi package v0.1.0 for now.

                    avatar1024 1 Reply Last reply Reply Quote 1
                    • avatar1024
                      avatar1024 @hakunamatata last edited by

                      @hakunamatata Same here

                      1 Reply Last reply Reply Quote 1
                      • girish
                        girish Staff last edited by

                        @nebulon I guess the package should have optionalSso flag set?

                        1 Reply Last reply Reply Quote 1
                        • nebulon
                          nebulon Staff last edited by

                          As this is still an app marked as unstable, update issues are to be expected. Since the current package relies on LDAP and does not yet support optionalSso, existing instances have to be reintsalled. Since jitsi is mostly stateless though, this shouldn't be an issue. Sorry for not mentioning this upfront.

                          luckow 1 Reply Last reply Reply Quote 1
                          • luckow
                            luckow translator @nebulon last edited by

                            @nebulon My expected behavior is: starting a new conference/meeting brings a pop-up ("if you are the moderator, please sign in"). But this does not work with the new package (yes, fresh install) at first. It feels like the public jitsi from the first package. Am I missing any configuration?

                            Pronouns: he/him | Primary language: German

                            1 Reply Last reply Reply Quote 1
                            • jdaviescoates
                              jdaviescoates last edited by

                              @nebulon I just installed a fresh install to see/ test LDAP support but when installing it just talks about "Dahboard visibility" not "User management" like other LDAP enabled apps:

                              Screenshot from 2022-03-03 11-55-36.png

                              I use Cloudron with Gandi & Hetzner

                              jdaviescoates H 2 Replies Last reply Reply Quote 0
                              • jdaviescoates
                                jdaviescoates @jdaviescoates last edited by

                                @nebulon and when going to https://meet.uniteddiversity.coop/ any anonymous user can still create a room and be granted moderator rights on the room they create. Looks like something isn't quite right.

                                I'm still on Cloudron 7.0.4 is LDAP Jitsi only available on 7.1 or something?

                                I use Cloudron with Gandi & Hetzner

                                nebulon 1 Reply Last reply Reply Quote 0
                                • nebulon
                                  nebulon Staff @jdaviescoates last edited by

                                  @jdaviescoates you are right, the jitsi app package version 0.2.0 is only available for Cloudrons running 7.1.2

                                  luckow 1 Reply Last reply Reply Quote 1
                                  • luckow
                                    luckow translator @nebulon last edited by

                                    @nebulon Interesting phenomenon: there is a folder in Prosody that cannot be accessed via the Web Filemanger. In the terminal, this is not a problem.
                                    8dbd2a7c-6ef3-4dd5-8e59-786c19d02bcc-grafik.png
                                    31ca9120-ea77-4a7f-a63d-4b52bafc2cd5-grafik.png

                                    Pronouns: he/him | Primary language: German

                                    nebulon 1 Reply Last reply Reply Quote 1
                                    • nebulon
                                      nebulon Staff @luckow last edited by

                                      @luckow that seems to be a filemanager client side bug. Thanks for reporting.

                                      Regardless of that, I do wonder if that folder needs to be there in the first place. There is nothing which should be changed or touched by the admin without risking breaking, so I think I will move most of that, if not all to /run

                                      1 Reply Last reply Reply Quote 1
                                      • H
                                        hakunamatata @jdaviescoates last edited by

                                        @jdaviescoates How did you get the "Dashboard visibility" option? I just tried a fresh install on 7.1.2 but am presented with the default "user management" option. If I continue with the Jitsi install, the app does not require a login.

                                        nebulon jdaviescoates 2 Replies Last reply Reply Quote 0
                                        • nebulon
                                          nebulon Staff @hakunamatata last edited by

                                          To be clear for everyone: Since jitsi app package version 0.1.0 did not have any sso/ldap integration, everyone was seeing the dashboard visibility. Once on v0.2.0 this changes, since it is integrated. App package version 0.2.0 is only available for Cloudron v7.1.2 though, which is only available as a pre-release so far. So if you want to try jitsi v0.2.0, you have to manually update your Cloudron first.

                                          1 Reply Last reply Reply Quote 2
                                          • nebulon
                                            nebulon Staff last edited by

                                            To further update on this, there seems to be some issue in v0.2.0 with the auth, not always being enabled. I am investigating now.

                                            1 Reply Last reply Reply Quote 3
                                            • jdaviescoates
                                              jdaviescoates @hakunamatata last edited by

                                              @hakunamatata said in Authentication support?:

                                              @jdaviescoates How did you get the "Dashboard visibility" option? I just tried a fresh install on 7.1.2 but am presented with the default "user management" option. If I continue with the Jitsi install, the app does not require a login.

                                              I'm still on 7.0.4 so I'm also still on the 0.1.0 version of the app package, that's why.

                                              I use Cloudron with Gandi & Hetzner

                                              1 Reply Last reply Reply Quote 0
                                              • nebulon
                                                nebulon Staff last edited by

                                                There is some confusion about the guest mode in jitsi and it interferes with the ldap auth. I am not sure yet why and what the behavior should be, but I published a new package v0.3.0 which is ldap always on now. Given, that this will not allow guests to join a conference, this is not the final intended status.

                                                jan.reinhardt 1 Reply Last reply Reply Quote 3
                                                • jan.reinhardt
                                                  jan.reinhardt @nebulon last edited by

                                                  @nebulon I just installed 0.3.0 and it seems that now only internal meetings between registered users of my cloudron are possible. How can I invite external guests so that they can join the meeting without being a cloudron user? If I had to choose between an open jitsi where everybody can start a meeting and a closed one only for registered cloudron users I'd like to have the open version like 0.1.0 back please 🙂

                                                  luckow 1 Reply Last reply Reply Quote 1
                                                  • luckow
                                                    luckow translator @jan.reinhardt last edited by luckow

                                                    @jan-reinhardt As I understand it, there are several options that are not compatible with each other:

                                                    • public (open to all / without authentication).
                                                    • internal (only ldap users)
                                                    • internal/public (only ldap users can initiate a conference, then guests are allowed)
                                                    • jwt (token based authentication for e.g. nextcloud, rocket.chat ...).

                                                    From my point of view, we should start with internal/public. Then from there we see what is possible with some kind of "switch" in an env file.
                                                    In the end: if we need different jitsi settings to satisfy different use cases, we need to install them separately. By the way: the same is true for Greenlight (the BigBlueButton frontend).

                                                    Pronouns: he/him | Primary language: German

                                                    jdaviescoates micmc 2 Replies Last reply Reply Quote 5
                                                    • jdaviescoates
                                                      jdaviescoates @luckow last edited by

                                                      @luckow said in Authentication support?:

                                                      From my point of view, we should start with internal/public.

                                                      Exactly. +1

                                                      I use Cloudron with Gandi & Hetzner

                                                      1 Reply Last reply Reply Quote 0
                                                      • micmc
                                                        micmc @luckow last edited by micmc

                                                        @luckow said in Authentication support?:

                                                        @jan-reinhardt As I understand it, there are several options that are not compatible with each other:

                                                        • internal/public (only ldap users can initiate a conference, then guests are allowed)

                                                        That ressembles much as my point of view too, for what would be primary needs to start with.

                                                        By the way: the same is true for Greenlight (the BigBlueButton frontend).

                                                        Yep, and AFACS that app works pretty well.

                                                        BTW, may I put a double Kudos! Here as well as for the recent 7.1 version work from our super folks @girish and @nebulon which are among the best software engineers I've seen and worked with online in my 20 and dust on the 'information superhighway' career lol 😆
                                                        Thanks for your dedication guys, really.😎


                                                        https://marketingtechnology.services

                                                        jan.reinhardt 1 Reply Last reply Reply Quote 3
                                                        • jan.reinhardt
                                                          jan.reinhardt @micmc last edited by

                                                          @micmc I totally agree that internal/public would be perfect. But if this is not yet possible imho public is much better than internal because I can use the public jitsi server immediatly to work with my clients (this is what I did over the last two weeks and it performed great). The 'internal only' version means that I have to use Zoom etc. again...

                                                          luckow 1 Reply Last reply Reply Quote 1
                                                          • luckow
                                                            luckow translator @jan.reinhardt last edited by

                                                            @jan-reinhardt As a quick (dirty) workaround: add a user guest with the password guest to your Cloudron ldap and only allow this user to access your jitsi instance. Tell your clients that they must use guest:guest for authentication.

                                                            Pronouns: he/him | Primary language: German

                                                            jan.reinhardt 1 Reply Last reply Reply Quote 6
                                                            • H
                                                              hakunamatata last edited by

                                                              For some reason the LDAP authentication isn't working for me. I tried a fresh install of package v.0.2.0 and v0.3.0 on my server (v7.1.2) but my Jitsi instance is still public.😕

                                                              avatar1024 1 Reply Last reply Reply Quote 0
                                                              • jan.reinhardt
                                                                jan.reinhardt @luckow last edited by

                                                                @luckow 👍

                                                                1 Reply Last reply Reply Quote 0
                                                                • avatar1024
                                                                  avatar1024 @hakunamatata last edited by avatar1024

                                                                  @hakunamatata have tried to actually start a meeting? With version 0.3 anyone can still access the page where you can create a meeting but when you actually join the meeting it asks for authentication.

                                                                  H 1 Reply Last reply Reply Quote 2
                                                                  • nebulon
                                                                    nebulon Staff last edited by

                                                                    Thanks for all the feedback here. We are aware of the auth issues, there is some missing piece in the jitsi configs which we try to track down to support auth + guest mode.

                                                                    1 Reply Last reply Reply Quote 4
                                                                    • H
                                                                      hakunamatata @avatar1024 last edited by

                                                                      @avatar1024 This was the missing link! Yes I am prompted for authentication after I start a meeting. Thanks for the clarification!

                                                                      1 Reply Last reply Reply Quote 1
                                                                      • nebulon
                                                                        nebulon Staff last edited by

                                                                        So the latest package v0.4.0 now has LDAP enabled and fixes the guest mode. Each conference can be started by an authenticated user and then guests can join.

                                                                        Optional LDAP will probably come as well.

                                                                        robi Aizat 2 Replies Last reply Reply Quote 13
                                                                        • robi
                                                                          robi @nebulon last edited by

                                                                          @nebulon There appear to be App upgrade issues.

                                                                          From all the Jitsi updates, the app updates into a non responding state.

                                                                          It may be a combo of the fixed port at 10000 and addon changes.

                                                                          This also makes it impossible to have more than one instance installed, if one were to test/troubleshoot ;-/

                                                                          What I found works is uninstalling the app, then reinstalling, but that doesn't help fix the bug of it not upgrading properly.

                                                                          See the Jitsi support email if you want to log in and check things out.

                                                                          Life of Gratitude.
                                                                          Life of Advanced Technology

                                                                          nebulon 1 Reply Last reply Reply Quote 1
                                                                          • nebulon
                                                                            nebulon Staff @robi last edited by

                                                                            @robi unfortunately jitsi as such does not support port changes, so this needs to be possible upstream.

                                                                            For upgrades, as always with unstable apps, we don't care of migration. I can tell you already that likely the next jitsi update today will also require a reinstall. It just makes little sense to deal with config file or data migration while we haven't settled on the storage way yet.

                                                                            robi 1 Reply Last reply Reply Quote 4
                                                                            • robi
                                                                              robi @nebulon last edited by

                                                                              @nebulon Understood, thanks for the clarification.

                                                                              Life of Gratitude.
                                                                              Life of Advanced Technology

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • Aizat
                                                                                Aizat @nebulon last edited by

                                                                                @nebulon I'm still getting the authentication issue, when I use my Cloudron login username, it doesn't authenticate me, and says incorrect pwd or username. Then I tried my Cloudron email, it just connecting...
                                                                                Do I need to change/add something in the "jitsi-meet-config.js"?

                                                                                Aizat 1 Reply Last reply Reply Quote 0
                                                                                • Aizat
                                                                                  Aizat @Aizat last edited by

                                                                                  @Aizat on the other test, I made an App Passwords, and use the password it generated instead of my Cloudron login, and it worked, moderator granted.

                                                                                  1 Reply Last reply Reply Quote 1
                                                                                  • First post
                                                                                    Last post
                                                                                  Powered by NodeBB