VideoWhisper RTMP Web Session Check

For sites and integrations where additional security measures are required, VideoWhisper applications support login session check on Wowza RTMP side.

This is used to make sure no clients will be able to connect to rtmp server without having previously logged in on the website (with the _login.php scripts for php editions).
When a new client tries to connect to RTMP server with a session name, rtmp application will check on the web server if that client session exists. If web server does not confirm that client logged in, rtmp server will reject the connection. RTMP server will also check for a webKey that needs to be configured same way on rtmp and web server: this will prevent connections in case of web domain hijacking (only web server and rtmp server know the key, client app does not).

Notes
– This will disable connections from external encoders (ie. FMLE) and players (ie. JwPlayer) to that rtmp address, as these will not provide a session name to check for validity. These apps can be supported with a more advanced solution that allows inserting a key in rtmp address and also continuous rtmp session control from web (rtmp reports online sessions to web scripts and these can terminate any rtmp session):  RTMP Session Control
– Usually, each installation will require its own rtmp side that checks session info with that installation. Otherwise you will have to tweak scripts to check on all installations.

 

RTMP Configuration

RTMP side web session check is currently supported for Wowza rtmp side. Download latest version of Wowza rtmp side, deploy to your server and update these settings in conf/videowhisper-web/Application.xml :


<Properties>
<Property>
<Name>acceptPlayers</Name>
<Value>true</Value>
</Property>
<Property>
<Name>webLogin</Name>
<Value>http://installation_url/rtmp_login.php?s=</Value>
</Property>
<Property>
<Name>webKey</Name>
<Value>VideoWhisper</Value>
</Property>
<Property>
<Name>webLogout</Name>
<Value>http://installation_url/rtmp_logout.php?s=</Value>
</Property>
</Properties>
</Application>

 

 

Then restart WowzaMediaServer service. For troubleshooting check Wowza access logs. If errors occur in the error logs submit a ticket to VideoWhisper about this.

Web Configuration

Download latest Video Conference php edition and check these integration files:
rtmp.inc.php – stores session info when user authenticates from vc_login.php ; contains $webKey if you want to change it
rtmp_login.php – called by rtmp server to see if a session name is valid (authenticated); also gets canKick permission to allow user to kick clients
rtmp_logout.php – called by rtmp server when client with a session name disconnected (to cleanup session)

Configure settings.php to use the videowhisper-web rtmp address.

To integrate this on other editions or installations you will need to copy the 3 files mentioned above to installation folder and include rtmp.inc.php in the _login.php scripts that authorize the user.
Other changes could be required depending on particularities of each integration.

Sample Demo Configuration

Installation url: http://www.videowhisper.com/demos/vc_web
Using rtmp address: rtmp://videowhisper.com/videowhisper-web

         <Property>
<Name>webLogin</Name>
<Value>http://www.videowhisper.com/demos/vc_web/rtmp_login.php?s=</Value>
</Property>
<Property>
<Name>webKey</Name>
<Value>VideoWhisper</Value>
</Property>
<Property>
<Name>webLogout</Name>
<Value>http://www.videowhisper.com/demos/vc_web/rtmp_logout.php?s=</Value>
</Property>

 

RTMP Session Control (including after login and for 3rd party encoders/apps)

In addition to session login control, VideoWhisper rtmp side for Wowza can also  provide RTMP Session Control (special licensing is required for 3rd party servers).

This can be used to monitor 3rd party clients, other than VideoWhisper applications, like Wirecast, Flash Media Live Encoder (FMLE), Open Broadcaster Software (OBS), iOS/Android GoCoder app for rtmp live broadcasting.

In example, if a broadcaster connects directly with an external encoder application, the website scripts can be notified about this to show his channel as LIVE.
Also web scripts can communicate back to rtmp server to disconnect a client when necessary.

Comments are closed.