Hello Konstantin,
I did my experiments with coturn based on this SO article
https://stackoverflow.com/questions/35766382/coturn-how-to-use-turn-rest-api
I have created config that works and stop further experiments :((
So most probably something can be enhanced :) and something can be
re-written
I'm using
lt-cred-mech
use-auth-secret
static-auth-secret=XXXXXXXXXXXXXXX
with random string for user in applicationContext.xml
>>>> Currently it basically use one user for all clients and there is no
guarantee that timestamp alone will be unique. Currently it basically use
one user for all clients and there is no guarantee that timestamp alone
will be unique
Why unique user might be required?
On Sun, 17 May 2020 at 13:45, Konstantin Kuzov <master.nosfer...@gmail.com>
wrote:
> I tested both use-auth-secret's static-auth and lt-cred-mech's static user
> auth modes and they both work for me like that:
> 1) lt-cred-mech's static user
> - turnserver.conf:
> fingerprint
> lt-cred-mech
> realm=example.org
> user=test:passwd
> stale-nonce=0
> verbose
>
> - applicationContext.xml:
> p:turnUrl="example.org"
> p:turnUser="test"
> p:turnSecret="passwd"
> p:turnMode=""
> p:turnTtl="60"
>
> 2) use-auth-secret's static-auth in REST mode
> - turnserver.conf:
> fingerprint
> use-auth-secret
> realm=example.org
> static-auth-secret=authsecret
> stale-nonce=0
> verbose
> - applicationContext.xml:
> p:turnUrl="example.org"
> p:turnUser=""
> p:turnSecret="authsecret"
> p:turnMode="rest"
> p:turnTtl="60"
>
> For use-auth-secret's static-auth you can also actually populate
> p:turnUser with somehing random. Then it will be used as userid. From
> coturn's documentation:
> # usercombo -> "timestamp:userid"
> # turn user -> usercombo
> # turn password -> base64(hmac(secret key, usercombo))
> #
> # This allows TURN credentials to be accounted for a specific user id.
> # If you don't have a suitable id, the timestamp alone can be used.
>
> Maxim, maybe OM need to also make proper use of userid for REST mode?
> Currently it basically use one user for all clients and there is no
> guarantee that timestamp alone will be unique. Dunno if that's bad.
> Something like this:
> https://github.com/CkNoSFeRaTU/openmeetings/commit/ab15c3fc6306982cd991835aa0a39f1b37a0c8cc#diff-ea905da2ad8890a997638b281f0fc87cR340
> c.getUid() can be replaced with c.getUser().getId() if that is better for
> some reason...
>
> вс, 17 мая 2020 г. в 02:59, Konstantin Kuzov <master.nosfer...@gmail.com>:
>
>> I'm using use-auth-secret without user in coturn's configuration and with
>> empty p:turnUser in OM's applicationContext.xml.
>> I haven't tried to configure user auth through applicationContext.xml...I
>> only tried user auth by not touching applicationContext.xml at all and by
>> configuring it in KMS's WebRtcEndpoint.conf.ini. That way it worked but
>> most users had trouble to prolong their sessions on turn and so had
>> disconnects by channel-lifetime (by default 10 minutes).
>>
>> Looking at
>> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L335
>> if
>> you want to try user auth you need to set p:TurnMode="",
>> p:TurnUser="username" and p:turnSecret="password"
>>
>> сб, 16 мая 2020 г. в 20:39, Juan Antonio Moreno Carmona <jam...@gmail.com
>> >:
>>
>>> Hi Konstantin
>>>
>>> Then, what mechanism do you use? user or use-auth-secret?
>>>
>>> And how do you fill applicationContext.xml file. I tried to comment
>>> use-auth-secret and static-auth-secret in turnserver.conf file.
>>> Furthermore, I leave p:turnSecret option empty in applicationContext.xml
>>> file.
>>>
>>> But then I get following error in catalina.out and I can't get
>>> camera/audio working
>>>
>>> ERROR 05-16 18:57:36.864 o.a.w.DefaultExceptionMapper:170
>>> [-apr-443-exec-6] - Unexpected error occurred
>>> java.lang.IllegalArgumentException: Empty key
>>>
>>> Regards.
>>>
>>
--
Best regards,
Maxim
