Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Issue with external authentication with JWT with latest build

See original GitHub issue

Hello,

Sorry if I missed some patch notes or something! I recently set up Keycloak with jitsi-meet and this was working with jitsi/web:stable-5390-3 (the latest build at the time). I am running everything in docker. If I attempted to start a meeting without authenticating, it would redirect me to my Keycloak app to authenticate first.

I am using the following env variables:

ENABLE_AUTH=1
ENABLE_GUESTS=1
AUTH_TYPE=jwt
JWT_APP_ID=myId
JWT_APP_SECRET=mySecret
TOKEN_AUTH_URL=https://auth.mysite.com/{room}

However, the latest update broke that integration. No matter what I do, it seems to authenticate internally. Is there something I am missing?

Issue Analytics

State:
Created 2 years ago
Comments:6 (4 by maintainers)

Top GitHub Comments

2reactions

S0ulDrag0ncommented, Apr 23, 2021

Sure, here are the steps I took:

Follow this guide to set up Keycloak with docker: https://www.keycloak.org/getting-started/getting-started-docker. The latest image should be fine. I created this as a public client and I didn’t set a root URL for the client app but I did set the base URL to the Keycloak address. In my case, it was https://auth.mysite.com/.
Set up jitsi-keycloak to act as an intermediary to perform the OAuth redirects: https://github.com/D3473R/jitsi-keycloak. I also used the docker image here with environment variables. The address for this was https://portal.mysite.com/. I followed the steps exactly as it was written. The only difference here was I set TOKEN_AUTH_URL to be the portal site: https://portal.mysite.com/{room}. I also got keycloak.json from Clients > myClient > Installation > Keycloak OIDC JSON. This gets mounted to /config in the image.

version: "3.7"

services:
  auth:
    image: d3473r/jitsi-keycloak:latest
    container_name: jitsi-keycloak
    restart: unless-stopped
    ports:
     - "9000:3000"
    volumes:
     - ~/keycloak-jitsi/config:/config
    environment:
     - JITSI_SECRET=asdfqwerty
     - JITSI_URL=https://meet.mysite.com/
     - JITSI_SUB=meet.mysite.com
     - DEFAULT_ROOM=Test

You may have to tweak the address in the JSON file.

Update the Valid Redirect URIs under the client that you just created with the URI for the portal: https://portal.mysite.com/*.
Set the Web Origins to either * or +. In order to use this for security reasons, you will have to add web-origins as one of the default client scopes for the client in Keycloak.

The keycloak.json config file should let keycloak-jitsi know where the auth server is and all the environment variables should connect the portal and jitsi.

I hope this was clear enough!

0reactions

saghulcommented, Apr 23, 2021

Thanks a lot!