Is there any implementation of webrtc containing an interaction with an idenitity provider (idp)? since all the open source Webrtc platforme that i've seen (easyrtc, peerjs, ...) dont include an interaction with an idp.
For example there is no implemenation, calling the function setting the IdP --> setIdentityProvider()
So my intent is to have an open source Webrtc platforme (already implementing the interaction function) able to communicate with my own IdP , and after that i will try to figure out how to do the communication between them (websocket, https, ...)
Firefox has an implementation of the identity provider part of the spec which seems to be enabled by default.
Chrome does not implement this yet.
Related
I am using the web SDK, in which setting the client role as host or audience seems to have no effect. I have tried setting it before and after joining the channel. Contrary to the behavior described in the Android SDK docs, where setting the role as audience makes Agora automatically unpublish the stream.
Also, peer-online event seems to fire only when a stream is published. To be very specific when rtc.client.publish() is called and not otherwise.
This is all on temp token generated on the console.
Is this intended behavior for the Web SDK ? Are we, devs, supposed to disable the stream using the stream spec object on client side if audience ?
The two available roles are: host and audience. I think you may have used the role client in setClientRole which doesn't really exist.
You need to set the role just before joining the channel as per normal convention.
Check out these files for sample working code:
Broadcast client code - host
Broadcast audience code
Sample app
The SDK triggers the peer-online callback under one of the following circumstances:
A remote user/host joins the channel by calling the Client.join method.
A remote user switches the user role to the host by calling the Client.setClientRole method after joining the channel.
A remote user/host rejoins the channel after a network interruption.
The host injects an online media stream into the channel by calling the Client.addInjectStreamUrl method.
Agora Documentation Link: https://docs.agora.io/en/Interactive%20Broadcast/API%20Reference/web/interfaces/agorartc.client.html
I would like to check if my understanding is correct about the way to use Keycloak.
After Keycloak server is installed and running, we would have 2 options:
Use the javascript adapter in the application we want to authenticate
Use the mod_auth_openid to use Keycloak with Apache webserver
In the case of web application, since it must have an web server, does it mean only option 2 is available? And even if option 1 is available, should I use it?
It depends on the type of your application. If you want to provide your application as SPA (Single Page Application) using JavaScript, JavaScript Adapter will be good option. But if you want to provide it as traditional server-side web application which doesn't support standard federation protocol like OpenID Connect, mod_auth_openidc will fit.
Also keycloak provides several types of client adapters. You can check them with the following document.
https://www.keycloak.org/docs/latest/securing_apps/index.html#supported-platforms
In addition, if your application is already OpenID Connect or SAML 2.0 compliant, you can integrate with keycloak server without any client adapters because it based on open standard protocol which keycloak supports. Please refer the following document to understand securing your application.
https://www.keycloak.org/docs/latest/securing_apps/index.html#overview
How can i use MFP (8.0) adapter based authentication without installing mfp client sdk / libs.
Is it possible to make REST call to the adpater (login) directly from the client application (mobile) without the client sdk.
Updates:
I have tried confidential client option , but i need individual user details instead of pre-defined client id.
You can't make Adapter Based Authentication in your Client Application without MobileFirst SDK.
However this is possible only with unprotected adapter endpoint.
Security check adapters cannot be accessed via REST calls. You can protect your resources with scopes mapped to these securitychecks and they get invoked when the resources are accessed. At the client, uou handle the challenges that come from the securitychecks. This needs the MFP Client SDK to be in place. You cannot access the securitycheck adapters directly without MFP client SDK.
There are two ways for you to avoid invoking a securitycheck:
Do not mark the resource with any security. In this case default security scopes get applied. However you still need MFP client SDK to handle the OAuth handshakes.
The only other way to avoid invoking security check adapters is to explicitly mark your resources un-protected ( disable OAuth security for that resource). This will prevent any challenge answer mechanism and you can access the resource without MFP client SDK. Do note that your resources (via REST endpoints) will be open to attack - there will not be any security applied on it.
i'm building a website that uses WebRTC to share audio and video. Now i'd like to access WebRTC features on Android devices so i can create an app that can receives audio and video streams from the website.
I've looked for a technology allowing me to do that and I've found SkylinkJS.
It looks great but i'm wondering something. Can i build a custom authentication system on top of SkylinkJS logic. What i mean is that i'd like to make sure the connection to SkylinkJS rooms are initiated by users actually authenticated on my platform.
At the moment, i do that using socket.io but i can do it since i'm using raw WebRTC. How can i do that using SkylinkJS? Using the REST API?
Thanks.
PS: i cannot tag this question with 'skylinkjs' since it's a new tag, but it mights be cool if someone could do it.
Yes you can integrate that with the REST API in this Applications REST API link here - . You can generate your own credentials.
You can generate the connecting credentials from your server and then when the User logs in, generate the credentials for Users to connect to the Room. See more in their support article.
SkylinkJS uses key based authentication mechanism to authenticate against the Temasys signaling servers. This ensures that any application using Skylink can only connect to calls in your application if the app can provide the same secure keys (from your Temasys developer account).
Your best bet in looping in Android would be to use the android counterpart. http://skylink.io/android/
I want to build a SSO system for web applications, but I dont want to use any protocol, just a plain cookie and session. can I?
In a word, no.
The concept of SSO requires that a client either:
possess a verifiable identity / authorisation assertion (credential) that it can transmit to multiple relying parties, or
negotiate with a relying party for the relying party to receive a verifiable assertion "just in time" (i.e. during login), or
some combination of the above.
Since cookies are scoped to a single domain, you cannot build an SSO system with just cookies and browser sessions.
If you don't wish to use Kerberos there are various other SSO protocols.