Jitsi Meet is a WEBRTC-based video conferencing application, powering the meet.jit.si online service.
Users may install their own instance of Jitsi Meet for private use, in which case, they may use authentication to control the creation of conference rooms.
Jitsi Meet uses a custom JWT-based protocol to authenticate users. Some technical details can be found in the documentation repo
LemonLDAP::NG can act as a JWT issuer for Jitsi Meet.
As of 2.19.0, only a single Jitsi server per LemonLDAP::NG installation is supported.
Go in General Parameters » Issuer modules » Jitsi Meet Tokens and configure:
Tip
For example, to allow only members of the jitsi-meet group:
inGroup('jitsi-meet')
There are two ways for the Jitsi Meet server to validate the token authenticity:
Important
LemonLDAP::NG will attempt to use the OpenID Connect private key to emit JWTs, which means you need to create a key in OpenID Connect Service > Security > Keys if you intend to use public-key signature.
If you are using the Docker based install, refer to the Jitsi Meet documentation on token authentication
Here are the variables you need to adjust when using LemonLDAP::NG:
Variable | Value |
---|---|
ENABLE_AUTH | 1 |
AUTH_TYPE | jwt |
JWT_APP_ID | Same as Application ID |
JWT_APP_SECRET | If HS* signature is used: same as Shared secret |
JWT_ACCEPTED_ISSUERS | https://auth.example.com/ |
JWT_ACCEPTED_AUDIENCES | Same as Application ID |
JWT_ASAP_KEYSERVER | If public-key signature is used: https://auth.example.com/jitsi/asap |
TOKEN_AUTH_URL | https://auth.example.com/jitsi/login?room={room} |