Single-Sign-On integration is based on 3 blogs. If you have not setup Okta account and installed jitsi meet yet, please follow below guides before reading this blog

  1. Integrate single sign on authentication for Jitsi Meet via Okta

  2. Setup JWT, Secure domain and guest access with Jitsi Meet

Introduction

In this guide, you will learn how to setup the middleware for the SSO integration.

Connect SAML authentification with Jitsi Meet

Clone this repo in a separate server.

https://github.com/Renater/Jitsi-SAML2JWT

git clone https://github.com/Renater/Jitsi-SAML2JWT.git

cd Jitsi-SAML2JWT

Configuration

Before any installation you should create the jitsi-SAML2JWT.env file with your own informations.

mv config/jitsi-SAML2JWT.env_ref config/jitsi-SAML2JWT.env
vi config/jitsi-SAML2JWT.env

You need to fill all sections.

#Shibboleth
SHIBBOLETH_TEMPLATE_XML=shibboleth2_sp_direct_idp.xml
SP_ENTITY_ID=
METADATA_URL=
SSO_URL=

#JWT Token Generator
JITSI_DOMAIN=
JWT_GENERATOR_KEY=
JWT_APP_ID=

#Web server
SERVER_NAME=
  • SHIBBOLETH_TEMPLATE_XML leave default.
  • SP_ENTITY_ID with <SP_ENTITY_ID>.
  • METADATA_URL with <METADATA_URL>.
  • SSO_URL with <IDP_ENTITY_ID>.

  • JITSI_DOMAIN <JITSI_DOMAIN>.
  • JWT_APP_SECRET with prosody application secret known only to your token.
  • JWT_APP_ID with prosody application identifier.
  • SERVER_NAME with <SSO_MIDDLWARE_DOMAIN>.

Installation

You must first complete the jitsi-SAML2JWT.env file and run generate_config_file.sh.

cd tools/
sh generate_config_file.sh

Generate certificates

We provide a script to generate selfsigned certificate for Apache and Shibboleth.

sh init_certificates.sh

Run above code again.

If you want, you can use your own certificate by setting it in conf/cert directory (apache.pem for apache and s-cert.pem and sp-cert.key for Shibboleth).

SAML SP and JWT Generator

Install Docker

sudo apt update

sudo mkdir -p /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt update

sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin

Go to project root directory

cd ../

Build Docker Image :

sudo docker image build -t shib2jwt .

Start the docker container :

sudo docker run --rm -d  -p 443:443/tcp -p 80:80/tcp shib2jwt:latest

Remember to point domain name to new server's public IP address.

Now you have successfully integrated Single-Sign-On with Jitsi.


Next:

LDAP Authentication for jitsi meet using cyrus/saslauthd

How encryption works on Jitsi meet

Updated:

Leave a Comment