Skip to main content
Version: 2.12

Keycloak Integration

Keycloak is an Identity Management tool that makes authentication and authorization easy for different services by providing a single sign-on (SSO) solution. We can use Keycloak to make WebRTC pages secure by Keycloak authentication.

Ant Media default streaming application StreamApp.war has Keycloak integration disabled. So if you create your own streaming application using StreamApp.war or configure an existing application coming from installation, you should enable and configure Keycloak configurations.

In this documentation, we will go through Keycloak and Ant Media Side configurations.

Keycloak Configuration

  1. Please check Keycloak Getting Started documentation to Setup Keycloak.

  2. After making it run, we will create a Realm from Keycloak Dashboard. Let's name it antmedia.

  3. Create an Open ID Client in the Realm (antmedia). Let's name it stream-application. Then set the URL as in the image below.

  1. Create a role in the client (stream-application). Let's make a role name user.

  1. Create a User in Realm with the role (user) we created in step4. Lets make user name streamer1

Please do not forget to create the password from Users --> Click streamer1 --> Credentials --> Set Password

With the above configurations, the Keycloak side is ready. Now we will proceed with AMS configuration.

AMS Configuration

  1. Please navigate to the application folder in your AMS installation, like:

    cd /usr/local/antmedia/webapps/{APP-NAME}/WEB-INF

  2. Uncomment the following lines in red5-web.xml and set the values according to your Keycloak server configurations.

    <!-- For Keycloak Integration -->
     <bean id="openid.config" class="io.antmedia.SecurityConfiguration">
     	<property name="realmUrl" value="http://keycloak.antmedia.cloud:8080/realms/antmedia" />
     	<property name="appName" value="live" />
     	<property name="clientId" value="stream-application" />
     	<property name="role" value="user" />
     </bean>
info

The appName should be the same as the application name we are configuring. Also, all these parameters should be compatible with the configuration in the Keycloak.

  1. Uncomment the following lines in web.xml as below:

    <!-- For Keycloak Integration -->
     <filter>
     	<filter-name>ContentSecurityPolicyHeaderFilter</filter-name>
     	<filter-class>io.antmedia.filter.ContentSecurityPolicyHeaderFilter</filter-class>
     	<async-supported>true</async-supported>
     </filter>
     <filter-mapping>
     	<filter-name>ContentSecurityPolicyHeaderFilter</filter-name>
     	<url-pattern>/*</url-pattern>
     </filter-mapping>

  2. Restart the antmedia service.

    sudo service antmedia restart

Stream Testing with Keycloak Integration

  • Try to publish a WebRTC stream through a sample publish page.

    https://{AMS-URL}/{APP-NAME}/samples/publish_webrtc.html

  • Try to play a stream through the sample play page:

    https://{AMS-URL}/{APP-NAME}/player.html

  • When you try to publish or play, it will first ask you to authenticate with the keycloak user that we created.

    Once you authenticate, you will be able to publish the stream via sample page.