Skip to content

jicofo doesn't handle dynamic or multiple "login-url"s #1179

@berolinux

Description

@berolinux

Description

I'm trying to get my self-hosted jitsi-installation to allow authenticating users from 2 subdomains using LDAP. In Prosody, this works:

VirtualHost "subdomain1.example.com"
  authentication = "ldap";
  ldap_server = "ldap.subdomain1.example.com:389";
  ldap_base = "dc=example,dc=com";
  ldap_filter = "(uid=$user)";
  [...]

VirtualHost "subdomain2.example.com"
  authentication = "ldap";
  ldap_server = "ldap.subdomain2.example.com:389";
  [...]

Everything is handled correctly here, I see the ldap query ending up on the right ldap server.

But it becomes a problem as soon as jicofo enters the picture:
If it is configured as

jicofo {
  authentication {
    enabled = true
    type = XMPP
    login-url = "subdomain1.example.com"
    allowed-domains = [
      "subdomain1.example.com",
      "subdomain2.example.com"
    ]
[...]

it works for users from subdomain1.example.com, but not users from subdomain2.example.com (who are authenticated correctly, but then rejected as "not authorized user domain".

If I change login-url to "subdomain2.example.com", it works for users from subdomain2.example.com, but not users from subdomain1.example.com.

It would be extremely useful if jicofo had a setting to allow picking the right one - either a login-url = "${domain}" (the domain is obviously known at that time...), or a method to specify multiple options (login-url = [ "subdomain1.example.com", "subdomain2.example.com" ]).


Current behavior

Prosody accepts the multiple subdomain configuration, but jicofo can (apparently) handle only one.

Expected Behavior

Multiple subdomain configuration works across all components

Possible Solution

Probably the best option would be to expand variables in the jicofo { authentication { login-url } } setting.

Steps to reproduce

Create a setup with multiple subdomains as given in the example in the description, try to log in with users from both subdomains

Environment details

jitsi/prosody:stable-9646 and jitsi/jicofo:stable-9646 docker containers

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions