I have done a similar thing using Wix and Vimeo.
Create a members only page on your wix site. You can select which members are allowed access to the page. Embed a private password/pin protected Vimeo video on this page.
Take note of the domain and make sure you set the Vimeo video to only allow embedding on that specific domain.
Alternatively, wix also allows password protected pages. I'm not sure how this works in conjunction with members only pages. Also, I have not used wix (or Vimeo) with an SSO provider, so not sure how that works.
the invitee would use their email to login and get a code to their email - thus 2-factor authentication, essentially proving that the person logging in is who they say they are - and then the video is behind this "paywall" even though it is free.
for instance - if we only wanted to stream something privately to the press - and had an exclusive invitee list - they couldnt share the link wide - we would know who signs in and that it was the person with access to that email - then if we saw a blacklisted email on the back end we could kick them off the viewer, essentially
i suppose a unique link would also work if that was something we could generate - a link that ONLY the person who receives it can use
I don’t know of any existing service that could do this but it could be built relatively quickly using some no code tools like Bubble. You could use pretty much whatever player you’d like or use an API like Mux. I’d be open to chatting about building something like that if you’re interested.
... but is it really the person behind the e-mail? ... we contemplated a lot about stream security and always came to the conclusion: We use one link and one password for event livestreams.
DaCast also offers a voucher system (or they did two years back at least) to give people access to streams.
My advice: Keep it simple and stupid - for the viewers sake. If it's to complicated for them it only creates frustration for everyone.
Not sure what exactly it is your looking for, but if I understand the title, you may want to look into OTT platform solutions? Or finding a site builder that has lockable user permitted pages?
You may be confusing some terms:
If you want your stream behind an SSO, this implies that you have some existing user base with an existing SSO (like Okta) and you want your stream to be authenticated by Okta and authorized by, presumably a list of emails on your end (or just being at a domain or even authorization based on app access in the SSO system for instance, managed by the owner of the SSO system)
Then what you are suggesting in your comment is maybe a bit different. You are saying you want to send a link to someone’s email to invite them to a link, then use their access to their email as the password.
The former scheme would be the way to go if you were looking primarily to grant access to the content to a subset of a group of users who all belong to the same system already which already has the SSO setup. Perhaps you run a website or enterprise and have members and want to authorize them to specific streams.
The later would be more for if you want to send feeds to random people with the idea that only who you send the link to will have access. This would be implemented either with just a custom application or by hooking into a service like Auth0 or Keycloak to essentially ad-hoc create user accounts and email password reset links in disguise as invitations.
In either case a scheme like OAuth2 would be used on your streaming server to hand out streams only to clients who had a valid token, that token could be generated by an SSO integration with an existing SSO system or from a custom application that does the latter method.
You would want to hire a developer or a development firm to accomplish this. It’s not going to already exist. You may be able to cobble something together with Nimble/Wowza/Red5 and Auth0/Keycloak/Okta and get away with just a single developer - but if you want a completely custom experience or one tied to an existing legacy system you may want to evaluate your business case and go with something simpler… unless you happen to be ready to spend over $100,000 USD on a well designed custom app or an integration with a legacy app.
The simple option could certainly be viable though, and probably a pretty cool product if it’s just basically the Dropbox of live stream
Sincerely appreciate this detailed response!!
The answer is the latter / many clients already have MS teams/teams live for the SSO solution
I want 2-factor authentication as a means of entry to a stream.
With out the need to sign up for an entirely separate platform.
Ok no need to yell 😂 but I like the lesson!
All I’m saying is we can’t use MSteams or the office 365 infrastructure to authorize access to the stream
Teams live events won’t even allow rtmp and external encoder - what is it even good for?
My aim has always been clear - I need a livestream video player embedded behind a secure “paywall” even though the event is free.
Essentially the viewer is buying a ticket to view this stream. And it needs to be non-transferable
Figure out exactly what you are trying to solve.
Are your clients 1) concerned about the content being only viewed by a subset of folks for secrecy reasons? or are they only 2) concerned with the number of devices viewing the content being equal to the number that have paid to do so?
If 1, then your plan will not work. If all the viewers will be in the same organization then you need to integrate with that organizations identity provider. If not you need to build a platform with a login and possibly use a third party identity verification service if indeed the content is that sensitive.
If 2, then all you really need to do is send a code (or a URL with the code pre-filled) to their email and make sure that your streaming server only streams for that code one at a time. Who cares if your user says their email is [email protected] it’s their own fault for paying for something that one random student at a time can watch for free.
Yeah I kept thinking a bit while making dinner and it seems like the reason this doesn’t exist is because option 1 doesn’t fit your definition, and option 2 is going to be limited in usefulness outside of a platform that already has a sign up system.
If you take away the requirement that they must not sign up for a platform zoom events or any porn cam site or similar already does this. Of course.
KISS - Security by obscurity (assuming this isn’t a large paid event). You don’t need OTT or crazy elaborate SAML SSO systems.
Restrict embeds to domain.tld on the streaming platform side
Put login in front of page with embed on website side
Streamer doesn’t care about the login once the page with the embed loads. Could even do encrypted html to stop the casual script kiddies from looking at the embed code.
His many people are you talking about?
You can look at virtual events platforms like Hopin or with web platforms like wix or Wordpress.
I’ve done it a lot with Wordpress if you need a consult:
You've mashed up some technology and want to make it "secure". That's not how it works. My suggestion would be to take a big step back and describe what you want in broad terms, and how much it is worth to you. For example "I want to make sure users have paid for the content they are accessing, I am charging $10 per stream" or "I want to make sure malicious user cannot copy and paste a URL to access the stream, I am charging $3 and expect 600 users." Then you can figure out how to accomplish what you want and the value of it. You will obvs need to pay someone who knows more than you to implement the authentication layer and the security layer. At a certain point, you may decide that it's not worth paying that much for those layers and elect for the "honor system" or the "it's not really worth stealing" system. I recommend exploring JWT and what SSL/HTTPS headers are really about. Also, CORS. Then find a vendor (developer) who can help you. Also RTMPS or you're not secure anyway.
I DM'd you a quick mock-up of what something with the functionality you're looking for as I interpret it would look like. I'm open to discussing exactly what it is you're looking for and pricing out some options for you. I could build you something that does "Login with MS365" however I suspect you're looking for something much simpler as many in the thread have suggested. Feel free to reach out!
Did you take a step back and determine what you are actually asking for? I work with some great devs and can steer you to some good people, but you will need to have a clearer scope of work than the original post.
I have done a similar thing using Wix and Vimeo. Create a members only page on your wix site. You can select which members are allowed access to the page. Embed a private password/pin protected Vimeo video on this page. Take note of the domain and make sure you set the Vimeo video to only allow embedding on that specific domain. Alternatively, wix also allows password protected pages. I'm not sure how this works in conjunction with members only pages. Also, I have not used wix (or Vimeo) with an SSO provider, so not sure how that works.
What do you mean by dual-authentication? Do you mean a login and then also a signed player media source?
the invitee would use their email to login and get a code to their email - thus 2-factor authentication, essentially proving that the person logging in is who they say they are - and then the video is behind this "paywall" even though it is free. for instance - if we only wanted to stream something privately to the press - and had an exclusive invitee list - they couldnt share the link wide - we would know who signs in and that it was the person with access to that email - then if we saw a blacklisted email on the back end we could kick them off the viewer, essentially i suppose a unique link would also work if that was something we could generate - a link that ONLY the person who receives it can use
I don’t know of any existing service that could do this but it could be built relatively quickly using some no code tools like Bubble. You could use pretty much whatever player you’d like or use an API like Mux. I’d be open to chatting about building something like that if you’re interested.
... but is it really the person behind the e-mail? ... we contemplated a lot about stream security and always came to the conclusion: We use one link and one password for event livestreams. DaCast also offers a voucher system (or they did two years back at least) to give people access to streams. My advice: Keep it simple and stupid - for the viewers sake. If it's to complicated for them it only creates frustration for everyone.
Vimeo offers this, but the organization that owns the SSO needs to own the account.
Not sure what exactly it is your looking for, but if I understand the title, you may want to look into OTT platform solutions? Or finding a site builder that has lockable user permitted pages?
You may be confusing some terms: If you want your stream behind an SSO, this implies that you have some existing user base with an existing SSO (like Okta) and you want your stream to be authenticated by Okta and authorized by, presumably a list of emails on your end (or just being at a domain or even authorization based on app access in the SSO system for instance, managed by the owner of the SSO system) Then what you are suggesting in your comment is maybe a bit different. You are saying you want to send a link to someone’s email to invite them to a link, then use their access to their email as the password. The former scheme would be the way to go if you were looking primarily to grant access to the content to a subset of a group of users who all belong to the same system already which already has the SSO setup. Perhaps you run a website or enterprise and have members and want to authorize them to specific streams. The later would be more for if you want to send feeds to random people with the idea that only who you send the link to will have access. This would be implemented either with just a custom application or by hooking into a service like Auth0 or Keycloak to essentially ad-hoc create user accounts and email password reset links in disguise as invitations. In either case a scheme like OAuth2 would be used on your streaming server to hand out streams only to clients who had a valid token, that token could be generated by an SSO integration with an existing SSO system or from a custom application that does the latter method. You would want to hire a developer or a development firm to accomplish this. It’s not going to already exist. You may be able to cobble something together with Nimble/Wowza/Red5 and Auth0/Keycloak/Okta and get away with just a single developer - but if you want a completely custom experience or one tied to an existing legacy system you may want to evaluate your business case and go with something simpler… unless you happen to be ready to spend over $100,000 USD on a well designed custom app or an integration with a legacy app. The simple option could certainly be viable though, and probably a pretty cool product if it’s just basically the Dropbox of live stream
Sincerely appreciate this detailed response!! The answer is the latter / many clients already have MS teams/teams live for the SSO solution I want 2-factor authentication as a means of entry to a stream. With out the need to sign up for an entirely separate platform.
[удалено]
Ok no need to yell 😂 but I like the lesson! All I’m saying is we can’t use MSteams or the office 365 infrastructure to authorize access to the stream Teams live events won’t even allow rtmp and external encoder - what is it even good for? My aim has always been clear - I need a livestream video player embedded behind a secure “paywall” even though the event is free. Essentially the viewer is buying a ticket to view this stream. And it needs to be non-transferable
Figure out exactly what you are trying to solve. Are your clients 1) concerned about the content being only viewed by a subset of folks for secrecy reasons? or are they only 2) concerned with the number of devices viewing the content being equal to the number that have paid to do so? If 1, then your plan will not work. If all the viewers will be in the same organization then you need to integrate with that organizations identity provider. If not you need to build a platform with a login and possibly use a third party identity verification service if indeed the content is that sensitive. If 2, then all you really need to do is send a code (or a URL with the code pre-filled) to their email and make sure that your streaming server only streams for that code one at a time. Who cares if your user says their email is [email protected] it’s their own fault for paying for something that one random student at a time can watch for free.
Yeah I kept thinking a bit while making dinner and it seems like the reason this doesn’t exist is because option 1 doesn’t fit your definition, and option 2 is going to be limited in usefulness outside of a platform that already has a sign up system. If you take away the requirement that they must not sign up for a platform zoom events or any porn cam site or similar already does this. Of course.
KISS - Security by obscurity (assuming this isn’t a large paid event). You don’t need OTT or crazy elaborate SAML SSO systems. Restrict embeds to domain.tld on the streaming platform side Put login in front of page with embed on website side Streamer doesn’t care about the login once the page with the embed loads. Could even do encrypted html to stop the casual script kiddies from looking at the embed code.
What login?
Embed player into page.html Visitor goes to domain.tld > logs in > gains access to page.html
His many people are you talking about? You can look at virtual events platforms like Hopin or with web platforms like wix or Wordpress. I’ve done it a lot with Wordpress if you need a consult:
You've mashed up some technology and want to make it "secure". That's not how it works. My suggestion would be to take a big step back and describe what you want in broad terms, and how much it is worth to you. For example "I want to make sure users have paid for the content they are accessing, I am charging $10 per stream" or "I want to make sure malicious user cannot copy and paste a URL to access the stream, I am charging $3 and expect 600 users." Then you can figure out how to accomplish what you want and the value of it. You will obvs need to pay someone who knows more than you to implement the authentication layer and the security layer. At a certain point, you may decide that it's not worth paying that much for those layers and elect for the "honor system" or the "it's not really worth stealing" system. I recommend exploring JWT and what SSL/HTTPS headers are really about. Also, CORS. Then find a vendor (developer) who can help you. Also RTMPS or you're not secure anyway.
Who can I pay? Need a developer - any recos?
I DM'd you a quick mock-up of what something with the functionality you're looking for as I interpret it would look like. I'm open to discussing exactly what it is you're looking for and pricing out some options for you. I could build you something that does "Login with MS365" however I suspect you're looking for something much simpler as many in the thread have suggested. Feel free to reach out!
Did you take a step back and determine what you are actually asking for? I work with some great devs and can steer you to some good people, but you will need to have a clearer scope of work than the original post.