Overview
The Jitsi Provisioning Plugin for Openfire server provides the ability to authenticate users and provision the Jitsi client according to the Enterprise Needs. Provisioning is the feature that allows network and provider administrators to remotely configure Jitsi instances that they are responsible for.
Jitsi’s provisioning module uses http. This means that, based on a few parameters like an IP or a mac layer address, or a user name and a password, this Plugin can feed to a freshly installed Jitsi all the details that it needs in order to start making calls, downloading updates or configure codec preferences.
Download
GitHub
Installation
Copy jitsiprovisioning.jar into the plugins directory of your Openfire server. The
plugin will then be automatically deployed. To upgrade to a new version, copy the new
jitsiprovisioning.jar file over the existing file.
Configuration
Access to the service is restricted with a "secret" that can be viewed and
set from the User Service page in the Openfire admin console. This page is
located on the admin console under "Server" and then "Server Settings".
This should really only be considered weak security. The plugin was initially written with the assumption that http access to the Openfire service was
only available to trusted machines. In the case of the plugin's author, a web application running on the same server as
Openfire makes the request.
Using the Plugin
To authenticate users and get the Jitsi provisioning details, submit HTTP/HTTPS requests to the jitsiprovisioning provisioning service.
A provisioning service is an HTTP or HTTPS URL optionally followed by several parameters. The URI would most often point to a provisioning server-side script. Please note that we strongly recommend you only use HTTPS unless you have very good reasons not to. Provisioning POST requests generally contain sensitive information like passwords and you definitely don’t want that being sent in clear text.
The service address is [hostname]plugins/jitsiProvisioning/provision. For example,
if your server name is "example.com", the URL is http://example.com/plugins/jitsiProvisioning/provision/?user=${username}&password=${password}&secret=bigsecret
Provisioning URI and parameters
The easiest way to have Jitsi connect to a provisioning server is to configure the provisioning URL in its configuration form. Jitsi also supports automatic provisioning discovery via DHCP and Bonjour. To do so, go to options => advanced => provisioning and check “Enable provisioning” (if not already checked), then select “Manually specify provisioning URI” and enter a URI.
Sample HTML
The following example athenticates user xyx and on success server returns provisioning data
* When sending double characters (Chinese/Japanese/Korean etc) you should URLEncode the string as utf8.
In Java this is done like this
URLEncoder.encode(username, "UTF-8"));
If the strings are encoded incorrectly, double byte characters will look garbeled in the Admin Console.
Server Reply
The server will reply to all User Service requests with an plain/text.
If the request was processed successfully the return will be a provisioning text.
If the request was unsuccessful, the response will be 401 and plain/text with error message.
| Error String 401 response | Description |
| ConnectionException |
Unable to connect to the Database/LDAP to authenticate the user |
| InternalUnauthenticatedException |
Internal authentication error |
| UnauthorizedException |
Invalid Username/Password.
|
| RequestNotAuthorised |
The supplied secret does not match the secret specified in the Admin Console or the requester is not a valid IP address. |
References
Click here to know more about Jitsi Provisioning
Click here to know more about Openfire server
