Jump to content

Generate RTMP Authentication URL

Recommended Posts

Hello All,

i need to generate an RTMP authentication URL with autoit using the following guidelines: - is this possible?

Authentication Flow

The authentication mechanism/process is a multistep synchronous handshake between the client and the server.


The client (encoder) connects to a Live ingest server using a server-specific URL such as

• rtmp://ingest01.pri.shortname.fmspush.llnw.net


• rtmp://ingest01.bak.shortname.fmspush.llnw.net

Where shortname refers to the customer-specific account name.

Authentication Handshake

The examples in this section use the following data; substitutions for actual customer data should be made accordingly:

Customer = Acme Corp

Shortname = acme

Username = acme

Password = go!acme

Primary Connection URL = rtmp://ingest01.pri.acme.fmspush.llnw.net/acme

Backup Connection URL = rtmp://ingest01.bak.acme.fmspush.llnw.net/acme

Note: generally, the username allocated to an account will be identical to the shortname.

1) The client tries to connect:

a) rtmp://ingest01.pri.acme.fmspush.llnw.net/acme

:) rtmp://ingest01.bak.acme.fmspush.llnw.net/acme

2) The ingest server initially responds to the client with the following rejection code and detail message:

a) Rejection code: NetConnection.Connect.Rejected

;) Detail message: [ code=403 need auth; authmod=llnw ]

3) The client prompts the user for the username and password.

4) The user enters acme and go!acme.

5) The client tries to reconnect to the ingest server with a modified URL that contains query terms specifying the authentication module name and the username to authenticate:

• rtmp://ingest01.pri.acme.fmspush.llnw.net/acme?authmod=llnw&user=acme

6) On the second connection attempt, the ingest server once again rejects the client connection with the following response code and detail message that includes a nonce:

a) Rejection code: NetConnection.Connect.Rejected

;) Detail message: [ authmod=llnw ] : reason=needauth&user=acme&nonce=eb36ed37a9d08274ce30e42f5d8c5a1a

7) The client computes the final response to complete the authentication handshake (see Computing the Final Response).

8) The client reconnects to the ingest server using the computed final response URL.

a) If the final response computed by the client does not match what the ingest server independently computes the same algorithm used by the client in Computing the Final Response, the connection is rejected. The following response code and detail message are sent to the client:

i) Rejection code: NetConnection.Connect.Rejected

ii) Detail message: [ authmod=llnw ] : ?reason=authfail&detail=invalid_response

:) Otherwise, the connection is accepted with a response code of NetConnection.Connect.Success and the client proceeds to Publishing the Live Stream.

Computing the Final Response

To compute the final response, both the client and the server follow the same steps:

1) Parse the nonce value from the rejection information from the second attempt.

2) Generate a random eight-byte hexadecimal challenge string, known as the cnonce.

3) Create a nonce counter, nc, which is an eight-byte hexadecimal counter, initially set to 00000001. It must be incremented every time the nonce is reused.





4) Calculate the response hash value by using the H(A1) and H(A2) hash values.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...