Live Authentication is a mandatory security measure for streaming a live event via Dynamic Cloud Packaging. It is provided for your protection and it prevents unauthorized streams from being hosted on your account.
Our CDN service prevents unauthorized users from publishing a live stream via your account by requiring that an encoder authenticate to the publishing server through the use of a live authentication key. This type of key is defined on the Live Auth page.
There are two types of live authentication keys, which are:
Type | Description |
---|---|
Global Key |
Authorizes publishing to any location that has not been secured by a stream key. This type of live authentication key makes it easy to secure a single live event that contains multiple streams. Only a single global key may be defined at any given time. |
Stream Key |
Authorizes publishing for a specific stream. Zero or more stream keys may be defined. |
Make sure that a live authentication key meets the following requirements:
Stream Path (Stream Key Only): A stream-specific live authentication key must identify an instance and a stream name that will be paired with a key. This value is known as a stream path.
This stream path must consist of:
Optionally, an asterisk (*), which represents one or more characters, may be appended to the stream name.
Do not specify a pattern after an asterisk as it will be ignored.
An asterisk should always be specified at the end of the specified stream path. Both stream paths in the following example allow the same set of values.
Sample stream paths:
myinstance/mystream*
myinstance/mystream*123
Valid stream names for either of the above stream paths:
mystreamABC?StreamKey
mystream123?StreamKey
mystreamABC123?StreamKey
Setting up live authentication consists of performing the following steps:
Configure an encoder to pass a stream name along with a live authentication key.
Use the following syntax when setting up FMLE's Stream option.
It may take up to 1 hour for changes to your live authentication configuration to take effect.
Perform the following steps to define a global key:
Navigate to the Live Authentication page.
Stream key setup requires defining a stream path and a key. A stream path, which is defined within the Stream Path option, identifies a stream using the following syntax:
This example assumes the following configuration:
The Stream Path option should be set to the following value:
Perform the following steps to define a stream key:
Navigate to the Live Authentication page.
Set the Stream Path option to the following value:
Example:
Set the Stream Key option to the desired value.
If the encoder is publishing multiple streams of varying bit rate quality, then perform either of the following steps:
Create a stream key that authorizes all streams that have the same base stream name.
Syntax:
This example demonstrates how to set up stream key support for multiple streams.
The first step is to identify the name of the desired instance (e.g., conferences).
Sample publishing point URL:
The next step is to identify the name of each stream that will be published. In this scenario, the following streams will be generated:
The next step is to create a stream key.
Set the Stream Path option to:
Set the Stream Key option to:
The final step is to configure the encoder to publish streams with the following names:
To authorize multiple streams via stream keys
Decide upon a naming convention for each stream that will be broadcast by your encoder.
Example:
Create a stream key whose stream path is set to:
Example:
Specify each stream name in your encoder.
Use a delimiter between each stream name/stream key combination.
Adobe Flash Media Live Encoder uses semi-colons to delimit stream names.
Example:
Authorize an encoder to publish a live stream by appending a live authentication key to the stream name. Use the following syntax when defining the name of the stream being published.
Encoder | Syntax / Example |
---|---|
Single Stream |
Syntax: Example: mystream?mykey123
|
Syntax: A global or stream key may be used to authorize multiple streams. However, a single stream key may only authorize multiple streams if its stream path contains an asterisk. An alternative approach is to create a stream key for each desired stream name. Example: mystream%b?mykey123
|
The purpose of a Live Authentication key is to authenticate that a stream is authorized for publishing. It should not be used for live stream playback.
Live authentication keys should be treated like any other security credential or password. It is paramount to keep these keys as secure as possible. We have observed incidents in which customers lost control of their Live Authentication keys and then experienced unauthorized streaming on their account.
Although Live Authentication keys may be exposed as plain text in an encoder or streaming tool configuration, cautionary steps should be taken to prevent them from falling into the wrong hands. The following precautions are recommended: