Show search and navigation.

 

Live Authentication

Applies To:
HTTP LargeThis platform has been optimized to cache and deliver static content (e.g., HTML, CSS, JavaScript, ISO, multimedia, and software downloads, etc.) over HTTP or HTTPS.
Dynamic Cloud PackagingThis streaming solution facilitates HLS and/or MPEG-DASH playback of live or on-demand content. A live stream may be pushed to this service via RTMP.

Live Authentication is a mandatory security measure for streaming a live event via Dynamic Cloud Packaging. It is provided for your protection and it prevents unauthorized streams from being hosted on your account.

Our CDN service prevents unauthorized users from publishing a live stream via your account by requiring that an encoder authenticate to the publishing server through the use of a live authentication key. This type of key is defined on the Live Auth page.

There are two types of live authentication keys, which are:

Type Description

Global Key

Authorizes publishing to any location that has not been secured by a stream key.

This type of live authentication key makes it easy to secure a single live event that contains multiple streams.
View stream name syntax and example.

Only a single global key may be defined at any given time.

Stream Key

Authorizes publishing for a specific stream.

Zero or more stream keys may be defined.

Live Authentication Key Requirements

Make sure that a live authentication key meets the following requirements:

Setup

Setting up live authentication consists of performing the following steps:

  1. Define one or more live authentication keyAuthenticates streams before they can be ingested into our network. There are two types of live authentication keys, which are global and stream keys. A live authentication key (e.g., MyStream?MyLiveAuthenticationKey) must be specified when setting an encoder’s stream setting for use with our Flash Media Streaming, HLS, HDS, or DCP solutions.(s).

  2. Configure an encoder to pass a stream name along with a live authentication key.

    Use the following syntax when setting up FMLE's Stream option.

    StreamName?LiveAuthenticationKey

It may take up to 1 hour for changes to your live authentication configuration to take effect.

Global Key Setup

Perform the following steps to define a global key:

  1. Navigate to the Live Authentication page. ClosedHow?From the main menu, navigate to HTTP Large | HTTP Streaming | Dynamic Cloud Packaging. Click Live Auth from the side navigation bar.

  2. Set the Global Key option to the desired value.
  3. Click Update.

Stream Key Setup

Stream key setup requires defining a stream path and a key. A stream path, which is defined within the Stream Path option, identifies a stream using the following syntax:

InstanceNameReplace this term with the name of the desired instance./StreamNameReplace this term with the base name of the stream as defined in the encoder.
ClosedView example.

This example assumes the following configuration:

  • Instance Name: myinstance
  • Stream Name: videos

The Stream Path option should be set to the following value:

myinstance/videos

To define a stream key

Perform the following steps to define a stream key:

  1. Navigate to the Live Authentication page. ClosedHow?From the main menu, navigate to HTTP Large | HTTP Streaming | Dynamic Cloud Packaging. Click Live Auth from the side navigation bar.

  2. Click Create Key.

  3. Set the Stream Path option to the following value:

    InstanceNameReplace this term with the name of the desired instance./StreamNameReplace this term with the base name of the stream as defined in the encoder.

    Example:

    myinstance/mystream

  4. Set the Stream Key option to the desired value.

  5. Click Add.

Multiple Streams

If the encoder is publishing multiple streams of varying bit rate quality, then perform either of the following steps:

ClosedView a sample stream key configuration.

This example demonstrates how to set up stream key support for multiple streams.

The first step is to identify the name of the desired instance (e.g., conferences).

Sample publishing point URL:

rtmp://fso.dca.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC..{Base Domain}/20ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC./conferences

The next step is to identify the name of each stream that will be published. In this scenario, the following streams will be generated:

  • myevent250
  • myevent500
  • myevent750

The next step is to create a stream key.

  1. Set the Stream Path option to:

    conferences/myevent*

  2. Set the Stream Key option to:

    streamkeyA

The final step is to configure the encoder to publish streams with the following names:

myevent250?streamkeyA;myevent500?streamkeyA;myevent750?streamkeyA

To authorize multiple streams via stream keys

  1. Decide upon a naming convention for each stream that will be broadcast by your encoder.

    Example:

    myevent250, myevent500, and myevent750.

  2. Create a stream key whose stream path is set to:

    InstanceNameReplace this term with the name of the desired instance./BaseStreamNameReplace this term with the base name of the stream as defined in the encoder.*

    Example:

    myinstance/myevent*

  3. Specify each stream name in your encoder.

    • Make sure that this stream name does not include parameters (e.g., %i, %v, %a, etc.).

    • Use a delimiter between each stream name/stream key combination.

      • Adobe Flash Media Live Encoder uses semi-colons to delimit stream names.

        Example:

        myevent250?streamkey;myevent500?streamkey;myevent750?streamkey

Authorizing Live Stream Publishing

Authorize an encoder to publish a live stream by appending a live authentication key to the stream name. Use the following syntax when defining the name of the stream being published.

Encoder Syntax / Example

Single Stream

Syntax:

StreamName?LiveAuthenticationKeyRepresents either a global or stream key. If you choose to use a stream key, make sure that the stream key identifies the desired instance and stream name.

Example:

mystream?mykey123

Multiple Streams

Syntax:

StreamName%b?LiveAuthenticationKeyRepresents either a global or stream key. If you choose to use a stream key, make sure that the stream key identifies the desired instance and the base stream name with an asterisk appended to it.

A global or stream key may be used to authorize multiple streams. However, a single stream key may only authorize multiple streams if its stream path contains an asterisk. An alternative approach is to create a stream key for each desired stream name.
Learn more.

Example:

mystream%b?mykey123

The purpose of a Live Authentication key is to authenticate that a stream is authorized for publishing. It should not be used for live stream playback.

Best Practices - Live Streaming Security

Live authentication keys should be treated like any other security credential or password. It is paramount to keep these keys as secure as possible. We have observed incidents in which customers lost control of their Live Authentication keys and then experienced unauthorized streaming on their account.

Although Live Authentication keys may be exposed as plain text in an encoder or streaming tool configuration, cautionary steps should be taken to prevent them from falling into the wrong hands. The following precautions are recommended: