Red5 Documentation

Red5 Pro Round-Trip Authentication Validator

The Red5 Pro RoundTrip Authentication validator implemented by the class RoundTripAuthValidator, is a remote server authorization mediator. As the name suggests, it implements a secure and robust authentication mechanism using the server to server validation.

A Red5 pro webapp seeks validation for publish and subscribe actions requested on a stream from a remote service through the RoundTripAuthValidator implementation. The authentication is carried out on the remote server using the appropriate business logic implemented and the result is returned as a JSON object back to the RoundTripAuthValidator implementation.

One of the main feature of this validator implementation is being able to authenticate clients distinctively by their role (publishers and subscribers). Authentication does not occur when a client merely connects to the server. It is triggered when the client clarifies its intent through an actual publish or subscribe request for a stream. The validator uses Red5 pro’s security hooks to determine the requested stream action type (publish or subscribe).