Moderator access

[uhillebrand]

Hi! I installed a Jitsi standalone instance with the jitsi-token installer from jitsi-contrib, set up the adapter according to your setup instructions, and had a working Jitsi/Keycloak integration in no time, thanks!

However: I am confused about moderator privileges. With my initial setup, every authenticated user is able to start a new meeting. But while Jitsi displays a popup "you are now a moderator" on join, the user does not in fact have moderator rights (no access to security options etc.).

By editing context.ts and using Keycloak to return an additional "moderator: true" attribute, this behaviour changes - now every authenticated user is automatically moderator, but for all meetings, not just the one they created. I understand that this leverages the token_affiliation prosody plugin.

How do I achieve the same behaviour as with "regular Jitsi" and the secure domain setup, so that only authenticated users are able to create a meeting, and that only the first user to create a meeting automatically becomes moderator?

Thanks in advance!

[emrahcom]

However: I am confused about moderator privileges. With my initial setup, every authenticated user is able to start a new meeting. But while Jitsi displays a popup "you are now a moderator" on join, the user does not in fact have moderator rights (no access to security options etc.).

When the token authentication is enabled, everybody having a token becomes moderator by default. But jitsi-token installer installs token_affiliation plugin and this plugin overwrites the user's level depending on the token's payload. That is why you see at first "you are now a moderator" message which is the default behavior but token_affiliation overwrites the level in a few seconds.

If you disable token_affiliation plugin then everybody with a token becomes moderator.

[emrahcom]

By editing context.ts and using Keycloak to return an additional "moderator: true" attribute, this behaviour changes - now every authenticated user is automatically moderator, but for all meetings, not just the one they created. I understand that this leverages the token_affiliation prosody plugin.

By default, jitsi-keycloak-adapter doesn't add moderator or affiliation field into the token's payload. Since there is no such value in the payload, token_affiliation decreases the level of every participant as member.

When you add moderator: true then everybody with a token becomes moderator (actually this is the default behavior when the token authentication is enabled and no token_affiliation plugin)

[emrahcom]

How do I achieve the same behaviour as with "regular Jitsi" and the secure domain setup, so that only authenticated users are able to create a meeting, and that only the first user to create a meeting automatically becomes moderator?

This means that you want jicofo to decide who will be the moderator.
jicofo.conference.enable-auto-owner: true in /etc/jitsi/jicofo/jicofo.conf

But this doesn't work with the token authentication as you expected. When token is enabled, it takes the control and decides for moderators.

[uhillebrand]

I disabled token_affiliation, and now it's working as you described (everyone with a token is moderator). While I still would prefer an option for the same behaviour as Jitsi without tokens, I think we can work with this. Thank you very much for the quick answer and clarification!