Nx 5.0 RTSP Stream Authentication Fail
Answered
Hello,
I am using Nx Witness 5.0.0.34969.
I failed to open the RTSP streaming URL, which I got from API document as below.
rtsp://<server_ip>:<port>/<deviceId>
I found that when I allow digest authentication for the user. I can use this user on RTSP authentication and open the RTSP stream successfully. However, if I do not allow digest authentication, it doesn't seem to work.
What should I do to pass RTSP authentication with disabled digest authentication user to request RTSP stream?
Thank you for your help.
-
Hi @...,
If you don't use the digest authentication, you should use the default bearer authentication instead.
0 -
Hi Norman,
I am wondering how to use bearer authentication to open the RTSP stream.
Is there any sample code or player I can use to open RTSP stream with bearer authentication?
0 -
Hi @...,
The documentation is shown in the Nx WebAdmin under the API documentation:
- Click on the Sever name.
- Select API documentation.
- Select API Information.
- Scroll down for the Authentication section.
Here you will find all information regarding Bearer Authentication.
For the full documentation about Bearer Authentication, please check the RFC 6750.
0 -
Hi Norman (Yihsuan_Hsueh),
Sorry to interrupt your discussion, but I would like to know how to use bearer token to play RTSP stream from Nx server ver.5.0.
I understood how to generate bearer token from Nx server, and there are sample codes how to use token for HTTP request on the API documentation, but I couldn't find how to use it for RTSP stream.
Could you share sample code to do it? (ex. gstreamer script to do it)
Thank you.
0 -
Hello everybody,
At the moment, it's not possible to play RTSP stream using bearer authentication. The recommended way is creating a user with digest authentication and using that account for API invocation.
0 -
Hi,
I would like to revisit on this issue, since we keep on have this warning when we try to enable “Digest Authentication” for some user in NX. Should we concern about this warning for any NX future release?
1. Will it be any plan to support Bearer authentication for streaming via RTSP URL?
2. When will be your future plan / in product roadmap that Digest authentication will be totally disabled/deprecated?0 -
Hi Mohd Iqbal Radzuan ,
Please note that Digest Authentication has been deprecated since June 2022. As part of a gradual transition, we’re now beginning the process of phasing it out to give everyone extra time to update any workflows that still depend on Digest in 2025.
Starting with version 6.1, Digest Authentication will no longer be available by default when the system Security level is set to High. For the Standard Security level, Digest will still be available in 6.1 but is planned for removal in a future release (most likely 6.2, though the exact version is not yet finalized). To clarify: the Security level refers to the option you choose during the initial setup of the system, with Standard being the default.
Regarding your questions:
- It’s not possible to use Bearer tokens to stream via an RTSP URL.
- Digest was officially deprecated in June 2022. Partial disabling will begin in version 6.1, with full removal expected (most likely) from version 6.2.
0 -
What is your plan to support authentication (by fully removal of digest authentication) to stream with RTSP URL in your future release i.e 6.1 & later version?
Currently RTSP URL only can support Digest Authentication as follows:
rtsp://<username>:<password>@<IPAddress>:<PortNumber>/<CameraGuid>1 -
I have the same concerns. We share out of a system to an internal RTSP→RTMP box to transport to a livestream platform. What will be the solution moving forward?
0 -
Hi Mohd Iqbal Radzuan and Kyle Folger,
You can find additional details on this topic in THIS support article.
Starting with version 6.1, we’re also introducing a new option: you’ll be able to use a session token as an HTTP Basic password with the username set to
-. This approach is especially useful for older tools and libraries that don’t support HTTP Bearer authentication. We’re just wrapping up the final steps for this feature, but once available, it will provide a secure and convenient way to connect.With this change, your RTSP URL would look like this:
rtsp://-:<session_token>@<IPAddress>:<PortNumber>/<CameraGuid>0 -
Hi Norman.
Thanks for your clarification. Based on the support that you shared, it is under assumption that we need to keep on refresh the authentication / session token i.e when the session token expires.
Is there any way/plan that we can have a API-Key / persistent credential for accessing the RTSP stream from NX
As Kyle Folger mentions (and probably we have the same use case), we share the RTSP stream URL from NX to another video system to transport the livestream via a 3rd party integration. We need a such a way that all the RTSP URLs from NX is persistence/constant & not dynamic.0 -
You are correct Mohd. We are sharing RTSP to another platform after converting it to RTMP. Recently, we are directly sharing two RTSP camera streams to another company to use in their broadcast. We opened a port in the firewall and only allow their IP access. I would hope the updated solution would have a persistent option.
0 -
Hi Mohd Iqbal Radzuan and Kyle Folger,
At this time, Digest Authentication remains available and will continue to be supported in version 6.1.
In addition, you can use the previously mentioned solution, where the token is included directly in the RTSP URL.
Currently, there are no plans to introduce API-key support. However, if this is something you would find valuable, we encourage you to share your suggestion and specific use case in the Feature Feedback section of this community. This ensures our Product team is aware of the demand and can take it into consideration for future development.
Kind regards.
0 -
Hi Norman
We are currently upgrading our integration from Digest Authentication to Bearer Tokens on v6.1.0.42176. Following the recommended approach for third-party players, we attempted to use the session token as the password with a hyphen (-) as the username in the RTSP URL.However, we are unable to establish a successful connection. For reference, here is the URL format we are testing:
rtsp://-:vms-b1e9ed28...UYUL@<SERVER-IP>:7001/b769050d...37f7?stream=0Could you confirm if there are additional security settings or header requirements in this build to make this work as expected?
0 -
I have similar concerns where I'm trying to integrate a gstreamer based application with RTSP input source.
0
Please sign in to leave a comment.
Comments
15 comments