Mobile Devices Compatible Features

Frank Carmona Mobile, V3.4

Applies to Version 3.4 and newer within Version3

Webcastudio mobile devices list of compatible features are:

Layouts:

7 compatible layouts associated to the equivalent on the PC’s layout file

  • Large Video centered
  • Video on the left side and slides on the right side both with the same horizontal size
  • Slides on the left side and video on the right side both with the same horizontal size
  • Video on the left side and slides on the right side. Video smaller than the slide (for slides with lots of detail)
  • Slide on the left side and video on the right side. Video smaller than the slide (for slides with lots of detail) 
  • Video on the left side and chat window on the right side
  • Chat on the left side and Video window on the right side

 

mobileSections

Video can be configured for 4×3 or 16×9 aspect ratios

An optional “Actions bar” in the bottom of the page can include the “Ask a Question” button

The user can enlarge the Slide or Video by clicking on them. Video is enlargeable to full size as well.

 

Automatic Slides Management (Auto-Presentation)

Frank Carmona Control-Room (Live Production), Version 3

SUMMARY

WebcaStudio is often used for long conferences where speakers use several powerpoint files to help run their presentations. Whereas webcaStudio will upload a previously converted version of the presenters powerpoint, the on-stage presenter’s powerpoint slide orders can be sent to webcaStudio Control-Room to automate the production process. 

In order to use this feature a PowerpointAddIn must be installed in the presenter’s PC (Administrator rights are required for this instalation)

Download the Vancast Powerpoint Addin  (version that does not require a Digital Certificate)

Download the Vancast Powerpoint Addin  (version that  requires a Digital Certificate)

VancastPowerpointAddin configuration documentation (in English)

VancastPowerpointAddIn configuration documentation (in Spanish)

ControlRoom Management using Vancast PowerpointAddin (in English)

ControlRoom Management using Vancast PowerpointAddin (in Spanish)

 

Secure Single Sign-On Developer Guide

Frank Carmona SSO

SUMMARY

This document explains the Secure Single Sign On (SSO) application for end-users access to webcaStudio platform  live or on-demand contents

Definitions and conventions:

  • Master Account:  Company that has a current webcaStudio platform subscription
  • Workspace: Independent space intended to allow the master account holder to enable a separate and thus confidential space for a customer
  • webcaStudio: Software as a service platform by means of which an organization can manage and publish Rich Media live or on-demand presentations addressed to a large number of end users who will be able to access and participate to a high quality professional on-line presentation.
  • Secure Access: Many times the contents produced by the Customer and served by webcaStudio platform are highly confidential and / or have a high economic value.  The “Secure SSO”  allows you to integrate your  “Internal Client Platform” with webcaStudio
  • Internal Client Platform: by this we refer to your or your customer’s, intranet, employee portal, e-learning platform, on-line event login platform, etc. owned by the Customer which already includes authentication features.

 

The Secure SSO application is the ideal choice for those who want to enable convenient and secure Access to any live or on-demand  webcasStudio  based contents from their own secured pages.

It is also the right choice for those organizations that want to distribute on-line conferences and already have their own event registration and secure online payment processing systems

And, of course, to anyone that wants to avoid users to login more than one time to seamlessly navigate through different platform solutions integrated as one.

The system is based in the following premises:

  1. Authentication by the Customer: User Authentication is solved by the Customer platform, in other words, the intranet, e-learning or on-line conference clearance system.
  2. SSO (Single Sign On): Once an end user has been logged to the Customer platform, he will no longer need to re-log in to the webcaStudio environment.
  3. Secure Access: webcaStudio will check the user correct login from the Customer platform and will block any non-authorized user login attempt to access the contents.

 

IMPLEMENTATION 

The technical solution we provide needs the Customer to develop a simple “Access Application Module”. This application shall be based on the following concepts:

  1. Connection URL: Each group of contents that make up an “event” within the webcaStudio platform is represented by a URL.
  2. Language code: An Event can be broadcasted in different languages simultaneously. The Access Application Module can send the language code the user wants to access.
  3. URL associated Arguments sent via “POST” method: webcaStudio requires user data for participants to be identified and also for the statistical data collection of the platform. Furthermore, as will be detailed below, the Access Application Module must send a HTMAC_SH1 encoded “Hash” argument that will enable webcaStudio to validate the user access.

HMAC_SH1 Hash and  PSK (Pre-Shared Key): The “Access application module“ will produce a Hash by using the summary/encrypted algorithm HMAC_SHA1 with the following pattern:

  1. Create a (PSK) in webcaStudio’s settings> wokspace> Single.Sign-On menu option
  2. locate this info:
    • email (User email)
    • account(Workspace id within webcaStudio) Check it under Secure Single-Sign-On access help at the Access tab of any event
    • time(UNIX timestamp)
    • event_URL(Event url)
  3. … and  build a summarised and encrypted chain using the HMAC_SHA1 algorithm:

 Hash= HMAC_SHA1((email + account + event_url + time), PSK)

 The “Access application module“ can be implemented with any technology which is capable of sending HTTP/HTTPS requests together with ”POST” arguments.

Next, we show a result sample of the request generated by the “Access application module” within the Customer platform:


<form action="https://MasterAccount.webcasting-studio.net/event/?t=NDM0YThhMzM2ZDQ0NjExZDg5YmI0N2RmZmRmY2U2OGE1OThiMmQwOA==&e=XXX&a=7&pt=XXX" method="post"><input type="hidden" name="firstname" value="Juan" />
<input type="hidden" name="secondname" value="Díaz López" />
<input type="hidden" name="email" value="jdiaz@acme.com" />
<input type="hidden" name="organization" value="acme Marketing" />
<input type="hidden" name="account" value="99" />
<input type="hidden" name="lang" value="es" />
<input type="hidden" name="proxy" value="rtmp://[PROXY]/live/vancast/webcaststream" />
<input type="hidden" name="ref_id" value="customer999" />
<input type="hidden" name="time" value="1288083386" />
<input type="hidden" name="token" value="258a9f03643b83226de02e99c3a95a41" />
<input type="submit" value="Access" />
</form>

The form will send the information via “POST” to the webcaStudio proxy (<form>tag “action” argument). The action URL is the event URL.

Next, some hidden fields are used to pass the arguments values.

  • The values for the arguments, name, secondmane, email*, organization and time* (timestamp in UNIX format) must be provided by the Customer Internal Platform.
  • The account* value is the Workspace ID of the customer within the webcasting studio platform.
  • The lang value, is the Language code of the language (according to ISO 639-1) and must match with the language code specified in the Basic Info tab in Event Creation Wizard.
  • The way to build the token* or hash* (both vars names can be used) argument has been explained before within this document. The PSK (Pre-Shared Key) will be agreed by Customer and the Distributor.
  • The proxy value is optional and is used when the audience is located within a LAN/WLAN and is it necessary to deliver the streaming through a internal proxy
  • The ref_id value is also optional. It can be used to keep a reference of your Customer Internal Platform user’s id.

NOTE: Only the vars with * are mandatory, the rest of the values are optional.

SECURITY FEATURES GRANTED BY THE PLATFORM

Once webcaStudio Secure SSO integration has been accomplished, the platform provides the following features:

  1. Regardless the use of HTTPS protocol (which is optional) to send a content request to webcaStudio, the fact of sending and further resolving the “Hash” by webcaStudio platform, prevents any theft of identity or access data of a valid user trying to connect.
  2. webcaStudio  applications work only within webcaStudio and webcasting-studio domains. Therefore no user will be able to succeed trying to emulate the execution of this platform within any other domain when trying to skip the authentication regular workflow.
  3. The application accessed by one user creates a session which must be active within webcaStudio.
  4. The platform can block two users with the same access credentials.
  5. webcaStudio can offer HTTPS connections for the access pages and static content delivery and use RTMPE (encrypted RTMP) for video distribution. (these are requirements that must be specifically requested by the Customer)

 

UNSECURE-SSO

If the SECURE SSO is not mandatory, webcaStudio platform can enable a simpler way for the Customer to develop the Access Application Module. The changes to the previous document are explained below:

  1. The form is prepared to send the information via “POST” to the webcaStudio proxy (<form>tag “action” argument). The URL is the event URL.
  2. The hash|token parameter will be null.

<form action="https://vancast.webcasting-studio.net/event/?t=NDM0YThhMzM2ZDQ0NjExZDg5YmI0N2RmZmRmY2U2OGE1OThiMmQwOA==&e=XXX&a=7&pt=XXX" method="post"><input type="hidden" name="firstname" value="Juan" />
<input type="hidden" name="secondname" value="Díaz López" />
<input type="hidden" name="email" value="jdiaz@acme.com" />
<input type="hidden" name="organization" value="Comunicación Interna" />
<input type="hidden" name="account" value="99" />
<input type="hidden" name="lang" value="es" />
<input type="hidden" name="proxy" value="rtmp://[PROXY]/live/vancast/webcaststream" />
<input type="hidden" name="ref_id" value="customer999" />
<input type="hidden" name="time" value="1288083386" />
<input type="submit" value="Access" />
</form>

LAN ACCESS SPECIFICATIONS

Encoder

Outgoing RTMP / RTMPE (over port 1935) connections by the internal Encoder shall be permitted

 

Use of FMSS Flash Media Streaming Server proxy(s) within Customer premises

Incoming RTMP / RTMPE (over port 1935) connections from the FMIS (Flash Media Interactive Servers) located in Vancast Data Center must be permitted.

 

Additional Information:

API Developer Guide