DRM secure streaming Adobe Access DRM authentication and secure stream protection


The Secure DRM Plugin is used to provide secure DRM flash video content to flowplayer.

Username: adobe
Password: adobe

The plugin supports ident user login encrypted content which will provide a login window and anonymous encrypted content which will obtain a token and play the video automatically.

Flash DRM content is provided by Adobe Flash Access 2.0 using either self hosted or flash access provider servers.

More information

Supported Flash Access Providers

Requirements

The Secure DRM plugin requires Flash 10.1 and a Flash Access module updated on the system for playback to work. The version number 10,2 is required to be configured in flowplayer to automatically update players to Flash 10.1 automatically, the plugin will also automatically download the Flash Access module for the Flash Player automatically before playback resumes.

Note:


DRM playback is currently not supported with the StageVideo feature and is required to be turned off by setting the clip property `accelerated` to `false`.

Features

  • Secure encrypted Flash video content.
  • Member user authenticated streaming.
  • Anonymous authenticated streaming.
  • Persistent content protection.
  • Flexible usage and expiry rules provided by the server side authentication.

(Current Version 3.2.7)

Compatibility

  • Flowplayer 3.2.6 and above

Purchase

License Information

The Securedrm Plugin is a once off commercial license with free updates and limited support to the Securedrm plugin only. Flowplayer related questions and support maybe be provided on their forums at http://flowplayer.org/forum/index.html

Note:

With your purchase please provide your domains to be provided with your licensed plugin. This is a new requirement to protect your licensed plugin from hotlinkers. New domains need to be requested manually for the moment.

How Does It Work ?

Using a DRM packager tool provided by the Flash Access Server or a Flash Access Provider, the content is encrypted with the required information to authenticate itself with the configured Flash Access Server URL to obtain a license before the Flash Player will accept playback.

Below is the workflow of DRM authentication :

  • Mp4 / FLV encrypted file is requested for playback via HTTP / RTMP.
  • DRM encrypted headers and information is parsed in the file from the Flash Player and checked if a license is stored in the client cache.
  • If the license has expired or not stored in the client cache, it will request to obtain a license from the Flash Access server.
  • Depending on the authentication type encrypted in the content the Flash Access server will determine an authentication event.
  • For user authentication content, the user will be prompted for a login which will be checked against a members database authentication url configured in the Flash Access server or Flash Access Provider server.
  • The members database server script will return a user configurable variable output with a success state and a license expiry.
  • The Flash Access server will use this information and return to the client to store the license for the expiry period and allow playback.
  • Anonymous authentication works similar but the license is pre-authenticated with an anymous login configured in the members database however the license expires immediately and has to be requested each time.

List Of Examples

Examples

User Authentication

Ident user authenticated content enables a user logging into an authentication server either a members database or a htpasswd Auth Basic system on a web server.

The packaged encrypted content will make a request to the flash access server which has been configured with an authentication server to allow/deny the user.

Once the user is authenticated, a drm voucher is downloaded to the configured expiry set by the flash access server.

Flowplayer configuration

The player config is set to Flash Player 10.1 mimimum requirements with "version: [10, 2]" which will automatically update players when needed. The clip config also has acceleration mode disabled due to a problem with the StageVideo API and DRM streaming.

No extra configuration is required for user authentication, a login dialog window will display to prompt for a member login. 


 flowplayer("drmIdentPlayer", {src:"http://static.electroteque.org/swf/flowplayer.swf", version: [10, 2]}, {
    // configure the required plugins
    plugins:  {

        drm: {
            url: 'http://static.electroteque.org/swf/flowplayer.securedrm-3.2.7.swf',
            accelerated: false
        }

    },

    clip: {
        accelerated: false,
        url: "http://static.electroteque.org/videos/BigBuckBunnyAuth.f4v"

    },
    log: {
        level: 'debug',
        filter: 'org.flowplayer.rtmp.*, org.flowplayer.securedrm.*,org.flowplayer.controller.*'
    }

});


Configuration:
property / datatype default description
authCount
int
3 The number of authentication attempts before displaying a failure.
rememberLogin
boolean
false The ability to remember the member login so when a license has expired it will use the cached login to prevent displaying a login window for each video. Login is securely encrypted and stored in a Flash cookie for added security. Note: This uses Flash sharedobjects which does not have secure storage natively compared to Adobe AIR, the encryption provides added security from cleartext storage. If the member login has changed, a login attempt greater than `authCount` will force the cache to clear and display a login window.
loginExpiry
int
0 If set, the `loginExpiry` can force the login cache to expiry after a certain number of days.
showErrors
boolean
false Display plugin loading and authentication errors or just allow debug logs.

EZDRM Anonymous Pre-Authentication

This example provides support for anonymous authentication with EZDRM Pre-Authentication system. For content encrypted with the pre-auth selection in the EZDRM packager tool, this feature will preload a session by providing the supplied pre-auth token and anonymous username and password setup in the members authentication server. This enables a page to be pre-authenticated by requesting a pre-authorize request on the flash access server with a configured anonymous login. The anonymous login will be authenticated by the auth login server.

For the player to be configured for an embedded / configured pre-authorize request the clip property `preauth` is required and the plugin requires to be set to `urlResolvers` to resolve and preload the session before playback.

Note: The anonymous preauth config can be compiled into the plugin on request. 


flowplayer("drmPreAuthPlayer", {src:"http://static.electroteque.org/swf/flowplayer.swf", version: [10, 2]}, {
    plugins:  {


        drm: {
            url: 'http://static.electroteque.org/swf/flowplayer.securedrm-3.2.7.swf',
            username: 'adobe',
            password: 'adobe',
            preAuthKey: 'p3d9v',
            preAuthTimeout: 1

        }

    },
    clip: {
        urlResolvers: 'drm',
        preauth: true,
        accelerated: false,
        autoPlay: false,
        url: "http://static.electroteque.org/videos/BigBuckBunnyPreAuth.f4v"
    },
    log: {
        level: 'debug',
        filter: 'org.flowplayer.rtmp.*, org.flowplayer.securedrm.*,org.flowplayer.controller.*'
    }

});


Configuration:
property / datatype default description
preAuthKey
string
The `preAuthKey` is given by EZDRM on request to be used by the pre-auth service. consider configuring into the plugin.
username
string
adobe The anonymous username to use for authentication with the user authentication server. consider configuring into the plugin.
password
string
adobe The anonymous password to use for authentication with the user authentication server. consider configuring into the plugin.
timeout
int
1 | The timeout in seconds the session request is active for before DRM authentication with the Flash Access server commences.

EZDRM Anonymous Pre-Auth Javascript Plugin

A pre-authentication javascript plugin is available to make a call to the pre-authorize server once the page loads.


flowplayer("drmJsPreAuthPlayer", {src:"http://static.electroteque.org/swf/flowplayer.swf", version: [10, 2]}, {
    playlist: drmPreAuthPlaylist,
    plugins:  {


        drm: {
            url: 'http://static.electroteque.org/swf/flowplayer.securedrm-3.2.7.swf'

        }

    },
    clip: {
        accelerated: false,
        autoPlay: false,
        url: "http://static.electroteque.org/videos/BigBuckBunnyPreAuth.f4v"

    },
    log: {
        level: 'debug',
        filter: 'org.flowplayer.rtmp.*, org.flowplayer.securedrm.*,org.flowplayer.controller.*'
    }

}).preauth({
username: 'adobe',
password: 'adobe',
key: 'p3d9v'
});


Configuration:
property / datatype default description
preAuthKey
string
The `key` is the pre-auth key given by EZDRM on request to be used by the pre-auth service.
username
string
adobe The anonymous username to use for authentication with the user authentication server.
password
string
adobe The anonymous password to use for authentication with the user authentication server.
preAuthTimeout
int
1 The timeout in seconds the session request is active for before DRM authentication with the Flash Access server commences.

More protection

The pre-auth information is exposed in the html which may be undesirable.

The plugin can be compiled on request with a custom list of domains to restrict loading from.

The pre auth information can also be compiled into the plugin on request.