Authentication at origin

You should configure origin servers, packagers, and encoders to use a shared secret for the security token. If the workflow involves the encoder calling HTTP DELETE on origin for older fragments, you must set the <DeleteSecurityToken> element on the origin servers and the encoder. You must provide the same AES-128 key under Auth/SecurityToken/Key at the origins and packagers.

The following is a sample configuration snippet of stream.xml for a packager module:

....
       <HttpPush>
                 <UseSecurityToken>true</UseSecurityToken>
                 <SecurityTokenKey>4ff4756ed68239d34d482dbc88819abc</SecurityTokenKey>
                 <TargetURL>http://primary-origin1:port/eventX/bitrate_1</TargetURL>
       </HttpPush>
....

Here is the corresponding security token configuration in origin's stream.xml file:

<Config>
 
    <!-- (Optional) Auth security applied to processing inbound PUT/POST/DELETE requests. -->
    <Auth>
        <!-- If the 'SecurityToken' element is present, then an auth test is applied
            to all inbound PUT/POST requests that will check for a valid X-Adobe-HDS
            -Token or X-Adobe-HTTP-Token request header with a valid token value.
            Requests not containing this header or passing an invalid or
            timed-out token value receive an error response of 401 Not Authorized.
            If the <SecurityToken> element is not present, this
            check is not performed. -->

     <SecurityToken>
        <!-- If <SecurityToken> element is enabled, it requires a valid AES-128
             key to use for Token value encryption/decryption, and only Packager(s)
             configures with matching key can write to this Origin. -->
             <Key>4ff4756ed68239d34d482dbc88819abc</Key>
        <!-- Optional 'Timeout' for Token values in seconds. Default value is
             600 seconds (10 minutes). If enabled, this value needs to be applied
             consistently here as well as at the Packager. -->
            
     <Timeout>600</Timeout>
 
       </SecurityToken>
 
        <!-- If the 'DeleteSecurityToken' element is present, then an auth test is
            applied to all inbound DELETE requests that will check for a valid X
            -Adobe-HDS-Token or X-Adobe-HTTP-Token request header with a valid token
            value. Requests not containing this header or passing an invalid or
            timed-out token value receive an error response of 401 Not Authorized.
            If the <DeleteSecurityToken> element is not present, this check is not
            performed. -->
        <!--
        <DeleteSecurityToken>
 
            If <DeleteSecurityToken> element is enabled, it requires a valid AES-128
               key to use for Token value encryption/decryption, and only clients
               configured with matching key can delete from this Origin.
              <Key>4ff4756ed68239d34d482dbc88819abc</Key> -->
 
             <!-- Optional 'Timeout' for Token values in seconds. Default value is
                600 seconds (10 minutes). If enabled, this value needs to be applied
                consistently here as well as at the Packager. -->
          <!-- <Timeout>600</Timeout> -->
 
        <!-- </DeleteSecurityToken> -->
    </Auth>
</Config>