Special configuration

Kopano Meet configuration is done via REST config API. An example what this API needs to provide can be found in the config.json.in example which you find in the sources if Kopano Meet. Kopano Meet loads the config endpoint on startup from /api/config/v1/kopano/meet/config.json. The location on disk Kopano Web serves this file is /usr/share/kopano-kweb/www/config/kopano/meet.json.

Configuring the applications grid in Kopano Meet

By default Kopano Meet shows all applications known to the Kopano REACT UI component library, which currently also includes unreleased applications, not yet available to the public. Below are the currently possible values, to hide one of the entries simply remove the line from the file.

"apps": {
  "enabled": [

Enabling guest users for Meeting rooms

Available starting with Kopano Meet 0.18.0.

Kopano Meet supports the possibility to invite external users (which do not have a user account of their own and therefore can’t login through Konnect) into dedicated Meeting rooms. These rooms can be identified by their url.

The following components need to be available and configured to allow external users:

  • Kopano Konnect (minimal required version >=0.20.0)
  • Kopano Kwmserver (minimal required version >=0.15.1)
  • Kopano Meet (minimal required version >=0.18.0)

Configuring Konnect for guest users

For the guest mode to work the administrator has to register Meet as a client inside of Kopano Konnect. This registration is necessary since guests require additional scopes as well has a JSON Web Key (JWK) so that Konnect can perform the actual login for the guests.

Generating Keys

Before adding the key to the client registry a new ECDSA key needs to be generated.

$ openssl ecparam -name prime256v1 -genkey -noout -out ecparam.pem
$ openssl ec -in ecparam.pem -out meet-kwmserver.pem

The pem encoded EC PRIVATE KEY part from meet-kwmserver.pem now needs to be converted into a JSON Web Key (JWK). For convenience a helper utility is included for this within Kopano Konnect.

$ kopano-konnectd utils jwk-from-pem --yaml meet-kwmserver.pem
crv: P-256
d: mr9hsFCC8q4v4I4Yv1HHSUoU2ax4X_vRKm60CkLb8XE
kid: meet-kwmserver
kty: EC
use: sig
x: 3h9BEMjO0CSP1vILZrT8ALN1XLp3B4F9q26HKghiqns
"y": pBnvjxvEFIymNB82xeQFNkpo01jxEprEPmxxdx1DS74


When running kwmserver and konnect on different systems or when the principle of least knowledge should be applied, then two “registration.yml” should be created. One with the private key for kwmserver and one with the public key for konnect. A public key can be generated by running openssl ec -in ecparam.pem -pubout -out meet-kwmserver-public.pem

Konnect Client Registry

In below example registration file (expected location for this file is /etc/kopano/konnectd-identifier-registration.yaml, does not exist by default) the value kopano.dev needs to be replaced with the actual FQDN. Additionally the value below keys: needs to be replaced with the locally generated JWK.

- id: kpop-https://kopano.dev/meet/
  name: Kopano Meet
  application_type: web
  trusted: true
  - https://kopano.dev/meet/
  - konnect/guestok
  - kopano/kwm
    - kty: EC
      use: sig
      crv: P-256
      d: mr9hsFCC8q4v4I4Yv1HHSUoU2ax4X_vRKm60CkLb8XE
      kid: meet-kwmserver
      x: 3h9BEMjO0CSP1vILZrT8ALN1XLp3B4F9q26HKghiqns
      y: pBnvjxvEFIymNB82xeQFNkpo01jxEprEPmxxdx1DS74
  request_object_signing_alg: ES256

Konnect configuration

Now that we have generated our client registry we can configure Konnect to use it, as well as make the other required changes for the guest mode.

The following values need to be adapted in /etc/kopano/konnectd.cfg:

  • Uncomment identifier_registration_conf and make sure it points to the registry created above, e.g.: - identifier_registration_conf = /etc/kopano/konnectd-identifier-registration.yaml
  • uncomment and switch allow_client_guests to yes - allow_client_guests = yes

On restart of Konnect the following log line will indicate that Konnect is now configured to enable guest users for Meet:

time="2019-03-28T09:29:14Z" level=info msg="identity guest manager set up"

Configuring Kwmserver for guest users

Kwmserver also needs to be made aware the guest mode and Meet as a registered client. Luckily the same file already configured in Konnect can simply be reused in Kwmserver.

The following values need to be adapted in /etc/kopano/kwmserverd.cfg:

  • uncomment and switch enable_guest_api to yes: - enable_guest_api = yes
  • uncomment registration_conf and point it to the same file as previously done in Konnect: - registration_conf = /etc/kopano/konnectd-identifier-registration.yaml
  • uncomment and configure the name prefix for guest channels. The below setting will make all rooms starting with group/public rooms that guests can join: - public_guest_access_regexp = ^group/public/.*

Configuring Meet for guest users

Last but not least we need to make Meet aware of the guest functionality as well. This happens in the config.json files that is loaded at startup by Meet.

As previously explained Kopano Web serves this file from /usr/share/kopano-kweb/www/config/kopano/meet.json (if it does not yet exist it can be copied from the example directory at /usr/share/doc/kopano-meet-webapp/config.json.in). To enable the guest mode modify the below block so that it reads "enabled": "true":

  "guests": {
    "enabled": "true"

Using the guest mode

With the above configuration users can now create rooms where external users can join existing calls. To create such a room the user has to:

  • click on the “new call button”
  • in the dialogue followed by this click on “new public group”
  • choose a name that starts with “public/”, like for example “public/customer-a”
  • after the groups has been entered, click on “share group”

Enabling screensharing

Available starting with Kopano Meet 0.19.0.

Screensharing is automatically enabled once a browser with support for the “Screen Capture API” is detected.

Supported browsers include:

  • Google Chrome >=72
  • Mozilla Firefox >= 66
  • Kopano DeskApp >=2.2.3