About
How does KAF work?
KAF components are embedded as responsive iFrames, ensuring they display well on any device. These components use Kaltura APIs to display, add, or update content based on the component’s functionality, with the content rendered in HTML so users can interact with it directly within the integrated application.
Authentication and authorization
To use a KAF component, an authentication process identifies the user and their permissions. KAF supports two main authentication methods:
KS-based SSO (Single Sign-On): Uses a Kaltura Session (KS) token to identify the user.
LTI Authentication: Typically used for LMS integrations.
Generating a Kaltura Session (KS) for SSO
To authenticate users, KAF uses a security token called a KS (Kaltura Session). You can generate a KS using Kaltura API Client libraries with a method called generateSession (or a similar function depending on the programming language). This method includes user information, session details, and specific privileges needed for the session.
Below is an example of generating a session in PHP using the client library:
$client->generateSessionV2( $adminSecret, $userId, $sessionType, $partnerId, $expiration, $privileges );
The following explains the parameters expected by the 'generateSession' method:
- Admin Secret - The admin secret of the Kaltura account, found in the KMC under Settings > Integration settings.
- User ID - The unique ID of the user for whom the KAF component will be displayed.
- Session Type - Type of Kaltura Session. For KAF integration, this must be set to USER.
- Partner ID - The Kaltura account ID, found in the KMC under Settings > Integration settings.
- Expiration - Duration of the KS in seconds, usually set to up to 60 seconds for KAF.
- Privileges - Comma-separated list of privileges. Some privileges are of type key-value pairs, represented as key:value. For maximum security, use actionslimit:-1 to prevent unauthorized API calls.
Here’s an example for generating a KS and rendering an iFrame with the KAF component:
// prepare privileges $privileges= array(); $privileges[] = "actionslimit:-1"; $privileges[] = "firstName:John"; $privileges[] = "lastName:Doe"; $privileges[] = "role:viewerRole"; // transform array privileges to string $privilegesStr = implode(",", $privileges); // prepare additional parameters $adminSecret = "-the-string-you-copied-from-kmc-"; $userId = "john.doe"; $partnerId = 12345; // generate the KS using all the above parameters $ks = $client->generateSessionV2( $adminSecret, $userId, KalturaSessionType::USER, $partnerId, 20, $privilegesStr ); // build iFrame URL with KS $iframeUrl = 'https://url.to.kaf.com/hosted/index/my-media/ks/' . $ks; // render iFrame to page echo '<iframe src="' . $iframeUrl . '"></iframe>';
Privileges for KAF components
Each KAF component may require specific privileges based on the functionality it provides. To view detailed information on required and optional privileges for each component, refer to the KAF Integration Demo. You can select any KAF widget (endpoint) and simulate its behavior based on the privileges you set.
Roles and permissions for KS-based SSO
KAF uses two types of roles:
Applicative Role: Determines what the user can do within KAF, such as uploading content.
Contextual Role: Defines what a user can do in specific contexts, for example, managing a gallery.
When configuring a KS for KAF components, specify the user’s applicative role and, if needed, the contextual role.
In the example below:
- The applicative role of the user is adminRole. The adminRole user can upload and publish content in different contexts (galleries).
- The contextual role of the user is manager of that gallery, and is given some capabilities that are only allowed for this role.
Contextual role values are the available constants of KalturaCategoryUserPermissionLevel
$privileges= array(); $privileges[] = "actionslimit:-1"; $privileges[] = "firstName:John"; $privileges[] = "lastName:Doe"; $privileges[] = "role:adminRole"; $privileges[] = "userContextualRole:0"; ... // build iFrame URL with KS $iframeUrl = 'https://url.to.kaf.com/hosted/index/course-gallery/ks/' . $ks; ...
Key components
Media Gallery
The Media Gallery is a shared video library within a course, accessible to faculty and students. Users can contribute media from My Media, another Media Gallery, or a Shared Repository, depending on their permissions. It allows users to publish and engage with content by watching, searching in-video, commenting, liking, adding to playlists, and, if permitted, uploading new content or moderating the gallery.
Below is an example of a Media Gallery with the Theming design system enabled:
My Media
My Media serves as a personal library for users to manage all the media they’ve uploaded or created over time. This space is private, displaying only content owned by the individual user. From My Media, users can publish media in channels or courses to share it with students or colleagues. They can easily organize and manage their media using features like media cards, search and filter options, and bulk actions. Additionally, users can collaborate by adding others to their media, view analytics, search metadata and captions, and publish to specific galleries or playlists according to their permissions.
Below is an example of My Media with the Theming design system enabled:
Browse, search and embed
The Browse, search and embed tool allows users to embed media in announcements, assignments, discussions, forums, and more within their LMS course. It is accessible within the rich-text editor. For more details, see Embedding Kaltura media.