Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Apr 12, 2022 5:24:36 AM
Jul 2, 2019 9:42:11 AM
This article explains how to implement SAML for NPrinting with Azure as the IdP.
Environments:
To implement Azure SAML in Nprinting, the following needs to be done:
- Create your own application in Azure from this menu and choose a name for it.
-
Generate a Metadata XML file
Federation Metadata XML: Download - Configure SAML in NPrinting and upload your metadata file
See instructions on the following link: Confguring SAML
Below is an example of a working metadata file with only the needed fields, the simpler is to copy the corresponding elements (Azure EntityID, certificate for signing, SingleSignOnService for HTTP-POST and HTTP-Redirect) from the IdP metadata file downloaded from Azure and paste it into the corresponding parts of the code.
Then save the file as .xml and upload it to NPrinting:<?xml version="1.0"?> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://sts.windows.net/b26e23cf-787a-40e8-9d17-f0c9f9ad0821/"> <IDPSSODescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIC8DCCAdigAwIBAgIQFUUu6ZQHg5FJ...Ud8tf9A/4A6+2SZm34gf8gcVPTXT/a</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </KeyDescriptor> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/b26e23cf-787a-40e8-9d17-f0c9f9ad0821/saml2"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/b26e23cf-787a-40e8-9d17-f0c9f9ad0821/saml2"/> </IDPSSODescriptor> </EntityDescriptor>
Alternatively, when you upload the Azure metadata file as is to NPrinting, check the Webengine log file to remove unwanted tags from the Azure metadata file (As there are many tags that are not supported by Azure, it may take some time) - In Azure, configure your Enterprise application created in step 1
The fields that need to be filled in on the Azure side are the 2 below, others are optional.
Identifier (Entity ID): The Entity ID set up in NPrinting in step 3
Reply URL (Assertion Consumer Service URL): The correct value can be found in the SP metadata file downloaded from NPrinting - Make sure you give the correct permissions to the Azure AD users you want to authorize to connect with SAML
The settings is now completed and SAML authentication should work.
Potential Troubleshooting Steps
- Remember that the user that logs in must already exist in NPrinting identified by either his email address or DOMAIN\Username (Based on the settings in step 3).
If the authentication fails, the error will be logged in the web engine logs in C:\Programdata\Nprinting\Logs\. - If issues are found with the implementation, among other reasons the following may be related:
- The email address attribute needs to be the full URL path, not just “emailaddress”
- The XML from AD/idp needs to have reference to only one certificate
- Irrelevant information in the XML from the idp needs to be removed as NP does not support and can cause errors.
In Your example, you have used Non-Gallery application. There is something called Qliksense Enterprise Client Managed. I use this for the SAML SSO on Qliksense applications, I want to know if this can be used for Nprinting,
Because in your example the SIG in URL is optional but here it is mandatory and I am not sure what should be used for attributes in Nprinting
