Skip to main content
Deutsch Español Français 日本語 简体中文 繁體中文

Search

Articles in this section

See more

Print Portal Single Sign-On User Authentication

Alessandro De Vittorio

BarTender Content Team

  • Updated

Overview

Authentication is the act of validating that users are who they claim to be. The most common and simplest example of authentication is using a username and password to access an application.

This article describes how to enable authentication. In addition, this document provides steps for configuring Print Portal to automatically sign on by using Windows credentials.

Applicable to

BarTender Print Portal

BarTender 2021

Enterprise Edition only for BarTender 2022 and later 

Information

Enabling Authentication

By enabling authentication, we can protect our Print Portal website from anonymous access. Anyone who wants to access the web application will first have to go through to the login page where they can enter their credentials. 

mceclip0.png

To restrict website access by authorization:

  1. Access the Print Portal web page and click on the Administrative Setup hyperlink on the top right corner in the navigation menu.
  2. Under the Advanced property > Security, click to select the Enable Authentication check box.
  3. Once enabled, the Sign In form will be served before access to home page both when using HTTP and HTTPS connections to the Print Portal.

Setting up Single Sign-On Using Active Directory With ADFS

In addition to the user authentication, you can also use Single Sign-On to automatically authenticate your users into the Print Portal web page. Single sign-on (SSO) authentication (with ADFSis now supported in BarTender 2021 and later.

Active Directory Federation Services (ADFS) is a single sign-on solution developed by Microsoft. The AD FS role service can be installed on Windows Server operating systems. You can set up single sign-on using ADFS to provide your company’s clients, partners or vendors access to multiple resources throughout the organization, (e.g. BarTender Print Portal) with one set of login (username and password) and without being prompted for additional credentials.

Slide1.JPG

This multi-part guide will walk you through configuring single-sign-on using Microsoft ADFS to allows users access Print Portal with a single login.

It is broken down into the following parts:

 

Part 1 - Requirements

Before starting you need to install and deploy the AD FS service role on your server. However, please note that configuring and installing ADFS is beyond the scope of this guide.

Make sure that the BarTender Print Portal website uses HTTPS connection. An HTTP binding will not work. ADFS requires that the relying party trust, from where it can expect requests to come from, uses a secure URL. For more information on how to enable HTTPS in Print Portal, click here.

 

Part 2 - Turn on Windows authentication IIS feature in Windows

Perform the following on the Print Portal Web Server.

For security reasons, the Windows Authentication feature in IIS is turned off by default. To enable
this feature, follow these steps in Windows:

  1. Right-click the Start button, then click Control Panel.
  2. Under Control Panel>Programs and Features, click Turn Windows features on or off.
  3. Under Internet Information Services>World Wide Web Services>Security, select Windows Authentication.

mceclip4.png 

 

Part 3 - Enabling Windows authentication in IIS

Perform the following on the Print Portal Web Server.
  1. Hit Windows key and type Run
  2. In the Search box, type "inetmgr" and press ENTER.
  3. In the Internet Information Services (IIS) Manager under Connections>[your Print Portal Server name]>Sites>Default Web Site>BarTender, double-click the Authentication icon from the BarTender Home page.

mceclip3__1_.png

  1. Use the Actions menu (right pane) to make the following changes:
    • Set Anonymous Authentication to Disabled.
    • Set Windows Authentication to Enabled.

mceclip4__1_.png

Part 4 - Register Print Portal with AD FS

Perform the following on the AD FS Server
  1. Run the AD FS Management console and open the server's Add Relying Party Trust Wizard.
  2. Select the Enter data about the relying party manually option. 
  3. Click Next.

mceclip0.png

  1. Enter a display name for the relying party (e.g. Print Portal Login). 
  2. Click Next.
  3. Do not set an encryption token and click Next.
  4. Enable support for WS-Federation Passive protocol, and then enter the root URL of Print Portal as the relying party protocol URL.  The relying party URL should be the URL where AD FS sends the SAML response after authenticating the user. 
  5. Click Next through the rest of the wizard and Close at the end.
This must be an HTTPS URL.

2020-05-05_23_52_07-Window.png

  1. In the left pane of the AD FS Management console, select Relying Party Trusts.
  2. In the center pane, select the relying party trust that you created for Print Portal.
  3. Next, in the right pane, click Edit Claim Issuance Policy.

mceclip2.png

  1. In the Add Transform Claim Rule Wizard, leave the default Send LDAP Attributes as Claims template selected, and click Next.
  2. Select Add Rules from the Edit Claim Rules dialog.
  3. Add a rule mapping the SAM-Account-Name LDAP attribute to the Name ID outgoing claim. 
  4. Click Finish.

2020-05-06_00_07_39-Window.png

Part 5 -Editing the Print Portal Configuration File

Perform the following on the Print Portal Web Server.

Stop the application pool:

  1. Open the IIS Manager.
  2. In the Connections pane, expand the server node and click Application Pools to display all Application Pools.
  3. On the Application Pools page, select the BPP_AppPool.
  4. Click Stop to stop the application pool.
  5.  

mceclip2.png

  1. Make sure that the website is configured to use an HTTPS binding (See above - Part 1 - Requirements).
  2. Edit the application's settings.xml file:
    1. Go to the main BarTender Print Portal Installation Folder. By default is is: 
      C:\inetpub\wwwroot\BarTender
    2. Find and open the file the settings.xml.
    3. Edit the file as follows:
      • In the Authentication node, make sure that Enabled is set to true.
      • Change Mode to ADFS.
      • Provide the metadata address that corresponds to the ADFS server:
MetadataAddress

The AD FS web service metadata endpoint. Use a valid, accessible, and complete URI, in the following format:

https://<AD FS>/FederationMetadata2007-06/FederationMetadata.xml.

Replace <AD FS> with an accessible AD FS fully qualified domain name of the federation service.
      • Enter the root Print Portal URL in the RelyingPartyURL field. This URL must exactly match the URL that you configured in the AD FS Add Relying Party Trust wizard.

mceclip1.png

  1. Start the BPP_AppPool application pool.

More Information

If you are using Mozilla Firefox as your browser, you need to make a configuration change to automatically pass Windows credentials. For more information, click here.

Related articles