Feature #151

Updated by Lionel Martin almost 8 years ago

The objective is for the Virtual Printer to delegate the security to an external program. The return of this external security will be a token that will be sent and validate server side.

h2. Functionnality:

Instead of asking for a login and password, the VP will run an external program that will handle authentication.
The Virtual Printer is run in a user session on the Operating System, so the external program will have access to the user session information in the Operating System.
For example, for SAML authentication, the external program will authenticate the user, and return a SAML token to the Virtual Printer.

h2. Configuration:

The external program will have to be bundled and installed with the Virtual Printer, in the same directory as the Virtual Printer. The name of the program will be configured in the config.txt file. So it will be fixed for a given Virtual Printer installer.
The external program will be run by the Virtual Printer with the parameters configured for it in the directory, and with a last parameter that will be the path to the file in which the external program will write the token. The file will be created by the Virtual Printer prior to the call to the external program, with a size of 0.
The external
program will have to return a code of 0 in case of authentication success (in which case the file with the token should not be empty), or a non 0 code in case of error.
The following list of pre-defined codes will have a particular impact on the Virtual Printer:
* 1: authentication failed. The Virtual Printer will display a pre-defined error message and stop.
* 2: canceled by user. The Virtual Printer will stop without displaying any message.

For all other error codes, the external program will have to handle them and display messages as appropriate. The Virtual Printer will only display a generic pre-defined error message.

In the DIRECTORY, there will be 2 new settings:
* a new flag USE_EXTERNAL_AUTH will tell the Virtual Printer if it should use its associated external program. If it does not have one, an error message will be displayed and the Virtual Printer will stop.
* Another settings EXTERNAL_AUTH_PARAM will contain parameters that will be passed to the external program. The parameters will be passed as is, except for %*% variables that will be replaced by the Virtual Printers with the value of the variables. The available variables will be defined later.

h2. Execution

When the DIRECTORY is configured with the flag to use external security, the Virtual Printer will run the external program with the parameters.
In case of success, it will read the token from the file passed as parameter to the external program, then encode it in Base64, and send it as in the POD_TOKEN parameter to the authentication request to POD for upload. The parameter will be with the other parameters in the content of the request.
If portal session required, the Virtual Printer will resend the same encoded token (in the same parameter) for the portal session. It will not call the external program a second time.

Back