
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Qlik NPrinting SAML authentication with Azure
Apr 12, 2022 5:24:36 AM
Jul 2, 2019 9:42:11 AM
This article explains how to implement SAML for NPrinting with Azure as the IdP.
Environments:
To implement Azure SAML in Nprinting, the following needs to be done:
- Create your own application in Azure from this menu and choose a name for it.
-
Generate a Metadata XML file
Federation Metadata XML: Download - Configure SAML in NPrinting and upload your metadata file
See instructions on the following link: Confguring SAML
Below is an example of a working metadata file with only the needed fields, the simpler is to copy the corresponding elements (Azure EntityID, certificate for signing, SingleSignOnService for HTTP-POST and HTTP-Redirect) from the IdP metadata file downloaded from Azure and paste it into the corresponding parts of the code.
Then save the file as .xml and upload it to NPrinting:<?xml version="1.0"?> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://sts.windows.net/b26e23cf-787a-40e8-9d17-f0c9f9ad0821/"> <IDPSSODescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIC8DCCAdigAwIBAgIQFUUu6ZQHg5FJ...Ud8tf9A/4A6+2SZm34gf8gcVPTXT/a</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </KeyDescriptor> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.microsoftonline.com/b26e23cf-787a-40e8-9d17-f0c9f9ad0821/saml2"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://login.microsoftonline.com/b26e23cf-787a-40e8-9d17-f0c9f9ad0821/saml2"/> </IDPSSODescriptor> </EntityDescriptor>
Alternatively, when you upload the Azure metadata file as is to NPrinting, check the Webengine log file to remove unwanted tags from the Azure metadata file (As there are many tags that are not supported by Azure, it may take some time) - In Azure, configure your Enterprise application created in step 1
The fields that need to be filled in on the Azure side are the 2 below, others are optional.
Identifier (Entity ID): The Entity ID set up in NPrinting in step 3
Reply URL (Assertion Consumer Service URL): The correct value can be found in the SP metadata file downloaded from NPrinting - Make sure you give the correct permissions to the Azure AD users you want to authorize to connect with SAML
The settings is now completed and SAML authentication should work.
Potential Troubleshooting Steps
- Remember that the user that logs in must already exist in NPrinting identified by either his email address or DOMAIN\Username (Based on the settings in step 3).
If the authentication fails, the error will be logged in the web engine logs in C:\Programdata\Nprinting\Logs\. - If issues are found with the implementation, among other reasons the following may be related:
- The email address attribute needs to be the full URL path, not just “emailaddress”
- The XML from AD/idp needs to have reference to only one certificate
- Irrelevant information in the XML from the idp needs to be removed as NP does not support and can cause errors.

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
hi @Sonja_Bauernfeind , can we use Qlik enterpirse application for Nprinting SAMLSSO ? thanks much

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello @surya_30
Do you mean if you can use Qlik NPrinting with Qlik Sense Enterprise (on-premise) while Qlik NPrinting is configured to use SAML for authentication to its admin panel?
This configuration does not affect the communication between the services (Sense/NPrinting).
All the best,
Sonja

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello @surya_30
This is not related to Qlik NPrinting. I believe what you are showing here is the Azure AD gallery which lists all the applications Azure has made a template available for deployment.
See Qlik Sense and Azure AD for more information regarding Qlik Sense with Azure AD.
All the best,
Sonja

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
In Your example, you have used Non-Gallery application. There is something called Qliksense Enterprise Client Managed. I use this for the SAML SSO on Qliksense applications, I want to know if this can be used for Nprinting,
Because in your example the SIG in URL is optional but here it is mandatory and I am not sure what should be used for attributes in Nprinting

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello @surya_30
Thank you, this clarifies the question. I do not believe we have Qlik NPrinting submitted to the Azure gallery. As for your follow-up question, let me reach out to a subject matter expert to find the answer for you.
All the best,
Sonja

- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello @surya_30
To clarify: You cannot use the template for Qlik Sense Enterprise from the Azure AD Gallery to apply it to Qlik NPrinting. A manual setup is required.
The signon URL can be either Qlik NPrinting console or Qlik NPrinting NewsStand URL.
Should you require more assistance on setting this up, I recommend placing your query in our Qlik NPrinting forum.
All the best,
Sonja