Configuring modern authentication for LPM server

Learn how to configure modern authentication for LPM server

  1. Configure the properties file of the application.

    Note: For more information on authentication settings and values, see Configuring modern authentication for LPM server.

  2. Run the command prompt as an administrator.

    Note: For more information on parameters, see Configuring modern authentication for LPM server.

  3. From the User Account Control window, click Yes.

  4. Navigate to the Email Watcher root directory: <C:\Program Files\Lexmark\Solutions\EmailWatcher\conf_>.

  5. At the command prompt, type EmailWatcher.bat.

    Note: If the standard print feature is enabled, then the default browser is launched. If the default browser is already open, then a new tab is launched.

  6. Type the user ID and password.

    Note: The credentials must be the same as that of the Microsoft Exchange Online mail user.

  7. Click Sign in.

    Notes:
    • If the guest print feature is enabled, then the browser prompts you to enter the credentials of the service account for guest print.
    • After successful authentication, the application continues running in the background.

Lexmark Modern Authentication for LPM server

Setting

Valid values

General

ldd.server=http://<LDD LB Server IP>:<port>

Note: Replace the text in brackets with the actual value.

Standard Print

  • standard.print.enable=<0 or 1>, where 0 is disable and 1 is enable.

  • ldd.profile=mobileprint

Note: Username and password are not required in modern authentication.

Guest Print

  • guest.print.enable=<0 or 1>,where 0 is disable and 1 is enable.

  • ldd.profile.guest=guestrelease

Note: Username and password are not required in modern authentication.

Mail Server

  • mail.type=ews

  • mail.folder=INBOX

  • mail.poll=<frequency to query mailbox for mails, default 60>

  • mail.hideUserAndJobInfo=<0 or 1>

    Note: Set to 1 to hide user info, or 0 to show information in logs.

Exchange Online

  • ews.auth.type=oauth2

  • ews.auth.grantType=auth-code-with-client-id-secret

  • ews.aad.clientId=<client ID of registered application in Azure AD>

  • ews.aad.clientSecret=<client secret of registered application in Azure AD>

  • ews.aad.authority=https://login.microsoftonline.com/<tenant>

  • ews.aad.redirectUri=<redirect URI configured for the registered application in Azure AD. You must specify a port. Example: http://locahost:5000/>

  • ews.aad.scopes=openid offline_access https://graph.microsoft.com/Mail.ReadWrite

  • ews.aad.prompt=login, consent, or select_account

    Notes:
    • Set to login to prompt the user to enter a username and password.
    • Set to consent to prompt the user to grant permission after login.
    • Set to select_account to allow choosing cached user accounts in the default browser. Default: select_account.

  • ews.socket.timeout=<time (in milliseconds) to wait for the user to input and validate their credentials for authentication. Default: 300000>

  • ews.afterLoginMessage.standard=<message to display after log in of service account for standard print functionality>

  • ews.afterLoginMessage.guest=<message to display after log in of service account for guest print functionality>

  • ews.auth.prompt.delay=<delay (in milliseconds) between authentication prompts when both standard and guest print features are enabled>

Parameters

Parameter

Email Watcher service

Behavior

<no parm>

Stopped

Prompts the user to log in, and then starts the service.

start

Stopped

Prompts the user to log in, and then starts the service.

stop

Stopped

Shows message that service is already stopped.

restart

Stopped

Shows message that service is already stopped. The user must log in and start the service.

<no parm>

Running

Shows message that service is already running. The options available are either to start or stop the service.

<no param> then 1. STOP is selected in #5

Running

Stops the service

<no param> then 2. RESTART is selected in #5

Running

Stops the service. The user must log in and start the service again.

start

Running

Shows message that service is already running.

stop

Running

Stops the service.

restart

Running

Stops the service. The user must log in and start the service again.

Sample config_emailwatcher.properties file for Microsoft Exchange Online modern authentication in <LDD-install-path>\EmailWatcher\conf> 

#------------------------------------------------------------------------------
# GENERAL CONFIGURATION
#------------------------------------------------------------------------------
ldd.server=http://<LB Server/LB IP>:9780

#------------------------------------------------------------------------------
# STANDARD PRINT CONFIGURATION
# This is the existing email watcher feature and is enabled by default.
# Do not use the same email account with guest print.
# Do not change the value of "ldd.profile"
#------------------------------------------------------------------------------

standard.print.enable=1
ldd.profile=mobileprint

### Required only if not using Exchange Online.
### "mail.user" and "mail.pw" values will be replaced with encrypted text
### when EmailWatcher service is started. To change either of the values,
### simply replace the encrypted value with the new value. Please make sure
### that the values do not start with "ENC(" end with ")".
mail.user=
mail.pw=

#------------------------------------------------------------------------------
# GUEST PRINT CONFIGURATION
# Using the email service account specified below, EmailWatcher can monitor
# incoming print jobs from guest users. This feature is disabled by default.
# To enable, set "guest.print.enable" to 1. 
#
# Do not use the same email account with standard print.
# Do not change the value of "ldd.profile.guest".
#------------------------------------------------------------------------------
guest.print.enable=1
ldd.profile.guest=guestrelease

### Required only if not using Exchange Online.
### Specify the values for # "mail.user.guest" and "mail.pwd.guest". Values will
### be replaced with encrypted text when EmailWatcher service is started.
### Make sure that the values do not start with "ENC(" and end with ")".
mail.user.guest=
mail.pw.guest=

#------------------------------------------------------------------------------
# MAIL SERVER CONFIGURATION
# Uncomment then provide values for the applicable properties.
# If not applicable, keep it being commented out.
#------------------------------------------------------------------------------
### Specify mail server address for IMAP, POP3, Exchange Premise mail types
### For Exchange Online, value is not required.
mail.server= 
mail.type=ews
#mail.domain=<mail domain>
#mail.ssl=< 0 or 1 >
#mail.port=<mail server port>
mail.folder=INBOX
#mail.ignoreSSLCert=< 0 or 1 >
mail.poll=60
#mail.allowIdle=1  #If  Mail Server supports IMAP IDLE
mail.hideUserAndJobInfo=1
#------------------------------------------------------------------------------
# ADDITIONAL SERVER CONFIGURATION FOR MS EXCHANGE
# Uncomment then provide values for the applicable properties.
# If not applicable, keep it being commented out.
#------------------------------------------------------------------------------
### Authentication types:
###   basic     - For username/password authentication
###   oauth2    - Modern authentication (OAuth 2.0)
ews.auth.type=oauth2

### Authorization flows:
###   auth-code-with-client-id-secret     - OAuth 2.0 authorization code grant type, or auth code flow
ews.auth.grantType=auth-code-with-client-id-secret

### The generated application (client) ID of your registered
### app in Azure Active Directory.
ews.aad.clientId=076c7620-10e8-4418-9592-1f7a1a80868b

### The generated application (client) secret of your registered
### app in Azure Active Directory.
ews.aad.clientSecret=KeX8Q~Xd~wo.49fFqE_a6S.lMn~Pu6tQHhmE-a2c

### Identity platform endpoint to acquire security tokens
### ### For tenant, valid values are common, organizations, consumers, and tenant identifiers.
ews.aad.authority=https://login.microsoftonline.com/12709065-6e6c-41c9-9e4d-fb0a436969ce

### The redirect URI of your app, where authentication responses
### can be sent and received by your app. It must exactly match one
### of the redirect URIs you registered in the portal.
### You must specify a port in the URI. For example: https://localhost:5000/
ews.aad.redirectUri=http://localhost:9991/

### A space-separated list of scopes that you want the user to consent to.
### This value allows your app to get consent for multiple web APIs you want to call.
ews.aad.scopes=openid offline_access https://graph.microsoft.com/Mail.ReadWrite

### Indicates the type of user interaction that is required
### when authenticating the user.
### Valid values: login, consent, select_account
ews.aad.prompt=select_account

### The timeout (milliseconds) to wait for the user to input and validate their
### credentials for authentication.
ews.socket.timeout=300000

### Messages that will be printed in the oauth2 login tab of browser after acquiring the auth code.
ews.afterLoginMessage.standard=Authorization code for Email Watcher Standard Print service account has been successfully acquired. You can now close this tab.
ews.afterLoginMessage.guest=Authorization code for Email Watcher Guest Print service account has been successfully acquired. You can now close this tab.

### The delay (milliseconds) between authentication prompts
### when both standard and guest print features are enabled.
ews.auth.prompt.delay=5000