Understanding the BadgeAuth version 2 configuration data for e‑Task 4 and e‑Task 3 printers
Learn about BadgeAuth version 2 configuration data for e‑Task 4 and e‑Task 3 printers.
Login Screen settings
The following settings determine how the login screen is shown to the user:
|
Setting |
Description |
|---|---|
|
Background Transparency |
Determines the transparency of the banner background. |
|
Display Login Text |
Shows the custom login text. To avoid redundancy, disable this setting if the text is included in the login screen image. |
|
Login Screen Text |
The text shown on the login screen. If this setting is not specified, then the default text is used. |
|
Login Screen Image |
The image shown on the login screen. The image must be in GIF format that is 800 x 320 pixels and does not exceed 40KB. If this setting is not specified, then the default image is used. |
|
Login Method |
Determines how users can log in to the printer. Possible values
Note: If a badge is not available, then Manual Login lets users enter their credentials.
|
|
Allow Copy without Login |
Lets users perform a copy job without authenticating. Note: This setting is applicable only to printers that support the copy function.
|
|
Allow Fax without Login |
Lets users perform a fax job without authenticating. Note: This setting is applicable only to printers that support the fax function.
|
|
Custom Profile |
The application or printer function that users can access from the lock screen. The application name is case-sensitive. |
|
Icon Text |
The custom name for the image on the lock screen. |
|
Icon |
The image shown on the lock screen. The image must be in GIF that is 120 x 75 pixels. |
|
Icon when Pressed |
The image shown while the icon on the lock screen is pressed. The image must be in GIF that is 120 x 75 pixels. |
|
Login Text Placement |
The location of the login text. Possible values
|
|
Icon or Text Placement |
The location of the text or icon. Possible values
|
User authentication settings
|
Setting |
Description |
|---|---|
|
Card Validation |
Determines how cards are validated. Possible values
Note: Selecting None lets all users with valid card use the printer.
|
|
Card Registration Access Control |
Determines the access control that is used for card registration. Note: Select None to restrict all users from registering their badge at the specific printer.
To configure access controls, do the following:
For more information on configuring access controls, see the Card Authentication Administrator’s Guide. |
|
Manual Login Access Control |
Determines the access control that is used for manual login. The access control configuration for this method is the same as Card Registration Access Control. Note: Selecting None allows users to log in without a badge.
|
|
Session Access Control |
Determines the access control that is used for a user’s session data. Another printer function, such as Copy, may be set to the same access control, and then get the user information. Select the solution or application number that corresponds to the BadgeAuth or CardAuth security template that is defined when creating an access control. |
|
Admin Login Access Control |
Determines the access control that is used to authenticate administrators. Note: Selecting Disabled prevents the Admin Login button from appearing on the lock screen.
|
Advanced Settings
|
Setting |
Description |
|---|---|
|
Show Registration Intro Message |
Prompts users to register their badge before prompting them to enter their user ID. If disabled, then this setting prompts users to enter their user ID automatically. |
|
Show Registration Finished Message |
Informs users whether the badge registration is successful before redirecting them to the printer home screen. If disabled, then this setting redirects users to the home screen automatically. |
|
Enable Beep for Successful Login |
Enables a sound when the badge reader reads a badge successfully. |
|
Beep Frequency |
The sound frequency of the printer beep when a badge is read successfully. |
|
Login Profile |
The profile that is launched automatically after a successful login. |
|
Use Selected Realm |
Adds the selected realm during registration and when users log in manually. For example, userid@realm. The feature is applicable only if the login methods for card registration and manual login are Kerberos, Active Directory, or LDAP+GSSAPI. For card registration, if this feature is enabled, then the badge ID that is registered is in username@realm format. For manual login, if this feature is enabled, then the username shown in the printer control panel is in username@realm format. Note: This setting is not applicable when logging in or registering using a PIN.
|
Web Service settings
If Card Validation is set to Web Service, then the following are used to communicate to the web server:
|
Setting |
Description |
|---|---|
|
Server URL |
The web service address used to register and to validate the badge ID. Notes:
|
|
Registration Interface |
Determines the Web Service call version to use for badge registration. Possible values
The default value is Version 1. Version 2 adds tracking to the IP address and host name of the printer used to register the badge. Note: Version 2 is applicable only to Print Release version 2.3 and later.
|
|
Lookup Interface |
Determines the Web Service call version to use for badge lookup. Possible values
The default value is Version 1. Version 2 adds tracking to the last time that the badge is used and from what printer. Note: Version 2 is applicable only to Print Release version 2.3 and later.
|
Configuring the Identity Service settings
-
From the Embedded Web Server, navigate to the configuration page for the application.
-
From the User Authentication section, set Card Validation to Identity Service.
-
From the Identity Service Settings section, set the identity service provider address to https://serverIP/idm, where serverIP is the IP address of the LPM server.
-
If the LPM server is configured with SSL, then set the badge service provider address to either of the following:
-
https://serverIP/lpm
-
https://serverIP:9780/lpm
Where serverIP is the IP address of the LPM server.
-
-
Set Client ID to esf-cardauth-app.
Note: You can update the client ID. -
Set Client Secret with the value from <install‑Dir> \Lexmark\Solutions\apps\idm\WEB-INF\classes\idm‑production‑config.properties file, where <install‑Dir> is the installation folder of LDD.
Note: You can update the client secret. -
Set Card Registration to Identity Service.
-
Set Manual Login to Identity Service.
-
Click Save.
PIN settings
|
Setting |
Description |
|---|---|
|
Web Server Address |
The server address where the PIN is stored. Use the following format for its value: https://LBaddr/api/1.0 Where LBaddr is the host name or IP address of the LDD load balancer server. Notes:
1.0 is used for the LPM server to determine whether the Card Authentication PIN feature is used.
|
|
Minimum PIN Length |
The minimum required PIN length for registration or update. The default value is 4, but the supported range of values is from 4 to 16. Make sure that the value is consistent with the LPM administrator portal PIN settings. |
|
Invalid PIN Length Error Message |
The custom error message that appears when the PIN is entered does not meet the PIN length requirement during PIN registration or update. The minimum number of characters is 0, and the maximum number of characters is 256. |
|
Invalid PIN Error Message |
The custom error message that appears when an invalid PIN is entered. The minimum number of characters is 0, and the maximum number of characters is 256. |
LDAP settings and LDAP Server Setup
|
Setting |
Description |
|---|---|
|
Use Address Book |
Uses the LDAP settings configured in Address Book. The LDAP settings must be specified for single‑function printers. |
|
Server Address |
The host name or IP address of the LDAP server. |
|
Server Port |
The port number used to communicate with the LDAP server. Common possible values
|
|
Use SSL |
Uses SSL for communication. |
|
Search Base |
The directory where the LDAP search begins. |
|
Login username |
The service account name used for logging in to the LDAP server. If this setting is not specified, then anonymous bind is performed. |
|
Login Password |
The service account password used for logging in to the LDAP server. |
LDAP Attributes
The following LDAP attributes must be specified:
|
Setting |
Description |
|---|---|
|
User ID |
The user’s Windows user ID. For Active Directory, this setting corresponds to samaccountname. |
|
Badge ID |
The user’s badge ID. This setting is used only when Card Validation is set to LDAP. |
|
User Information |
A comma-separated list of user attributes. This list is queried after the user has authenticated. |
Home Screen settings
The following settings determine how BadgeAuth interacts with the printer home screen after a user has logged in:
|
Setting |
Description |
|---|---|
|
Display username |
The format of the username. Possible values
Note: The User ID LDAP attribute must match the results of the badge lookup.
|
|
Username Format |
If Display username is set to None, then this setting determines how the format of the username is shown in the status window. Type %u for the username. |
|
Use Home Screen Logout |
Shows an icon for logging out on the printer home screen. |
|
Badge Logout Delay |
The length of time in seconds before the printer registers a succeeding tap as a logout. The default value is 2 seconds. |