Getting started with SavaPage: questions and answers

Hello,

I’m interested in using KeyCloak (see keycloak dot org) for SSO. I’ve already configured my KeyCloak and SavaPage instances to source their users from the same OpenLDAP server. Now I’m struggling to figure out how to configure the SavaPage User Login page to list my KeyCloak as a Login Provider.

I’ve found the OAuth plugins, but as far as I can tell only Azure, Google, and SmartSchool are supported. However, the manual does seem to hint that arbitrary OAuth providers can be used for SSO.

Can you point me in the right direction?

Will I need to write my own implementation KeyCloakOAuthPlugin that implements OAuthClientPlugin? I wasn’t able to determine where OAuthClientPlugin was defined.

Thanks!

PS. Also, thanks for the excellent product. Really great work!

Hi @MetaFight, Welcome to SavaPage and thank you for pointing out the Open Source Keycloak OAuth solution. Synchronizing both Keycloak and SavaPage with your OpenLDAP server is indeed a prerequisite for Keycloak OAuth to work. Indeed, savapage-ext-oauth is the right place to find out that the Keycloak OAuth client was missing.

Since it is quite easy to add OAuth providers, I just created KeycloakOAuthPlugin.java with the savapage-ext-oauth-keycloak.properties.template. They are ready to test in SavaPage Release Candidate 2020-10-04 or later (see this issue).

Can you please reply to this post about OAuth to share your test results? Of course, pull requests for the Java code are welcome as well. Good luck!

I have a mostly working Docker setup. It would work fine as a way to trial the software, but it’s not production ready since I couldn’t get the Avahi stuff working.

Once I have a bit more time I’ll anonymise it (remove traces of my org and its credentials!) and send it your way.

Hey Rijk, I am looking for a solution to connect our web app to our local printer. Is it possible to install SavaPage on a PC or a raspberry pi that is connected to the local printer and then trigger to print PDFs via API call? Thanks, Dominik

@MetaFight That’s great. Please keep me posted. Nice to learn something new :slight_smile:

Hi @Dominik. Welcome!

If SavaPage Server Requirements are met, it is feasible to install SavaPage on a Raspberry Pi. Please reply to this post to ask questions and share your findings.

SavaPage has a RESTful API. Feedback based on real world use is greatly appreciated. So your question is right on target.

To get a feel you can use the POST /documents/print API from your web application. This uploads a Standard File Type document to SavaPage, after which it can be previewed in the User Web App. At this point you can manually select a proxy printer to print the captured document.

A RESTful API to upload a Standard File Type document for proxy printing is not present yet, but could be implemented if needed. In that case the proxy printer ID and printing options like number of copies, single/double sided, color/grayscale, should be passed. Please reply to this post to discuss your requirements.

Thank you for the quick answer, Rijk. We would have to implement an API for proxy printing, since we will be printing hundreds of documents and could not manually select a proxy printer every time. Would we have to implement the API ourselves? What effort do you estimate for this implementation?

Hi @Dominik,

Implementing extra API services is done by Development Partners. In this case I would be the developer.

I suggest discussing the details and timing of your requirement in a separate channel and then reporting conclusions in response to this post. Could you please email me at support@savapage.org ?

P.S. Organizations who intend to use SavaPage in a commercial/educational production environment are invited to join as Community Resident by subscribing to the software.

About Mail Print …
How it suppose to work? … How i select target printer … how often savapage check mails

Hi @savanon , welcome to SavaPage!

Mail Print prints to SavaPage, not to a physical (target) printer. Read the What is SavaPage introduction to get an idea about the print work-flow. SavaPage listens for incoming mail continuously, so there is minimal latency between sending the email and processing it. Once the mail printed document is visible in the User Web App you can Select a Printer to print it to.

Ok, thanks for quick answer.
Actually I’m looking for a solution where users just go to webpage, select printer and Drag’nDrop the document to the page and that’s it. So no logins or anything “extra”, we don’t need that stuff.
I thought that maybe I can do that with a little modified savapage, but maybe not.

regards H

@savanon This sounds like an anonymous, no-threshold, no-privacy, no-cost, no-audit print scenario :slight_smile: I’m not sure if SavaPage can be of help here. If you want to share more details about your requirements, please do so by sending an email to support@savapage.org .

Hi

Savapge helped me to figure out things with file conversions. Now we are making a PHP-page which will do the job. So thanks a lot :slight_smile:

Hi,
I’ve got a problem with logging to WebApp, I’ve set up Users from AD, they got synchronized without any problems. When I try to log in, I’ve got a warning User WebApp Login: password from “username” is invalid.
Any help would be much appreciated.

BR
Mark

Hi @mvd , Welcome!
Are you absolutely sure that “username” is part of the Users list in the Admin Web App? Mind you, the Active Directory username is converted to lowercase when synchronized with the SavaPage database. Is there another username you can successfully login with? If so, can you spot the difference in AD?

Hi @rijkr, thank you, glad to be here. Unfortunately I can’t log in with any of users, as I understand username is sAMAccountName and when I go to user section->information-> it’s in the bold on top of the card and it’s the right AD username.

@mvd The first step for user authentication is retrieving the user by “username”. Since you were able to synchronize Active Directory users with SavaPage I assume this step succeeds. To be sure, check for messages in /opt/savapage/server/logs/server.log

If the user is found, the next step is to create an LDAP context with the following Security properties:

  • Principal : user DN as retrieved in the first step.
  • Level : “simple”.
  • Credentials: clear-text password.

If creation of this context succeeds the user is considered “authenticated”. If not, the username/password combination is considered invalid.

Because you are not able to authenticate any user, it could be that your AD does not support a “simple” security level. Alternatives are “none” and “strong”, but both are not supported by SavaPage right now. A “strong” security level will probably involve more advanced Credentials. Please let me know if your AD imposes specific requirements in that regard.

@rijkr as it comes to AD when I tick “Use SSL” and use Port 636 I get
test] Starting user synchronization…
[test] User synchronization error: simple bind failed: 10.10.160.151:636 [PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target].
without SSL it synchronize fine. I did some test with LDAP Browser and I can connect to LDAP with SSL/636 without a hassle.

@mvd Could it be that your AD uses a self-signed certificate? In that case you need to tick the “Trust Self-Signed Certificate” checkbox in the User Source - LDAP section.

First, I’d like to say SavaPage is simply AMAZING. I’m blown away by this project and the capabilities it comes with out of the box.

I was able to set it up relatively easily. My Macs and Windows machines also automatically detect SavaPage as a printer on the network. I am able to print to it, and I can see the thumbnails of my print jobs in the web interface.

I am also able to see all my HP printers on the network if I SSH to the SavaPage machine, and use the “avahi-browse” command line tool.

The part I’m not clear about is how to add those printers to SavaPage and expose them to users. When I go to Proxy Printers that page is empty and there’s nothing in there that shows how to add network printers. I checked the manual time and time again, maybe I missed something, but I just can’t find a chapter that explains how to make SavaPage talk to a physical printer.

Eventually once I get that part sorted, my plan is to put printers in a separate VLAN based on their MAC address, and force all printing to happen exclusively through SavaPage. I also plan to integrate it with KeyClock.

Thanks in advance for any help offered, and again, many thanks for this amazing project!