I observed the same when authentication is enabled on an IPP Everywhere print server, the driverless Windows IPP inbox class driver keeps trying the IPP Validate-Job
operation (every 5 seconds). Using Wireshark, I observed IPP uri-authentication-supported
is never requested, nor does it respond to the HTTP 401 Unauthorized response.
To enable authentication with the driverless Windows IPP inbox class driver, I believe you'll need to write a Print Support Apps (PSA) PrintSupportExtension that does the authentication.
More about PSA design and PSA association (for Hardware Id or Compatible Id and override for enterprise customers):
- https://learn.microsoft.com/en-us/windows-hardware/drivers/devapps/print-support-app-design-guide
- https://learn.microsoft.com/en-us/windows-hardware/drivers/devapps/print-support-app-association
Microsoft have abstracted the IPP operations in the PSA API too much so not able to do basic auth in a HTTP header using that API, so in the PrintSupportExtension, I suspect you'll need to talk directly to the IPP Everywhere print server and provide authentication before the Validate-Job
operation, in effect using a side channel.
I also observed that the IPP requesting-user-name
is often not correct, initially it correctly provides a DOMAIN\username account, but after a reboot it annoyingly switches to using a DOMAIN\computername$ account, but with no rhyme or reason it occasionally switches back to DOMAIN\username.
I didn't like the idea of writing custom PSA code and installing that on a clients' BYOD Windows laptops, so side-stepped the issue by writing custom authorization code in CUPS which queries a VPN API for the authorized user on the corresponding IP address.