Preparation For Using Sso-H - Canon imageRUNNER ADVANCE C5255 Series Service Manual

2
Technology > MEAP > Preparation for Using SSO-H > Server authentication management
■ Integrated Authentication Disabling Setting Screen
A user setting screen has been added to the integrated authentication function which allows
the authentication information used for logging into the machine to be shared between MEAP
applications.
From a security standpoint, the setting screen for disabling the function to allow authentication
information (Volatile Credential), whose registered information is discarded at the time of
logout or shutdown of the device, to be used has conventionally been included in service
mode.
In addition to this service mode, a screen that allows even users to make the setting has
been added to the remote UI.
This screen can be also used to disable the integrated authentication function for each
authentication protocol.
For details, refer to "Integrated Authentication Function" in this chapter.
2 Technology > MEAP > Preparation for Using SSO-H > Server authentication management

Preparation for Using SSO-H

■ Outline
When using Single Sign-On H (hereinafter referred to as SSO-H) for the login service,
required system environments are different in server authentication or local device
authentication.
See the following for system requirements in each of authentication methods:
■ Server authentication management
The system requirements necessary when using server authentication by SSO-H vary
depending on the authentication server.
The system requirements for using each authentication server are shown below.
● Active Directory authentication
In order to use Active Directory authentication in SSO-H, the following system environments
are required.
1) Authentication server (Active Directory : Windows server )
• Active Directory and Domain Name System (DNS) should be installed.
• A group named "Canon Peripheral Admins" should be created on the Active Directory.
• The OS should be one of the followings.
• Microsoft Windows Server 2003 SP2 *
• Microsoft Windows Server 2003 R2 SP2 *
• Microsoft Windows Server 2008 SP2 *
• Microsoft Windows Server 2008 R2 SP1
* 64-bit version is not supported.
2) Users accessing the authentication server (Active Directory: Windows Server)
• The user should belong to the "Canon Peripheral Admins" group on the Active Directory.
F-2-159
• The user name should contain only single-byte alphanumeric characters, - (hyphen), _ (low
line), and % (percent).
Note:
The difference in time setting between the authentication server (Active Directory) and
the machine (and the computer for login) should be within 5 minutes. (If the difference in
time setting is 5 minutes or longer, an error will occur at the time of login for the server
authentication.)
2-122
2-122