Canon imagePRESS C1 Service Manual - page 679
Chapter 11
11-34
entered using the MEAP device touch panel display and Remote UI.
SSO-H (Single Sign-On-H) overview
This is a merger of the existing SDL and SSO login services and has the following features.
- Both the domain authentication and local device authentication login services can be used.
- There is no need to have a separate SA server.
- Login is not via SA, so SSO-H refers directly to DNS for authentication.
- Kerberos and NTML protocols are supported.
- The following three authentication methods may be selected from.
Domain authentication
Local device authentication
Domain authentication + local authentication
SSO overview
This is a login service that can be operated on the Active Directory environment network domain and on iR devices. The following user authentication methods
can be selected from.
Domain authentication
Local device authentication
Domain authentication + local device authentication
Authentication methods
Both SSO-H and SSO can use multiple authentication methods, and the user can toggle between them from a Web browser. (Refer to the MEAP Authentication
System Settings Guide 'User Authentication Method Settings'.)
Domain authentication
This is a form of user authentication which operates in collaboration with the domain controller on the Active Directory environment network and, as soon as the
iR device is logged into, carries out authentication of the domain on the network. In addition to users belonging to the domain that includes the iR device, users
belonging to domains that have a reliable relationship with the domain (multi-domain) can also be authenticated. The domain name of the login destination can be
selected by the users themselves upon login.
The function makes use of options Net Spot Accountant/ iW Accounting Manager/ iW EMC Accounting MAnagement Plig-in to enable analysis and management
of the iR device usage status.
Depending on the login service, different protocols are used.
- SSO-H
- Kerberos:LLS/RLS/ILS
- NTLMV2:WLS(Web Service Login Service. WLS can only be used in collaboration with iW AMS Ver2 AMS printer driver add-in and iWEMC user
management plug-in.)
- SSO
- NMTLM only
User information acquisition is done by LADP, so the Active Directory LDAP port needs to be made accessible.
If LDAP connection fails, the authentication will end in error.
No. of supported domains: 200 (unchanged from SSO)
Site access supported.
Differences from conventional SSO
- The system configuration is different from previous SSO, so individual management is required.
- If MEAP is supported, installation into devices prior to SSO-H release is possible.
- Data porting of user information that was being used with the earlier SSO local device authentication and SDL can be done by exporting/ importing. However,
application settings information cannot be ported.
SSO was pre-installed in earlier released devices, but from iR3245 onward it will only be provided with the Administrator's CD.
The factory shipment setting is 'Domain authentication + local device authentication'. In order to provide increased security, as soon as SSO is used, it is recommended
that the administrator's user name and password in local device authentication be changed from the factory shipment settings as soon as possible.