버전 비교

이전 버전 6

changes.mady.by.user AST01

에 저장

비교대상

새 버전 7

changes.mady.by.user AST01

에 저장

  • 이 줄이 추가되었습니다.
  • 이 줄이 삭제되었습니다.
  • 서식이 변경되었습니다.

...

Sv translation
languageen

Register an application in Azure Portal

  1. Go to Azure Portal > Enterprise Application > New application > Create your own application.

  2. After creating new application go to Single sign-on > SAML.

    Stylesheet
    classscreen

  3. Edit Basic SAML configurations.

    Identifier (Entity ID)

    https://[authserverdomain:port]/auth/saml/metadeta

    Reply URL (Assertion Consumer Service URL)

    https://[authserverdomain:port]/auth/saml/sso

    Logout Url

    https://[authserverdomain:port]/auth/saml/SingleLogout

    정보
    titleNOTE

    In case of pro service customer, client can skip this step and edit later when URLs are provided from Samsung.

    Stylesheet
    classscreen

  4. Download Certificate, Federation metadata XML, copy App Federation Metadata URL and provide to Samsung.

    Stylesheet
    classscreen

Requirement for Non Pro service customer

  1. App registration in IDP portal.
  2. Get SAML signing certificate, Federation metadata XML, App Federation Metadata URL from client. Download certificate is required to make the build for the client. This will be changed in the next version and separate guide regarding the steps to be followed will be provided.
  3. Install the build provided with required SAML configurations. Refer sample config.properties file for more information.
  4. As most of the IDPs require HTTPS endpoints, guide the customer to boot Auth server over HTTPS and do the configurations required in this case. (Refer to the end of the document for different possible scenarios and actions required).

Requirement for Pro service customer

  1. App registration in IPD portal.
  2. Get SAML signing certificate, Federation metadata XML, App Federation Metadata URL from client.
  3. Basic SAML configurations URLs to be provide by Samsung.
  4. Get dummy users credentials for testing.
  5. For POC purpose self-signed certs can be used.

MIS (HTTP)

MIS (HTTPS)

Auth Server (HTTP)

No SSL certificate required.

Not a practical configuration to test with external IPDS.

SSL Certificate bind with domain name is required for MIS.

As most of the IPDs demand HTTPS endpoints for security. This is not a practical configuration setup for testing with external IPDs because Auth server is hosted over HTTP.

Auth Server (HTTPS)

SSL certificate bind with domain name required for Auth Server.

If client wants to run MIS without SSL then this configuration can be setup for testing with external IPDS as Auth server is hosted over HTTPS.

SSL certificate bind with domain name is required for both.

This is the ideal configuration setup for testing with external IDPs.

정보
titleNOTE
  1. The Default MIS certificate will not work for communication between Auth server and MIS as it is not bind with any domain.
  2. When using self signed certificates we need to include the certificate in truststore file (cacerts.jks) of the other application server. i.e. MagicInfo Server’s certificate to be included in the truststrore of MagicInfo Auth Server and vice versa for successful communication between both the servers.
  3. If using self signed certificate other than the default MIS certificate with MIS then devices won’t be able to connect with MIS over SSL.
  4. If MIS is installed in both HTTP and HTTPS mode then devices can connect without SSL.