버전 비교

이전 버전 5

changes.mady.by.user AST01

에 저장

비교대상

새 버전 현재

changes.mady.by.user AST01

에 저장

  • 이 줄이 추가되었습니다.
  • 이 줄이 삭제되었습니다.
  • 서식이 변경되었습니다.

삼성 프로서비스 고객이 아닐 경우 필요사항

  1. IDP 포털에 앱 등록.
  2. 클라이언트로부터 SAML 서명 인증서, 페더레이션 메타데이터 XML, 앱 페더레이션 메타데이터 URL을 가져오세요. 해당 클라이언트용 빌드 구성을 위해 인증서 다운로드가 필요합니다. 이는 다음 버전에서 변경될 예정이며, 해당 순서 관련 별도의 가이드가 제공될 것입니다.
  3. 필수 SAML 구성과 함께 제공된 빌드를 설치하세요. 자세한 내용은 샘플 config.properties 파일을 참고하세요.
  4. 대부분의 IDP는 HTTPS 종단점을 요구하므로, HTTPS를 통해 인증 서버를 부팅하고 이 경우에 필요한 구성을 하도록 고객에게 안내하세요. (다양한 가능 시나리오 및 필요한 조치는 본 문서 뒷부분 참고)

삼성 프로서비스 고객인 경우 필요사항

  1. IDP 포털에 앱 등록.
  2. 클라이언트로부터 SAML 서명 인증서, 페더레이션 메타데이터 XML, 앱 페더레이션 메타데이터 URL을 가져오세요.
  3. 기본 SAML 구성 URL은 삼성에서 제공합니다.
  4. 테스트용 더미(임시) 사용자 자격 증명을 가져오세요.
  5. 개념 증명(POC)을 위해 자체 서명 인증서 사용이 가능합니다.
Sv translation
languageko_KR

Register an application in Azure Portal

  • Go to Azure Portal > Enterprise Application > New application > Create your own application.
    • After creating new application go to Single sign-on > SAML

    Azure 포털에 앱 등록

    1. Azure 포털에서 ‘엔터프라이즈 애플리케이션 > 새 애플리케이션 > 나만의 애플리케이션 생성’을 선택하세요.

    2. 신규 앱 생성 후 ‘통합 인증 > SAML’로 이동하세요.

      Stylesheet
      classscreen

    3. Edit Basic 기본 SAML configurations구성을 수정하세요.

      Identifier 식별자(Entity 엔티티 ID)

      https://[authserverdomain:port]/auth/saml/metadeta

      Reply 회신 URL(Assertion Consumer Service 검증 소비자 서비스 URL)

      https://[authserverdomain:port]/auth/saml/sso

      Logout 로그아웃 Url

      https://[authserverdomain:port]/auth/saml/SingleLogout

      In case of pro service customer, client can skip this step and edit later when URLs are provided from Samsung
      정보
      titleNOTE
      참고

      삼성 프로서비스 고객인 경우, 클라이언트는 이 단계를 건너뛰고 차후 삼성에서 URL이 제공되면 수정할 수 있습니다.

      Stylesheet
      classscreen

      Image Modified

    4. Download Certificate, Federation metadata XML, copy App Federation Metadata URL and provide to Samsung인증서, 페더레이션 메타데이터 XML 다운로드 후,앱 페더레이션 메타데이터를 복사하여 삼성에 제공하세요.

      Stylesheet
      classscreen

      Image Modified

    Requirement for Non Pro service customer

    1. App registration in IDP portal.
    2. Get SAML signing certificate, Federation metadata XML, App Federation Metadata URL from client. Download certificate is required to make the build for the client. This will be changed in the next version and separate guide regarding the steps to be followed will be provided.
    3. Install the build provided with required SAML configurations. Refer sample config.properties file for more information.
    4. As most of the IDPs require HTTPS endpoints, guide the customer to boot Auth server over HTTPS and do the configurations required in this case. (Refer to the end of the document for different possible scenarios and actions required).

    Requirement for Pro service customer

    1. App registration in IPD portal.
    2. Get SAML signing certificate, Federation metadata XML, App Federation Metadata URL from client.
    3. Basic SAML configurations URLs to be provide by Samsung.
    4. Get dummy users credentials for testing.
    5. For POC purpose self-signed certs can be used.

    MIS (HTTP)

    MIS (HTTPS)

    Auth Server (HTTP)

    No SSL certificate required.

    Not a practical configuration to test with external IPDS.

    SSL Certificate bind with domain name is required for MIS.

    As most of the IPDs demand HTTPS endpoints for security. This is not a practical configuration setup for testing with external IPDs because Auth server is hosted over HTTP.

    Auth Server (HTTPS)

    SSL certificate bind with domain name required for Auth Server.

    If client wants to run MIS without SSL then this configuration can be setup for testing with external IPDS as Auth server is hosted over HTTPS.

    SSL certificate bind with domain name is required for both.

    This is the ideal configuration setup for testing with external IDPs.

    정보
    titleNOTE
    1. The Default MIS certificate will not work for communication between Auth server and MIS as it is not bind with any domain.
    2. When using self signed certificates we need to include the certificate in truststore file (cacerts.jks) of the other application server. i.e. MagicInfo Server’s certificate to be included in the truststrore of MagicInfo Auth Server and vice versa for successful communication between both the servers.
    3. If using self signed certificate other than the default MIS certificate with MIS then devices won’t be able to connect with MIS over SSL.
    4. If MIS is installed in both HTTP and HTTPS mode then devices can connect without SSL.
    Sv translation
    languageen

    Register an application in Azure Portal

    1. Go to Azure Portal > Enterprise Application > New application > Create your own application.

    2. After creating new application go to Single sign-on > SAML.

      Stylesheet
      classscreen

    3. Edit Basic SAML configurations.

      Identifier (Entity ID)

      https://[authserverdomain:port]/auth/saml/metadeta

      Reply URL (Assertion Consumer Service URL)

      https://[authserverdomain:port]/auth/saml/sso

      Logout Url

      https://[authserverdomain:port]/auth/saml/SingleLogout

      정보
      titleNOTE

      In case of pro service Samsung Proservice customer, client can skip this step and edit later when URLs are provided from Samsung.

      Stylesheet
      classscreen

    4. Download Certificate, Federation metadata XML, copy App Federation Metadata URL and provide to Samsung.

      Stylesheet
      classscreen

    Requirement for Non

    Pro service

    Samsung Proservice customer

    1. App registration in IDP portal.
    2. Get SAML signing certificate, Federation metadata XML, App Federation Metadata URL from client. Download certificate is required to make the build for the client. This will be changed in the next version and separate guide regarding the steps to be followed will be provided.
    3. Install the build provided with required SAML configurations. Refer sample config.properties file for more information.
    4. As most of the IDPs require HTTPS endpoints, guide the customer to boot Auth server over HTTPS and do the configurations required in this case. (Refer to the end of the document for different possible scenarios and actions required).

    Requirement for

    Pro service

    Samsung Proservice customer

    1. App registration in IPD portal.
    2. Get SAML signing certificate, Federation metadata XML, App Federation Metadata URL from client.
    3. Basic SAML configurations URLs to be provide by Samsung.
    4. Get dummy users credentials for testing.
    5. For POC purpose self-signed certs can be used.

    MIS (HTTP)

    MIS (HTTPS)

    Auth Server (HTTP)

    No SSL certificate required.

    Not a practical configuration to test with external IPDS.

    SSL Certificate bind with domain name is required for MIS.

    As most of the IPDs demand HTTPS endpoints for security. This is not a practical configuration setup for testing with external IPDs because Auth server is hosted over HTTP.

    Auth Server (HTTPS)

    SSL certificate bind with domain name required for Auth Server.

    If client wants to run MIS without SSL then this configuration can be setup for testing with external IPDS as Auth server is hosted over HTTPS.

    SSL certificate bind with domain name is required for both.

    This is the ideal configuration setup for testing with external IDPs.

    정보
    titleNOTE
    1. The Default MIS certificate will not work for communication between Auth server and MIS as it is not bind with any domain.
    2. When using self signed certificates we need to include the certificate in truststore file (cacerts.jks) of the other application server. i.e. MagicInfo Server’s certificate to be included in the truststrore of MagicInfo Auth Server and vice versa for successful communication between both the servers.
    3. If using self signed certificate other than the default MIS certificate with MIS then devices won’t be able to connect with MIS over SSL.
    4. If MIS is installed in both HTTP and HTTPS mode then devices can connect without SSL.