Server-less Authentication Kit User Guide

Microsoft, Internet Explorer, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All product/brand names are trademarks or registered trademarks of the respective holders. Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation.

Important 1. This manual is copyrighted with all rights reserved. Under the copyright laws, this manual may not be copied or modified in whole or part, without the written consent of the publisher. 2. Parts of this manual are subject to change without prior notice. 3. We welcome any comments on ambiguities, errors, omissions, or missing pages. Xerox, Xerox and Design, Fuji Xerox and Design, as well as CentreWare are registered trademarks or trademarks of Xerox Corporation in Japan and/or other countries. Smart WelcomEyes is a registered trademark or a trademark of Fuji Xerox Co., Ltd.

Preface

Preface Thank you for selecting our product. This guide describes how to configure "Server-less Authentication Kit" (hereafter reffered to as "this kit") and the precautions you should follow during operation. To get the most out of the feature of this kit and to use it effectively, be sure to read this guide before use. The guide assumes that you are familiar with a personal computer and your machine. For information on a personal computer, refer to the manuals provided with the personal computer. For information on how to operate your machine, refer to the guide (Administrator/User Guide) provided with each machine.

3

Using This Guide

Using This Guide This guide describes how to operate the services after installing this kit on your machine and how to configure the System Administrator setting.

Organization of This Guide This guide consists of the following chapters: „Server-less Authentication Kit Describes the feature overview of this kit. „Plug-in Settings (for System Adinistrator) Describes the setting items on the plug-in setting screen. „User Operations (for Users) Describes the operation procedures of the features for normal users. „Troubleshootings Describes the solutions when an error message is displayed during using this kit. „Notes and Restrictions Describes the notes and restrictions to observe when using the kit.

4

Using This Guide

Conventions z

The screen shots used in this guide and the screens displayed on your machine may be different depending on the software being used due to the upgrades.

z

Some of the items in the screen shots used in this guide may not be displayed or not be available depending on your machine configuration.

z

In this document, "Computer" refers to a personal computer or workstation.

z

The following terms are used in this guide:

z

Important

: Important information that you should read.

Note

: Additional information on operations or features.

The following symbols are used in this guide: "

"

:

• A cross-reference included in this guide. • Names of features, touch screen messages and input text.

[

]

:

• Folders, files, applications, button or menu names displayed on the touch screen. • Names of menus, commands, windows, or dialog boxes displayed on the computer screen and their buttons and menu names.


button

:

Hardware buttons on the control panel.


key

:

Keys on the keyboard of the computer.

:

• Path to a certain item within a procedure on the control panel. For example: When you see the procedure "select [Tools] > [Setup] > [Create Folder]", this means that you need to select [Tools], select [Setup], and then select [Create Folder].

>

• Path to a certain item within a procedure on a computer. For example: When you see the procedure "to search for files and folders, click [Start] > [Search] > [For Files or Folders]", this means that you need to click [Start], click [Search], and then click [For Files or Folders] to search for files and folders. • Cross-reference For example: "Refer to "5 Tools" > "Common Service Settings" > "Audio Tones" in the Administrator Guide. The sentence above means that you need to refer to the section "Audio Tones", which can be found under "Common Service Settings" in chapter 5 Tools of the Administrator Guide.

5

About License

About License This section describes information about licenses applied to the OSS included in this product. Be sure to read through it.

JDBM JDBM LICENSE v1.00 Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain copyright statements and notices. Redistributions must also contain a copy of this document. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name "JDBM" must not be used to endorse or promote products derived from this Software without prior written permission of Cees de Groot. For written permission, please contact [email protected]. 4. Products derived from this Software may not be called "JDBM" nor may "JDBM" appear in their names without prior written permission of Cees de Groot. 5. Due credit should be given to the JDBM Project (http://jdbm.sourceforge.net/). THIS SOFTWARE IS PROVIDED BY THE JDBM PROJECT AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL CEES DE GROOT OR ANY CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright 2000 (C) Cees de Groot. All Rights Reserved. Copyright 2000-2001 (C) Alex Boisvert. All Rights Reserved. Contributions are Copyright (C) 2000 by their associated contributors.

6

About License

JLDAP The OpenLDAP Public License Version 2.8, 17 August 2003 Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted provided that the following conditions are met: 1. Redistributions in source form must retain copyright statements and notices, 2. Redistributions in binary form must reproduce applicable copyright statements and notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution, and 3. Redistributions must contain a verbatim copy of this document. The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished by a version number. You may use this Software under terms of this license revision or under the terms of any subsequent revision of the license. THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale, use or other dealing in this Software without specific, written prior permission. Title to copyright in this Software shall at all times remain with copyright holders. OpenLDAP is a registered trademark of the OpenLDAP Foundation. Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy and distribute verbatim copies of this document is granted.

Normalize.css Copyright (c) Nicolas Gallagher and Jonathan Neal Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without

7

About License

restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

html5shiv Copyright (c) 2014 Alexander Farkas (aFarkas).

MIT License Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

jQuery Copyright jQuery Foundation and other contributors, https://jquery.org/ This software consists of voluntary contributions made by many individuals. For exact contribution history, see the revision history available at https://github.com/jquery/jquery The following license applies to all parts of this software except as documented below: ====

8

About License

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ==== All files located in the node_modules and external directories are externally maintained libraries used by this software which have their own licenses; we recommend you read them, as their terms may differ from the terms above.

jQuery UI Copyright jQuery Foundation and other contributors, https://jquery.org/ This software consists of voluntary contributions made by many individuals. For exact contribution history, see the revision history available at https://github.com/jquery/jquery-ui The following license applies to all parts of this software except as documented below: ==== Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

9

About License

==== Copyright and related rights for sample code are waived via CC0. Sample code is defined as all source code contained within the demos directory. CC0: http://creativecommons.org/publicdomain/zero/1.0/ ==== All files located in the node_modules and external directories are externally maintained libraries used by this software which have their own licenses; we recommend you read them, as their terms may differ from the terms above.

Treeview The MIT License (MIT) Copyright (c) 2008 Jorn Zaefferer Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

colResizable Copyright (c) 2012 Alvaro Prieto Lauroba http://quocity.com/colresizable Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

10

About License

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

CSS3 PIE Copyright 2010 Jason Johnston Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

jQuery watermark plugin Licensed under MIT license. http://opensource.org/licenses/MIT Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

11

About License

Globalize Copyright jQuery Foundation and other contributors, https://jquery.org/ This software consists of voluntary contributions made by many individuals. For exact contribution history, see the revision history available at https://github.com/jquery/globalize The following license applies to all parts of this software except as documented below: ==== Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ==== Copyright and related rights for sample code are waived via CC0. Sample code is defined as all source code contained within the doc directory. CC0: http://creativecommons.org/publicdomain/zero/1.0/ ==== All files located in the node_modules and external directories are externally maintained libraries used by this software which have their own licenses; we recommend you read them, as their terms may differ from the terms above.

validation The MIT License (MIT) Copyright Jorn Zaefferer

12

About License

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

13

Table of Contents

Table of Contents Preface ...................................................................................................................................................................... 3 Using This Guide ................................................................................................................................................... 4 Organization of This Guide ........................................................................................................................ 4 Conventions...................................................................................................................................................... 5 About License......................................................................................................................................................... 6 JDBM ................................................................................................................................................................... 6 JLDAP .................................................................................................................................................................. 7 Normalize.css ................................................................................................................................................... 7 html5shiv ........................................................................................................................................................... 8 jQuery.................................................................................................................................................................. 8 jQuery UI ........................................................................................................................................................... 9 Treeview.......................................................................................................................................................... 10 colResizable ................................................................................................................................................... 10 CSS3 PIE.......................................................................................................................................................... 11 jQuery watermark plugin ......................................................................................................................... 11 Globalize ......................................................................................................................................................... 12 validation........................................................................................................................................................ 12 Table of Contents.............................................................................................................................................. 14 Server-less Authentication Kit....................................................................................................................... 15 Features Overview....................................................................................................................................... 15 For Use of Server-less Authentication Kit .......................................................................................... 16 Plug-in Settings (for System Adinistrator)............................................................................................... 18 Multifunction Device Registration........................................................................................................ 19 User Information Registration............................................................................................................... 22 Preferences .................................................................................................................................................... 25 User Operations (for Users)........................................................................................................................... 27 Authentication Procedure........................................................................................................................ 27 Edit Own User Information..................................................................................................................... 27 Register Smart Card ................................................................................................................................... 28 Troubleshootings ............................................................................................................................................... 31 Notes and Restrictions..................................................................................................................................... 34 Index....................................................................................................................................................................... 35

14

Server-less Authentication Kit

Server-less Authentication Kit This kit is a software to share the user information among multiple machines. The machines forms the "Master-Slave" relationship. When the user information is edited on the Master Device or the update information is notified by a Slave Device, the Master Device distributes the latest information to all the Slave Devices after updating its own database. And then the Slave Devices update their databases with the received information. This system enables the server-less network and you can login, change the user information, or register smart card using whichever machine. Master Device 

Notify changes

Plug-in Settings

Distribute latest information

Login Whichever machine is available.

Slave Device

Slave Device

Slave Device

Change User Information Register Smart Card

Features Overview The following features become available after installing this kit. „Plug-in Settings The System Administrator can manage the machine information and user information at once and set environment settings using the plug-in settings screen. For more information, refer to "Plug-in Settings (for System Adinistrator)" (P.18).

„Authentication Feature This kit provides the original screen for authentication. A user can login from whichever machine using the smart card or the user ID. For more information, refer to "Authentication Procedure" (P.27).

„User Info Change Tool A user can change his/her own user information such as user name and E-mail address on the control panel with simple operation. For more information, refer to "Edit Own User Information" (P.27).

„Smart Card Registration A user can associate the unregistered smart card with his/her user account on the control panel with simple operation. The authentication information saved in the Active Directory® server as well as the user information saved in the machine database is available. For more information, refer to "Register Smart Card" (P.28).

15

Server-less Authentication Kit

‹ Associate the Smart Card with the User Information Stored on the Machine

The system administrator just needs to hand in smart cards to users. This will reduce the work of the system administrator. Smart Card ID:

Verify with the machine database User ID: Smart Card ID: Password:

User ID: Password:

Hold up a unregistered smart card.

Select [Local Machine] for [Domain] and enter the anthentication information saved on the machine.

The smart card ID is associated with User account and registered with the machine.

‹ Associate the Smart Card with the Authentication Information Stored on the Active

Directory Server The association between the smart card ID and the authentication information on the Active Directory Server can be stored in the machine. This makes the update of the smart card information easy when the system administrator of the Active Directory and the machine administrator are different people. Note

• This feature is available for the ApeosPort series models only.

Smart Card ID:

Verify with the Active Directory server User ID: Smart Card ID: Password:

User ID: Password:

Hold up a unregistered smart card.

Select [Active Directory Server] for [Domain] and enter the anthentication information saved on the Active Directory Server.

The smart card ID is associated with User account and registered with the machine.

For Use of Server-less Authentication Kit The following describes the required software and settings to use this kit.

Required Software z

Web Browser A Web browser such as Internet Explorer® is required to use the plug-in setting screen for this kit.

z

Microsoft® Excel 2007/2010/2013 The System Administrator edits the xlsm format file to manage user information. One of the softowares above is required to use this file.

System Settings of the Machine Our service representative installs this kit. Note that the machine's system settings are changed as following at the installing process. Please do not change the following settings while you use this kit.

16

Server-less Authentication Kit

z

SOAP Port [Port Status] is set to [Enabled] and [Port Number] is set to [80] under [System Settings] > [Connectivity & Network Setup] > [Port Settings] > [SOAP].

z

Protocol Settings An IP address, subnet mask, and gateway address (settings for the use in TCP/IP network environment) are set under [System Settings] > [Connectivity & Network Setup] > [Protocol Settings] > [TCP/IP - Network Settings].

z

Embedded Plug-in Setting [Embedded Plug-ins] is set to [Enabled] under [System Settings] > [Common Settings] > [Plug-in Settings].

z

Custom Authentication [Customized Login] is selected under [Authentication/Security Settings] > [Authentication] > [Login Type].

Settings for Smart Card Registration Our Service Representative configures the following settings when you use the "Smart Card Registration" feature. Note

• To use Smart Card Registration, set [Enabled] for [Auto Register Smart Card] under [Smart Card Auto Registration] on [Preferences] of the plug-in setting screen. For more information, refer to "Smart Card Auto Registration" (P.25).

„IC Card Reader The IC Card Reader is equipped on the machine and set to be available. „System Settings of the Machine The following items are set under [Tools] menu of the machine. z

Accounting Setting [Accounting Type] is set to [Accounting Disabled] or [Local Accounting] under [Accounting].

z

Account Auto Setup for Smart Card Authentication [Account Auto Setup for Card Login] is set to [Enabled] under [Authentication/Security Settings]>[User Details Setup].

„Active Directory Server Settings When [Active Directory® Server] is selected for [Domain] on the [Smart Card Registration] screen, the Active Directory Server’s account information is retrieved. To use this feature, the following items need to be set under [Tools] > [System Settings] > [Connectivity & Network Setup] > [Remote Authentication/Directory Service] of the machine's touch screen. z

[Attribute of Login User Name]: Used as the User ID.

z

[Attribute Type of E-mail Address]: Used as the e-mail address.

Important • Active Directory server is available for the ApeosPort series models only. • For User Name, the value of "displayName" set in the Active Directory server is used. You cannot change this value on the machine's [Tools] menu or CentreWare Internet Services but can change by "User Info Change Tool" or importing the user information setting file.

For more information about Active Directory Server's settings, refer to the manual provided with the machine.

17

Plug-in Settings (for System Adinistrator)

Plug-in Settings (for System Adinistrator) The plug-in settings screen displayed from CentreWare Internet Services provides the management screen for the System Administrator. The following items can be configured in the plug-in setting screen. Multifunction Device Registration ................................................................................................................ 19 User Information Registration ....................................................................................................................... 22 Preferences ............................................................................................................................................................. 25 Important • Operate the plug-in setting screen of the Master Device or the machine intended to be the Master Device.

Follow the procedure below to display the plug-in setting screen.

1

Start a web browser.

2

Enter the machine's IP address into the address box on the browser, and then press the key. Note

• During connection/operation, a pop-up screen for user ID/passcode entry may appear. In this case, enter the System Administrator's user ID/passcode and click [OK].

3

Select the [Properties] tab to click [Security] > [Plug-in / Custom Services Settings] > [Embedded Plug-ins].

4

Select [Server-less Authentication Kit] and click the [Set] button.

Note

• XPS stands for XML Paper Specification.

The plug-in setting screen ([Server-less Authentication Kit] screen) is displayed.

18

Plug-in Settings (for System Adinistrator)

Multifunction Device Registration On [Multifunction Device Registration], the list of machines using this kit is displayed. You can register or delete the machines, or change the device role here.

Register New Device The following describes how to add a machine to the list.

1

Click [Register New Device].

2

Enter the Slave Device’s information and then click [Register]. Note

• Even when you register the first machine, enter the information of the one to be a Slave Device because the machine which you are operating will be registered as the Master Device.

Item

Description

Multifunction Device Information to Register

Select the type of information to identify the machine.

SSL Communication*1

Set whether the machine to be registered uses the SSL communication. Note • You need to register a certificate on the machine beforehand to use the SSL communication. For information on how to set the certificate, refer to the manual provided with the machine.

IP Address*1

Enter the IP address of the machine to be registered.

Port Number*1

Enter the port number to use.

19

Plug-in Settings (for System Adinistrator)

Item URL*2

Description Enter the URL of the machine to be registered. Note • URL here means the text string which is displayed on the address box of the web browser just after you access the plug-in setting screen of this kit. However, delete "/admin" and the following strings.

System Administrator ID

Enter the System Administrator ID of the machine to be registered.

System Administrator Password

Enter the System Administrator password of the machine to be registered.

*1: Set this item when you select [Register Using IPv4] for [Multifunction Device Information to Register]. *2: Set this item when you select [Register Using URL] for [Multifunction Device Information to Register].

3

After the registration succeeds and the machine appears on the list, set [Permissions]. Note

• [Slave Device] is selected automatically soon after the registration. When you need not to change the role, skip this step.

„Permissions Set the role of each machine. Select [Master Device] for one specific machine to play the central role, and select [Slave Device] or [Slave Device (With Delegated Role)] for the other machine(s). Slave Device and Slave Device (With Delegated Role) can be registered up to 49 in total. Important • As a Slave Device cannot be changed to the Master Device directly, the permissions of Slave Device cannot be changed when the connection between the Master Device fail and no Slave Device (With Delegated Role) exists. This is why you need to register one or more Slave Device (With Delegated Role). • To change the Master Device machine, open the plug-in setting screen of the next Master Device (its role must be [Slave Device (With Delegated Role)]) and change the role of itself to [Master Device]. At this time, the role of pre-Master Device is changed to [Slave Device (With Delegated Role)] automatically.

The Master Device and the Slave Device(s) (including the Slave Device (With Delegated Role)(s)) communicate as following patterns: 1) When the user information is changed on the Master Device, the Master Device distributes the update information to all the Slave Devices after updating its own database. 2) When the user information is changed on a Slave Device, first the Slave Device notifies the Master Device of the update information and the Master Device's database is updated. After then the Master Device distributes the update information to all the Slave Devices. Important • If the Master Device is powered off, all the Slave Devices including the one operated for the change cannot receive the update information.

20

Plug-in Settings (for System Adinistrator)

• The Slave Device which is powered off cannot receive the update information. The update information will be distributed again at the timing of the communication pattern 3.

3) After an elapse of the last communication between the Master Device and a Slave Device, or a Slave Device is switched on or activated from the Sleep mode, the Slave Device asks the Master Device if there is any change of the database. If change exists, the Master Device distributes the difference information to the Slave Device which have made inquiries. Slave Device (With Delegated Role) The Slave Device (With Delegated Role) plays the following role in the case of 3: it receives the Slave Device's communication instead of the Master Device when the Master Device cannot answer and distributes the difference information to all the Slave Devices. In the other case, it plays same role as the normal Slave Device. The interval of the fixed communication between the Master Device and the Slave Device(s) is set on the plug-in setting. For more information, refer to "Auto Synchronization Settings" (P.26). Note

• Try not to power off the Master Device and the Slave Device (With Delegated Role) in order to answer the communication request from the Slave Device(s).

4

If you register multiple machines, repeat steps 1 to 3.

5

Click [Apply New Settings].

Deletion of Device The following describes how to delete the registered machine from the list. Note

• Even when you delete a machine from the list, the shared user information will not be deleted from the deleted machine. • If there are only two machines, Master Device and one Slave Device (or Slave Device (With Delegated Role)) on the list, deleting the Slave Device (or Slave Device (With Delegated Role)) results in deletion of the Master Device.

1

Click [

2

Select [Yes] on the confirmation screen.

] of the machine to be deleted.

21

Plug-in Settings (for System Adinistrator)

User Information Registration On [User Information Registration], you can manage a large number of user information at one time by importing / exporting the user information list file. A tool for setting user information is provided for this kit. You can read, edit, and save the xml format file of user information easily by using this tool.

Batch Setting of User Information The following describes how to edit and register the user information in a batch. Download the Tool (in xlsm format)......................................................................................... 22 Export User Information (in xml format)................................................................................ 22 Edit User Information..................................................................................................................... 23 Register User Information ............................................................................................................ 24

Download the Tool (in xlsm format)

1

Select the language of the tool and then click [Download] of [Download of Tool for Setting User Information]. Note

2

• English or Japanese version is available. The English version is used for the following description.

Save the downloaded tool to a certain folder of the computer. Note

• The format of tool is xlsm. Do not change the file format.

Export User Information (in xml format) Note

22

• If no user account is registered, this procedure is not required. If you need not to edit the already registered user information, you can skip this procedure and register only the additional information using [Add User Information].

Plug-in Settings (for System Adinistrator)

1

Click [Export] of [Retrieve All User Information] and save the user information file (xml format) to a certain folder of the computer.

Edit User Information

1

Open the tool file with Microsoft Excel. Note

2

Click [Import] to open the saved user information file (xml format). Note

3

• The tool uses the macro function. Enable the macro function of Microsoft Excel beforehand. • The following description uses Microsoft Excel 2013 for example. The displayed screen differs depending on the version of your software.

• If no user account is registered, this procedure is not required. If you need not to edit the already registered user information, you can skip this procedure and register only the additional information using [Add User Information].

Edit user information. Item User ID

Description Enter the user ID with up to 32 alphanumeric characters and symbols. This item must be filled. Note • ["], [+], [;], [], [?], [ [ ], [ ] ], [`], [{], [|], [}], [:], [#], [(], and []] are not available.

Smart Card ID

Enter the smart card ID with up to 32 alphanumeric characters and symbols.The same smart card ID cannot be registered with different users. Note • ["], [+], [;], [], [?], [ [ ], [ ] ], [`], [{], [|], [}], [:], [#], [(], and []] are not available.

Password

Enter the password with 4 to 128 alphanumeric characters and symbols if needed. Leave this item blank to set no password. Important• The encrypted text strings are displayed on the [Password] column of all users including the user who doesn't set password after you open the downloaded xml file from [Import].

23

Plug-in Settings (for System Adinistrator)

Item

Description

User Name

Enter the user name with up to 32 characters (in alphanumeric characters and symbols; the maximum value may differ depending on the character type). When nothing is entered, the same value as [User ID] is set automatically.

E-mail Address

Enter the e-mail address with up to 128 alphanumeric characters and symbols.

User Role

Select the user role from the drop-down list. [User], [System Administrator], or [Account Administrator] can be selected. When nothing is selected, [User] is set automatically. For more information on each role, refer to the manual provided with the machine.

Copy Service Access Print Service Access Scan Service Access Fax Service Access Note

Select the use authority for each service from the drop-down list. When nothing is selected, [Free Access] is set automatically.

• When the entered value is invalid, a dialog box appears and indicates which cell and value is wrong. If "[F10] user+" is displayed for example, it means that the value "user+" of F10 cell is invalid. The invalid cell turns into yellow. • The maximum number of accounts to be registered is 31,500.

4

Click [Export] to save the edited user information file to a certain folder of the computer. Note

• The xml format is selected automatically. Do not change the file format.

Register User Information

1

24

Click [Browse] of [Register User Information] or [Add User Information] and select the edited user information file.

Plug-in Settings (for System Adinistrator)

„Register User Information The database is overwritten by the user information file. If there is any data you want to delete, use this function. „Add User Information Registers the user information included in the user information file but not in the database. Important • When you use [Register User Information], be sure to export the latest user information file then edit and register it.

2

• When you register the file that contains only the difference information with [Register User Information], the database’s existing data will be deleted. In this case, use [Add User information].

Click [Import]. Note

• Soon after you click [Import], the change information is registered with the Master Device only. Click [Synchronize Now] to distribute the change to the Slave Devices immediately. For more information on the [Synchronize Now] button, refer to "Synchronize User Information" (P.25).

Synchronize User Information

Click [Synchronize Now] to start the distribution of the change on the plug-in settings screen.

Preferences On [Preferences], you can configure the management settings of this kit. After editing, click [Apply New Settings] on the bottom of the page to apply the setting. „Smart Card Auto Registration

Item

Description

Auto Register Smart Card

Set whether or not to display the screen to associate the smart card with the user information when a user holds up a unregistered smart card. The default value is [Disabled]. For more information, refer to "Register Smart Card" (P.28).

25

Plug-in Settings (for System Adinistrator)

Item

Description

Authentication Settings

Select the authentication method when [Auto Register Smart Card] is enabled. The default value is [Use Customized Login].

Copy Service Access Print Service Access Scan Service Access Fax Service Access

When [Use Active Directory® Server] or [Use Customized Login and ActiveDirectory® Server] is selected for [Authentication Settings], set the default values of the service restriction settings for the user of a newly registered smart card. In the default status, [Fax Service Access] is set to [Prohibit] and the others are [Allow].

Default Domain

When [Use Customized Login and Active Directory® Server] is selected for [Authentication Settings], select the standard domain which users usually use in Smart Card Registration. The default value is [Customized Login]. Note • We recommend to set a machine or server with more users as [Default Domain].

„User Information Editing

Item

Description

Change User Name Display

Set whether or not to allow the users to change his/her own user name using the control panel of the machine. The default value is [Prohibit].

Change E-mail Address

Set whether or not to allow the users to change his/her own e-mail address using the control panel of the machine. The default value is [Prohibit]. For more information, refer to "Edit Own User Information" (P.27).

Delete Smart Card Information

Set whether or not to allow the users to delete his/her own smart card ID on the control panel of the machine. For more information, refer to"Edit Own User Information" (P.27).

„Auto Synchronization Settings

Item Synchronization Interval

Description The auto synchronization starts after an elapse of the last communication between the Master Device and a Slave Device. Set the interval of time between 1 to 1,440 minutes. The default value is [60].

Activity Log Retrieval The [Activity Log Retrieval] screen is used by our service representative to analyze the cause of failure or troubles. The customer does not use this function basically.

26

User Operations (for Users)

User Operations (for Users) This section describes the operations for normal users such as authentication, editing of own user information, and smart card registration. Authentication Procedure.................................................................................................................................27 Edit Own User Information..............................................................................................................................27 Register Smart Card ............................................................................................................................................28

Authentication Procedure The login screen as shown at right is displayed for the machine which uses this kit. The following describes how to login to the machine using this screen. Note

• When this login screen is not displayed, press the button or select the login information field of the touch screen.

Login with Smart Card

1

Hold up a smart card which is associated with your account over the IC card reader. Note

• If you hold up a smart card which is not associated with any user, [Smart Card Registration] is displayed and you can associate a user with the smart card when [Auto Register Smart Card] is set to [Enabled] under [Preferences] of the plug-in setting. For more information, refer to "Register Smart Card" (P.28).

Login without Smart Card

1

Enter your user ID with the numeric keypad or the keyboard displayed on the screen. If a password is set, also enter the password.

2

Select [Login].

Edit Own User Information The following describes how to edit your own user information using the User Info Change Tool.

1

Login the machine by entering user ID and password or holding up the smart card.

2

Select [User Info Change Tool].

27

User Operations (for Users)

3

Edit any option.

[User Info Change Tool] Tab

[Other Settings] Tab

„[User Info Change Tool] Tab Item

Description

Current Password

When you change the password, enter the current password. When the password is not set, remain this field blank.

New Password

When you change the password, enter the new password.

Retype New Password

When you change the password, retype the new password for confirmation.

„[Other Settings] Tab Item User Name

Description When you change the user name, enter the new user name. Note • In the case changing user name is forbidden by the System Administrator, you cannot change the value.

E-mail Address

When you change the e-mail address, enter the new e-mail address. Note • In the case changing e-mail address is forbidden by the System Administrator, you cannot change the value.

Card ID

When your account is associated with a smart card, the smart card ID is displayed. Selecting [Clear] allows you to cancel the association. Note • In the case canceling of association is forbidden by the System Administrator, you cannot select [Clear].

4

Select [Apply Changes]. Note

• [User ID] cannot be changed. • Select [Reset] to restore the old values. The new values are not applied.

Register Smart Card The "Smart Card Registration" feature enables a normal user to associate his/her own user account with a smart card. This helps prevent the System Administrator from registering amount of smart cards.

New Registration „Users Who Have Active Directory Accounts

1 28

Hold up a unregistered smart card over the IC card reader.

User Operations (for Users)

2

Select [Active Directory®Server] for [Domain]. And input your Active Directory ID and password. Then select [Register].

3

Select [Confirm]. For the information on the account information retrieved from the Active Directory, refer to "Active Directory Server Settings" (P.17). The default value of the service access privileges for the Active Directory account users can be changed on the plug-in setting screen. For more information, refer to "Smart Card Auto Registration" (P.25).

„Users Who Do Not Have Active Directory Account (Local Users)

1

Beforehand, make sure a system administrator that your user information (user ID and password) is already registered.

2

Hold up a unregistered smart card over the IC card reader.

3

Select [Local Machine] for [Domain]. And enter your ID and password noticed by the system administrator. And then select [Register].

4

Select [Confirm].

Re-registration of Card If you need to re-register (overwrite) a different smart card which is not the same smart card as you have ever used. Important • The smart card which you have used will be not available.

1

Operate as the same procedures as "New Registration" (P.28).

29

User Operations (for Users)

2

Select [Yes] on the screen appeared.

3

Select [Confirm].

Delete Registered Information Request to your system administrator to delete the user information.

30

Troubleshootings

Troubleshootings This section describes troubles that may occur with your machine while using this service and their solutions. „Error of Plug-in Settings Message

Remedy

Communication error with multifunction device has occurred. Check whether the network is connected, or whether the power is on.

Recover the network connection or turn the machine power on then try again.

Select the file to import.

Click [Browse] to select the file to import and then try again.

Unable to connect to multifunction device. Check Check the input text, network connection, and the the following items: machine power and then try again. - The entered values are correct. - The registered multifunction device exists on the network. - The registered multifunction device power is on. Unable to change settings. If you are changing the Master Device role, specify another Master Device from any of the Slave Device (With Delegated Role).

Open the plug-in setting screen of a Slave Device (With Delegated Role), which is to be the next Master Device, to change the role.

Unable to change the role of the following. Check whether the specified multifunction device(s) is connected to the network, or whether the power is on.

Check the machine to change the role. Recover the network connection or turn the machine power on and then try again.

Unable to connect to the specified multifunction device. Check that the Server-less Authentication Kit is installed in the specified multifunction device.

Install this kit on the machine to register and then try again.

Unable to import settings. Check that the file is correct.

Check the format and size of the file to be imported and then try agan.

Communication error with the following multifunction device(s) has occurred. Check whether the network is connected, or whether the power is on.

Check the machine displayed in the text box. Recover the network connection or turn the machine power on and then try again.

An error has occurred in the multifunction device. Contact our service representative.

„Error of Smart Card Registration and User Info Change Tool Fault Code

Message

Remedy

011 012 013

There is no response from the Microsoft Active Directory. Check the network environment.

Check your network environment and the machine’s communication settings, and then register again.

101 102

Unable to log in to Microsoft Active Directory.

Check your authentication information of the Active Directory, and then register again.

31

Troubleshootings

Fault Code

Message

Remedy

110 202

Unable to register Smart Card.

Register again from the beginning.

201

Unable to verify with Login to Local Accounts.

Enter ID and Password again.

250 251 260 261

Check the network environment.

Check the network and Master Device conditions, and then register again.

252 262

Try again later.

Try again. If the error still is not resolved, contact your system administrator.

253

Unable to register Smart Card. The maximum number of registered users has been reached. Contact your System Administrator.

Request to your system administrator to delete the unnecessary user.

702

This Smart Card has already been registered. Contact your System Administrator.

Request to the smart card administrator to check your smart card.

704

Unable to retrieve multifunction device information. If the error still persists after restarting device, contact your System Administrator.

Register again from the beginning.

706

Unable to use this feature as the initial setup has Request to your system administrator to perform initial setup. not been completed. Request to your System Administrator to perform initial setup.

750

Smart Card is registered to another User ID. Contact your System Administrator.

Request to your system administrator to clear the smart card registration.

751

Incorrect Password.

Check the current password and enter again.

Incorrect Current Password. Enter Current Password again.

32

752

Unable to register Smart Card.

Contact our customer support center.

753

Unable to use this feature as Login Type is not set to Customized Login. Contact your System Administrator.

Request to your system administrator to check the authentication settings.

754

Unable to retrieve the logged-in user information.

Switch the main power and power off and then on. If the error still is not resolved, contact our service representative.

801 802

Unable to register the specified User ID.

Contact our service representative.

901

System error has occurred. Restart the device. If the error still persists, contact your System Administrator.

Switch the main power and power off and then on. If the error still is not resolved, contact our service representative.

-

Incorrect User ID. User ID should contain up to 32 alphanumeric characters and symbols. The following symbols cannot be used. ["], [+], [;], [], [?], [ [ ], [ ] ], [`], [{], [|], [}]

Check your User ID, and then enter again.

-

Incorrect User Name. User Name should contain up to 32 alphanumeric characters and symbols.

Correct the input text of [User Name] and then try again.

Troubleshootings

Fault Code

Message

Remedy

-

Incorrect Password. Password should contain between 4 and 128 alphanumeric characters and symbols.

Correct the input text of [Password] and then try again.

-

Incorrect Password. Enter Password again.

Enter the correct password and then try again.

-

Incorrect E-mail Address. E-mail Address should contain up to 128 alphanumeric characters and symbols.

Correct the input text of [E-mail Address] and then try again.

-

Login failed.

Retype the user ID and password and try again.

-

System error has occurred. Try again later. If the error still persists, contact your System Administrator.

Wait a while and then try again. If the error still is not resolved, contact our service representative.

-

Try again later.

Wait a while and then try again. If the error still is not resolved, contact our service representative.

-

An unspecified error has occurred.

Contact our service representative.

33

Notes and Restrictions

Notes and Restrictions This section describes the notes and restrictions to observe when you use this kit.

34

z

If you use the following User ID, you cannot register the smart card. - [ ] : The User ID which is only a half-wise space. - ["], [+], [;], [], [?], [ [ ], [ ] ], [`], [{], [|], [}], [:], [#], [(], []]: The User ID which contains these symbols.

z

Setting password is not required for the local users but necessary for the Active Directory users. The password can be set from 4 to 128 characters with ASCII code characters. However, you can change even an Active Directory user into no password user after registering the user with the machine by Smart Card Registration,

z

An IP address automatically assigned by DHCP is not available. Use a static IP address.

z

If you use the second-hand smart card, a system administrator need to delete the user information of the card before a new user gets the second-hand card.

z

You cannot be re-register to the different domain if you once registered.

z

The Active Directory Server is supported on ApeosPort series models. The machine with no support of Active Directory, settings of the Active Directory do not appear.

z

The following services and accessories cannot be used with this kit. - Smart WelcomEyes Advance - Smart WelcomEyes Advance 2 - The services which require the login type other than [Login to Local Accounts] - IC Card Reader - Authentication Controller

z

This kit is not available when [Network Accounting] is selected in [Accounting Type].

z

If two smart cards are registered at almost the same time with the same user ID, the later one becomes valid.

z

The changes made by "Smart Card Registration" or "User Info Change Tool" are distributed to all the Slave Devices one by one after registered in the Master Device's database. It may take time before the distribution completes when many machines are connected. If the changes are not applied to the Slave Devices after a certain moment, try the following operations: - Click [Synchronize Now] on [User Information Registration] of the plug-in setting screen of the Master Device. - If the operation above does not works, check if the changes are applied to the Master Device.

z

The user information cannot be changed using Device Setup and ApeosWare Management Suite.

Index

Index A

T

Active Directory .............................................. 17, 28

tool for setting user information ............................ 22

Activity Log .......................................................... 26 Add User Information ........................................... 25

U

authentication feature .................................... 15, 27 Auto Register Smart Card ...................................... 25

User Info Change Tool .................................... 15, 27

D

X

delete ................................................................... 21

xlsm format .................................................... 16, 22 xml format ................................................ 22, 23, 24

E Export .................................................................. 23

I Import ................................................................. 25

M Multifunction Device Registration .......................... 19

P plug-in settings ............................................... 15, 18 Preferences ........................................................... 25

R Register New Device ............................................. 19 Register User Information ..................................... 25 Register Using IPv4 ............................................... 20 Register Using URL ............................................... 20

S Server-less Authentication Kit ................................ 15 Smart Card Registration .................................. 15, 28 Synchronization Interval ....................................... 26 Synchronize User Information ............................... 25

35

Server-less Authentication Kit User Guide Fuji Xerox Co., Ltd.

ME7693E2-1 (Edition 1) September 2015 Copyright © 2015 by Fuji Xerox Co., Ltd.