Configure Authentication Agent

Use the Authentication Agent Configuration Tool to specify the RICOH SLNX Authentication Proxy servers for which the RICOH SLNX Authentication Agent performs authentication tasks. The RICOH SLNX Authentication Agent should be pointed directly to one or more RICOH SLNX Authentication Proxy servers, not via a load balancer.

The configuration tool is also used to specify the client certificate used by the RICOH SLNX Authentication Agent. The certificate can also be installed using the Management Console and associated with any authentication profiles for which RICOH SLNX Authentication Agent can perform authentication.

A client certificate should be created beforehand. For details, see Request Client Certificate for Authentication Agent

Request Client Certificate for Authentication Agent

Create the client certificate used by the RICOH SLNX Authentication Agent using the Authentication Agent Certificate Tool.

The Authentication Agent Certificate Tool is stored in the following path in the installation media:

\Tools\AuthAgentCertTool.zip

  • To use the Authentication Agent Certificate Tool, you must log in to the computer as a user with the privilege to issue a certificate.
  • The template must be created in the Certificate Authority on the server beforehand. Create a template providing the read, enroll, and autoenroll permissions to the user who uses the template.

  1. Unzip "AuthAgentCertTool.zip".

  1. Double click "AuthAgentCertTool.exe".

  2. In [Request Certificate], enter the template name registered in Certificate Authority.

  3. Enter the password for the certificate, and then enter the password again to confirm.

  4. Click [Request Certificate].

If a template with the same name has already been retrieved, a confirmation message asking to overwrite the existing file or cancel the request is displayed.

When the request succeeds, the certificate is added to the [Export Certificate] list, and the client certificate is created in the "Tool executing folder\repository" folder.

The format of the certificate file is "Template name.cer" or "Template name.pfx". If the request fails, an error message with an error code is displayed.

  1. Select the certificate to export from the drop-down list under [Export Certificate].

  2. Click [Export .cer for Admin console].

A certificate without the private key is exported to the specified folder.

This file needs to be imported by the Management Console and associated with the authentication profile.

  1. Click [Export .pfx for Authentication Agent].

A certificate with the private key is exported to the specified folder.

This file must be imported using the Authentication Agent Configuration Tool. The Multiple Authentication Agent can use the same pfx file.

Configure using Authentication Agent Configuration Tool

The client certificate installed via the tool must contain the private key.

  1. Start the Authentication Agent Configuration Tool.

The Authentication Agent Configuration Tool can be found in the start menu or in the following path:

(Installation path of RICOH SLNX Authentication Agent Service)\tools\AuthAgentConfigTool

  1. Specify the URLs of the RICOH SLNX Authentication Proxy servers.

  • Add: Click to add new URLs. URLs for all RICOH SLNX Authentication Proxy servers for which the RICOH SLNX Authentication Agent performs authentication tasks must be specified. URL format is https:// (server IP or FQDN):(server port number).

  • Edit: Click to edit the registered URLs.

  • Delete: Click to delete the registered URLs.

  1. Click [Import Certificate] to import the client certificate.

After imported, the client certificate information (Issuer, Validity Start Date, Validity End Date, and Fingerprint) is displayed. A password maybe required to import the certificate, please provide the correct password.

  1. When the setting is complete, click [Save].

Please import the certificates one at a time. You may need to restart the Authentication Proxy Service after configuring the Authentication Agent.

Importing the client certificate using Management Console

When importing the client certificate using the Management Console, it must not contain the private key.

  1. Use a web browser to navigate to the following URL and access the Management Console.

  • When not using SSL

http://(IP-address-or-hostname-of-Core Server):(port-number)/index.html

  • When using SSL

https://(IP-address-or-hostname-of-Core Server):(port-number)/index.html

  1. Log in with a user name and password.

  2. Click the following items in the navigation tree to open the [Authentication Agent] tab.

[System] [Security] [Authentication Agent]

  1. Click (Add).

  2. Specify the name of the client certificate, click [Browse] to select the client certificate file, and then press [Import].

After imported, the client certificate information (Issuer, Validity Start Date, Validity End Date, and Fingerprint) is displayed in the certificate list.

  1. Click (Save).

  2. Click [Authentication Profile] in the navigation tree to open the [Authentication Profile] tab.

  3. Click the [Auth Proxy] tab.

  4. Select the RICOH SLNX Authentication Agent client certificate to assign to the authentication profile from the [Not Assigned Agent] list and add it to the [Assigned Agent] list.

  5. Select the name of the authentication profile that has been added to the list, and then [Check Connection].

The connection to the LDAP server from the Core Server via RICOH SLNX Authentication Proxy and the RICOH SLNX Authentication Agent is checked.