[2019.04.20]かごもく #19 シングルサインオン! - 認証よくわかってないから、色々試してみた♪

by KUSOKAMAYAROU

Slide 1

Slide 1 text

ೝূΑ͘Θ͔ͬͯͳ͍͔Βɺ ৭ʑࢼͯ͠Έͨ̇ ͔͝΋͘ #19 γϯάϧαΠϯΦϯ! גࣜձࣾ ݱ৔αϙʔτ ্佂 ޾େ 2019.04.20

Slide 2

Slide 2 text

ࣗݾ঺հ • ্佂 ޾େ (řŚŜŵ ŻŝűƁ) • @kusokamayarou • ग़਎ / ॴࡏɿࣛࣇౡݝປ࡚ࢢ • 2012೥ʹ౦ژ͔Β̪λʔϯͰݱ৬ɻ2018೥͔ΒςϨϫʔΫɻ • 2018೥͔ΒɺJAWS-UG ࣛࣇౡ ίΞϝϯόʔɻ • ޷͖ͳ͜ͱɿՈ଒ɾԹઘɾອըΛಡΉ͜ͱɾྉཧͳͲ

Slide 3

Slide 3 text

໨࣍ 1. ·ͣɺ࠷ॳʹ… 2. ೝূͬͯԿʁ 3. OpenAM ͱ cybozu.com Ͱ SAML Λࢼ͢ 4. python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢ 5. JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢ 6. iOS Ͱ Amazon Cognito User Pool Λࢼ͢ 7. ·ͱΊ

Slide 4

Slide 4 text

·ͣɺ࠷ॳʹ…

Slide 5

Slide 5 text

ઌʹँ͓͖ͬͯ·͢!!

Slide 6

Slide 6 text

৭ʑࢼ͠·͕ͨ͠…

Slide 7

Slide 7 text

ೝূͷ͜ͱɺ ͋Μ·Γࣗ৴ͳ͍…

Slide 8

Slide 8 text

΍ͬͺΓ Α͘Θ͔Μͳ͍!!

Slide 9

Slide 9 text

ͳͷͰ ؒҧͬͯͨΒ ͝ΊΜͳ͍͞

Slide 10

Slide 10 text

ೝূͬͯԿʁ

Slide 11

Slide 11 text

άάͬͯԼ͍͞!!

Slide 12

Slide 12 text

ͦ Ε ͡ Ό ࿩ ͕ ऴ Θ ͬ ͪ Ό ͏ ϒϥοΫδϟοΫʹΑΖ͘͠ ࠤ౻लๆ Ͱ ͠ ΐ ͏ ͕ ᴺ ο

Slide 13

Slide 13 text

ͱ͍͏༁ʹ΋ ͍͔ͳ͍ͷͰ …

Slide 14

Slide 14 text

ࠓ೔͓࿩͢Δ͜ͱʹؔͯ͠ɺ ؆୯ʹ… • SAML

Slide 15

Slide 15 text

SAML (Security Assertion Markup Language) • IdP (Identity Provider) • ೝূ৘ใΛఏڙ͢Δଆ • OpenIDͩͱɺOP (OpenID Provider) • SP (Service Provider) • ೝূ৘ใΛར༻͢Δଆ • OpenIDͩͱɺRP (Relying Party) • ϑΣσϨʔγϣϯ (Federation) • …࿈߹ɺಉໍɺ࿈๜੓෎ɺ࿈߹૊߹ձɺ࿈ໍ

Slide 16

Slide 16 text

ŲŐũƄƀŖŢŔƃ SAMLᶃ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ) 41 *E1 $PPLJFΛ֬ೝ ೝূ0,

Slide 17

Slide 17 text

ŲŐũƄƀŖŢŔƃ SAMLᶄ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ) 41 *E1 $PPLJFΛ֬ೝ ೝূ/( ೝূ0, ɾšŖűƄţ ɾ*% ŸŖſŗŪƄƀţ

Slide 18

Slide 18 text

ŲŐũƄƀŖŢŔƃ SAMLᶅ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ) 41 *E1 $PPLJFΛ֬ೝ ೝূ/( ೝূ/( ೝূ0, $PPLJFΛ֬ೝ ೝূ0, ɾšŖűƄţ ɾ*% ŸŖſŗŪƄƀţ

Slide 19

Slide 19 text

OpenAM ͱ cybozu.com Ͱ SAML Λࢼ͢

Slide 20

Slide 20 text

OpenAM @ ForgeRock • OpenAM - Wikipedia • OpenAMͬͯͳʹʁ - Qiita • ForgeRock Backstage • Idp ΋ SP ΋Մɻ •

Slide 21

Slide 21 text

cybozu.com @ αΠϘ΢ζ • αΠϘ΢ζͷΫϥ΢υαʔϏεʹ͍ͭͯɹ cybozu.com • SAMLೝূͷઃఆ - cybozu.com ϔϧϓ • αΠϘ΢ζגࣜձࣾ • SP ͷΈɻ •

Slide 22

Slide 22 text

ŲŐũƄƀŖŢŔƃ SAMLᶆ (OpenAM - cybozu.com) 41 *E1

Slide 23

Slide 23 text

OpenAM ͱ cybozu.com Ͱ SAML Λࢼ͢ • Amazon Linux ʹ OpenAM ΛΠϯετʔ ϧͯ͠ΈΔ - Qiita • OpenAM ͱ cybozu.com ͷ SAML ೝূΛ ֬ೝͯ͠ΈΔ - Qiita •

Slide 24

Slide 24 text

python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢

Slide 25

Slide 25 text

pysaml2 @ IdentityPython • IdentityPython/pysaml2: Python implementation of SAML2 • Idp ΋ SP ΋Մɻ •

Slide 26

Slide 26 text

ŲŐũƄƀŖŢŔƃ SAMLᶇ (OpenAM - pysaml2) 41 *E1 QZTBNM

Slide 27

Slide 27 text

python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢ • python (pysaml2) ͔Β cybozu.com ͷ SAML ೝূΛ֬ೝͯ͠ΈΔ - Qiita •

Slide 28

Slide 28 text

JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢

Slide 29

Slide 29 text

Amazon Cognito User Pool @ AWS • Amazon Cognito Ϣʔβʔϓʔϧ - Amazon Cognito • AWS Black Belt Online Seminar 2017 Amazon Cognito • AWS Black Belt Online Seminar 2016 Amazon Cognito • AWS Black Belt Online Seminar 2015 Amazon Cognito • AWS Cognitoʹ͍ͭͯௐ΂ͯΈͨ - Qiita • SP ͷΈɻ

Slide 30

Slide 30 text

ŲŐũƄƀŖŢŔƃ Amazon Cognito User Pool (Javascript) 41 *E1 "NB[PO$PHOJUP 6TFS1PPM ɾೝূػೳ "NB[PO$PHOJUP *EFOUJUZ1PPM ɾೝՄػೳ ˞֤छ"84Ϧιʔε ˞֎෦*%ϓϩόΠμ

Slide 31

Slide 31 text

JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢ • Amazon Cognito UserPools Λ JavaScript ͔Β࢖ͬͯΈΔ - Qiita •

Slide 32

Slide 32 text

iOS Ͱ Amazon Cognito User Pool Λࢼ͢

Slide 33

Slide 33 text

ŲŐũƄƀŖŢŔƃ Amazon Cognito User Pool (iOS) 41 *E1 "NB[PO$PHOJUP 6TFS1PPM ɾೝূػೳ "NB[PO$PHOJUP *EFOUJUZ1PPM ɾೝՄػೳ ˞֤छ"84Ϧιʔε ˞֎෦*%ϓϩόΠμ

Slide 34

Slide 34 text

iOS Ͱ Amazon Cognito User Pool Λࢼ͢ • Amazon Cognito UserPools Λ iOS ͔Β࢖ͬͯΈΔ - Qiita •

Slide 35

Slide 35 text

·ͱΊ

Slide 36

Slide 36 text

·ͱΊᶃ • ๯಄ʹ΋ॻ͖·͕ͨ͠ɺೝূ΍ͬͺΓ೉͍͠Ͱ͢…ɻ • ࢲ΋৭ʑௐ΂ͨΓɺࢼͨ͠Γ͠·͕ͨ͠…ɺͳ͔ͳ͔ࡉ͔͍ͱ͜ Ζ·Ͱཧղ͢Δͷ͸…ɻ • ͨͩɺ΍͸ΓΤϯδχΞΒ͘͠ɺखΛಈ͔͢ͷ͕Ұ൪ͩͱࢥ͍· ͢ɻ • ࠓճ͝঺հͨ͠ɺOpenAM ΍ pysaml2 ͳͲͷ OSS ͸ɺσόοά ͰτʔΫϯͷ΍ΓऔΓ΍ϓϩτίϧͷྲྀΕΛ֬ೝͰ͖ͯྑ͍Μ ͡Όͳ͍͔ͱࢥ͍·͢ɻ

Slide 37

Slide 37 text

·ͱΊᶄ • ͨͩɺϓϩμΫτΛ։ൃ͢ΔͷͰ͋Ε͹ɺOSS Λར༻ͨ͠Γɺθϩ͔Β಺੡͢ ΔΑΓ͸ɺAWS ΍ GCP ͳͲͷύϒϦοΫΫϥ΢υΛར༻͢Δํ͕ྑ͍Μ͡Ό ͳ͍͔ɺͱݸਓతʹ͸ࢥ͍ͬͯ·͢ɻ • ։ൃɾӡ༻ͷίετ࡟ݮɺεέʔϦϯάɺϏοάαʔϏεͰͷར༻อূɺϝʔ ϧ΍SMSͷऔΓѻ͍ɺTFAͳͲɺϞόΠϧΞϓϦͱͷ૬ੑ͕ྑ͍༷ʹࢥ͍· ͢ɻ • ಛʹɺ֤छ৘ใϦιʔεΛύϒϦοΫΫϥ΢υʹ֨ೲ͍ͯ͠ΔͷͰ͋Ε͹ɺར ༻ͨ͠ํ͕ྑ͍ؾ͕͠·͢ɻ • Ͱ΋ɺϊ΢ϋ΢ແ͔ͬͨΓ͢Δͱɺ৭ʑϋϚΔ৔໘΋ͦΕͳΓʹ͋Δ͔΋…ɻ

Slide 38

Slide 38 text

͓஌Βͤ

Slide 39

Slide 39 text

ݱ৔αϙʔτ • HP - גࣜձࣾݱ৔αϙʔτ • Facebook - ʢגʣݱ৔αϙʔτ - ϗʔϜ • ϑΥϩʔ͓ئ͍͠·͢ɻ • HP - ݱ৔Ϋϥ΢υ Conne ʢίϯωʣ • ʮݐઃۀͷνʔϜϫʔΫΛΑΓڧ͘ɻΑΓεϜʔζʹɻʯ • ৽͘͠ݐઃۀք޲͚ͷۀ຿ίϛϡχέʔγϣϯαʔϏεΛల։͓ͯ͠Γ·͢ • Ԡԉɾ͝ڠྗͷఔɺΑΖ͓͘͠ئ͍͠·͢ɻ

Slide 40

Slide 40 text

ίϛϡχςΟ • JAWS-UG ࣛࣇౡ • JAWS-UGࣛࣇౡ | Doorkeeper ɺFacebook - AWS User Group - ࣛࣇౡ • CoderDojo ࣛࣇౡ • CoderDojoࣛࣇౡ - connpass ɺFacebook - CoderDojo ࣛࣇౡ • ্هίϛϡχςΠʹͯఆظతʹΠϕϯτΛ։࠵͓ͯ͠Γ·̇͢ • ͝౎߹ΑΖ͚͠Ε͹ɺ͓ؾܰʹ͝ࢀՃ͍ͩ͘͞ɻ

Slide 41

Slide 41 text

kusokamayarou • kusokamayarou - facebook • kusokamayarou | Twitter • kusokamayarou - Qiita • kusokamayarou - GitHub • ࣛࣇౡࢢͷاۀʹۈΊͯɺປ࡚ͰςϨϫʔΫͯ͠Δ IT ΤϯδχΞͬΆ͍ਓͷϒ ϩά | ͸ͯͳϒϩά • ίϛϡχςΟʹؔ͢Δ͜ͱ΍ٕज़తͳ Tips ͳͲ౤ߘͨ͠Γͯ͠·͢ɻ • ݟ͔͚ͨΒɺʮΞΠπ͕ॻ͍ͯΜͩͳʯͱࢥͬͯ௖͚Δͱخ͍͠Ͱ͢ɻ

Slide 42

Slide 42 text

࠷ޙʹ

Slide 43

Slide 43 text

ࠓճ͜ͷ༷ͳܗͰ͓࿩͢ΔػձΛ௖͚ͨ͜ ͱɺඇৗʹ͋Γ͕ͨ͘ࢥ͓ͬͯΓ·͢ɻ ੓૔͞ΜΛ͸͡Ίɺ͔͝΂Μ ŠŶœŬũŎͷํʑ TUKUDDO ͷํʑ ฐࣾͷϝϯό ͦͯ͠ɺࠓ೔͓ӽ͠௖͍ͨࢀՃऀͷօ༷ Ͳ͏΋͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ