[2019.04.20]かごもく #19 シングルサインオン! - 認証よくわかってないから、色々試してみた♪

[2019.04.20]かごもく #19 シングルサインオン! - 認証よくわかってないから、色々試してみた♪

Amazon Linux に OpenAM をインストールしてみる - Qiita
https://qiita.com/kusokamayarou/items/3ed839a7e51b8137b87a

OpenAM と cybozu.com の SAML 認証を確認してみる - Qiita
https://qiita.com/kusokamayarou/items/94df119cd5e821c8876f

python (pysaml2) から cybozu.com の SAML 認証を確認してみる - Qiita
https://qiita.com/kusokamayarou/items/9689ab6e2629f02a9124

Amazon Cognito UserPools を JavaScript から使ってみる - Qiita
https://qiita.com/kusokamayarou/items/60bcf9d16ce0df93b0ea

Amazon Cognito UserPools を iOS から使ってみる - Qiita
https://qiita.com/kusokamayarou/items/b829d261b5e23bb1fc5f

C4468f4bf6d84f4b10b4fb2a5ad9fa12?s=128

KUSOKAMAYAROU

April 20, 2019
Tweet

Transcript

  1. 2.

    ࣗݾ঺հ • ্佂 ޾େ (řŚŜŵ ŻŝűƁ) • @kusokamayarou • ग़਎

    / ॴࡏɿࣛࣇౡݝປ࡚ࢢ • 2012೥ʹ౦ژ͔Β̪λʔϯͰݱ৬ɻ2018೥͔ΒςϨϫʔΫɻ • 2018೥͔ΒɺJAWS-UG ࣛࣇౡ ίΞϝϯόʔɻ • ޷͖ͳ͜ͱɿՈ଒ɾԹઘɾອըΛಡΉ͜ͱɾྉཧͳͲ  
  2. 3.

    ໨࣍ 1. ·ͣɺ࠷ॳʹ… 2. ೝূͬͯԿʁ 3. OpenAM ͱ cybozu.com Ͱ

    SAML Λࢼ͢ 4. python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢ 5. JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢ 6. iOS Ͱ Amazon Cognito User Pool Λࢼ͢ 7. ·ͱΊ  
  3. 12.

      ͦ Ε ͡ Ό ࿩ ͕ ऴ Θ

    ͬ ͪ Ό ͏ ϒϥοΫδϟοΫʹΑΖ͘͠ ࠤ౻लๆ Ͱ ͠ ΐ ͏ ͕ ᴺ ο 
  4. 15.

    SAML (Security Assertion Markup Language) • IdP (Identity Provider) •

    ೝূ৘ใΛఏڙ͢Δଆ • OpenIDͩͱɺOP (OpenID Provider) • SP (Service Provider) • ೝূ৘ใΛར༻͢Δଆ • OpenIDͩͱɺRP (Relying Party) • ϑΣσϨʔγϣϯ (Federation) • …࿈߹ɺಉໍɺ࿈๜੓෎ɺ࿈߹૊߹ձɺ࿈ໍ  
  5. 17.

    ŲŐũƄƀŖŢŔƃ SAMLᶄ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ)   41

    *E1 $PPLJFΛ֬ೝ ೝূ/( ೝূ0, ɾšŖűƄţ ɾ*% ŸŖſŗŪƄƀţ
  6. 18.

    ŲŐũƄƀŖŢŔƃ SAMLᶅ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ)   41

    *E1 $PPLJFΛ֬ೝ ೝূ/( ೝূ/( ೝূ0, $PPLJFΛ֬ೝ ೝূ0, ɾšŖűƄţ ɾ*% ŸŖſŗŪƄƀţ
  7. 20.

    OpenAM @ ForgeRock • OpenAM - Wikipedia • OpenAMͬͯͳʹʁ -

    Qiita • ForgeRock Backstage • Idp ΋ SP ΋Մɻ •  
  8. 23.

    OpenAM ͱ cybozu.com Ͱ SAML Λࢼ͢ • Amazon Linux ʹ

    OpenAM ΛΠϯετʔ ϧͯ͠ΈΔ - Qiita • OpenAM ͱ cybozu.com ͷ SAML ೝূΛ ֬ೝͯ͠ΈΔ - Qiita •  
  9. 27.

    python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢ • python (pysaml2)

    ͔Β cybozu.com ͷ SAML ೝূΛ֬ೝͯ͠ΈΔ - Qiita •  
  10. 29.

    Amazon Cognito User Pool @ AWS • Amazon Cognito Ϣʔβʔϓʔϧ

    - Amazon Cognito • AWS Black Belt Online Seminar 2017 Amazon Cognito • AWS Black Belt Online Seminar 2016 Amazon Cognito • AWS Black Belt Online Seminar 2015 Amazon Cognito • AWS Cognitoʹ͍ͭͯௐ΂ͯΈͨ - Qiita • SP ͷΈɻ  
  11. 30.

    ŲŐũƄƀŖŢŔƃ Amazon Cognito User Pool (Javascript)   41 *E1

    "NB[PO$PHOJUP 6TFS1PPM ɾೝূػೳ "NB[PO$PHOJUP *EFOUJUZ1PPM ɾೝՄػೳ ˞֤छ"84Ϧιʔε ˞֎෦*%ϓϩόΠμ
  12. 31.

    JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢ • Amazon Cognito

    UserPools Λ JavaScript ͔Β࢖ͬͯΈΔ - Qiita •  
  13. 33.

    ŲŐũƄƀŖŢŔƃ Amazon Cognito User Pool (iOS)   41 *E1

    "NB[PO$PHOJUP 6TFS1PPM ɾೝূػೳ "NB[PO$PHOJUP *EFOUJUZ1PPM ɾೝՄػೳ ˞֤छ"84Ϧιʔε ˞֎෦*%ϓϩόΠμ
  14. 34.

    iOS Ͱ Amazon Cognito User Pool Λࢼ͢ • Amazon Cognito

    UserPools Λ iOS ͔Β࢖ͬͯΈΔ - Qiita •  
  15. 35.
  16. 37.

    ·ͱΊᶄ • ͨͩɺϓϩμΫτΛ։ൃ͢ΔͷͰ͋Ε͹ɺOSS Λར༻ͨ͠Γɺθϩ͔Β಺੡͢ ΔΑΓ͸ɺAWS ΍ GCP ͳͲͷύϒϦοΫΫϥ΢υΛར༻͢Δํ͕ྑ͍Μ͡Ό ͳ͍͔ɺͱݸਓతʹ͸ࢥ͍ͬͯ·͢ɻ •

    ։ൃɾӡ༻ͷίετ࡟ݮɺεέʔϦϯάɺϏοάαʔϏεͰͷར༻อূɺϝʔ ϧ΍SMSͷऔΓѻ͍ɺTFAͳͲɺϞόΠϧΞϓϦͱͷ૬ੑ͕ྑ͍༷ʹࢥ͍· ͢ɻ • ಛʹɺ֤छ৘ใϦιʔεΛύϒϦοΫΫϥ΢υʹ֨ೲ͍ͯ͠ΔͷͰ͋Ε͹ɺར ༻ͨ͠ํ͕ྑ͍ؾ͕͠·͢ɻ • Ͱ΋ɺϊ΢ϋ΢ແ͔ͬͨΓ͢Δͱɺ৭ʑϋϚΔ৔໘΋ͦΕͳΓʹ͋Δ͔΋…ɻ
  17. 39.

    ݱ৔αϙʔτ • HP - גࣜձࣾݱ৔αϙʔτ • Facebook - ʢגʣݱ৔αϙʔτ -

    ϗʔϜ • ϑΥϩʔ͓ئ͍͠·͢ɻ • HP - ݱ৔Ϋϥ΢υ Conne ʢίϯωʣ • ʮݐઃۀͷνʔϜϫʔΫΛΑΓڧ͘ɻΑΓεϜʔζʹɻʯ • ৽͘͠ݐઃۀք޲͚ͷۀ຿ίϛϡχέʔγϣϯαʔϏεΛల։͓ͯ͠Γ·͢ • Ԡԉɾ͝ڠྗͷఔɺΑΖ͓͘͠ئ͍͠·͢ɻ  
  18. 40.

    ίϛϡχςΟ • JAWS-UG ࣛࣇౡ • JAWS-UGࣛࣇౡ | Doorkeeper ɺFacebook -

    AWS User Group - ࣛࣇౡ • CoderDojo ࣛࣇౡ • CoderDojoࣛࣇౡ - connpass ɺFacebook - CoderDojo ࣛࣇౡ • ্هίϛϡχςΠʹͯఆظతʹΠϕϯτΛ։࠵͓ͯ͠Γ·̇͢ • ͝౎߹ΑΖ͚͠Ε͹ɺ͓ؾܰʹ͝ࢀՃ͍ͩ͘͞ɻ  
  19. 41.

    kusokamayarou • kusokamayarou - facebook • kusokamayarou | Twitter •

    kusokamayarou - Qiita • kusokamayarou - GitHub • ࣛࣇౡࢢͷاۀʹۈΊͯɺປ࡚ͰςϨϫʔΫͯ͠Δ IT ΤϯδχΞͬΆ͍ਓͷϒ ϩά | ͸ͯͳϒϩά • ίϛϡχςΟʹؔ͢Δ͜ͱ΍ٕज़తͳ Tips ͳͲ౤ߘͨ͠Γͯ͠·͢ɻ • ݟ͔͚ͨΒɺʮΞΠπ͕ॻ͍ͯΜͩͳʯͱࢥͬͯ௖͚Δͱخ͍͠Ͱ͢ɻ