[2019.04.20]かごもく #19 シングルサインオン! - 認証よくわかってないから、色々試してみた♪

Transcript

1. ೝূΑ͘Θ͔ͬͯͳ͍͔Βɺ ৭ʑࢼͯ͠Έͨ̇ ͔͝΋͘ #19 γϯάϧαΠϯΦϯ! גࣜձࣾ ݱ৔αϙʔτ ্佂 ޾େ 2019.04.20

   
   

2. ࣗݾ঺հ • ্佂 ޾େ (řŚŜŵ ŻŝűƁ) • @kusokamayarou • ग़਎

   / ॴࡏɿࣛࣇౡݝປ࡚ࢢ • 2012೥ʹ౦ژ͔Β̪λʔϯͰݱ৬ɻ2018೥͔ΒςϨϫʔΫɻ • 2018೥͔ΒɺJAWS-UG ࣛࣇౡ ίΞϝϯόʔɻ • ޷͖ͳ͜ͱɿՈ଒ɾԹઘɾອըΛಡΉ͜ͱɾྉཧͳͲ
   

3. ໨࣍ 1. ·ͣɺ࠷ॳʹ… 2. ೝূͬͯԿʁ 3. OpenAM ͱ cybozu.com Ͱ

   SAML Λࢼ͢ 4. python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢ 5. JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢ 6. iOS Ͱ Amazon Cognito User Pool Λࢼ͢ 7. ·ͱΊ
   

4. ·ͣɺ࠷ॳʹ…

5. ઌʹँ͓͖ͬͯ·͢!!
   

6. ৭ʑࢼ͠·͕ͨ͠…
   

7. ೝূͷ͜ͱɺ ͋Μ·Γࣗ৴ͳ͍…
   

8. ΍ͬͺΓ Α͘Θ͔Μͳ͍!!
   

9. ͳͷͰ ؒҧͬͯͨΒ ͝ΊΜͳ͍͞
   

10. ೝূͬͯԿʁ

11. άάͬͯԼ͍͞!!
    

12. 
     ͦ Ε ͡ Ό ࿩ ͕ ऴ Θ

    ͬ ͪ Ό ͏ ϒϥοΫδϟοΫʹΑΖ͘͠
    ࠤ౻लๆ Ͱ ͠ ΐ ͏ ͕
    ᴺ ο 

13. ͱ͍͏༁ʹ΋ ͍͔ͳ͍ͷͰ …
    

14. ࠓ೔͓࿩͢Δ͜ͱʹؔͯ͠ɺ ؆୯ʹ… • SAML
    

15. SAML (Security Assertion Markup Language) • IdP (Identity Provider) •

    ೝূ৘ใΛఏڙ͢Δଆ • OpenIDͩͱɺOP (OpenID Provider) • SP (Service Provider) • ೝূ৘ใΛར༻͢Δଆ • OpenIDͩͱɺRP (Relying Party) • ϑΣσϨʔγϣϯ (Federation) • …࿈߹ɺಉໍɺ࿈๜੓෎ɺ࿈߹૊߹ձɺ࿈ໍ
    

16. ŲŐũƄƀŖŢŔƃ SAMLᶃ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ)
     41

    *E1 $PPLJF
    Λ֬ೝ
    ೝূ
    0,
    

17. ŲŐũƄƀŖŢŔƃ SAMLᶄ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ)
     41

    *E1 $PPLJF
    Λ֬ೝ
    ೝূ
    /(
     ೝূ
    0,
     ɾšŖűƄţ
    ɾ*% ŸŖſŗŪƄƀţ

18. ŲŐũƄƀŖŢŔƃ SAMLᶅ (IdP ͱ SP ͱ ϑΣσϨʔγϣϯ)
     41

    *E1 $PPLJF
    Λ֬ೝ
    ೝূ
    /(
     ೝূ
    /(
     ೝূ
    0,
     $PPLJF
    Λ֬ೝ
    ೝূ
    0,
     ɾšŖűƄţ
    ɾ*% ŸŖſŗŪƄƀţ

19. OpenAM ͱ cybozu.com Ͱ SAML Λࢼ͢

20. OpenAM @ ForgeRock • OpenAM - Wikipedia • OpenAMͬͯͳʹʁ -

    Qiita • ForgeRock Backstage • Idp ΋ SP ΋Մɻ •
    

21. cybozu.com @ αΠϘ΢ζ • αΠϘ΢ζͷΫϥ΢υαʔϏεʹ͍ͭͯɹ cybozu.com • SAMLೝূͷઃఆ - cybozu.com

    ϔϧϓ • αΠϘ΢ζגࣜձࣾ • SP ͷΈɻ •
    

22. ŲŐũƄƀŖŢŔƃ SAMLᶆ (OpenAM - cybozu.com)
     41 *E1

23. OpenAM ͱ cybozu.com Ͱ SAML Λࢼ͢ • Amazon Linux ʹ

    OpenAM ΛΠϯετʔ ϧͯ͠ΈΔ - Qiita • OpenAM ͱ cybozu.com ͷ SAML ೝূΛ ֬ೝͯ͠ΈΔ - Qiita •
    

24. python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢

25. pysaml2 @ IdentityPython • IdentityPython/pysaml2: Python implementation of SAML2 •

    Idp ΋ SP ΋Մɻ •
    

26. ŲŐũƄƀŖŢŔƃ SAMLᶇ (OpenAM - pysaml2)
     41 *E1 QZTBNM

27. python (pysaml2) ͱ cybozu.com Ͱ SAML Λࢼ͢ • python (pysaml2)

    ͔Β cybozu.com ͷ SAML ೝূΛ֬ೝͯ͠ΈΔ - Qiita •
    

28. JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢

29. Amazon Cognito User Pool @ AWS • Amazon Cognito Ϣʔβʔϓʔϧ

    - Amazon Cognito • AWS Black Belt Online Seminar 2017 Amazon Cognito • AWS Black Belt Online Seminar 2016 Amazon Cognito • AWS Black Belt Online Seminar 2015 Amazon Cognito • AWS Cognitoʹ͍ͭͯௐ΂ͯΈͨ - Qiita • SP ͷΈɻ
    

30. ŲŐũƄƀŖŢŔƃ Amazon Cognito User Pool (Javascript)
     41 *E1

    "NB[PO
    $PHOJUP
    6TFS
    1PPM
    ɾೝূػೳ "NB[PO
    $PHOJUP
    *EFOUJUZ
    1PPM
    ɾೝՄػೳ
    ˞֤छ"84Ϧιʔε
    ˞֎෦*%ϓϩόΠμ

31. JavaScript Ͱ Amazon Cognito User Pool Λࢼ͢ • Amazon Cognito

    UserPools Λ JavaScript ͔Β࢖ͬͯΈΔ - Qiita •
    

32. iOS Ͱ Amazon Cognito User Pool Λࢼ͢

33. ŲŐũƄƀŖŢŔƃ Amazon Cognito User Pool (iOS)
     41 *E1

    "NB[PO
    $PHOJUP
    6TFS
    1PPM
    ɾೝূػೳ "NB[PO
    $PHOJUP
    *EFOUJUZ
    1PPM
    ɾೝՄػೳ
    ˞֤छ"84Ϧιʔε
    ˞֎෦*%ϓϩόΠμ

34. iOS Ͱ Amazon Cognito User Pool Λࢼ͢ • Amazon Cognito

    UserPools Λ iOS ͔Β࢖ͬͯΈΔ - Qiita •
    

35. ·ͱΊ

36. ·ͱΊᶃ • ๯಄ʹ΋ॻ͖·͕ͨ͠ɺೝূ΍ͬͺΓ೉͍͠Ͱ͢…ɻ • ࢲ΋৭ʑௐ΂ͨΓɺࢼͨ͠Γ͠·͕ͨ͠…ɺͳ͔ͳ͔ࡉ͔͍ͱ͜ Ζ·Ͱཧղ͢Δͷ͸…ɻ • ͨͩɺ΍͸ΓΤϯδχΞΒ͘͠ɺखΛಈ͔͢ͷ͕Ұ൪ͩͱࢥ͍· ͢ɻ •

    ࠓճ͝঺հͨ͠ɺOpenAM ΍ pysaml2 ͳͲͷ OSS ͸ɺσόοά ͰτʔΫϯͷ΍ΓऔΓ΍ϓϩτίϧͷྲྀΕΛ֬ೝͰ͖ͯྑ͍Μ ͡Όͳ͍͔ͱࢥ͍·͢ɻ

37. ·ͱΊᶄ • ͨͩɺϓϩμΫτΛ։ൃ͢ΔͷͰ͋Ε͹ɺOSS Λར༻ͨ͠Γɺθϩ͔Β಺੡͢ ΔΑΓ͸ɺAWS ΍ GCP ͳͲͷύϒϦοΫΫϥ΢υΛར༻͢Δํ͕ྑ͍Μ͡Ό ͳ͍͔ɺͱݸਓతʹ͸ࢥ͍ͬͯ·͢ɻ •

    ։ൃɾӡ༻ͷίετ࡟ݮɺεέʔϦϯάɺϏοάαʔϏεͰͷར༻อূɺϝʔ ϧ΍SMSͷऔΓѻ͍ɺTFAͳͲɺϞόΠϧΞϓϦͱͷ૬ੑ͕ྑ͍༷ʹࢥ͍· ͢ɻ • ಛʹɺ֤छ৘ใϦιʔεΛύϒϦοΫΫϥ΢υʹ֨ೲ͍ͯ͠ΔͷͰ͋Ε͹ɺར ༻ͨ͠ํ͕ྑ͍ؾ͕͠·͢ɻ • Ͱ΋ɺϊ΢ϋ΢ແ͔ͬͨΓ͢Δͱɺ৭ʑϋϚΔ৔໘΋ͦΕͳΓʹ͋Δ͔΋…ɻ

38. ͓஌Βͤ
    

39. ݱ৔αϙʔτ • HP - גࣜձࣾݱ৔αϙʔτ • Facebook - ʢגʣݱ৔αϙʔτ -

    ϗʔϜ • ϑΥϩʔ͓ئ͍͠·͢ɻ • HP - ݱ৔Ϋϥ΢υ Conne ʢίϯωʣ • ʮݐઃۀͷνʔϜϫʔΫΛΑΓڧ͘ɻΑΓεϜʔζʹɻʯ • ৽͘͠ݐઃۀք޲͚ͷۀ຿ίϛϡχέʔγϣϯαʔϏεΛల։͓ͯ͠Γ·͢ • Ԡԉɾ͝ڠྗͷఔɺΑΖ͓͘͠ئ͍͠·͢ɻ
    

40. ίϛϡχςΟ • JAWS-UG ࣛࣇౡ • JAWS-UGࣛࣇౡ | Doorkeeper ɺFacebook -

    AWS User Group - ࣛࣇౡ • CoderDojo ࣛࣇౡ • CoderDojoࣛࣇౡ - connpass ɺFacebook - CoderDojo ࣛࣇౡ • ্هίϛϡχςΠʹͯఆظతʹΠϕϯτΛ։࠵͓ͯ͠Γ·̇͢ • ͝౎߹ΑΖ͚͠Ε͹ɺ͓ؾܰʹ͝ࢀՃ͍ͩ͘͞ɻ
    

41. kusokamayarou • kusokamayarou - facebook • kusokamayarou | Twitter •

    kusokamayarou - Qiita • kusokamayarou - GitHub • ࣛࣇౡࢢͷاۀʹۈΊͯɺປ࡚ͰςϨϫʔΫͯ͠Δ IT ΤϯδχΞͬΆ͍ਓͷϒ ϩά | ͸ͯͳϒϩά • ίϛϡχςΟʹؔ͢Δ͜ͱ΍ٕज़తͳ Tips ͳͲ౤ߘͨ͠Γͯ͠·͢ɻ • ݟ͔͚ͨΒɺʮΞΠπ͕ॻ͍ͯΜͩͳʯͱࢥͬͯ௖͚Δͱخ͍͠Ͱ͢ɻ
    

42. ࠷ޙʹ
    

43. ࠓճ͜ͷ༷ͳܗͰ͓࿩͢ΔػձΛ௖͚ͨ͜ ͱɺඇৗʹ͋Γ͕ͨ͘ࢥ͓ͬͯΓ·͢ɻ ੓૔͞ΜΛ͸͡Ίɺ͔͝΂Μ ŠŶœŬũŎͷํʑ TUKUDDO ͷํʑ ฐࣾͷϝϯό ͦͯ͠ɺࠓ೔͓ӽ͠௖͍ͨࢀՃऀͷօ༷ Ͳ͏΋͋Γ͕ͱ͏͍͟͝·ͨ͠ɻ
    

    

44. ͝੩ௌ Ͳ͏΋͋Γ͕ͱ͏ ͍͟͝·ͨ͠
    

45. ύνύν ύνύν ύνʙ ऴΘΓ̇